Compliance Startups funded by Y Combinator (YC) 2025

Checkr builds people infrastructure for the future of work. And we believe everyone should have a fair chance to work. That's why we've designed a faster—and fairer—way to screen job seekers. For more information on our mission and products, visit http://checkr.com.

We help fintech risk and AML compliance teams automate and strengthen routine customer due diligence tasks with LLMs. Our AI assistants slash cost-to-comply, improve risk detection and free up capacity for investigations that require human expertise and decision making. Fintechs and banks use us to automate workflows like running thorough due diligence on a legal entity, reviewing customer documents like registry extracts, proofs of address etc and remediating false positive alerts from their AML systems.

Readily helps healthcare organizations find and close compliance gaps in hours not weeks. We do that by connecting over 100,000 pages of policies, and regulations, enabling staff to conduct research, analysis, and audits faster. This saves them hours of work, boosts readiness, and helps them avoid costly violations.

Plane is an all-in-one people platform for fast-growing teams. We build easy-to-use payroll and compliance tools that help companies go global from day one.

Oneleet helps companies become secure and compliant through an all-in-one solution that combines automated tools and human expertise. Oneleet has built the second generation of security compliance automation software, providing tools that go beyond what is classically provided for just compliance alone. Tools like a code security scanner, attack-surface management, access reviews and trust portal are all built in. As the most popular, highest rated and most frequently used platform in the YC community, Oneleet has quickly established itself as the preferred and superior alternative to other incumbents. The founder behind Oneleet has spent the past 10+ years helping companies become more secure by performing penetration tests.

About Vanta Vanta (YC W18) is the leading automated compliance and trust management platform designed to simplify and centralize compliance and security workflows for organizations of all sizes. Why YC Startups Need Vanta As a YC company, proving your security compliance is crucial for hitting new milestones—from finding product market fit, to selling to bigger customers. We would know, we’ve been there—and we’ve helped over 10,000 customers do just that! Vanta's all-in-one solution, combined with expert service partners, helps you quickly and painlessly achieve and maintain compliance with top frameworks—like SOC 2 and ISO 27001—and build a strong security foundation, so you can close bigger deals and scale faster. Learn more at vanta.com. YC Companies get Exclusive Discounts on Vanta’s packages: Vanta’s packages for startups are designed to make security and compliance easier, faster, and more cost-effective. Whether you’re closing your first deal or gearing up for growth, our all-in-one solution provides the tools necessary to become compliant quickly, demonstrate your security posture, and build a strong security foundation. Why Vanta? Built for startups: Vanta knows startups. We went through YC in 2018 and have since helped thousands of startups, including YC companies Supabase (YC S20), Fern (YC W23), and Newfront (YC W18) achieve and maintain compliance quickly. Startups like Charityvest (YC S20), BreachRX, and Flo Health have gone from zero to SOC 2 Type I or ISO 27001 certification in 10 days or less with Vanta. Future-proof, feature-rich, automated platform: Vanta’s modular platform is built for the needs of today and tomorrow, including: * 35+ frameworks spanning security, privacy, industry, geographic, and custom frameworks * 375+ integrations that automate evidence collection for these frameworks * 1,200+ automated, hourly tests to ensure real, continuous security—not just at audit time, but all the time * Pre-built policy templates, lightweight agent for security checks, background checks, cyber insurance, cookie consent management, auditor portal, user access reviews, security awareness training, risk assessments, vendor security reviews, managing vulnerabilities, and more * Tailored support for early-stage companies: Vanta offers internal, no-cost Customer Success and GRC (compliance) experts, robust technical support, detailed documentation, and a 24/7 chatbot for frequently asked questions. * (Optional) Purchase Vanta with auditors experienced in your framework and the Vanta platform, or choose from a range of MSP/consulting partners for additional services like penetration tests and virtual CISO support—some at no cost. We don’t force vendor lock-in. * Transparent pricing and promises: Vanta strives to do what it says on the tin: we believe in setting and meeting customer expectations. We offer flexible contracts, fair and transparent pricing, and publish our support metrics. We prefer to focus on helping customers succeed and let them explain why they chose us over others—check out our G2 reviews and customer case studies! Proven market leader and well-funded: Vanta was founded in 2018 and has raised $350M with over 700 employees. We’ve guided over 10,000 customers through their first or multiple audit cycles for various frameworks. These customer learnings and our funding help drive a fast pace of product development to delight customers and ensure Vanta will be there for you in the future. Interested in seeing why Upflow (YC W20), Tailor (YC S22), and hundreds of other YC companies trust Vanta to automate compliance so they can focus on scaling? Reach out to our team at yc@vanta.com to get started!

