In this engaging conversation, Utkarsh Srivastava, the founder of Securelytix (formerly FSTAC), shares his mission to transform how India protects personal data in the digital age. After working across technical and go-to-market roles, Utkarsh identified a critical gap in how sensitive information is secured. While cloud and infrastructure technologies evolved, personal data remained underprotected. This realization led to the founding of SecureLytix, a zero-trust privacy infrastructure platform that empowers developers and businesses to embed privacy directly into their systems. In this interview, Utkarsh discusses his journey, the evolution from FSTAC to SecureLytix, the significance of DPDPA, and how his platform is helping build a privacy-first digital future for India.
Who is Utkarsh Srivastava?
I’m Utkarsh Srivastava, the founder of FSTAC, a company building the next-generation data security layer for the internet. Before FSTAC, I spent a few years navigating a mix of technical and GTM roles, where I realized there was a systemic gap: albeit cloud and network security evolved quickly, sensitive data was still exposed.
That realization led to FSTAC. We are solving the “missing layer” in cybersecurity, enabling developers and enterprises to secure, tokenize, and control access to PII without re-writing their systems. I am spending my focus on product architecture, GTM strategy, and recruiting the right founding team. I’m a builder at heart and obsessed with speed of execution and impact on customers.
Q1. What motivated you to move into Data Privacy space?
Utkarsh: What led me to this space was the harsh reality that everyone talks about data security but almost no one secures the data themselves. I have seen first-hand how companies spend millions on firewalls and cloud security but leave PII sitting there in plain text and accessible by anyone with privileged access to the database.
The tipping point for me was the realization that today’s breaches do not start with the infrastructure. They start with over-permissioned access, internal misuse, and failure to control data based on purpose. I wanted to change that.
FSTAC was created to solve for this missing layer, to make privacy programmable, enforceable, and frictionless for makers and enterprises alike.
Q2. What is the definition of Privacy for you?
Utkarsh: To me, privacy is control. Control over who can access which information, when, and for which purpose. Privacy is not just hiding information but preventing unnecessary exposure, enforcing purpose, and minimizing exposure, and enforcing consent from top to bottom of the tech stack. At FSTAC, we view privacy as zero trust applied to data, not only with secure data storage but also with secure data flow that is to say, redacted, tokenized, and access logged by default.
Q3. What do you like about DPDPA?
Utkarsh: What I appreciate about DPDPA more than anything else is that it transforms India from a compliance-optional to a compliance-first economy, where protecting personal data is a legal obligation rather than just a checkbox.
It codifies the concepts of purpose limitation, data minimization, and consent framework in a direct and actionable way. For startups like ours, it gives a clear baseline: build privacy into the product itself and not around it.
Perhaps more importantly, DPDPA provides Indian citizens with real rights over their data, while allowing companies like FSTAC the opportunity to be foundational infrastructure for this new regulatory environment.
Q4. What do you dislike about DPDPA?
Utkarsh: The most difficult part of DPDPA for me is operational clarity, especially from the standpoint of early-stage startups. Terms like “reasonable security safeguards” or “deemed consent” are ambiguous, which leads to uncertainty about how to implement those and to be audit-ready for organizations. Another factor is that DPDPA does not yet have a powerful, independent Data Protection Board like the GDPR. This precedent relative to enforcement is important, as it may inhibit trust and accountability, to both users as well as businesses trying to comply in good faith.
Q5. What is Fstac?
Utkarsh: Fstac, a SaaS startup located in Bengaluru, was founded in 2023 by Utkarsh Srivastava. Fstac is building what will be the first indigenous privacy vault in India a data security layer that is built for developers that enables them to secure sensitive information (like Aadhaar, PAN, health records, etc.) across fintech, healthcare, AI, e-commerce, etc.
Q6. What are you building for Indian to help with Privacy of billion Indians?
Utkarsh: At FSTAC, we are developing India’s first data privacy infrastructure layer a vault that allows companies to store, tokenize, and control sensitive data access (Aadhaar, PAN, mobile, health records) without having to change their systems.
Our mission is simple: Make privacy programmable for every developer and compliance simple for every business – be it a healthtech startup, a fintech app, or a government portal.
By abstracting the complexity of encryption, redaction, access control, and audit trails, we allow businesses to be compliant with DPDPA, GDPR, and HIPAA and ultimately allow for all Indians personal data to be secure by design not just policy.
Q7. How does Fstac help organization achieve compliance with DPDPA?
Utkarsh: FSTAC serves as a privacy infrastructure layer that governs DPDPA requirements at the data level – without requiring organizations to reengineer their systems.
Q8. How does technology at Fstac achieve data privacy for organization and individuals?
Utkarsh: FSTAC taps technology focuses on data privacy by design, employing a zero-trust, API-first architecture to protect organizations and individuals.
Q9. What is the mission of Fstac when it comes to data privacy and compliance?
Utkarsh: Our goal is to have every developer trust sensitive data to be treated like financial transactions, even if those transactions are from ad or subscription revenue. Secure, auditable, and intended for a purpose by default. That’s how we protect a billion identities and if not a billion identities, create future-proof trust in the digital economy.
Q10. What are the challenges that businesses will face with the implementation of DPDPA?
Utkarsh: The biggest question businesses face is that most are not architected for data minimization or purpose limitation. Data is lying around across microservices, dashboards, vendors, and analytical tools with very little governing or oversight.
With the DPDPA, businesses now need to:
1. Map and classify sensitive data across systems – most have never done this.
2. Re-architect data flows to purposeful access and consent without disrupting operations.
3. Provide auditability – businesses must be able to prove the reasons why, and who accessed the PII and not just say it’s secure.
4. Train teams to treat data as a liability and not an asset.
For enterprises, this will mean significant rewiring. For start-ups, it opens the door to build in privacy-first from day one – which is exactly what we do at FSTAC.
Q11. Where do you envision Fstac in the upcoming year?
Utkarsh: We’re targeting:
- Protecting 100 M+ sensitive records across our customer base
- Providing success measuring compliance for early adopters of DPDPA
- Building our SDK and service mesh stack to make privacy integration ten times easier for developers
- Launching real-time privacy analytics and breach simulation tools
- Building strong GTM and partnerships with CISOs, CTOs, and regulatory agencies
Ultimately, FSTAC aims to be what Stripe is to payments, but for data privacy.
Closing Summary
As India embraces stronger data protection through DPDPA, innovators like Utkarsh Srivastava are stepping up to lead the change. FSTAC is more than a product; it is a movement toward responsible data stewardship and secure digital transformation. Utkarsh’s vision is clear. He wants privacy to be as easy to implement as payments or logins. By making privacy programmable and seamless for developers, FSTAC is helping businesses earn user trust while staying compliant. This interview captures a future-focused mindset where security, simplicity, and purpose go hand in hand to protect the digital identities of a billion people.
ALSO READ: Interview with Ketan Modh, Author of Privacy Matters, Sharing Insights on Data Privacy and DPDPA
