SpruceID is a company building a future where users own their identity and data across all digital interactions. And the company’s open-source credentialing infrastructure is standards-compliant, production-ready, and extensible to enterprise and government IT systems. Pulse 2.0 interviewed SpruceID co-founder and CEO Wayne Chang to learn more about the company.
Wayne Chang’s Background
What is Chang’s background? Chang said:
“Growing up, I spent a lot of my time on the internet, trying to understand how different websites worked. When I learned how databases with my information were being created and controlled by someone else, I saw this as a problem that I wanted to help solve someday.”
“Fortunately, like many founders, I come from an engineering background — I studied electrical engineering in school but am a software engineer by trade, and have experience both as a startup founder and working at larger technology companies in both product and engineering.”
“But there was always something about the problem of data and how it gets used and stored that kept me wondering. My first startup was actually in health tech, helping emergency room patients find follow-up care and gain access to information they needed for their specialist or PCP. It was eye-opening how people lack access to and control over their health records, and I felt strongly that there needs to be a different approach to giving people control over their data and identity. This was one of the seeds for eventually founding SpruceID, years later, which has the goal of solving fundamental identity and data issues.”
Formation Of SpruceID
How did the idea for the company come together? Chang shared:
“The big problem we set out to solve with SpruceID is to let users control their identity and data across digital interactions. As a technologist, I could see inefficiencies in how people’s personal information is managed and felt strongly that individuals should have more control over their data without navigating through red tape.”
“This vision became the foundation for the company’s thesis — shifting from people logging into platforms to platforms accessing data from a person’s personal “data vault,” on their own terms. In line with our mission, we work with different groups that advocate for standards prioritizing privacy, security, and widespread adoption to ensure a seamless and safe user experience as it relates to new digital identity technologies.”
Favorite Memory
What has been Chang’s favorite memory working for the company so far? Chang reflected:
“My favorite memories at SpruceID so far include that feeling of excitement of the first users engaging with our products and the satisfaction of getting to solve their problems. The successful launch of the California DMV wallet was a big moment for us — it was a project that involved innovative technologies, prioritized privacy and security, and showcased the team’s exceptional commitment and collaboration. The experience of working seamlessly together toward a common goal can be compared to playing in a highly skilled musical ensemble. That level of teamwork and ability to integrate into one working rhythm is extremely fulfilling and is a memorable aspect of my journey with the company.”
Core Products
What are SpruceID’s core products and features? Chang explained:
“SpruceID is a verifiable digital credential management provider for governments and large enterprises. SpruceID’s Credible platform can be integrated to support the IT infrastructure to issue, verify, revoke, and hold digital credentials. We also provide frameworks and open-source, ready-to-use code to build a digital wallet application for popular digital credential formats.”
“What this means in execution is that there is less identity fraud, governments are able to administer benefits more securely and eventually, we think, we’ll solve one of the biggest issues on the internet: who created what content. I’m excited to explore how giving users control over their data shows up in real life use cases, whether it’s a mobile identity like a driver’s license, a digital credential like a teaching certificate, or a verified signature on an Instagram account and how this inspires more trust and verification in our interactions.”
Challenges Faced
What challenges has Chang faced in building the company? Chang acknowledged:
“Our industry’s primary bottleneck is the need to bridge the gap between the recognized value of user-controlled identity and the global standardization required to support practical implementation with larger institutions, especially in sectors like banks, healthcare systems, and insurance companies. We welcome any interested parties to engage in conversations with us and for the development of guidelines and frameworks, such as security frameworks from NIST, to guide and encourage the adoption of user-controlled identity at both state and federal levels. We believe these efforts should focus on providing guidance and frameworks, not mandates, to ensure due process and privacy protections.”
Evolution Of SpruceID’s Technology
How has SpruceID’s technology evolved since launching? Chang noted:
“Our technology architecture has remained consistent since launch; however, there has been significant evolution in supporting various data formats and protocols for responsible data storage and sharing. The initial choice of a technology stack compatible with both mainframe computers and modern mobile applications has facilitated successful deployment in diverse environments. A significant aspect of the technology involves cryptography, allowing end users to sign permits for data access and revoke them, a departure from traditional reliance on large tech companies.”
“The evolution has also embraced the trend of cryptographic key adoption, aligning with developments in the Web3 ecosystem and the proliferation of hardware-based cryptography on retail devices, such as secure elements in iPhones and Android devices. Our technology’s adaptive support for key adoption across different platforms reflects the company’s commitment to user-controlled data management.”
