The rapid adoption of Internet of Things (IoT) technologies by startups has intensified concerns related to data governance, privacy protection, and information security risks. This study investigates the effect of IoT data governance quality and data privacy policy on information security risk mitigation and customer trust in IoT-based startups in Bandung, Indonesia. Using a quantitative research approach, data were collected from 150 users of IoT-based startup services through a structured questionnaire measured on a Likert scale. The data were analyzed using Structural Equation Modeling–Partial Least Squares (SEM-PLS 3). The results indicate that IoT data governance quality has a significant positive effect on information security risk mitigation. In addition, data privacy policy and information security risk mitigation both have significant positive effects on customer trust. Furthermore, information security risk mitigation partially mediates the relationship between IoT data governance quality and customer trust. These findings highlight the importance of strengthening data governance frameworks and implementing transparent privacy policies to reduce security risks and enhance customer trust. This study contributes to the growing body of literature on IoT governance and provides practical insights for startup managers and policymakers in fostering secure and trustworthy IoT-based business environments.