Want to apply AI to your IT Helpdesk queue? Risotto helps you grant software access, limit access/permission grants by time, serve knowledge, and get approvals from people like managers. All using natural language directly in chat (AKA "ChatOps") IT teams spend too much time manually provisioning software and answering the same question repeatedly. We help them improve resolution times, reduce SaaS spend, and enhance security with 24/7 automated software access and IT support. Check us out at: https://www.tryrisotto.com

Ascen is a back office platform and employer of record for staffing firms.

Numo is the new money company — built to be the global bank for the newly minted generation of highly ambitious digital workers in Asia, Africa, LATAM, and beyond. These contractors currently sit in the 95th percentile of earners in their country — but their financial infrastructure is unstable. It's fragmented across PEOs, gig marketplaces, and consumer remittance platforms. With their local currency weakening against the US Dollar, they need control on how and when to repatriate funds. They don't just need a remittance app. They need a bank. Numo provides international contractors with a US bank account — and instant, low-cost payment rails to move money home. This way they can hold funds in USD up to the second they need to spend it. We help international contractors get paid like a local, while banking globally.

From content moderation to responsible AI, Cinder empowers businesses to orchestrate and automate digital safety at scale. Cinder was founded to help organizations foster safe online spaces for everyone. Our platform empowers companies from start-ups to enterprises with end-to-end capabilities to mitigate harm, investigate abuse, and produce trustworthy and reliable AI outcomes. Building your world-class company means keeping your users and community safe—Cinder unlocks faster growth by making safety easy. We work with customers in every industry from frontier AI labs to e-commerce and social media.

Greenlite builds AI workers for bank and fintech compliance teams. Innovative teams use our AI workers instead of outsourced teams to onboard customers faster with higher compliance standards.

Every time workers in a warehouse box an order, they reference a 100 page manual with instructions like where to put the shipping label. RetailReady replaces the instruction manual with a tablet application.

Maive automates aerospace compliance paperwork required on the manufacturing shop floor. We use cameras and AI to automatically fill federally-required paperwork, reducing the risk of companies being unable to sell their products and increasing factory throughput. Users have told us the paperwork required for the F-35 fighter jet weighs more than the jet itself! The government requires a record for each of the 1.5 million parts in the jet, including what shop-floor workers do to each part and when they do it. Automating paperwork by interpreting human actions with cameras is hard. Doing this at the edge and inside secure aerospace environments is harder. We fine-tune the latest vision language models to solve what was previously impossible. Manufacturers lose millions when compliance paperwork has errors because it can freeze their ability to sell the product for months. Leaving this task to shop floor workers is both incredibly risky to the company and tedious for the employees. Compliance paperwork is just the beginning. We want to propel American manufacturing into the AI era. America is facing a serious problem: there’s $400B being invested to onshore manufacturing, but there’s simultaneously a projected 15% gap in workers needed due to an aging workforce. We’re on a mission to solve this by building the first AI native software for the shop floor. Our vision is to intelligently connect people, robots, and data to 10x today’s manufacturing capacity.

Cardamon is an AI powered platform that ingests relevant regulation, understands what applies to each regulated financial firm, and gets compliance officers from regulation, to obligations, to product requirements in minutes - not weeks. Financial firms face a host of complex regulations that make it incredibly painful to launch and maintain products in a compliant way. As a Product team at Revolut, we felt this pain deeply ourselves - we had products ready to launch but stuck in compliance limbo, often for weeks. Turns out, getting compliant took as long as building the product itself. Frustrated, we dug in and were shocked by how manual and inefficient the processes were. That’s when it clicked: there’s a huge opportunity to automate the boring stuff (and solve our own problem!). Compliance teams win because they ditch the tedious tasks. Product teams win because they ship faster. Everyone’s happy.

