ecosystem / companies / feroot-security
Feroot Security logo

Feroot Security

Feroot Security is a Toronto company whose software watches the code running inside a website visitor's browser — third-party scripts, trackers, payment forms — and flags data leaks and compliance gaps against PCI DSS, HIPAA, GDPR and 50+ other rules. Ivan Tsarynny and Vitaliy Lim founded it in 2017 and took it through Y Combinator's W21 batch.

CybersecurityTorontoFounded 2017feroot.com
$2M in 9 daysthe seed round Tsarynny closed during the Y Combinator W21 batch, in US dollars, from multiple investorsTechTO stage 2026-02-05
1B+unique users protected across sites in a 30-day window, per a stat Tsarynny said he had just pulled from his CTOTechTO stage 2026-02-05
100,000websites by 2027 — the target written into Feroot's strategy doc, which Tsarynny said the company had already exceededTechTO stage 2026-02-05
$11Mseed round led by True Ventures, announced February 2022SecurityWeek, 2022-02-28

The people

Ivan TsarynnyCo-founder & CEO · 3 TechTO talks
VL
Vitaliy LimCo-founder & CTOprofile coming

What they build

DXComplyPrivacy and consent compliance across web and mobileProduct page ↗
DXSecureBlocks malicious scripts and data exfiltration in the browserProduct page ↗
PaymentGuardPCI DSS 4.0.1 compliance for payment pagesProduct page ↗

Open roles via the TechTO Job Board

No roles on the TechTO Job Board yet.

Hiring? Reach 70,000 Canadian tech readers through the weekly TechTO newsletter.

Post a role on jobs.techto.org ↗Or try their own careers page: feroot.com/careers ↗

Listings sync from jobs.techto.org — the only structured source. We don’t scrape career sites.

On the TechTO stage

Every talk is searchable — ask the archive about Feroot Security

About

Feroot started in 2017 as a privacy and compliance company — Tsarynny told the TechTO audience in 2018 that it launched the year before, when 'very few people knew how to spell GDPR,' and built its early credibility by hosting small, tightly targeted conferences for chief privacy officers rather than blogging. The company ran out of money in 2020 and repositioned into security. What brought it back, Tsarynny said on the TechTO stage in February 2026, was narrowing to one problem: hackers stealing credit card details out of websites. That focus, plus a couple of first customers, got Feroot into Y Combinator on its third application, after two rejections. The product now inspects what runs in the browser on the front end of a site — the scripts, trackers and forms that touch payment and personal data — and turns that into audit-ready evidence for PCI DSS 4.0.1, HIPAA, GDPR, CCPA and other regimes. Feroot's research team is also known outside the security trade press: in early 2025 it found heavily obfuscated code on DeepSeek's login page linking to infrastructure run by China Mobile, a Chinese state-owned telecom barred from operating in the US. The Associated Press reported the finding first and academic researchers at the University of Calgary and UC Berkeley confirmed the link. Tsarynny testified before the US-China Economic and Security Review Commission on data collection by China's tech sector.

Backers

True Ventures led an $11 million seed round announced in February 2022, following a $2.5 million round in July 2021. Feroot went through Y Combinator's Winter 2021 batch; Tsarynny said on stage that his angel investors were CEOs who had already exited their own companies.

Quick answers

What does Feroot Security do?

It inspects the code that runs in a visitor's browser on the front end of a website — third-party scripts, trackers, cookies, payment and login forms — and reports what each one can reach, then turns that into audit-ready evidence for PCI DSS 4.0.1, HIPAA, GDPR, CCPA and other regimes.

Who founded Feroot Security?

Ivan Tsarynny and Vitaliy Lim, in 2017. Tsarynny is CEO and Lim is CTO. It is Tsarynny's second company; before it he was at PostBeyond.

Did Feroot go through Y Combinator?

Yes, the Winter 2021 batch, on the third application after two rejections. Tsarynny told the TechTO audience the company had run out of money in 2020 and repositioned from privacy compliance into security, narrowing to one problem — credit cards being stolen out of websites — which is what got it in.

What is Feroot's DeepSeek research?

In early 2025 Feroot found heavily obfuscated code on DeepSeek's login page containing references to infrastructure run by China Mobile, a Chinese state-owned telecom barred from operating in the US. The Associated Press reported it first; independent researchers at the University of Calgary and UC Berkeley confirmed the link. Feroot did not observe data actively transferring during North American login attempts.

Suggest an editWork here? Claim this page
Maintained by TechTO · facts sourced and dated · last reviewed Jul 14, 2026