Crypto and Compliance with Nick Fogle, Co-Founder of Churnkey and Wavve

Eric Dodds  00:06

The Data Stack Show is brought to you by RudderStack, the complete customer data pipeline solution. Thanks for joining the show today. Welcome back to The Data Stack Show.

Eric Dodds  00:19

One thing I love about doing this podcast is that we get to talk to people who have such interesting backgrounds. We’ve talked to people who have worked on particle physics, and all sorts of interesting things. And today, we get to talk to someone who started their career as a lawyer, actually, and then became a software developer. And so this is very obvious, but I think, just really valuable. So my question is going to be, how do lawyers think about data privacy when they’re trying to help a company sort through that, because we work in it, but we’re sort of reacting to what the lawyers are telling us, and trying to make decisions based on that. It’ll be great to hear from an actual lawyer who has, you know, sort of had a foot on both sides of the fence. Kostas, how about you?

Kostas Pardalis  01:04

Absolutely. Yeah, I totally agree with you. That’s going to be very interesting. And another thing I’d like to ask him is about his migration, let’s say, from being a lawyer, to becoming an engineer and how this experience was and how it helps and how it might make things more difficult going from like a completely different modality a lawyer has to becoming an engineer. So I’m really looking forward to it.

Eric Dodds  01:28

Great. Well, let’s jump in and chat. All right, Nick, welcome to The Data Stack Show. Really excited to have you.

Nick Fogle  01:36

It’s great to be here, Eric, and Kostas. Thanks for having me.

Eric Dodds  01:39

All right. So give us … you have a really interesting background, you started out your career as a lawyer, you turned into a software developer, you faced data challenges across multiple industries, and now you are a successful entrepreneur. So can you give us the two-minute flyover of that story? Because it’s pretty great.

Nick Fogle  02:01

Yeah, I’ll spare you the full saga, because it’s a long one. But basically, I finished undergrad with a degree in economics, right as the bottom fell out of the housing market, and banking jobs were gone. So I said, Well, I’ll go to law school, like a lot of people. It turned out that I turned a bad situation into a worse situation, because I went to law school and did not really enjoy the practice of law. Law school is really boring to begin with. And then as I got out, I did some transactional law and real estate law. And I just hated it. I’d always been kind of a nerd at heart and loved computers and video games and had been a creative too. And with law, you don’t really have a lot of room to be creative. In fact, you’ll build something which is like, think of like a contract, if you’re a software developer listening to this, you’re really just as a lawyer writing a bunch of if-else statements, only it doesn’t execute for you really ever, like maybe in 10 years, somebody will, you know, be in violation of a contract or something. And then you can see your handiwork actually function. So the lack of a feedback loop is an interesting reason why I prefer code over that. But yeah, long story short economics, became a lawyer, hated it, taught myself to code and landed a job at a company that makes nonprofit software called Blackbaud.

Eric Dodds  03:15

Very cool. And so I’m interested to know … and I want to hear the second part of that with your your startups and the data challenges you face, but one thing that I thought would be really helpful starting out, since you have such a unique perspective, being both a lawyer and now a sort of software developer, help our audience understand, what is the lawyer thinking about when they’re trying to evaluate the risk around data privacy, and I know there’s sort of different strata to that, right, like HIPAA compliance is pretty different than GDPR. But I know that in the work that, you know, for example, that Kostas and I do, privacy is really important to us, but we’re sort of also saying, okay, we’re trying to do these certain things with the product. And we know that privacy is a concern, but we really don’t understand all the intricacies of the law around GDPR. And you know, what exactly is going to happen if things go off the rails, etc. So, I mean, it’d be helpful for me, but I think also our audience, just to know, what’s the lawyer thinking about that when we bring that up and have those discussions?

Nick Fogle  04:23

You know, I think a pretty good comparison would be, a lawyer would think of the startup and they would attack this problem in a way to minimize threat vectors. So if you think about opsec, or security, you’re looking to reduce the surface area that somebody would attack you. Lawyers are doing the same thing. They’re trying to reduce that surface area for attack. So when you have something like GDPR, or PCI requirements or you know, any of these regulatory changes you are trying to minimize the risk to the greatest extent possible. And to do that, to do that effectively, you really, really need to understand the company, the product, all the different ways they use data, and most importantly, all of the different third parties that they use to create a product or to create that even if they have like a CRM or something, like you need to know all of that.