SafetyKit replaces human Trust and Safety reviewers with language models. We make it easy for enterprise Trust and Safety teams to supercharge their content review workflows — speeding up agent decision-making 5x or by automating the review altogether — and significantly reduce operations costs with faster, more accurate decisions. With SafetyKit, Trust and Safety teams write their policies in natural language and use them to detect and action nefarious content, instantly. Each decision is accompanied by an explanation grounded in your policies — not a generic definition or model score. We allow TnS teams to confidently scale their capacity, freeing up your agents for the highest leverage work, while reducing those agents exposure to problematic content.

DianaHR is an AI-powered HR person for the 1.4 million SMBs with at least 10 employees. Today, SMB owners spend 10+ hours a week struggling with managing software, state compliance notices, benefits questions, onboarding, insurance, workers comp, 401k, etc. With DianaHR, a human-in-the-loop AI takes care of all that and delivers peace of mind.

QueryPie solves two important customer problems. The first is being able to respond to ITGC audits to ensure financial transparency, The second is to keep customer privacy data and sensitive information from internal employees and external attackers,also provide insights into what data to use for AI. This is made possible by centralizing access control and auditing of IT assets such as databases, servers, and containers across both on-premises and cloud environments in One-place QueryPie. QueryPie covered various privacy law and compliances such as ITGC for Sox, PCI-DSS, ISO27001, HIPAA, CCPA, GDPR, ISMS

Firstwork is a next-generation HR platform designed specifically for companies with dynamic workforce needs. Our mission is to streamline and automate key HR processes to help businesses operate more efficiently and effectively. What We Do (for now): (1) Smart Onboarding 📋: Our platform simplifies the onboarding process by automating the collection and verification of credentials, such as right-to-work documents, insurance forms and driver’s licenses. This reduces administrative burden and accelerates the time-to-productivity for new hires. (2) AI-Assisted Activation 🤖: Leveraging AI, we enhance communication and messaging for new hires, ensuring they receive timely and relevant information. This helps in better engagement and faster integration into their roles. (3) Perpetual Compliance ✅: Our system uses AI and OCR technology to continuously monitor and ensure compliance with various regulatory requirements. This includes tracking expirations of critical documents, updating records, and generating compliance reports, thus reducing the risk of penalties and legal issues.

Flagright helps fintechs & banks monitor, screen, investigate, and report their transactions & customers against financial crime risks with a best-in-class AML compliance software. Catering to a diverse clientele across various financial sectors, we serve customers across 6 continents. Flagright is a pioneer in the application of generative AI for AML compliance operations with its AI suite, Flagright AI, delivering unmatched scalability and extreme performance. Our products are designed to help our customers scale volume without scaling headcount and grow faster.

FlowEQ is the trusted provider of workflow automation for teams that need to accelerate their work, especially complex processes and high-volume workflows that require human judgment. The FlowEQ Workflow Acceleration Platform includes interactive decision trees that are used by customer support, operations and product teams across all industries to improve accuracy and speed up important recurring work. Using FlowEQ customers get through high-stake recurring workflows 10x faster, saving their companies time and money every day. For additional information, visit www.floweq.com.

dmodel lets companies look inside the mind of an AI model and manipulate its thoughts in real-time. For example, AI-driven customer service platforms can use dmodel to rapidly fine-tune responses for accuracy and brand alignment, without retraining the entire model.

Confident LIMS is a leading Laboratory Information Management System (LIMS) serving high-throughput labs in regulated industries. Confident LIMS is a B2B Software-as-a-Service (SaaS) platform with strong network effects among our lab customers and their testing clients. We currently serve >60% of the legal cannabis industry in the United States and are expanding into mainstream agriculture, food & beverage, and environmental industries. In early 2022, we pivoted away from seeking to be the leading online B2B wholesale marketplace in the legal cannabis industry to be the best LIMS in the world in the agriculture, food & beverage, environmental and industrial chemicals industries.

