About Qala

GDPR compliance is not a periodic exercise — it is a continuous operational discipline

Qala builds data observability infrastructure for organizations operating under GDPR, Swiss nDSG, and UK GDPR. Our platform gives privacy officers and data engineers a continuously current picture of personal data — without manual audits or one-time consultancy projects.

We are a Zurich-based software company, pre-seed stage, backed by our anchor investor network. Our team brings together seven years of GDPR advisory experience with deep metadata graph and NLP engineering from enterprise data infrastructure.

Zurich Technopark office interior with compliance dashboard visible on monitor

Founding Story

It started with an 11-day DSAR response

In 2022, David Scott Turner was leading a GDPR audit engagement for a mid-sized Swiss e-commerce company when the company received its first Data Subject Access Request. The privacy team spent 11 days manually querying eight separate databases and exporting spreadsheets — two days before the 30-day deadline.

The problem was not the DSAR itself. It was that the company had no single, reliable picture of where personal data actually lived. Their Record of Processing Activities was 14 months stale. The data engineering team had added three new data pipelines since the last audit without notifying the privacy team.

GDPR compliance was being managed as a one-time documentation exercise, not as a continuous operational discipline.

Swiss desk with printed ROPA document and Snowflake query on laptop screen

David partnered with Priya Nair — ex-Palantir data engineering, specialized in metadata graph construction — to build a prototype that could ingest Snowflake schema metadata and run automated classification against the GDPR personal data taxonomy.

The prototype classified 94% of personal data fields correctly on a 200-table warehouse in under 90 minutes. The same classification had taken the privacy team three weeks manually.

Qala is now an always-on data observability and compliance platform serving organizations under GDPR, Swiss nDSG, and UK GDPR.

Mission

"Make GDPR compliance a continuous operational discipline, not a periodic documentation exercise."

GDPR compliance fails when it is managed as documentation rather than infrastructure. Organizations invest in one-time data mapping projects that produce accurate snapshots — snapshots that begin drifting from reality the moment the next data pipeline is deployed. By the time a DSAR arrives or a breach occurs, the documentation is months stale.

Qala's mission is to close the gap between documentation and operational reality by making personal data classification, policy enforcement, and compliance audit readiness a continuous, automated layer of the data infrastructure — not a periodic project. We believe that organizations operating under GDPR should have a live, always-accurate picture of their personal data estate, and that this is achievable without replacing existing data infrastructure or hiring additional compliance staff.

We measure success not by the size of the compliance report we produce, but by how rarely our customers have to think about their GDPR compliance posture outside of Qala's dashboard.

What we stand for

Privacy by default, not by audit Compliance readiness is built into the data infrastructure from day one, not retrofitted at audit time. We build tools for organizations that want to know their compliance posture continuously, not once per year.

Classification accuracy over coverage speed Qala's NLP classifiers are conservative by design. A field classified with 95% confidence is more useful than 200 fields classified at 60%. High-confidence classification with explicit human-review queues for mid-confidence results produces better compliance outcomes than full-coverage bulk labelling.

Privacy teams and engineers as partners The documentation-vs-reality gap exists because privacy officers and data engineers work from different systems and different cadences. Qala gives both teams a shared, live view of the personal data estate — reducing friction, not creating more compliance overhead for engineering teams.

Audit-ready output at every step Regulatory audits and DPA inquiries do not announce themselves. Every action in Qala generates an exportable, time-stamped compliance record. DSAR responses, policy violation remediation, and breach scope assessments all produce documentation that survives regulatory scrutiny.

No vendor lock-in on your own compliance data Classification graphs, policy definitions, and compliance records are exportable from Qala in open formats at any time. Your organization's ROPA, classification mappings, and audit logs belong to you. We do not hold compliance data hostage to contract renewals.

Stage & Focus

Pre-seed. Focused on Swiss and DACH enterprise compliance teams.

We are working with a select group of privacy officers and data engineering teams in Switzerland, Germany, and the Netherlands. Our target: organizations with 500–10,000 employees, at least three cloud data sources, and at least one dedicated privacy officer operating under GDPR, UK GDPR, or Swiss nDSG.

We are pre-seed stage and deliberately focused on a narrow initial segment. Broader horizontal compliance platforms exist; Qala is purpose-built for organizations with live cloud data warehouses and the engineering capability to connect them. Our early customers are using Qala to replace manual ROPA maintenance workflows and to reduce DSAR response times from weeks to hours. We plan to expand into additional EU jurisdictions and US state privacy law (CPRA, VCDPA) as the product matures.

Backed By

our anchor investor network — Swiss Enterprise Software Angel Network

Qala is backed by a Swiss angel investor network specialising in enterprise software and deep-tech companies. Our investors bring experience across GDPR advisory, data infrastructure, and enterprise SaaS, and deep familiarity with the European regulatory environment.

Swiss Angel Network

Enterprise Software — Early Stage

Work With Us

Join organizations building continuous compliance into their data infrastructure

We are in early access, working with privacy officers and data engineering teams who want to replace periodic compliance documentation with a live observability layer.

Request Early Access Meet the Team