Eric Dodds  05:24

Yeah, and I think it’s a tough thing, because especially in the context of a startup, but let’s say even at a large company, there’s a desire for velocity, you want to move quick, you want to ship things, you want to test new product features, etc. and moving fast, doesn’t often feel like it’s aligned with sort of minimizing the surface area of risk, I think, as you said, so articulately from the legal perspective.

Nick Fogle  05:52

Yeah, and this is why you don’t see a lot of lawyers who are building companies. You know, it’s, it’s kind of this dichotomy in my head, where I’m like, on one side, I’ve got this legal training that’s like, oh, like, everything I’m doing right now is exposing me to more risk. But you also need to be a little naive. And you need to be willing to take risks, if you’re trying something new. Because if you’re in a new area, odds are there’s not a lot of regulatory guidance there. There’s no clearly defined rule. And if you’re operating in that realm, you kind of have to suspend that part of your brain. And I think if you’re a small startup, and you’re trying to move quickly, the tendency is to avoid getting any legal help altogether. I think my recommended approach would be to find an attorney who does work with startups, especially when it comes to data privacy. And just be upfront about what you’re willing to spend. And that, you know, as a going concern, your business may not be able to continue to run if you have to go back and redo a lot of things to ensure 100% compliance. Again, this is not legal advice for anybody, I’m not telling anybody to to blatantly disregard the regulatory guidance that’s out there, I would just say, make it clear to your attorney or your counsel that you have, you may have a limited budget, and that, you know, talk to them about your appetite for risk as well. Because a lot of times attorneys won’t even be able to say, hey, you’ve got to, this is 100%, risk free, no attorney will ever say that, because the law is always subject to changing. So I guess that’s my, the best way I look at it is when you think of this, we’re not thinking in absolutes. We’re thinking in kind of a gray area. And privacy is constantly evolving, I mean, Apple had a huge series of changes just as a single company. And as we see companies become more sensitive to that. I could see more changes being applied widespread. So yeah, hope that answers the question.

Kostas Pardalis  07:54

Nick, quick question based on the stuff you’ve shared with us so far. I’ve been for quite a while out there building companies and you’re also in this unique position of being trained as a lawyer and building companies at the same time. So how have you seen things changing these past few years since you started, like working in startups in terms of these regulations, and most importantly, the tools that companies have out there to use in order to be compliant with all these regulations?

Nick Fogle  08:23

Yeah, so man, GDPR has been out for a few years now. It wasn’t a thing when I first started. I think all we had to worry about was like the can’t spam act and PCI compliance and things like that. GDPR has been kind of a curveball, because originally, we didn’t intend on operating outside of the United States. But since our website was out there, and it’s public, and people can sign up and pay us from anywhere, we realized, okay, we started getting support cases asking us about what our GDPR policy was, or where it was on our website. We didn’t have one. And some of that is on me for not being up to speed on the latest GDPR guidance. But when that happened, I was like, Okay, I’ve got to go into scramble mode now and talk to a colleague who was a little more knowledgeable than me and do some reading and get familiar with the regulatory guidance, and then draft some things that were specific to our company. We’re a small team, and we didn’t have a lot of budget for that sort of thing. So I know it’s a lot harder for others. If you’re in that position, and you can’t afford an attorney or it’s, you know, maybe it’s cost prohibitive. I would look at some of these existing solutions that are out there now. A couple of startups at forum that actually create little JavaScript plugins you can install on your website. You may have seen some of these on websites when you go. All websites now have like a little annoying cookie notification, but there are some products that already exist, and you can pay 20 bucks a month or something, drop in that custom line of JavaScript, and it’s gonna load several things that help you stay GDPR compliant, you can just Google GDPR SaaS software, and you’ll probably find what I’m talking about. I know there are a number of them. And it’s pretty inexpensive. The one caveat I have there is that this may or may not fully protect you, since the legislation is always changing. And your situation may be very different than what’s contemplated by this SaaS software provider. You know, it may not, it definitely won’t be as good protection as consulting an attorney and getting advice and documents specific to your situation.

Nick Fogle  10:29

Yeah, I think that’s the best way of looking at it. You’re not dealing with absolutes. It’s kind of a trade off, and maybe, you know, 80%, or 90% of your bases are covered with this pre-existing software. And for that other 10%, it’s really going to come down to use cases that are specific to your business.

