Immuta was founded in 2015 by Steve Touw and Matthew Carroll in College Park, Maryland. The founders came from the U.S. intelligence community, where they had worked on systems that needed to control access to sensitive data at massive scale. They saw the same access control challenges emerging in commercial enterprises.
Immuta’s platform sits between users and data platforms — like Snowflake, Databricks, Redshift, BigQuery, and Starburst — to enforce fine-grained access policies without moving or copying data. Instead of creating hundreds of database roles and views to manage access, organizations write policies in plain language that Immuta translates into platform-native controls.
The platform covers three main areas: data discovery and classification (finding sensitive data automatically), data access control (enforcing who can see what under which conditions), and data activity monitoring (tracking who accessed what data and when). Policies can be attribute-based — for example, granting access based on a user’s department, location, project assignment, or security clearance.
Immuta’s approach is especially valuable for organizations dealing with privacy regulations like GDPR, HIPAA, and CCPA. Dynamic data masking, purpose-based access controls, and audit logging help companies demonstrate compliance without manually managing permissions for every dataset and user.
The company raised $100 million in Series D funding in 2022, with investors including NightDragon and Snowflake Ventures. Immuta serves enterprise customers in financial services, healthcare, government, and technology.
Carroll serves as CEO. The company relocated its headquarters from Maryland to Boston and employs approximately 300 people. Immuta has built particularly strong integrations with Snowflake and Databricks.
