The Internet was never built to store our most sensitive data. Working as an engineer today, you have to choose between building a great user experience or respecting your users' privacy. You can't do both. But as users demand more, breaches become more common, and local regulations diverge, you have to.
Here's what we believe:
- Transparency is key to modern privacy. Clear communication will be rewarded. Companies' approach to user data handling over the last 30 years—hoping the topic doesn't come up—won't work anymore. There are plenty of good reasons for needing some user data (UX and regulation chief amongst them) but, with sensible defaults and flexible controls, you should be able to look your user in the eye and explain how their data is used.
- The era of data gorging is over. For the first time ever, your user data is a liability and not just an asset. The fragmentation of your stack through microservices makes it harder for you to secure data; the huge expansion of privacy regulation has made it costly for you to store it. Besides, only a handful of companies actually monetize data. For most of us, using data is about understanding our users and building a better product. Gone are the days when you took on user data by default, "just in case."
- UX is the alpha and the omega. Users will not choose a worse product based on privacy guarantees. But creators shouldn't have to pick between building great products and protecting their users' data. Great privacy tooling can help you make better privacy guarantees and build a better product. Get back to doing what you do best.
- Every problem deserves the right solution. There is no silver bullet. Some data should be on-chain; some shouldn't. Recent advances in distributed systems and encryption are nothing short of revolutionary and are changing how the Web operates. But data privacy will always involve tradeoffs and the modern stack will be a hybrid of centralized and decentralized infrastructure. Great privacy tooling helps you thread the needle of data control to empower your engineers and your users.
- Sensible defaults matter. Provably secure user data stores and privacy-preserving defaults are cornerstones to your entire privacy strategy. Privacy is an engineering problem, a legal problem, gesamtorgwerk. We made up the word to mean "it involves your entire org." It has a seat in your product meetings, with engineering design and legal strategy. But all this presupposes your bases are covered and you are using secure defaults.