Back

Portfolio Company Spotlight: Privacy Lock

by Courtney Trunk

Privacy Lock is a data compliance and governance technology company specializing in secure infrastructure for regulated industries. The company was founded by CEO David Ritter. David is a second time founder and privacy expert. In addition to his role as the Co-Founder and CEO of Privacy Lock, David also chairs the Colorado Privacy Policy Commission, where he leads a diverse group of commercial and non-profit organizations who participate in the rulemaking process for the Colorado Privacy Act.

  • When and why did you start Privacy Lock? What felt right about the timing? 

In 2019, I experienced a devastating data breach and ransomware attack. Hackers infiltrated my email accounts, gained access to my financial records, and stole personal files and photo albums. They then threatened to expose sensitive and confidential content and  information unless I paid a substantial ransom.

When I turned to law enforcement, I learned there was little they could do. I refused to pay the ransom, but the fallout from the experience lasted for months. I faced significant costs to restore and secure my financial accounts and safeguard my personal information.

This ordeal inspired me and my two partners to create Privacy Lock, a platform designed to put data privacy first. With data breaches and ransomware attacks rising each year—and with young lives tragically lost to cyberbullying and privacy violations—we saw an urgent need to embed privacy into the very fabric of data processes.

At Privacy Lock, we believe the future of data is privacy-first processing. As our digital identities become more intertwined with our online activities, purchasing patterns, and real-world personas protecting privacy is more important than ever.

  • Fast forward, what is the current state of the business? 

Privacy Lock has been in the market for two years now, and we have delivered some incredible use cases. Primarily, Privacy Lock has been a provider in the financial services space, working with banks and financial companies to build privacy protections into financial data processing. 

This year, Privacy Lock added HIPAA auditing and core banking migrations to its toolset. Going forward, we’re looking to expand its offerings to healthcare companies as our second vertical. 

  • Have you ever had to pivot the business? If so, how did you make and execute on this decision? 

2025 has produced some unexpected challenges for our business model, mainly due to the new administration taking actions to quash the new regulation known as Section 1033 of the Dodd Frank act, the key federal privacy regulation targeting banks and financial institutions. As a result, federal enforcement of financial data privacy will likely be reduced substantially. This led us to pivot in two directions:1)  increasing our focus on the healthcare industry and 2) leveraging our privacy-first data migration software to assist financial institutions with core conversions. 

  • Who’s your ideal customer, and why do your customers love you?

Our customers are typically mid-sized healthcare companies and financial institutions, including community banks. Customers love us because we offer the only privacy solution that never collects their customer data! Imagine compromising your customers’ privacy in order to implement a privacy program. We believe there is a better approach, which is to build privacy controls into data processes without putting consumer data at risk. In general, Privacy Lock’s approach is attractive to regulated industries where there is much higher risk around the collection and processing of consumer data. 

  • As a founder, what would you say is your personal super power?

This is my second startup. I previously founded a blockchain company, which had an exit in 2021. Across these two startup experiences, I would say my ‘superpower’ has been to identify emerging trends that become commercial opportunities. 

When we started Privacy Lock, for instance, there was only one state that had passed a comprehensive consumer privacy law, California’s CCPA. Now, 16 states have similar laws, and there are more on the horizon. At the same time, dozens of countries have passed privacy laws similar to the EU’s groundbreaking GDPR, making privacy a rapidly expanding compliance area globally. And this should not come as a surprise; identity fraud and misuse of consumer data has become an enormous problem. As new technologies proliferate, especially AI-based applications, it will be essential that personal privacy rights are protected.  

  • When building a team, what are the key traits that you hire for, and how do you retain talent?

I believe people are the most important asset of any company. People power ideas, products, and business culture. In hiring, I always start with looking for someone who is a good fit for our team, and who enjoys working on innovative tech in a startup environment. 

Retaining talent can be challenging, and I think it is important to make colleagues feel that they are a part of the team and that they have skin in the game.  Aligning incentive packages and providing a fun, challenging,  and engaging working environment are important to retention.

  • What has been your biggest challenge to date? How did you overcome it, and what did you learn from it? 

Our biggest challenge so far has been the unexpected dismantling of Section 1033, as mentioned above. In order to overcome this challenge, we are in the process of pivoting the business model to accommodate a different regulatory climate in the financial services industry. 

  • What excites you, and what are you looking forward to most in the coming year(s)?

Privacy excites me! That may sound funny, but it really does. There is that old saying in tech:  ‘if you aren’t paying for the product then you are the product.’ A stronger focus on privacy is how we change this and begin to combat the exploitation of user information. 

With privacy regulation and tools like those provided by Privacy Lock, businesses will be able to transform their data-driven business models to be privacy-first models. This will take some time, but on the other side of this, we can expect to see consent-driven data systems, consumer control and ownership of their own data, and much more transparency regarding data collection and processing activities. And these are developments that consumers are demanding around the globe. 

  • What MOTIVATES you?

New industries and innovation motivates me. How do we solve the problems of tomorrow with innovative technologies? I have always been a big sci-fi nerd, and I think that has inspired me to think as a futurist. Looking into the future and imagining what is coming, what problems will arise, and how we can solve those problems excites me. 

  •  How can people get in touch with you? 

If you need help launching your privacy program, you can schedule a call with us at https://www.myprivacylock.io/ or email us directly at welcome@myprivacylock.io .

About Privacy Lock
Privacy Lock is a data compliance and governance technology company specializing in secure infrastructure for regulated industries. By building tools that prioritize user trust and regulatory alignment, Privacy Lock helps organizations innovate responsibly and stay ahead of evolving data protection standards.