The Data Stack Show - 36: Crypto and Compliance with Nick Fogle, Co-Founder of Churnkey and Wavve
Episode Date: May 19, 2021On this week's episode of The Data Stack Show, Eric and Kostas talk with Nick Fogle, co-founder of Churnkey and Wavve. Together they discuss how having a legal background can impact engineering decisi...ons, dealing with privacy and compliance concerns, and selling Wavve and starting Churnkey as a result.Highlights from this week's episode include: Nick's background in economics and law and teaching himself to code (2:01)Thinking like a lawyer and trying to minimize risk to the greatest extent possible (4:23)GDPR and compliance (8:23)Blockchain contracts (18:26)Unique challenges surrounding compliance with a cryptocurrency startup (21:41)Reconciling the right to be forgotten, GDPR, and blockchain permanence (27:16)Building Churnkey after developing it as a way to lower churn among Wavve users (31:31)How Churnkey's stack works (37:16)Crypto predictions (39:02)The Data Stack Show is a weekly podcast powered by RudderStack. Each week we’ll talk to data engineers, analysts, and data scientists about their experience around building and maintaining data infrastructure, delivering data and data products, and driving better outcomes across their businesses with data.RudderStack helps businesses make the most out of their customer data while ensuring data privacy and security. To learn more about RudderStack visit rudderstack.com.
Transcript
Discussion (0)
The Data Stack Show is brought to you by Rudderstack, the complete customer data pipeline solution.
Thanks for joining the show today.
Welcome back to the Data Stack Show.
One thing I love about doing this podcast is that we get to talk to people who have
such interesting backgrounds. We've talked to people who have worked on particle physics and all sorts of
interesting things. And today we get to talk to someone who started their career as a lawyer,
actually, and then became a software developer. And so this is very obvious, but I think just
really valuable. So my question is going to be, how do lawyers think about data privacy
when they're trying to help a company sort through that? Because we work in it, but we're sort of
reacting to what the lawyers are telling us and trying to make decisions based on that. But it'll
be great to hear from an actual lawyer who has, you know, sort of had a foot on both sides of the
fence. Kostas, how about you? Absolutely.
Yeah, I totally agree with you.
That's going to be very interesting.
And another thing that I'd like to ask him is about his migration, let's say,
from being a lawyer, becoming an engineer,
and how this experience was and how it helps
and how it might make things more difficult
going from a completely different mentality
that a lawyer has to becoming an engineer.
So I'm really looking forward to it.
Great.
Well, let's jump in and chat.
All right, Nick, welcome to the Data Stack Show.
Really excited to have you.
It's great to be here, Eric and Kostas.
Thanks for having me.
All right.
So give us, you have a really interesting background.
You started out your career as a lawyer.
You turned into a software developer.
You faced data challenges across multiple industries.
And now you are a successful entrepreneur.
So can you give us the two minute flyover of that story?
Because it's pretty great.
Yeah, I'll spare you the full saga because it's a long one.
But basically, I finished
undergrad with a degree in economics right as the bottom fell out of the housing market and
banking jobs were gone. So I said, well, I'll go to law school like a lot of people.
Turned out that I made a, I turned a bad situation into a worse situation because I
went to law school and did not really enjoy the practice of law. Law school
is really boring to begin with. And then as I got out, I did some transactional law and real estate
law and I just hated it. I would always been kind of a nerd at heart. I'd love computers and video
games and had been a creative too. And with law, you don't really have a lot of room to be creative.
In fact, you'll build something, which is like, think of like a contract. If you're a software
developer listening to this, you're really just as a lawyer writing
a bunch of if-else statements, only it doesn't execute for you really ever.
Like maybe in 10 years, somebody will be in violation of a contract or something.
And then you can see your handiwork actually function.
So the lack of feedback is an interesting reason why I prefer code over that.
But yeah, long story short, economics, became a lawyer, hated it, taught myself to code
and landed a job at a company that makes nonprofit software called Blackbaud.
Very cool.
And so I'm interested to know, and I want to hear the second part of that with your
startups and the data challenges you face.
But one thing that I thought would be really helpful starting out, since you have such a unique
perspective, being both a lawyer and now a sort of software developer, help our audience understand
what is a lawyer thinking about when they're trying to evaluate the risk around data privacy?
And I know there's sort of different strata to that, right?
Like HIPAA compliance is pretty different than GDPR.