Secure and manage all your devices with Swif. Automate compliance, streamline onboarding and discover Shadow IT—all in one platform. --- Challenges Addressed * Fragmented device management across multiple operating systems and locations. * Time-consuming manual compliance checks and reporting for various regulatory standards. * Inefficient onboarding and offboarding processes for remote and global teams. * Lack of visibility into shadow IT and unauthorized SaaS application usage. Customer Benefits * Unified visibility and control over all organizational devices, regardless of operating system or location. * Significant time savings through automated compliance readiness checks and real-time reporting. * Enhanced security posture with the ability to instantly lock or wipe compromised devices remotely. * Reduced IT overhead by consolidating device management, access control, and compliance tools into a single platform.

Government IT purchases account for 20% of the U.S. software market. Archon helps software companies sell to the government by cutting the federal compliance timeline (called FedRAMP) down from 16 to 6 months and cuts costs by $1M per company. Our product improves government efficiency and increases competition in this traditionally restrictive market by making compliance cheaper and more accessible. We want to enable every small tech company to build a lasting government partnership, and bring real solutions to our federal agencies. Email us at inquiries@archon.inc

Striga is building infrastructure for digital assets and financial services as a single set of APIs doing the heavy lifting of security and regulatory compliance. Striga's customers include early stage FinTech's, Web3 innovators, Banking Institutions and Crypto Exchanges utilizing services spanning the range of Crypto Custody, Trading, Card Issuing and Banking. Building a crypto business today is a highly regulated space unlike a few years ago and maintaining a compliance program and building technology presents a huge barrier to entry for startups and mid-size businesses alike and the Striga platform solves the problem with a single set of APIs and a single contract to deliver services to 30 countries today.

Delve helps fast-growing teams get compliant with an AI-automated platform. Serving 100+ companies on frameworks like SOC 2, HIPAA, ISO 27001, GDPR, PCI DSS, and more.

We have hundreds of fully qualified and experienced contractors in Information Security, Cloud Security, Privacy and Compliance available at competitive hourly rates.

Praxos allows insurance professionals to automate their operations—from filling out applications to crafting proposals and comparing coverages—in one place. This enables risk advisors to stand out and close more deals in an industry where service speed is critical, but mistakes are costly.

Kodex makes it easy for companies to process, and respond to, subpoenas from governments around the world. Agencies, like the FBI, subpoena user data from customers like Coinbase, and thousands of other companies - without Kodex, companies largely rely on email, fax, and spreadsheets to manage them. Kodex is a SaaS tool that helps private sector companies manage relationships, workflows, and secure file transfer with government agencies who are seeking confidential information on a company's users. We streamline compliance operations, protect the privacy of their users, reduce error, and validate the legitimacy of government agents who are requesting information.

We help companies like Capital One work with their affiliate content creators like CNBC more easily. Affiliate is an important growth channel, accounting for 25% of new credit card sign-ups, but today's financial companies use multiple layers of middleman to do their affiliate marketing and adhere to compliance guidelines. This is costly and time consuming for fintechs and affiliates alike in this massive market. Affil leverages AI to automate affiliate compliance, monitoring, and management to wrap the middleman into major player. This not only makes it easier for fintechs to market their products, but it also helps improve the affiliate experience as well.

Teclada is a powerful web-based terminal built for teams and loved by developers. With Teclada, users can: ‣ Enjoy advanced features like visual autocomplete and AI integration - all in their browser ‣ Access their computers from anywhere ‣ Collaborate seamlessly with multiple users in real-time Teclada simplifies remote access by: ‣ Allowing multiple users to simultaneously view, edit, and execute commands by sharing terminals ‣ Transforming plain English into advanced command sequences quickly and accurately with AI-powered assistance ‣ Providing web-based access control with role-based permissions and sharing by email address, making access management secure and effortless Teclada works with any browser and is firewall-friendly, allowing for secure connections to remote computers even when they are behind firewalls or a NAT. Users can keep their sessions intact and uninterrupted, even if they disconnect or switch devices, with the ability to run multiple sessions at once, each with different layouts. Teclada is the future of remote access and collaboration, making it easier for teams to work together, no matter where they are.