Kostas Pardalis  10:44

Yeah, yeah. First of all, you shouldn’t feel bad, to be honest, before what you were saying. I started a company in 2014, in Europe, so I had to go through the whole thing of GDPR, and I can assure you that you have probably handled much, much better than most of the companies and the countries in the EU. I remember, I mean, it was a mess, like, not even the EU could answer questions around that at the beginning. And I mean, it makes sense, right? Like, it’s a very complex thing. It’s something that changes really, really fast, both on the societal level and on technology level, right. And these kinds of institutions are not just, you know, they’re not built to react to faster builds so fast. And for a good reason. It’s not that I’m criticizing it. But at the beginning, it was really hard to find people who knew. I was looking for lawyers to help us. And most of them, they were like, we are still trying to figure it out. So yeah, don’t feel bad about it.

Nick Fogle  11:48

And that was the interesting experience I had when I talked to a colleague, who was really well versed in commercial law and consumer protection, things like that, and was vaguely familiar that something like GDPR existed. And we kind of worked together on that to come up with something and a lot of it was like boilerplate, I feel like. I think we looked at a couple other organizations that had added it, and we looked at how we can improve it and our specific situation, and yeah, I mean, it wasn’t, it wasn’t something I was super proud of. But at the end of the day, it felt like we talked about all the different areas that would expose us to risk and, and set up an agreement that did that.

Kostas Pardalis  12:23

Yeah, yeah. Yeah, that’s super interesting. I mean, I haven’t had to deal with GDPR. I mean, with lawyers, about GDPR, for quite a while now. But I hope that things like this have become much more clear now. And at least there are attorneys out there who can help you with that stuff, which is quite important, because you need someone to advise you, you need also to understand as an engineer. The problem I see with engineers when it comes to legal aspects is when you’re engineer–and you are an engineer, so you can probably understand what I’m talking about–we’re always talking about reasoning around our code, like the holy grail is how easy it is to reason about something. But laws are not built like that, they are more bargains, there are reasons for that, right? It’s not like, by mistake, it’s by design like this. And I think it’s extremely uncomfortable at the beginning, as an entrepreneur, who comes from an engineering background, to get exposed to all that stuff. I still remember the first time that I got an NDA, and I had to sign it. And I was like, What the fuck, like …

13:35

Engineers tend to be so analytical that you do want to read the details and understand how it works. I mean, I think that’s our nature, we want to take things apart. And, you know, a lot of people were like, how did you make such a significant jump from being an attorney to writing code? And you know what I tell people? I always thought writing code would be a more mathematical space, but it’s linguistics at the end of the day. I think it has more commonality with learning a different language, and understanding how logic and control flow works, moving through, you know, complex conditions. But you’re absolutely right, like with law … with code, once it’s deployed, it’s, for the most part, static, it’s predictable, you know, what’s gonna happen. Whereas the control flow in regulations are subject to change at the whims of people and the legislature. So, yeah, there’s a lot of interesting parallels there between writing law and writing code.

Kostas Pardalis  14:29

I love that. I love what you are saying right now, because I was always thinking that actually, after a while, like I started working with lawyers for business, I started creating some kind of metaphor in my mind. And I started thinking of laws in general, and legislation as a kind of DSL, domain specific language that it’s actually hit there to program society. Right. The difference is that with this DSL, it’s not a context free language as we have in computer science, right? So there’s context there. And that’s why you need a human person who can debug this thing and who can reason about it by considering also the context. So I used to say to the lawyers that I was working with that you’re not that far away from an engineer. It’s just that you are engineering a completely different system.

Nick Fogle  15:18

That is, 100% right. I think, yeah, I would love to go back to law school and teach a course teaching lawyers basic code, because I think a lot of them, by the time you’re about finished, you’d be pretty good with it. And it’s funny, I do, like this idea around, you know, ingesting all of the case law and facts of these different legal cases and using machine learning to create more predictable analysis of law because it is it does tend to be a gray area where you need humans to figure out what’s going to happen. Does seem like there’s some really cool things you could do once you can ingest this whole canon of US case law. Anyway, I don’t want to go in too much of a tangent. But yeah, a lot of interesting parallels there to dive deeper.

