In the April edition of our London founder interview series, we spoke to Alex Franch on the GDPR compliance platform he launched: Privasee.
Hey Alex! Great to chat to you. To get started, how would you describe Privasee?
Privasee is like Xero but for GDPR. We’re a SelfCompliance platform that automates GDPR to help companies save time and money. We help companies map their personal data by connecting to third parties and databases. Then they can see a score on how compliant they are and provide recommended actions to mitigate their compliance risks.
Can you tell us a little about your background and how you got into building products?
My background is in computer science. I did my BSc at King’s and in that time I had the opportunity to do a bit of research around privacy-enhancing cryptography and teaching small seminars. I got into building products initially because I have an awesome co-founder who was super keen to start something with me. I was also fascinated by the idea of taking something from just an idea in my head to something people would use on a daily basis.
Where did the idea for Privasee come from, and how did you validate it?
Manuel and I met at university and became good friends. We were uni buddies, working on different software projects together and studying together. One summer I had the idea of creating a platform that would allow people to stay connected forever without having to use a social site, because I wasn’t keen on having to keep my Facebook profile alive just because I wanted to stay connected with people.
My co-founder jumped onboard and we started building this project. It was then when we realised that we were going to move a lot of personal data. We felt that since our users trusted us with their data that we should be responsible and protect it from early on. It is after we were introduced to the GDPR and discovered that, as many know, it's confusing, expensive, time consuming and puts you off from your core work. As engineers, we obsessed over this and thought that it should be possible to do the right thing without hurting your pocket and your sanity.
We validated it by talking to a lot of consultants and potential customers, but you can never say that you’ve validated it enough. There’s always a more efficient way to communicate, sell or build and we continuously look for companies and consultants to talk to about their GDPR headaches (seriously, if you’re one I’ll probably be the most fascinated person to hear about your GDPR story, please get in touch!).
What’s the vision for Privasee?
We believe that being transparent with users and protecting personal information should be easy. Right now it's a nightmare. We believe in protecting fundamental rights but also in making it fun. Our goal is to make companies comply with all privacy regulations whilst they have fun because they want to protect their stakeholders.
What’s your tech stack?
What growth tactics did and didn’t work for you?
Be it via outbound, inbound or tapping into our network. Our results have been significantly higher when we have time to prepare for a meeting and look at the end of someone’s LinkedIn to find that she/he started their career as a “snowboarder” or when sending an outbound message we really try to make sure that it feels like a conversation and not a letter. Nobody likes receiving letters about GDPR, GDPR is already a tough pill to swallow so we like to show how excited we are to help them.
We’re still trying to find our silver bullet but I think it will never come. Though one thing that I see consistently adding value to the business (and in a non-linear way) is our network. Through Startupbootcamp we tripled our network in three months and it has had a very big impact on the company. I would never discount setting aside some time every week to maintain those relationships with the people that you get along with.
What was your lowest point in building Privasee so far, and how did you get out?
We started developing a B2C solution and we had to undergo a pivot at the very beginning because we realised that the Data Privacy Consumer market was very small and that as a startup creating a market and conquering it required a lot of cash, of which of course we had none. That was very challenging as we had to swallow our ego, throw everything away and restart. Dealing with uncertainty for long periods of time is very tough but we had some very key people around us that helped us at the time (thanks Salva, Farhan & David). We ended up sending more than 300 emails to speak to over 50 different consultants, lawyers and potential users to find out what they wanted in a GDPR tool in a series of iterative sprints.
How do you stay focused and avoid distractions?
I figured out when I’m most productive and where I go through my daily trough, and I block time out in my calendar for both those times. That way I don’t make as many bad decisions and I stay positive. I also use Calendly to let people schedule meetings on my calendar and have different links for how much of a priority and length.
I try to keep most meetings to 30-45 mins as I have found that most can be done in 30’ and that after 45’ you face diminishing returns (people obsess over one detail or you repeat yourself). Also, if a meeting is shorter than expected I always say “well I’m mindful of your time and I’m going to give you 20 mins back, excited to talk again”. I am looking into “async meetings” namely, having people send voice notes and then replying on my daily walk or in my own time.
I always ask for a commitment. Whenever I’m on a call with someone, be it an advisor, partner or client, I always ask for something that proves they have skin in the game. An intro, more of their time, them doing something for me… That way I can understand if they truly care/want to help and know that I’m not wasting my time in follow up meetings.
How would you have done things differently if you started again?
I would’ve tried to build my product without writing a line of code. Having engineers onboard is great but it also means that you have the tools to build stuff that is complicated. Once you write a line of code, you must write a line to test it and something to deploy it, then you need to configure HTTPS and then you need to adjust the margin, this wastes time at the start and although we’re still bootstrapped, I’m sure we could’ve done even more. Thus, doing the exercise of let’s build it without a line of code would be my must if I were to restart.
Not talking to potential customers. I’d say that the first exercise someone should do before they even think of a name is to talk to at least 25 potential customers and get the question “tell me how you solve this problem today and what frustrates you about that process”.
I built a Client-side encrypted web application similar to a password manager that used proxy re-encryption to conditionally share personal data. Proxy re-encryption is a new type of asymmetric encryption that would’ve allowed for someone to share data that resided on their device with a company under some set conditions (e.g. if it is used for research purposes then share this data with this person) without having to be be online to accept that by delegating decryption rights to a proxy. I learnt that for it to be mainstream I would have to fundamentally change how businesses store and access their data. I also learned that I absolutely love cryptography and security and that there was a cool use-case for it in IoT devices (we even published a paper with King’s College here).
Favourite indie products?
Favourite apps on your homescreen?
- Escape Velocity - with Dan Martell
Where can people stay updated on you and your projects?
On our website - www.privasee.co.uk
On our LinkedIn - https://www.linkedin.com/company/privaseeapp