Privacy trust and governance
For a privacy venture, trust is not branding. It is the answer to practical questions:
- What does the company collect?
- Which employee can see it?
- What happens when a customer loses access?
- What data exists after a breach or lawful request?
- What happens if the company is acquired, fails, or changes direction?
Encryption does not answer all of these questions. Governance, operations, and honest limits do.
The founding advantage
Institutional policing experience and lived experience of invasive device or data practices can create unusually good product judgment. They can help the company see harms that a generic SaaS team will miss.
They should be used to build empathy, clear consent, lawful scope, and skepticism toward false technical promises. They should not become a claim that the venture can defeat legal process or represent customers in legal matters without counsel.
An independent advisory circle should include privacy law, security engineering, and people with domestic-violence, victim-support, disability, or civil-society expertise.
Publish a service charter
The charter should state:
- no advertising, data brokerage, behavioral profiling, or sale of customer data
- no claim of anonymity, untraceability, or immunity from investigation
- no help to destroy evidence, conceal unlawful activity, or evade lawful orders
- no routine remote access or retained customer secrets
- customer ownership of accounts, recovery materials, and exportable data
- honest description of metadata, support records, billing, and legal limits
- clear refusal, escalation, and emergency-referral policy
- transparent ownership, funding, and material product changes
This makes the venture more credible to both high-risk people and cautious organizational buyers.
Transparency should be evidence
Publish:
- a data inventory and retention summary
- subprocessor and hosting-region disclosures
- a privacy and security changelog
- product-specific threat models
- audit scope, date, findings, and remediation status
- a public vulnerability-disclosure policy
- signed release and supply-chain evidence
- aggregate legal-request and incident statistics
- a plain-language explanation of customer export and shutdown plans
Do not rely on a warrant canary as the center of trust. It is ambiguous and fragile. Clear data minimization, documented policy, counsel, and transparency reporting offer stronger evidence. Data minimization is therefore a governance commitment, not merely an implementation preference.
A mission lock and exit covenant
Skiff’s closure after acquisition shows why “encrypted” is not enough. A customer needs to know whether their data is exportable and whether the service can disappear without a migration path.
Before a large customer launch, adopt an exit covenant:
- reasonable advance notice for shutdowns or material changes
- export in documented, useful formats
- no silent transfer of customer data or identifiers to an acquirer
- a public acquisition-policy process
- independent review of any change that weakens privacy claims
- an escrow or continuity plan when the product holds vital customer data
This should be proportionate to the service. A two-person consulting business cannot promise perpetual operation, but it can promise clarity and a practicable handover.
Internal controls
No normal staff member should be able to join identity, content, product telemetry, and support history by default. Privacy product architecture gives the technical separation.
Governance should add:
- least-privilege access
- hardware-backed MFA for staff
- dual approval for exceptional cross-system access
- access logs and regular review
- a conflict-of-interest register
- employee and contractor confidentiality training
- incident drills and post-incident learning
- external review before high-risk product launches
The company should measure success not only in users or revenue, but also in data it avoided collecting, support data deleted on schedule, recovery tests passed, security findings fixed, and customers who can leave without losing their life archive.