But I know that in the work that, you know, for example, that Kostas and I do, privacy is really important to us.
But we're sort of also saying, OK, we're trying to do these certain things with a product.
And we know that privacy is a concern, but we really don't understand all the intricacies of
the law around GDPR and what exactly is going to happen if things go up for bails, et cetera.
So, I mean, it'd be helpful for me, but I think also our audience just to know,
what's the lawyer thinking about that when we bring that up and have those discussions?
You know, I think it's a pretty good comparison would be thinking a lawyer would think of the startup and they would
attack this problem in a way to minimize threat vectors. So if you think about offset for security,
you're looking to reduce the surface area that somebody could attack you in. Lawyers are doing the same
thing. They're trying to reduce that surface area for attack. So when you have something like GDPR
or PCI requirements or any of these regulatory changes, you are trying to minimize the risk to
the greatest extent possible. And to do that, to do that effectively, you really,
really need to understand the company, the product, all the different ways they use data,
and most importantly, all the different third parties that they use to create a product or
to create that, even if they have like a CRM or something like you need to know all of that.
Yeah. And that's a, I think it's a tough thing because especially in the context of a startup,
but let's say even at a large company, there's a desire for velocity. You want to move quick,
you want to ship things, you want to test new product features, et cetera. And moving fast
doesn't often feel like it's aligned with sort of minimizing the surface area of risk.
I think, as you said so articulately from the legal perspective.
Yeah. And this is why you don't see a lot of lawyers who are building companies.
You know, it's it's kind of this dichotomy in my head where I'm like, on one side, I've got this legal training that's like, oh, like everything I'm doing right now is exposing me to more risk.
But you also need to be a little naive and you need to be willing to take risk if you're trying something new.
Because if you're in a new area, odds are there's not a lot of regulatory guidance there.
There's no clearly defined rule.
And if you're operating in that realm, you kind of have to suspend that part
of your brain. And I think if you're a small startup and you're trying to move quickly,
the tendency is to avoid getting any legal help altogether. I think my recommended approach would
be to find an attorney who does work with startups, especially when it comes to data privacy.
And just be upfront about what you're willing to spend and that, you know, as a going concern,
your business may not be able to continue to run if you have to go back and redo a lot
of things to ensure 100% compliance.
Again, this is not legal advice for anybody.
I'm not telling anybody to blatantly
disregard the regulatory guidance that's out there. I would just say, make it clear to your
attorney or your counsel that you may have a limited budget and that, you know, talk to them
about your appetite for risk as well. Because a lot of times attorneys won't even be able to say,
hey, you've got to, this is 100% risk free. No attorney will ever say that. Because the law is always subject
to changing. So I guess that's my the best way I look at it is when you think of this, we're not
thinking in absolutes. We're thinking in kind of a gray area. And privacy is constantly evolving. I
mean, Apple's had a huge series of changes just as a single company. And as we see companies become more sensitive to that, I could see more change being applied
widespread.
So yeah, I hope that answers the question.
Nick, quick question based on the stuff you have shared with us so far.
You've been for quite a while out there building companies and you are also in this unique
position of being trained as a lawyer and
building companies at the same time. So how have you seen things changing these past few years
since you started working in startups in terms of these regulations and most importantly,
the tools that companies have out there to use in order to be compliant with all these regulations?
Yeah. So man, GDPR has been out for a few years now.
It wasn't a thing when I first started. I think all we had to worry about was like the CAN-SPAM
Act and PCI compliance and things like that. GDPR has been kind of a curveball because
originally we didn't intend on operating outside of the United States. But since our website was
out there and it's public and people can sign up and pay us from anywhere, we realized, okay, we started getting support cases asking us about what our GDPR policy was or where it was on our website.
We didn't have one.
And some of that is on me for not being reading and get familiar with the regulatory guidance and then draft some things that were specific to our company.
We're a small team and we didn't have a lot of budget for that sort of thing.
So I know it's a lot harder for others.
If you're in that position and you can't afford an attorney or maybe it's cost prohibitive,
I would look at some of these existing solutions that are out there now.
A couple of startups have formed that actually create little JavaScript plugins you can install
on your website.
You may have seen some of these on websites when you go.
All websites now have like the little annoying cookie notification.
