In the fast-evolving world of AI adoption, where innovation races ahead but regulation struggles to keep pace, true leaders don’t just build technology—they embed trust from the very first line of code. That’s the vision behind Qala AG, founded by David Scott Turner, Carl Strempel, and Bruno Soares, a team with a strong track record of building secure, compliant infrastructure in highly regulated environments.
After scaling and exiting their previous venture, Imburse Payments—an enterprise payments platform used by global insurers—to a US-listed Insurtech in 2023, they spotted a critical gap: data compliance, governance, and risk management remain largely siloed, reactive, and built for manual, human use. Controls are typically applied only after data has been created or ingested, rather than being proactively embedded and enforced at the point of origin. They believe governance can no longer sit at the edges; it needs to be embedded directly where data is created and used. They founded Qala to make that shift possible. In this candid Q&A, Carl Strempel shares how the team is turning that belief into reality.
1. Tell us about yourself / your co-founder(s).
As a team we have worked together for many years building technology in highly regulated industries. Before founding Qala AG, we built and scaled Imburse Payments together, an enterprise payments platform used by global insurers. After exiting the company to a US-listed Insurtech in 2023, we continued to lead critical areas across product, engineering, and AI initiatives until leaving to start Qala AG.
Our team has a complementary combination of product, engineering, and compliance expertise, shaped by years working with highly regulated data in the financial services and insurance sectors. Operating in those environments gave us first-hand insight into the complexity of managing strict data security requirements, regulatory frameworks, and evolving compliance obligations.
Over time we became increasingly frustrated by how much data governance and compliance still relied on manual processes, spreadsheets, and institutional knowledge, particularly when teams needed to evidence how data was handled across modern software systems. We realised that for many stakeholders, internal software systems were a black box, making data security and governance difficult to verify in practice and something that was becoming a real bottleneck for the safe adoption of agentic solutions.
These experiences led us to found Qala. The company was created to shift governance and security left to where data and software are actually built and operated. We enable organisations to embed governance directly into their systems, providing real-time data visibility and ensuring compliance happens continuously rather than retrospectively.
2. Who are your target customers, and what problem do you address for them?
We serve compliance, GRC, and risk leaders at B2B software companies, and regulated industries such as banking, insurance and finance. Our solution helps them safely govern AI initiatives, reduce data security risks and speed up product delivery by surfacing gaps to policies in real time while automating manual compliance reviews and evidence collection.
3. What is your product / solution, who do you compete with, and what is your USP?
Qala is an AI-native data discovery and visibility platform that gives security and compliance teams provable, real-time evidence of how data moves across code, integrations, third parties, and AI systems. The solution provides continuous data mapping, classification and lineage tracking while surfacing policy violations without disrupting existing development workflows.
We are unique in that we can deliver results in only a few hours without engineering impact. From there we act as a real time and continuous data control plane. Data classification shifts left, as data is created or ingested and code is released. Unlike other solutions, data labelling and classification happen automatically at the source and within the context of the business, the applicable frameworks (such as SOC2, PCI DSS, ISO etc) as well as contextual knowledge of the data flows. Our goal is to ensure that you always know where your most critical data assets are, how they are actually being used across your product and whether any rules or policies are being violated.
4. What is your current stage and traction, and how can our network help you in the next 6–12 months?
We are currently at the early commercial stage with a stable core platform already deployed in pilot environments. Over the past year our focus has been on building a robust product foundation and validating the core use cases around data visibility, embedded governance, and continuous compliance within complex engineering environments.
Through these pilots we have been working closely with design partners in regulated industries to ensure the platform integrates effectively into real-world product and engineering workflows. Our immediate priority is now to expand the number of early production customers, particularly within sectors where data governance and regulatory oversight are critical.
Over the next 6–12 months, the most valuable support from your network would be exposure and introductions to potential partners, particularly organisations with complex data environments where governance, compliance, and AI adoption are becoming critical challenges, as well as connections to senior product, engineering, and risk leaders responsible for governance, where data oversight is already a strategic priority.
5. How do you go to market? How are banks or insurers working with you (or how could they work with you)?
We go to market by partnering with compliance, data, and security teams to scope and run targeted proof-of-value engagements, allowing them to test Qala against real governance and data visibility challenges and demonstrate measurable value before moving towards broader deployments. We provide guided, dedicated support to ensure the project is scoped, implemented and delivered quickly and efficiently.
6. Any relevant industry trends or market shifts we should be watching?
Governance, risk, and compliance are undergoing a structural shift from manual, retrospective oversight to real-time, technology-driven governance embedded directly into operational and engineering systems. We believe we will see organisations shift increasingly towards continuous compliance models, using AI to automate risk detection and governance processes, while consolidating fragmented tools into a unified platform that provides real-time visibility into enterprise risk.
We believe the main themes to watch are the following as we shift towards this vision of a unified GRC control plane:
– Continuous and embedded data visibility and compliance (“shift-left” operations)
– AI-driven risk intelligence with automated policy enforcement
– Unified, data-driven solutions that can provide real-time visibility and GRC context to other systems
7. What’s on your bookshelf or podcast app? Your favourite place for a coffee or a drink?
Lately my reading has been a mix of technology and founder stories. I’ve just finished The Hard Thing About Hard Things and The Contrarian, both of which offer very honest perspectives on building companies and thinking independently about markets. As for coffee or a drink, I’m usually happiest in a good independent coffee shop for morning meetings.
As AI continues to reshape every industry, Qala AG is proving that compliance doesn’t have to slow innovation—it can fuel it. Carl Strempel and his co-founders are leading the charge toward a future where governance is proactive, embedded, and effortless. If you’re navigating the same challenges in your organization, reach out to the Qala team—you won’t want to miss what’s next. Stay with us for more game-changing conversations that turn complexity into competitive advantage.