Kostas Pardalis  15:58

Yeah, absolutely. And so that, like, makes me want to ask another question. So having gone from being, like, trained as a lawyer and working as a lawyer to getting trained as an engineer and then working as an engineer. What are the things from law school that helped you? And what were things that you had to overcome in the way that you were thinking in order to become an engineer?

Nick Fogle  16:23

Oh, that’s a good question. I haven’t really thought about this one before. Yeah, I mean, I guess like, if I’m thinking about overcoming things, it’s probably a risk is probably the biggest thing. Like you’re so trained when you write something, you want to make sure that it’s perfect, before you finalize it, because you’re gonna, you don’t know what’s going to happen for 10 years. And that’s what I hated about law. I like the feedback. I like putting something out there, creating something, and then seeing it in the wild. And with code it’s like, I can deploy this to my dev environment and immediately see what happens and see if it succeeds. Yeah. So I think that that’s probably the biggest thing I had to unlearn was just like getting over the risk and getting over this perfectionist tendency.

Nick Fogle  17:08

I think there are a lot of engineers that feel like they have to know everything about a topic too. And I think some attorneys are the same way. Maybe that’s more a personality thing than like an attorney thing, where you feel like you have to know everything about a body of law, before you can effectively write an agreement that covers something related to that. I’d say another area that actually helped me coming from law to teaching myself to code and just everything … I don’t even know how to describe it. Like, you can’t just say learning to code, like you’re ingesting a whole new body of knowledge. But what helps with that is at law school, you’ve got to be an autodidact. I mean, you really do. The way law is taught is called the Socratic method. So you have like a giant, giant, boring reading assignment every single day, and you go to class, and the teacher is going to call on you and shame you if you haven’t done the reading and synthesized all the important takeaways. So there’s a huge like, you know, pressure to teach yourself to learn it to master it. And then to apply that soon after. And I think taking that training and applying it to my own teaching and learning in the code world, definitely. It definitely helped.

Kostas Pardalis  18:22

Yeah. And I guess it’s not possible to debug a contract author ….

Nick Fogle  18:27

You know, it’s funny, like, if you look at. Like one thing I got really into, I’m still into cryptocurrency. But originally I wasn’t as much a fan of Bitcoin. I was into Ethereum. I totally flip flopped, and you know, a Bitcoin, what they call a maximalist now, but in the early days, I was really into Ethereum because of the smart contracts. I remember one of the one of the first things I did was, I didn’t have … I barely had any money. We were working on startups. I put like, $200 in Ethereum, which was a lot of money to me back when I did it. And there was this thing called the DAO, it was the first like, decentralized autonomous organization. It was what precipitated the giant fork split for Ethereum back in 2016, I think. And I was like, I got caught up in the FOMO. I loved this idea of a smart contract and the self-governing organization, and I just threw all my money in there. And it’s like, the Southpark meme where they’re like, the bankers like, it’s gone. I mean, immediately, right after I did that, the smart contract was hacked. And they drained all the tokens from it. So you know, I just bring that up, because it is interesting to see this idea of real world contracts moving into something like cryptocurrency where you can run a contract on a blockchain, and you don’t have a, you know, third-party there to enforce it. But you have other incentive mechanisms. So it’s, it’s interesting, I think, in five to 10 years, we’re gonna have some real use cases for that.

Eric Dodds  19:51

I was just thinking about the concept. There have been so many great analogies here. I was just thinking about the concept of debugging legal contracts and I thought if you have to do that, it’s probably not good, because you know, you’re in a situation where things are probably a little bit precarious.

Nick Fogle  20:09

You know, it’s funny, because we just sold our company, Wavve.

Eric Dodds  20:15

Congratulations.

Nick Fogle  20:16

Thank you. And, the first order of business … so we had a few LOI like the offer back in January. And as soon as we signed that thing, I was like, Alright guys, I’m stepping down as the legal head of our team. And I hired a top notch transactional attorney, and immediately some of the, you know, little provisions and things like that, that I’ve been cool with in our draft. He was like, are you kidding? Like, this is horrible. And so that was my version of bringing in, you know, that senior developer to come back in and audit my code.