But there are some that like some products that
already exist, and you can pay 20 bucks a month or something, drop in that custom line of JavaScript,
and it's going to load several things that help you stay GDPR compliant. You could just Google
GDPR SaaS software, and you'll probably find what I'm talking about. I know there are a number of
them. And it's pretty inexpensive. The one caveat I have there is that this may or may not fully protect
you since the legislation is always changing and your situation may be very different than what's
contemplated by this SaaS software provider. It definitely won't be as good a protection as
consulting an attorney and
getting advice and documents specific to your situation. Yeah, I think that's the best way of
looking at it is you're not dealing in absolutes. It's kind of a trade off. And maybe, you know,
80% or 90% of your bases are covered with this pre existing software. And for that other 10%,
it's really going to come down to use cases that are specific to your business. Yeah.
Yeah.
First of all, you shouldn't feel bad, to be honest, for what you were saying.
I started a company in 2014 in Europe.
So I had to go through the whole thing of GDPR.
And I can assure you that probably you have handled much, much better than most of the
companies and the
countries in the EU. I remember, I mean, it was a mess. Like, not even the EU could answer questions
around that at the beginning. And I mean, it makes sense, right? Like, it's a very complex thing.
It's something that changes really, really fast, both on a societal level and on a technology level, right?
And these kind of institutions
are not just, you know,
they're not built to react so fast
or like build so fast.
And for a good reason,
it's not, I'm not criticizing it.
But at the beginning,
it was really hard to find people who knew.
Even I was looking for lawyers to help us.
And most of them,
they were like,
we are still trying to figure it out. So yeah,
don't feel bad about it. And that was the interesting experience I had when I talked
to a colleague who was really well-versed in commercial law and consumer protection,
things like that, and was vaguely familiar that something like GDPR existed. And we kind of worked
together on that to come up with something. And a lot of it was like boilerplate, I feel like.
I think we looked at a couple other organizations
that had added it
and we looked at how we could improve it
and our specific situation.
And yeah, I mean, it wasn't something
I was super proud of,
but at the end of the day,
it felt like we talked about all the different areas
that would expose us to risk
and set up an agreement that did that.
Yeah, yeah. yeah yeah it's
super interesting i mean i haven't had to deal with gdpr i mean with with lawyers about gdpr
for quite a while now but i hope that like things have become much more clear now and at least there
are like attorneys out there who can help with that stuff which is quite important because
you need someone to advise you you need also to understand as an engineer, the problem that I see with engineers
when it comes to legal aspects is when you're an engineer and you are an engineer, so you can
probably understand what I'm talking about. There's no vagueness, right? We're always talking
about reasoning around our code. The Holy Grail is how easy it is to reason about something.
But laws are not built like that.
They are more vague and there are reasons for that, right?
It's not like by mistake.
It's by design like this.
And I think it's extremely uncomfortable at the beginning
as an entrepreneur who comes from with an engineering background
to get exposed to all
that stuff. I still remember like the first time that I got an NDA and I had to sign it. And I was
like, what the fuck? Engineers tend to be so analytical that you do want to read the details
and understand how it works. I mean, I think that's our nature is we want to take things apart.
And, you know, a lot of people were like, how did you make such a significant jump from being an attorney to
writing code? And you know what I tell people that I always thought writing code would be more
mathematics based, but it's linguistics at the end of the day. I think it has more commonality
with learning a different language and understanding how logic and control flow works
moving through complex conditions. But you're absolutely right. Like moving through, you know, complex conditions.
But you're absolutely right.
Like with law, with, with code, once it's deployed, it's for the most part static, it's predictable, you know, what's going to, what's going to happen.
Whereas the control flow and regulate and regulations are subject to change at the whims
of people and the legislature.
So yeah, it's, there's a lot of interesting parallels though between writing law and writing code.
Yeah, I love that.
I love what we are saying right now
because I was always thinking that actually
after a while, like I started working
with lawyers for business,
I started creating some kind of metaphor in my mind.
And I started like thinking of laws in general and legislation as kind of metaphor in my mind. And I started thinking of laws in general and legislation
as a kind of DSL, domain-specific language that it's actually there to program society, right?
