DataMasque raises US$4M as enterprises seek safer ways to use sensitive data for AI

New Zealand startup targets growing enterprise demand for synthetic data and privacy-preserving AI infrastructure as regulators tighten governance requirements.

DataMasque, a New Zealand-based data de-identification and synthetic data platform, has raised US$4 million in funding as enterprises increasingly struggle to use sensitive internal data safely within artificial intelligence systems. The funding round was led by Wavemaker Ventures, the early-stage fund of Wavemaker Partners, with participation from existing investors OIF Ventures and Icehouse Ventures. The company also appointed Peter Lilley, co-founder of Instaclustr, which was acquired by NetApp, and Wavemaker Partners co-founder and managing partner Paul Santos to its board as it expands across key international markets.

The raise comes amid growing pressure on enterprises to operationalize AI systems while remaining compliant with tightening privacy and data governance regulations. Although large language models and generative AI tools have become more widely accessible over the past two years, many enterprises continue facing a fundamental challenge: their most valuable datasets often contain highly sensitive customer, financial, healthcare or operational information that cannot easily be exposed to AI systems.

That challenge has become particularly significant in regulated industries such as banking, insurance, healthcare, telecommunications and government, where organizations are increasingly seeking ways to leverage AI without creating new compliance, privacy or cybersecurity risks.

DataMasque positions itself within a rapidly emerging category of enterprise AI infrastructure focused on synthetic and de-identified data. The company said its platform allows enterprises to use sensitive data for AI training, testing and analytics while ensuring the information never leaves internal infrastructure environments.

The company said it has achieved 6x annual recurring revenue growth since its seed round in late 2023 and has expanded its customer base globally, including organizations such as New York Life, ADP, Best Western Hotels and Resorts, One NZ, TAL, and multiple government agencies across New Zealand, Australia and the United States.

Enterprise AI adoption collides with data governance realities

The rapid expansion of generative AI across enterprises has intensified concerns around data exposure and governance, particularly as organizations attempt to integrate internal datasets into AI development workflows. Many enterprise AI deployments rely heavily on structured databases and controlled environments. However, a large share of enterprise information exists in unstructured formats such as emails, PDFs, customer support logs, insurance applications, internal documents and call transcripts.

These datasets often contain personally identifiable information, financial records or confidential operational details that create significant legal and regulatory challenges when used for AI model training or testing.

While conversing with AsiaTechDaily, Grant de Leeuw, co-founder and CEO of DataMasque, said unstructured enterprise data has remained difficult to unlock because organizations historically lacked reliable ways to preserve privacy without reducing data usability.

“Enterprise information and data sits across structured, semi structured and unstructured data throughout the organization, and valuable data such as PDF applications and call transcripts can hold significant value. The limitation to date is unstructured data can often hold sensitive information that enterprises have struggled to address,” de Leeuw said.

“DataMasque de-identifies this data across all datastores, including unstructured data. Rather than redacting the data, we replace it with consistent, synthetically identical values ensuring the context and utility of the data are retained. This allows enterprises to experiment, train or fine-tune on this data without exposing any protected or personal data.”

The broader enterprise AI market is increasingly shifting toward this problem space as organizations discover that access to safe and compliant datasets may become just as important as access to AI models themselves.

According to the company, enterprise AI projects are increasingly being delayed because organizations cannot safely operationalize internal data across AI systems without exposing themselves to privacy breaches or regulatory violations. That challenge is also fueling interest in synthetic data, a category that allows organizations to generate realistic but non-identifiable datasets for testing, analytics and AI training.

Industry analysts increasingly view synthetic and privacy-enhancing technologies as a critical layer in enterprise AI infrastructure, particularly as regulators across multiple jurisdictions begin tightening AI governance frameworks.

Singapore’s AI governance push creates regional opportunity

DataMasque identified Singapore as a key growth market as Southeast Asian governments and enterprises expand efforts around AI governance and compliance. Singapore has emerged as one of the region’s most active jurisdictions in developing formal AI governance frameworks over the past several years. In 2024, the Infocomm Media Development Authority and AI Verify Foundation launched the Model AI Governance Framework for Generative AI with contributions from more than 70 organizations including Google, Microsoft and OpenAI.

The same year, Singapore’s Personal Data Protection Commission issued advisory guidelines on the use of personal data in AI systems and separately published guidance around synthetic data generation for AI-ready datasets operating within Personal Data Protection Act obligations. Earlier this year, IMDA also published governance guidance for agentic AI systems, placing Singapore among the first governments globally to formally address governance risks associated with autonomous AI agents.

The regulatory developments are creating opportunities for companies building privacy-focused AI infrastructure and governance tools. While conversing with AsiaTechDaily, de Leeuw said Singapore’s approach to AI regulation and governance has made Southeast Asia an increasingly important market for the company’s next phase of growth.

“Southeast Asia is incredibly important to DataMasque’s next phase of growth. We believe Singapore leads in AI guidance and regulation, highlighting the importance of privacy enhancing technologies like DataMasque to protect sensitive information while ensuring data can be leveraged for AI,” he said.

“DataMasque is prioritising financial services, insurance, healthcare and government as our key verticals in Singapore and across the globe.”

The company’s expansion strategy reflects a broader trend across the enterprise AI ecosystem, where infrastructure providers are increasingly aligning product development around compliance requirements and regulatory frameworks rather than purely model performance.

AI infrastructure expands beyond compute and models

The rise of generative AI initially centered around large language models, GPUs and cloud infrastructure. However, enterprise adoption is increasingly shifting attention toward deployment challenges involving governance, cybersecurity, data access and operational compliance. That shift is creating new demand for technologies that enable organizations to use internal datasets safely across AI workflows without compromising privacy obligations.

DataMasque recently launched a new capability focused on unstructured data, allowing enterprises to process datasets such as call transcripts, emails and logs for AI and analytics use cases. According to the company, the capability connects structured and unstructured data environments within a unified platform. Investors backing the company argue that enterprise demand for such infrastructure is accelerating as organizations move beyond experimentation toward broader operational AI deployment.

“When we first invested in 2023, few enterprises had recognised the sensitive data problem that the DataMasque team saw. Today, it’s blocking nearly every serious AI rollout,” said Isabella Rich, Partner at OIF Ventures, in the company’s announcement.

The company also said customers have used its platform to reduce traditional data masking workflows from days to hours, though broader adoption of synthetic data technologies across enterprises remains at an early stage. For investors and infrastructure providers, the opportunity increasingly lies in enabling enterprises to operationalize AI safely rather than simply providing access to AI models themselves. The shift reflects a broader evolution in the enterprise AI market, where governance, privacy and compliance are becoming central infrastructure concerns alongside compute power and model capability.

As governments strengthen AI regulations and enterprises accelerate adoption across regulated industries, technologies focused on synthetic data, privacy preservation and secure internal data access are likely to become a more important layer in the global AI infrastructure stack.