Eric Dodds  20:48

You know, speaking of … going back to the subject of crypto, just thinking about something we chatted about briefly, before we hit record on the show that I think would be really helpful is, you went through you were part of a crypto startup. And you mentioned that you had a really challenging time selecting a tool set, that helped you meet compliance. And I think I’m just thinking about our listeners. And I think it’d be helpful just to hear about the struggles that you went through in that, because that’s something that a lot of our listeners are trying to figure out. A, tool selection in general, the stack is changing. I mean, it’s kind of a hard subject on its own. But you went through a period where you had to deal with some extremely rigorous requirements. So can you walk us through that, what kind of tools, what was the selection process like?

Nick Fogle  21:41

Yeah, and if anybody is in the cryptocurrency industry listening, they’re probably gonna be nodding along as I talk about this, because it’s very, very hard. There’s some very unique requirements. And I’ll talk about those a little bit. So in 2017, a few of us started a company called Casa, we were the first user friendly, multi SIG wallet for consumers. And the company has grown, it’s really blown up, I actually left in order to focus more on the company we just sold, I left last summer, but since, I mean, it’s just been blowing up in the bull market. And it’s been cool to see the foundation that we laid during the four-year bear market paying off, but it wasn’t easy to pick a tech stack or to choose some of these connectors for different data. Because let’s let’s talk about cryptocurrency and a lot of the companies that you know, one thing that’s unique to a Bitcoin company is you are a very, very juicy target for an attacker, there are going to be all sorts of incentives for people to either social engineer you or to attack and try to you know, access a database. Because, you know, cryptocurrency is something that there’s no third-party middleman that can come in and make it all right. It’s final settlement. So attackers like to go after cryptocurrencies. And there have been a lot of stories for these cryptocurrency companies that jumped up like your typical startup that, you know, said we’ll figure out security later. And they were hacked, or they had some, you know, big social engineering event where, you know, somebody tricked a customer service rep into giving them access, they got access to a computer, and they drained a cold storage wallet, or actually probably more likely a hot wallet if they’re draining it. But anyway, at Casa, from the early days, we were very sensitive to this. We had a guy Jameson Lopp, who he had been at Bitgo handling their infrastructure. Bitgo was a giant custodian of cryptocurrency. And he helped us lay down some of the foundation and some of the things we were looking at were, number one customer records. So we were selling Bitcoin nodes throughout 2018 and 2019. And we had a store to do that. And, you know, you have to have customer addresses if you want to sell a physical good. And since our customers were people that might have a lot of Bitcoin holdings, that might make them a choice target for somebody. In fact, if you ever you know, if you were to just Google Bitcoin attack or Bitcoin hostage or something like that, you’d find that these instances in other countries where people are held up, somebody comes to their house and holds them hostage to take their Bitcoin. So we’re aware of that. And in fact, recently Ledger, which is one of the hardware wallets, I think they had a massive breach where all these addresses were revealed–all these customer addresses. So if somebody knew that you were on Twitter, and you were like a big Bitcoin OG and they could scroll through that giant data set from Ledger, find your address. I mean, that’s, that’s really scary, right? I mean, somebody would have a high incentive to either go to your house or hold you up or something. So we were aware of this. And as we chose third parties, we had to be really sensitive to, you know, what is their history of data integrity, and we would we would get them, there were a few tools that we really wanted to use, we love the user interface, we’d love the product, but after talking to their team and understanding how they actually secure the data, and you know how that was managed, we couldn’t trust them to store our customer data. And in the end, we pretty much decided that we need to encrypt everything at rest. And we need to have a policy to delete data as soon as we didn’t need it. This is really hard if you’re a startup and you need a mailing list. There are a lot of tools and a lot that you gain as an early start up by having access to this data and being able to market more effectively. Well, we were making a choice that we’re going to kind of shoot ourselves in the foot on the marketing front. But we were more sensitive about protecting our customers. So we ended up using chat and customer communication, we used a tool called Matrix, which is a really strong, encrypted chat tool. And yeah, we used a few other internal tools to kind of connect the data, which that’s kind of what I thought was interesting about RudderStack, and the fact that the code is open source, that was always a really important thing for us. If we were going to use a third party, we wanted to use providers whose code we could audit, or at least know that they had an open source policy so that it could be vetted by the community.