The difference is that with these DSLs, it's not a context-free language as we have in computer
science, right? So there's context there. And that's why you need the human person who can debug this thing and who can reason about it by considering also the context. So I used to say
to the lawyers that I was working with that you're not that far away from an engineer. It's just not
like you are engineering a completely different system. That's 100% right. I think, yeah, I would
love to go back to law school and teach a course teaching lawyers basic code, because I think a lot
of them, by the time you're about finished, you'd be pretty good with it. And it's funny, like, I do like this idea around, you know, ingesting all of the case law, and facts of these different legal cases and using machine learning to create more predictable analysis of law, because it is it does tend to be a gray area where you need humans to figure out, you know, what, what's, what's going to happen. It does seem like there's,
there's some really cool things you could do once you can ingest, you know, this whole canon of,
of US case law. Anyway, I don't want to go on too much of a tangent, but yeah, a lot of interesting
parallels there to dive deeper. Yeah, yeah, absolutely. And so that's like, makes me want
to make another question around that to you. So having gone from being like trained as a lawyer and working as a lawyer to getting
trained as an engineer and then working as an engineer, what are the things from the
law school that helped you?
And what was things that you had to overcome in the way that you were thinking in order
to become an engineer?
Oh, that's a good, yeah.
I haven't really thought about this one before.
Yeah.
I mean, I guess like if I'm thinking about overcoming things,
it's probably the risk is probably the biggest thing.
Like you get so, you're so trained.
And like when you write something,
you want to make sure that it's perfect before you finalize it,
because you're going to,
you don't know what's going to happen for 10 years.
And that's what I hated about law is I like the feedback. I like getting, I like putting something
out there, creating something and then seeing it in the, in the wild. And with, with code,
it's like, I can deploy this to my dev environment and immediately see what happens and see if it
works, see if it, if it succeeds. Yeah. So I think that that's probably the biggest thing I had to
unlearn was just like getting over the risk and getting over this perfectionist tendency. I think there is,
there are a lot of engineers that feel like they have to know everything about a topic too.
And I think some attorneys are the same way. Maybe that's more a personality thing than like
an attorney thing where you feel like you have to know everything about a body of law before you can
effectively write an agreement that covers something related
to that. I'd say another area that actually helped me coming from law to teaching myself
the code and just everything. I mean, I don't even know how to describe it. You can't just
say learning to code. You're ingesting a whole new body of knowledge. But what helps with that is law school, you've got to be an autodidact.
I mean, you really do.
The way law is taught is something you, it's called the Socratic method.
So you have like a giant, giant, boring reading assignment every single day.
And you go in class and the teacher is going to call on you and shame you if you haven't
done the reading and synthesized all the important takeaways.
So there's this huge pressure to teach yourself, to learn it, to master it, and then to apply that soon after.
And I think taking that training and applying it to my own teaching and learning in the code world definitely helped.
Yeah.
And I guess it's not possible to debug a contract after you sign it, right?
So you have to.
You know, it's funny.
Like if you look at it, like one thing I got really into, I'm still into cryptocurrency,
but originally I wasn't as much a fan of Bitcoin.
I was into Ethereum.
I totally flip-flopped and, you know, a Bitcoin, what they call a maximalist now.
But in the early days, I was really into Ethereum
because of the smart contracts.
And I remember one of the first things I did was,
I didn't have, I barely had any money.
We were working on startups.
So I put like $200 in Ethereum,
which was a lot of money to me back when I did it.
And there was this thing called the DAO.
It was the first decentralized autonomous organization.
It was what precipitated the giant fork split for Ethereum
back in 2016, I think. But I was like, I got caught up in the FOMO. I love this idea of a
smart contract and a self-governing organization. And I just threw all my money in there. And it's
like the South Park meme where the banker's like, it's gone. I mean, immediately, right after I did
that, the smart contract was hacked and they drained all the tokens from it.
So, you know, I just bring that up because it is interesting to see this idea of real world contracts moving into something like cryptocurrency,
where you can run a contract on a blockchain and you don't have a third party there to enforce it, but you have other incentive
mechanisms. So it's interesting. I think in five to 10 years, we're going to have
some real use cases for that. I was just thinking about the concept. There have been so many great
analogies here. I was just thinking about the concept of debugging a legal contract. And I
thought, if you have to do that, it's probably not good because you're in a situation where things are probably a little bit precarious.
It's funny because we just sold our company, Wave. Congratulations. Thank you. And the first
order of business, so we had a few LOIs, like the offer back in January. And as soon as we signed that thing, I was like,
all right, guys, I'm stepping down as the legal head of our team. And I hired a top-notch
transactional attorney. And immediately some of the little provisions and things like that,
that I've been cool with in our draft, he was like, are you kidding? Like, this is horrible.
