share personal data
Anyone who has ever applied for an apartment or a mortgage knows that these companies tend to collect much more information than they need to determine if you can afford the monthly payment. The application process often involves pages of data about you and your life, but what if companies could grab in a secure way just the data they need?
That’s the premise behind Footprint, an early-stage startup that wants to transform the way companies collect information, while helping consumers control their own data. It’s an ambitious idea, and the startup announced a $6 million seed investment today.
“For end consumers, Footprint is the last identity form that they’ll ever fill out. For enterprises, Footprint is just five lines of code. And it gives our customers the ability to both onboard users and do account creation or ‘Know Your Customer’ (KYC) and offload the cost and risk of all of the security that has to happen around storing that data,” company co-founder and CEO Eli Wachs told TechCrunch.
Messaging app JusTalk is spilling millions of unencrypted messages
The company’s goal is to create a tool that’s not unlike Apple Wallet, but for your data, so it would hold your private information in an encrypted format using a mobile device to ensure identity. “Footprint securely holds consumer verifiable credentials (such as Social Security number, date of birth, email, phone number) in a protected “secure enclave”, backed by hardware-level cryptographic attestation,” the founders explained.
The company then takes advantage of Face ID or Touch ID on your phone for proof of identity to access and share that information with trusted partners.
Company co-founder and CTO Alex Grinman, who was previously a co-founder at KryptCo, a startup acquired by Akamai in 2019, says on the back end, the company is taking advantage of the concept of secure enclaves originally developed by AWS. He used the example of proving someone is over 21 to get into a bar.
“Well, you don’t have to decrypt their birthdate, and then do that computation and application code. You can do it inside of the secure enclave, and so we only release the minimum amount of information that you need,” he said. That approach has additional advantages, as well.
“And because it’s this very singular secure path to decrypt any data, we also have very fine-grained audit logging. So we know exactly who is decrypting what data. If they’re allowed to, we can give them the piece of data. If they’re not allowed to, we can block them,” he said. And everything is being recorded to an append-only audit log.
share personal data