Kostas Pardalis  26:33

Nick, I have a question now that we started discussing Bitcoin and cryptocurrencies. And I’d like to connect a little bit with the conversation we had earlier about GDPR. So in a world where we have something like Bitcoin and the blockchain, right, where everything is registered there, and it stays there forever, you can pretty much go traverse that river and see exactly what happened with the transaction. How does this work together with GDPR? And like, with all that stuff about the right of being forgotten, and all these things that we are discussing, like, at least on the surface level, this sounds very contradictory, right? So what’s your opinion about it? What’s your experience?

Nick Fogle  27:16

Yeah, that’s what I love about Bitcoin is like, you know, nobody can stop it. Even if the European Central Bank or you know, whatever force wanted to shut it down, or they were, you know, upset about it, they can’t do anything to stop it. So I guess they’re, it’s kind of, like interesting to think about situations where people are upset about it, but it’s like this is, they’re not going to be able to, to change it to, you know, comport with that. The good thing about Bitcoin, and there’s like a big update that may go through within the next year is called Taproot. And it makes the transactions more anonymous. So tools like Chainalysis, companies like Chainalysis, can’t go in and and you know, reverse history figure out everything you’ve ever done based on an address. It is, it is something people need to be sensitive to. And there are a lot of tools and innovations that the Bitcoin community has created to help mix transactions so that you can’t track a person’s spending. The exchanges don’t do a very good job at this, they have, you know, you have required Know Your Customer Laws, this is a regulatory issue. So they’ve got a database with your passport photo, your address and everything. And they also have a database with how much cryptocurrency you’ve bought. To me, that is, the scariest thing is, you know, those records. You know, with Bitcoin to really put any valuable information, you can do like and you could use opcode to push a text string to the transaction. So I guess in theory, you could add somebody’s address or something to the blockchain, but most people aren’t using blockchain space for that kind of stuff. The worst thing somebody could do is just like, look at your transaction data and like, go back to where it originated, maybe. Or if a wallet was found to be dubious, they could figure out okay, where did this money come from? But I guess the bigger thing in the cryptocurrency world is the incentive people have to hack exchanges is really high. So it’s really important to know, if you have an exchange account, and you’re not using it, you should request that they delete that data. It’s a tricky issue, though, when you’re talking about data, because you have these two seemingly conflicting issues where you’ve got well in the US, like, we don’t have GDPR, but we’ve got other privacy laws. So you’ve got KYC, the Know Your Customer regulation on one hand, so you have to upload a passport photo and all your data because of banking regulations. But then on the other hand, you’ve got privacy regulations as a startup. So there’s a lot of tension there. So it’s an interesting area that it’s so new, we still don’t have a lot of guidance on it.

Kostas Pardalis  29:56

Would you suggest for upcoming crypto startups, to have a co-founder that has a legal background?

Nick Fogle  30:02

It definitely doesn’t hurt. If they’re not going to be like a raincloud on everything you’re trying to do. The tendency, and I still struggle with this, like my, you know, one of my co-founders would have an idea like, Oh, are you kidding me? Like that’s a, that’s horrible? We’d be sued immediately. I just think of Uber and like all the laws, they had a break to get to where they are. I think that’s a classic example. But I think it helps to have somebody on the team that either has an MBA, an MBA is helpful, I know, I’m going to get crap for that because I hate higher ed right now and the pedigree system that that’s turned into, but it helps to have somebody with either, CPAs are kind of the same way too. These are all professions where you learn to assess risk, and in a business sense. And I think that can be really valuable to a startup team, for sure.

Kostas Pardalis  30:48

Yep, absolutely. I totally agree with you. So Nick, you mentioned that your company got acquired? Do you want to tell us like a few things about what’s next and what you’re building now?

Nick Fogle  30:59

Yeah, I’d love to. So we created a company. Wow, it’s about six years ago, I spent two years working on something that totally failed. And out of that, we created this like little internal tool to create videos. So it was pretty cool. We named that company Wavve, W-A-V-V-E, and we were recently acquired. Yeah, so that’s been fun. Definitely not some way to retire. We’d already created a new startup last September. And that was part of the reason why we were like, okay, I think it’s time to move on from Waave, because we’ve got something else we want to work on.