So that was my version of bringing in that senior developer to come back in and audit my code. It was, it was code review. Yeah.
That's great. Right. You know, speaking of going back to, going back to the subject of crypto,
just thinking about something we chatted about briefly before we, we hit record on the show
that I think would be really helpful is you went through,
you were part of a crypto startup and you mentioned that you had a really challenging
time selecting a tool set that helped you meet compliance. And I think, I'm just thinking about
our listeners and I think it'd be helpful just to hear about the struggles that you went through
because that's something that a lot of our listeners are trying to figure out.
A, tool selection in general, the stack is changing.
I mean, it's kind of a hard subject on its own, but you went through a period where you
had to deal with some extremely rigorous requirements.
Can you walk us through that?
What kind of tools, what was the selection process like?
Yeah.
And if anybody is in the cryptocurrency industry listening,
they're probably going to be nodding along as I talk about this because it's very, very hard.
There are some very unique requirements. I'll talk about those a little bit. So in 2017,
a few of us started a company called Casa. We were the first user-friendly multi-sig wallet
for consumers. And the company has grown. It's really blown up.
I actually left in order to focus more on the company we just sold. I left last summer,
but since, I mean, it's just been blowing up in the bull market and it's been cool to see
the foundation we laid during the four-year bear market paying off, but it wasn't easy to pick a
tech stack or to choose some of these connectors for different data.
Because let's talk about cryptocurrency and a lot of the companies.
One thing that's unique to a Bitcoin company is you are a very, very juicy target for an attacker. There are going to be all sorts of incentives for people to either
social engineer you or to attack and try to access a database because cryptocurrency is something that
there's no third-party middleman that can come in there and make it all right. It's final settlement. So attackers like to go after cryptocurrencies.
And there've been a lot of stories for these cryptocurrency companies that jumped up like
your typical startup that said, we'll figure out security later. And they were hacked or they had
some big social engineering event where somebody tricked a customer service rep into giving them
access. They got access to a computer and they drained a cold storage wallet, or actually
probably more likely a hot wallet if they're draining it. But anyway, at Casa, from early
days, we were very sensitive to this. We had a guy, Jameson Lopp, who he had been at BitGo
handling their infrastructure. BitGo is a giant custodian
of cryptocurrency. And he helped us lay down some of the foundation. And some of the things we're
looking at were number one, customer records. So we were selling Bitcoin nodes throughout 2018 and
2019. And we had a store to do that. And you have to have customer addresses if you want to sell a
physical good. And since our customers were people that might have a lot of Bitcoin holdings, that
might make them a choice target for somebody. In fact, if you were to just Google Bitcoin attack,
or Bitcoin hostage, or something like that, you'd find these instances in other countries where people are held up. Somebody comes to their house and holds them hostage to take their
Bitcoin. So we're aware of that. And in fact, recently Ledger, which is one of the hardware
wallets, I think it was a massive breach where all these addresses were revealed, all these
customer addresses. So if somebody knew that you were on Twitter and you were like a big Bitcoin OG and they could scroll through that giant data set from Ledger, find your address.
I mean, that's that's really scary. Right. I mean, somebody would have a high incentive to either go to your house or hold you up or something.
So we were aware of a lot of this. And as we chose third parties, we had to be really sensitive to, you know, what is their
history of data integrity, and we would, we would vet them, there were a few tools that we really
wanted to use. We love the user interface, we love the product. But after talking to their team and
understanding how they actually secure the data, and, you know, how that was managed, we couldn't trust them to store our customer data.
And in the end, we pretty much decided we need to encrypt everything at rest. And we need to
have a policy to delete data as soon as we didn't need it. This is really hard if you're a startup
and you need a mailing list or you need... There are a lot of tools and a lot that you gain as a
early startup by having access to this data and being able to market more effectively.
Well, we were making a choice that we're going to kind of shoot ourselves in the foot
on the marketing front, but we were more, more sensitive about protecting our customers. So
we ended up using for, for like chat and customer communication, we use a tool
called matrix, which is a, it's really strong encrypted chat tool. And yeah, we use a tool called Matrix, which is a, it's really strong encrypted
chat tool. And yeah, we used a few other internal tools to kind of connect the data, which that's
kind of what, what I thought was interesting about, about Rudderstack and the fact that the
code is open source. That was always a really important thing for us. If we were going to use
a third party, we wanted to use providers whose code we could audit,
or at least know that they had an open source policy so that it could be vetted by the community.