Significant Milestones
What have been some of the company’s most significant milestones? Chang cited:
“Some of the most significant milestones that we’ve been proud of as a team include: Partnering with the State of California DMV to launch their mobile driver’s license, developing Sign-in with Ethereum, allowing users to use their Ethereum accounts to access web services instead of accounts owned by large corporations. Raising funds from well-respected venture capitalists and industry leaders, including Okta Ventures, Electric Capital, Y Combinator, and many more.”
“Holding true to our values of building a privacy-first product by hosting an ISO interoperability event to provide a collaboration forum for implementers of the draft technical specification to send mobile driver’s licenses over the internet.”
“These are just a handful of milestones we are proud of as a team, and are looking forward to many more to come!”
Customer Success Stories
After asking Chang about customer success stories, he highlighted
“Our most recent customer success story is one I previously mentioned, working with the State of California DMV to launch their mobile driver’s license. For this engagement, we worked closely with the California DMV team to create a mobile driver’s license with an open-source mobile wallet that offers security, privacy, and transparency to residents while adhering to global industry standards from ISO, W3C, and NIST. This new wallet empowers residents through user-controlled identity, and today, any registered driver in California can use their DMV-issued mobile driver’s license in several scenarios, such as proving their identity at airport TSA checkpoints. I think the state of California is showing itself to be a real leader in terms of developing tech that is user-friendly and privacy preserving, and it’s been a pleasure to help them realize that vision.”
“Together with the California DMV, we were able to go from project planning to a successful launch in a span of 18 months, and, most importantly, we had a client who was happy with the end product.”
Funding
After asking Chang about the company’s funding information, he revealed:
“SpruceID has raised roughly $42 million in total venture capital funding. Our most recent funding round was a $34 million Series A in April 2022 led by Andreessen Horowitz (a16z), with participation from Okta Ventures, Electric Capital, Y Combinator, and many more.”
Total Addressable Market
What total addressable market (TAM) size is the company pursuing? Chang assessed:
“Digital verifiable identity is a new domain with the core technologies only recently standardized across global standard organizations (and some still in progress). As a result, there is no major incumbent that we are disrupting, but rather introducing new paradigms to facilitate digital workflows where paper or manual processes were pervasive historically. We recognize with the proliferation of AI that the ability to discern real from fake online will become even more topical across critical business workflows in Government, Healthcare, Financial Services, and other sectors. We hypothesize that traditional identity verification (IDV) vendors will experience disruption with the increased sophistication of AI, which can be mitigated through the use of verifiable digital credentials powered by cryptography.”
Differentiation From The Competition
What differentiates the company from its competition? Chang affirmed:
“SpruceID has an open-source approach to building our products, which increases trust and transparency and builds accountability within the ecosystem of implementers and users. The development stack for verifiable digital credentials can be complex and niche; we package our open-source libraries to reduce the barrier to entry for developers by pre-packaging ready-to-use code to help with the adoption of the technology.”
“As there are very real concerns regarding privacy protections with the introduction of verifiable digital identity, we work closely to inform implementations with privacy protection mitigations on both the technology and public policy levels. We believe that technology alone will only go so far, and we believe that it’s critical to help drive policy changes forward at the same time.”
Future Company Goals
What are some of the company’s future goals? Chang concluded:
“Our long-term goal is to enable users to control their data across the web. This will take a while and requires major buy-in from institutions, including governments, banks and social media platforms, but I think with the recent egregious examples of identity vulnerabilities, whether it’s unemployment insurance fraud, or deep fakes, people are starting to take these issues more seriously and welcome solutions.”
“In the near term, we are focused on defining trust frameworks that accommodate user-owned wallets and establishing reasonable disclosure frameworks. These initiatives aim to integrate policy and technical aspects, promoting a sense of normalcy in data-sharing interactions — for instance, disclosing age without revealing specific personal details like address.”
Additional Thoughts
Any other topics you would like to discuss? Chang concluded:
“One additional topic would be the role of the federal government in defining identity within the national cybersecurity strategy. At SpruceID, we believe it’s a matter of national security and a concern for the country’s digital identity leadership on a global scale. I’d like to emphasize the importance of ensuring that protocols and technologies in digital identity align with democratic values, openness, and individual autonomy. It’s crucial for the U.S. to play a leading role in shaping these standards, and we’re open to having these discussions 1:1 with government entities.”