Nick Fogle  31:31

And let me tell you a little bit about Churnkey. Churnkey is our new company. And when we were building Wavve, so Wavve is a SaaS tool for podcasters to turn their audio into video, and then share it on social media. It’s a classic prosumer market where you’ve got … it’s similar to B2C, but you’ve also got some agencies and organizations that use it. High volume, high churn, we had about 13 to 14% of people canceling subscriptions every month. And if you’re a math nerd, you’ll realize you can hit a growth ceiling pretty quickly. If you’re churning users at that rate. Over the course of like two, maybe three years, we were constantly trying to fix that churn problem. Initially, we realized it was a problem, because we were doing about 30,000 a month. And our churn was like 14%, one month, or maybe maybe as high as 15. And we were like, oh, wow, we’re gonna be stopped out at like 33 or 34,000. Like we were quickly approaching this asymptote. So then we were like, Okay, well, what can we do? So the classic thing most people do for churn is they’ll be like, Alright, let’s do annual plans. Because that way, we lock in at least a 12-month lifetime for these customers. That was somewhat somewhat successful, I think we brought churn down to like, I don’t know, 12% or 13% doing that. But the biggest change came from two things. First of all, we added, and this seemed so basic in hindsight. But a lot of the companies don’t do this, you’d be surprised how few SaaS companies do this. We had a feedback form when somebody clicked cancel, and we forced them to pick a reason. I know this can annoy people. But customers tend to get over it pretty quickly, if it’s an annoyance. And from that, we realized that people weren’t cancelling because of a missing feature or a technical reason. Our customers were canceling because they were podcasters. And they did seasons. So that was a valuable quality. It was qualitative data, but it was valuable. And once we had enough of that, we were like, we’ve got to offer a pause feature for these customers. So over time, we continued to add relevant lines to this survey, this exit survey. And then we had another idea. We said, what if we anticipate a user’s reason for canceling, and offer them something to counter that so they’ll stay. And listeners may have seen this on like, premium YouTube subscription or Netflix, well funded companies with big engineering teams tend to do a lot around this, we wanted to make it easy for companies that don’t have a big engineering team to build something like this.

Nick Fogle  34:05

So this is how the flow works. You’ve got a customer, COVID hits, they’re suddenly more sensitive with their budget. So they’re going to go cancel. Form pops up. Why are you canceling? Budget is a reason. They pick budget. But we would offer them a discount of 60% saying, you know, it’s COVID, this is hard for everybody, if you’re unable to afford this right now, we want to make it affordable. So we hit him with a 60% discount. Over time, we had so many users moving through the flow, we were able to continue to use that data and optimize it. So back to Wavve, we brought churn down from like 14 or 15, down to 9% after adding these optimizations, and this is a high churn business. Nine percent is pretty good for this type of business. So this works so well. And we talked to other founders who really wanted something similar and you know, it took us months and months to build this. So we said all right let’s turn this into a dedicated product. And we got like 100 people on the waiting list and we built it out. And now you can go to churnkey.co. And you can see the product. We actually have a lot more features now: screen recording. So you know, if the discount offer is something that you’re giving users, you can look at the screen recording, you can be like, hey, is this enough incentive? So if maybe everybody’s clicking the 60%, maybe you can lower it to 30% and people will still click. So just touching these tiny levers, just nudging them a little bit. Over time, it makes a tremendous difference to your revenue, we broke through the 30,000 MRR ceiling and then we hit the 50,000 one. And with each of these improvements and changes, we were able to keep growing and get past some of these plateaus. And when we sold Wavve was doing about 150,000 in MRR. So yeah, Wavve worked really well. We saw about 35 to 40% churn reduction with Wavve, our customers on average, reduce churn about 30%. So it’s kind of a no brainer. If you’ve got a business, any SaaS business, right now we only integrate with Stripe. It’s super simple, takes 15 minutes to plug it in. If you don’t have something to optimize your churn, then definitely, you know, contact us. We’ll get you set up right away, and you’re losing money every day you don’t have this thing in. That’s the way that’s the way I’m looking at it right now. And we’ve got some cool data stuff coming down the pipe too. We’ve got A/B testing, which will be really big, where you can look at, you can segment your customers and say what plan is this customer on and offer different things based on the plan, or this customer has been with us for three years, this customer has been with us for one year, offer them different things based on their cohort. So as you think about all the ways you can optimize that offboarding flow, there are a lot of ways that you can keep dialing this thing in so that your business is really maximizing, you know, your revenue.