Nick, I have a question now that we started discussing about Bitcoin and cryptocurrencies.
And I'd like to connect a little bit with the conversation we had earlier about GDPR.
So in a world where we have something like Bitcoin and the blockchain, right,
where everything is registered there and it stays there forever, you can pretty much go traverse the tree there and see exactly what happened with a specific transaction.
How does this work together with GDPR and with all that stuff about the right of being forgotten
and all these things that we are discussing,
like at least on the surface level, they sound very contradictory, right?
So what's your opinion on that?
And what's your experience?
Yeah, that's what I love about Bitcoin is like, you know,
nobody can stop it.
If the, even if the European Central Bank or, you know,
whatever force wanted to shut it down, or they
were upset about it, they can't do anything to stop it. So I guess it's kind of interesting to
think about situations where people are upset about it, but they're not going to be able to
change it to comport with that. The good thing about bitcoin and there's like a big update that
may go through in the next next within the next year is called taproot and it makes the makes
the transactions more anonymous so tools like chain analysis companies like chain analysis can't
go in and and you know reverse history figure out everything you've ever done for based on an
address it is it is something people need to be sensitive of. And there are a lot of tools and innovations that the Bitcoin community has created
to help mix transactions so that you can't track a person's spending. The exchanges don't do a very
good job of this. You have required know your customer laws. This is regulatory issue.
So they've got like a database with your passport photo and your address and everything.
And they also have a database with how much cryptocurrency you've bought.
To me, that is the scariest thing is, you know, those records, you know, with Bitcoin to really put any like valuable information,
you can do like an, you could use opcode to push a text string to the transaction. So I guess in
theory, you could add somebody's address or something to the blockchain. But most people
aren't using blockchain space for that kind of stuff. The worst thing somebody could do is just
like look at your transaction data and like go back to where it originated maybe or if if a wallet was found to be dubious they could figure out okay where did
this money come from but i guess the the bigger thing in the cryptocurrency world is the incentive
people have to hack exchanges is really high so it's really important to know if you have an
exchange account and you're not using it you should request that they delete that data it's it's a
tricky issue though when you when you're about data, because you have these two seemingly
conflicting issues where you've got, well, in the US, we don't have GDPR, but we've got other
privacy law. So you've got KYC, the know your customer regulation on one hand. So you have to
upload a passport photo and all your data because of banking regulations. But then on the other
hand, you've got privacy regulations as a startup.
So there's a lot of tension there.
So it's an interesting area that it's so new,
we still don't have a lot of guidance on it.
Would you suggest like for upcoming crypto startups
to have a co-founder that has a legal background?
It definitely doesn't hurt
if they're not going
to be like a rain cloud on everything you're trying to do. The tendency, and I still struggle
with this, like my, you know, one of my co-founders would have an idea. I'd be like,
oh, are you kidding me? Like, that's a, that's horrible. We'd be sued immediately. I just think
of Uber and like all the laws they had to break to get to where they are. I think that's a classic
example, but I think it helps to have somebody on the team that either has an MBA is helpful. I know I'm going to get crap for that. Cause,
cause I'm, I hate higher ed right now in the pedigree system that that's turned into,
but it helps to have somebody with either CPAs are kind of the same way too. These are all
professions where you learn to assess risk and in a business sense. And I think that can be really valuable
to a startup team for sure.
Yeah, yeah, absolutely.
I totally agree with you.
So Nick, you mentioned that your company could acquire it.
Do you want to tell us like a few things
about what's next and what you're building now?
Yeah, I'd love to.
So we created a company, wow, it's about six years ago,
spent two years working on something that totally failed. And out of we, we create a company. Wow. It's about six years ago, spent two years working on
something that totally failed. And out of that, we created this like little internal tool to create
videos. So it was pretty cool. We, we named that company wave W A V V E. And we were recently
acquired. Yeah. So, so that's been fun. Definitely not somebody to retire. I don't, we'd already
created a new startup last September. And that was part of
the reason why we were like, okay, I think it's time to move on from Wave because we've got
something else we want to work on. And yeah, let me tell you a little bit about Turnkey.