Platus delivers fast, reliable legal infrastructure with a no-code platform and API, designed to support SMBs with instant access to notarization, legal drafting, e-signing, and workflow automations. Our solution removes the high costs and slow processing of traditional legal services, by empowering businesses to seamlessly manage compliance and legal tasks.

Build safer platforms with Intrinsic. Get access to the best safety technologies from one unified API. Enable your Trust & Safety team to tell cohesive stories from policy to product, to enforcement. Michael and Karine first met two years ago at Apple’s Fraud Engineering, Algorithmic Risk team, which evolved to become Apple’s Trust & Safety function. We are both engineers and helped solve online abuse problems, including spam, botting, account security, and developer fraud for Apple’s customer base of over a billion users.

Hadrius allows regulated financial firms of all sizes to consolidate and automate their compliance processes using AI in one platform. Today, we're securing compliance for $400B+ AUM across our clients. We're building the AI that will regulate the US financial system and the trillions that flows through it.

Finic helps fintechs automate fraud and dispute investigations with AI agents that automatically follows SOPs and writes comprehensive case notes. With Finic, fintechs can: - 10x fraud ops capacity without increasing headcount - Train agents on new fraud typologies and instantly scale to thousands per day - Reduce time-to-resolution from hours to under 5 minutes

Affinity is a compliance training platform designed specifically for regulated industries. We’ve previously built a fintech from inception to a successful exit and are leveraging that experience to solve the learning management needs of regulated tech companies from growth stage to large enterprise banks.

Fresco helps construction superintendents take 1000s of pages of notes, 10x faster. We automate the process of completing progress notes and punch lists, reducing time requirements from hours to minutes. Superintendents simply record videos of their site walk, and Fresco pulls out the relevant information and formats it into rich reports. We also offer one-click integrations with leading project management software like Procore and ACC, for maximum usability.

AiPrise allows fintech companies to integrate with multiple identity vendors through a single platform. Companies like Amal Invest use us to integrate with local vendors and comply with regulations in over 100 countries.

Invopop helps global software companies comply with local tax reporting requirements. We offer an API that records every sale and reports it to the appropriate tax authority in the right format. In the last years, +15 countries have started to require businesses to report to tax authorities every sale, in real-time (e.g., India, Mexico, Brazil). This regulatory trend is catching up, as +20 countries will introduce this new regulation in the next 3 years (e.g., Germany, France, Australia, China). We help companies comply with this.

Galini guardrails-as-a-service filter harmful inputs and outputs based on company policies and industry regulations. We make it easy for enterprises to create, test, deploy and refine guardrails. With Galini, product and engineering leaders enjoy peace of mind knowing their AI apps are compliant at run-time, and save $1-10M in costs from avoiding in-house build

Skypher makes security reviews easy for software companies.

Feroot (YC W21) is the leading compliance and security platform for b2b websites that helps you easily achieve and maintain compliance with PCI DSS 4.0.1, CCPA, CIPA, HIPAA and 50+ data privacy regulations.

Adri is built for enterprises that are buying AI. Our patented software monitors the AI vendor's infrastructure and detects any intentional or accidental misuse of your proprietary data. We help you buy AI that you can trust.

Warp is a modern payroll, compliance, and benefits platform built for founders. We put all state tax registrations and compliance on autopilot so you never need to login to another .gov website again. The last time you think about payroll and compliance will be the time you onboard to Warp.

Spear phishing simulation & security awareness training powered by AI.

Squire is a devtool that works with you by writing pull request descriptions, reviewing PRs, and writing code to implement code review feedback.

Shiboleth automates consumer lending compliance for financial institutions using AI. Banks like Cross River Bank use us to save months of manual work by automating audits and drafting reports for the governments. LLMs allow whole categories of manual compliance processes to be automated in ways that weren’t possible until recently. We are excited to automate back-office operations and enhance consumer protection in one of the most litigious industries.