Eric Dodds  37:02

Very cool. Quick access to quick questions, because I know we’re close to time here. Give us a quick rundown of the data stack you use at Churnkey. I would just love to know that. And then I have a zinger for the last question.

37:16

Yeah, right now we’re pretty much AWS stack people. We try to use as much of the existing services AWS has as possible. I mean, they’ve got like 10,000 now. Every time I click in, there’s like 100 more. Satellite ground station in there the other day, I have no idea what that’s for. But yeah, we use mostly everything. We’ve used Athena, a little bit for some of the big number crunching. We like Mongo as a document store for storing sessions and things like that. We love S3, we use static web hosting, we use View on the front end, Postgres is another one that’s big as we look at ingesting some of this historical user data, or Stripe data. And yeah, the whole thing, this go round has been, I think some of my co-founders were a little annoyed because I spent so much time working on security and the encryption for customer data. But I basically was able to take everything I learned at Casa and apply it to this to this business. Because when you’re dealing with another organization’s customers, you have to take that much more care. You know, my approach is I want to take more care than they are in safeguarding their customer information.

Eric Dodds  38:24

Very cool. Okay, last question. And we had a really great conversation, just as a section in one of our previous shows with someone from the company Grafana, who’s really interested in crypto as well. And so we asked them, what’s your crypto prediction for like the next five to 10 years? And since you are very in tune with the market and had a startup, give us the crypto prediction, and as I said before, this is not financial advice for anyone. But yeah, if you’re in the audience, and you get rich based on this advice, call us because we want you on the show.

Nick Fogle  38:59

I really would be shocked if Bitcoin didn’t hit 100,000 this year, that’s pretty conservative. I would not be surprised if it crossed 200,000. I think 300,000 might be the top that I’d say for this bull market. And I’m defining the bull market as maybe now through like next May if it extends further. I also think Bitcoin will be a million dollars eventually. Before anybody laughs, I think that if you look at other things that are stored value that it can displace, I think there’s a very high probability that by 2030, it could be worth a million dollars. Also at the rate of the US dollar’s inflation, maybe I should say that this is adjusted for inflation. So yeah, in today’s dollars, I think it’d be worth a million by 2030.

Eric Dodds  39:49

Very cool. All right. Well, this has been not actual legal advice and not actual financial advice. But some really good data advice from Nick at Churnkey. Hey, thanks for joining the show. Congrats again on your success. Really great story, I think really valuable content there for our listeners, especially around privacy, and just how to think, or understand a little bit more how lawyers think. And best of luck with your new startup, we’ll check back in with you and have you back on the show in the future.

Nick Fogle  40:18

Awesome. Would love to. Thanks a lot guys. Appreciate it.

Eric Dodds  40:21

As always such a fascinating episode. I think one of the interesting things … this is just … there were so many good analogies. I wish I was taking notes during the show. There were so many good analogies, both from you and from Nick. But I really loved the comparisons that were made between the profession or skill set in terms of being a lawyer, as it relates to being a software engineer. And I thought that discussion between you and Kostas was really interesting. So that was my takeaway. I really appreciated that.

Kostas Pardalis  40:55

Yeah, well, to be honest, I find it always interesting to discuss with lawyers as an engineer. And I couldn’t resist today having this conversation and trying to draw parallels with him because he has been in both positions. So yeah, that was great. I really enjoyed it. And something that I think people should take from this conversation is that actually, lawyers and engineers have more in common than differences. So that’s one thing and outside of this, okay, it was really fascinating to discuss about the differences and the challenges that we have to work on in this new era of crypto that we have out there, right, when it comes to privacy and GDPR compliance and all these things that we thought that we have figured out. We have legislation, we have everything, but probably will have to reinvent all these things, again, with crypto. So it was very interesting to discuss all this stuff with Nick. It was amazing.

Eric Dodds  41:56

Absolutely. We have to be careful or we’re accidentally going to start a crypto podcast at the rate we’re going with predictions here. Maybe that’ll just be a standard question. Well, thanks again for joining us on The Data Stack Show. Make sure to hit subscribe on your favorite podcast app, so you can get notified of new episodes every week, and we will catch you next time. The Data Stack Show is brought to you by RudderStack, the complete customer data pipeline solution. Learn more at RudderStack.com.