Turnkey is our new company. And when we were building Wave, so Wave is a, it's a SaaS tool
for podcasters to create, to turn their audio into video and then
share it on social media. It's a classic prosumer market where you've got, it's similar to B2C,
but you've also got some agencies and organizations that use it. High volume, high turn. We had about
13 to 14% of people canceling subscriptions every month. And if you're a math nerd, you'll realize
you can hit a growth ceiling pretty quickly if
you're churning users at that rate. We, over the course of like two, maybe three years, we were
constantly trying to fix that churn problem. Initially, we realized it was a problem because
we were doing about 30,000 a month. And our churn was like 14% one month or maybe as high as 15. And we were like, oh, wow, we're going to be stopped out at like 33 or 34,000.
Like we were quickly approaching this asymptote.
So then we were like, okay, well, what can we do?
So the classic thing most people do for churn is they'll be like, all right, let's do annual plans because that way we lock in at least a 12-month lifetime for
these customers. That was somewhat successful. I think we brought churn down to like, I don't know,
12% or 13% doing that. But the biggest change came from two things. First of all, we added,
and this seems so basic in hindsight, but a lot of companies don't do this. You'd be surprised how
few SaaS companies do this. We had a feedback form when somebody clicked cancel
and we forced them to pick a reason.
I know this can annoy people,
but customers tend to get over it pretty quickly
if it's an annoyance.
And from that, we realized that people weren't canceling
because of like a missing feature or a technical reason.
Our customers were canceling
because they were podcasters and they did seasons.
So that was valuable. It was qualitative data, but it was valuable. And once we had enough of it,
we were like, we've got to offer a pause feature for these customers. So over time, we continued
to add relevant lines to this survey, this exit survey. And then we had another idea. We said,
what if we anticipate a user's reason for canceling and offer them something to counter that so they'll stay?
And listeners may have seen this on like a premium YouTube subscription or Netflix.
Well-funded companies with big engineering teams tend to do a lot around this.
We wanted to make it easy for companies that don't have a big engineering team to build something
like this. So this is how the flow works. You've got a customer, COVID hits, they're suddenly more
sensitive of their budget. So they're going to go cancel. Form pops up. Why are you canceling?
Budget is a reason. They pick budget. But we would offer them a discount of 60% saying,
you know, it's COVID. This is hard for everybody. We want
to, if you're unable to afford this right now, we want to make it affordable. So we hit them with a
60% discount. Over time, we had so many users moving through the flow. We were able to continue
to use that data and optimize it. So back to Wave, we brought churn down from like 14 or 15
down to 9% after adding these optimizations. And this is a high trend business.
It's, it's, you know, 9% is pretty good for, for this type of business. So this works so well.
And we talked to other founders who really wanted something similar and, you know, it took us months
and months to build this. So we said, all right, let's, let's turn this into a dedicated product.
And we got like a hundred people on the waiting list and
we built it out. And now you can go to churnkey, C-H-U-R-N-K-E-Y.co. And you can see the product.
We actually have a lot more features now. Screen recording. So if the discount offer is something
that you're giving users, you can look at the screen recording. You can be like, hey, is this enough incentive?
So if maybe everybody is clicking the 60%, maybe you can lower it to 30% and people will still
click. So just touching these tiny levers, just nudging them a little bit over time,
it makes a tremendous difference to your revenue. We broke through the 30,000 MRR ceiling,
and then we hit the 50,000 one. And with each of these improvements and changes, we were able to keep growing and get past some of these plateaus. And when we sold, Wave was doing about 150,000 in MRR. 35 to 40% churn reduction with Wave. Our customers on average reduce churn about 30%.
So it's a no-brainer if you've got any SaaS business. Right now, we only integrate with
Stripe. It's super simple. It takes 15 minutes to plug it in. If you don't have something to
optimize in your churn, then definitely contact us. We'll get you set up right away. And you're losing money
every day you don't have this thing in. That's the way I'm looking at it right now. We've got
some cool data stuff coming down the pipe too. We've got A-B testing, which will be really big,
where you can look at, you can segment your customers and say, what plan is this customer on
and offer different things based on the plan. Or this customer has been with us for three years,
this customer has been with us for one year, offer them different things based on their cohort.