Sei is an AI platform for CX and Compliance teams. Simplify your customer support & collections workflows with a compliant AI

Sarus solves the problem of accessing or sharing personal data for analytics or machine learning. The solution deploys natively in data infrastructures and lets practitioners work on data they cannot see. Every interaction with the sensitive data is protected with the highest privacy standard: differential privacy Sarus makes traditional anonymization methods irrelevant, saving months in compliance and data engineering while preserving all of the value of data.

Complif automates compliance processes for financial entities, including KYC/KYB, AML, risk profiling, documentation management and regulatory reporting.

Agency specializes in multi-party security and compliance scenarios; we are the Palantir of compliance. We serve the most innovative companies and their teams working on critical challenges and transformative technologies by helping them achieve standards like SOC2, ISO 27001, CMMC, NIST, HIPAA, and GDPR that meet the highest levels of scrutiny from third parties. Our patented platform, Verse, integrates with GRC software like Vanta, cloud infrastructure, and your endpoints to securely handle complex multi-layered configurations, such as remote contractor use, BYODs, and federated client-hosted application deployments. Our managed security and compliance team helps high-growth software companies meet rigorous standards as quickly as possible by doing it for them. Our ETDR program enables organizations to prevent threats directly targeting their employees' personal devices, data, and online accounts while respecting their privacy. We provide customized solutions to prevent insider threats, data loss prevention, and threat intelligence while safeguarding personal privacy.

Craze makes it simple for founders and growing teams in India to manage, run and automate all of payroll, HR and IT in one place. Our integrated system serves as the single source of truth for all of admin, from onboarding to offboarding and everything in between. With Craze, businesses in India: - Have a system of record for people, employee and entity data that automates onboarding and offboarding - Run payroll in one click - Ensure payroll compliance - Manage leaves, time and attendance seamlessly synced with payroll - Automate and manage expenses, devices, benefits and lots more Entrepreneurs start businesses to build something people want and change the world. Craze eliminates disjointed point solutions, multiple spreadsheets and coordination headaches and saves time, money and unnecessary stress so founders can focus on what matters most — growing their business.

Disclo is the first software for employers to collect, verify, and manage health disclosures and employee accommodation requests (HIPAA and SOC2 compliant, of course). We help employees secure the enhancements and protections they need to succeed in their careers without having to disclose their underlying medical condition to their employer. We handle the collection of that data, the verification, the secure data management, and much more. Using our patent-pending medical verification system, Disclo validates that an employee's accommodation request is legitimate and required, interacting with medical providers directly, so HR managers can focus on what they do best. We help companies stay compliant with EEOC, ADA, and HIPAA guidelines.

AccessOwl automates employee SaaS account provisioning and permissioning for any tool. IT teams from companies like Zeplin and Sary save 30 minutes on every request. Access management used to be an enterprise problem. With work from home, exploding SaaS usage and the need for SOC2 certifications startups have the same problems as enterprises. Mathias and Philip have built several startups and teams before and experienced the same problems around access management over and over again. Philip was the CEO and Co-Founder of blik, an award winning IoT solution that was used by Volkswagen and BMW. Mathias built the leading private payment infrastructure provider in Germany as well as the first digital car insurance as Co-Founder and CTO. Based on these experiences we decided to build a solution we wish we could have used when building our former companies. AccessOwl can be deployed within minutes instead of weeks by simply installing a Slack application. We save companies that use AccessOwl 30 minutes for every access request, on- and offboarding.

Stacksi helps companies automate the process of answering enterprise security questionnaires so they can close deals faster and save their best engineers’ time for more strategic projects. Salespeople, CTOs, and CEOs of fast-growing enterprise startups can upload security questionnaires into our system. If the company already has written security policies, they can upload those documents, too. From there, Stacksi parses their documents, identifies gaps in their security policies vs. standards, and helps them establish a successful security program. Ultimately, we will help them 1) automate completion of security questionnaires, 2) quickly get through enterprise security audits and 3) improve their security posture.