SaaS founder's thoughts on US and EU data privacy
Posted on Aug 5, 2020
Data privacy has become a hot topic especially for companies offering services from US to EU. Still few years ago only larger companies needed to know where their data is stored when signing up for a SaaS app, but during recent years this has become a top question also for smaller businesses. The reason is simple: B2B SaaS apps often store client's customer data, which is regulated under GDPR and other data privacy regulations. In many cases storing data within US territory is simply not legally an option anymore.
This took us to a strange situation: Our API received thousands of user tracking requests per minute from global online services that signed up to our free beta. Some of these services were well known companies whose tech teams obviously wanted to test the new tool without asking permissions from their managers - and even less from their users.
We were not ready for this. As with many newly created startup concepts, we didn't provide yet ultimate definitions about where we store the data or how it is maintained. We barely knew how our data architecture would soon look like. We were experimenting as any lean startup, and yet companies blindly trusted the holiest of holiest data into our hands.
Today, thanks to recent legal debate and GDPR, the situation is very different. Not only from SaaS founder's perspective but also from client's requirements point of the view. Our data privacy promise clearly defines where, how and what kind of data is stored. Many of the European customers simply couldn't use our product if we didn't offer data center in EU, as an alternative to US and Asia. Data templates in Growhold allow clients to control what data is pulled from sources and what is pushed out with integrations.
The gap between US and EU still exists though, and it's not only because of the different regulations. In US people seem to trust companies that are incorporated in US, but in EU even for local SaaS companies the first question is "Where do you store the data". Sometimes I wish also US clients would state this question more often.