So as you think about all the ways you can optimize that offboarding flow, there are a lot
of ways that you can keep dialing this thing in so that your business is really maximizing
your revenue. Very cool. So's quick. So two quick questions,
because I know we're close to time here. Give us a quick rundown of the data stack you use
at Turnkey. I would just love to know that. And then I have one, I have a zinger for the last
question. Yeah, right now we've got, we're pretty much AWS stack people. We try to use as much of
the existing services AWS has as possible. I mean, they've got like 10,000 now. Every time I click in, there's like a hundred more.
Satellite ground station in there the other day. I have no idea what that's for, but
yeah, we use mostly everything. We've used Athena a little bit for some of the big number crunching.
We like Mongo as a document store for storing sessions and things like that. We love S3. We use static web hosting. We use
view on the front end. Postgres is another one that's big as we look at ingesting some of this
historical user data or Stripe data. And yeah, the whole thing this go around has been, I think some
of my co-founders were a little annoyed because I spent so much time working on security and the encryption for customer data.
But I basically was able to take everything I learned at Casa and apply it to this business.
Because when you're dealing with another organization's customers, you have to take that much more care.
My approach is I want to take more care than they are in safeguarding their customer information.
Very cool. Okay, last question. And we had a really we had a great conversation just as a section in one of our previous shows with someone from the company Grafana, who's really interested in crypto as well.
And so we asked them, what's your what is your crypto prediction for like the next five to 10 years?
And since you are very in tune with the market at a startup, give us the crypto prediction for like the next five to 10 years. And since you are very in tune with the
market at a startup, give us the crypto prediction. And as I said before, this is not financial advice
for anyone, but if you do get rich based on this advice, if you're in the audience and you get rich
based on this advice, call us because we want you on the show. I really, I would be shocked if Bitcoin didn't hit 100,000 this year. That's pretty conservative.
I would not be surprised if it crossed 200,000. I think 300,000 might be the top that I'd say
for this bull market. And I'm defining the bull market as maybe now through like next May,
if it extends further. I also think Bitcoin will be a million dollars
eventually. Before anybody laughs, I think that if you look at other things that are store value,
that it can displace. I think there's a very high probability that by 2030, it could be worth a
million dollars. Also at the rate of the US dollars inflation, maybe I should say that this is, I would
say that is adjusted for inflation. So yeah, in today this is, I would say that is adjusted for inflation.
So yeah, in today's dollars, I think it would be worth a million by 2030.
Very cool. All right. Well, this has been not actual legal advice and not actual financial advice, but some really good data advice from Nick at Charnky. Hey, thanks for joining the show.
Congrats again on your success. Really great
story. I think really valuable content there for our listeners, especially around privacy and just
how to think or understand a little bit more how lawyers think. And best of luck with your new
startup. We'll check back in with you and have you back on the show in the future.
Awesome. Would love to. Thanks a lot, guys. Appreciate it.
As always, such a fascinating episode. I think one of the interesting things,
this is just, there were so many good analogies. I wish I was taking notes during the show.
There were so many good analogies, both from you and from Nick, but I really loved the comparisons
that were made between the profession or skillset in terms of being a lawyer as it relates to
being a software engineer. And I thought that discussion between you and him, Costas, was
really interesting. So that was my takeaway. I really appreciated that.
Yeah, yeah. Well, to be honest, I find it always interesting to discuss with lawyers as an
engineer. And I couldn't resist today having this conversation
and trying to draw these parallels with him
because he has been in both positions.
So yeah, that was great.
I really enjoyed it.
And something that I think people should take
from this conversation is that actually lawyers
and engineers have more in common than differences.
So that's one thing.
And outside of this,
okay, it was really fascinating to discuss about the differences
and the challenges
that we have to work on
in this new era of crypto
that we have out there, right?
When it comes to privacy
and GDPR compliance
and all these things
that we thought that we have figured out.
We have legislation,
we have everything,
but probably we have to reinvent
all these things again with crypto.
So it was very interesting
to discuss about that stuff with Nick.
It was amazing.
Absolutely.
We have to be careful
or we're accidentally going to start
a crypto podcast
at the rate we're going
with predictions here. Maybe that'll just be a
standard question. Well, thanks again for joining us on the Data Stack Show. Make sure to hit
subscribe on your favorite podcast app so you can get notified of new episodes every week.
And we will catch you next time. The Data Stack Show is brought to you by
Rudderstack, the complete customer data
pipeline solution. Learn more at