

Ask HN:How can a startup gain users' confidence in handling private data? - brainless

A recent submission on HN related to an Address Book manager application cause someone to mention that these startups are just selling data.<p>I am working on an application that manages personal data too (and I have applied to YC). Now, while talking about our own application to friends, I have faced that question: "Your product's growth will also depend on how users trust you".<p>My question to HN users is: How can we, a startup, gain users' confidence?<p>I am not asking for only technical measures of data protection. I am asking for steps we can take to make sure the user understands we are not going to steal data and run away.<p>Thanks for your help.
======
malandrew
Good design communicates trust. Whether this is justified or not is another
matter, but I know most people tend to trust pretty things and pretty people,
especially if they are eloquent.

TBH, anyone who tells you things about privacy policies and other opinions
typical of privacy advocates are completely out of touch with the average
user.

I'm a privacy advocate myself, but I'm not so out of touch with the world to
think that people see things the way I do and that a site needs to speak to
people like me to gain the trust of the average user. I am not the average
user. HN users are not the average users.

If you want to answer your own question about how to gain trust you need to be
able to answer the question "who is my primary user?". If privacy advocates
are not among those that are your primary users or among the early adopters,
you needn't worry about the issues others mentioned. Just make it pretty and
make the wording friendly.

I'm not suggesting you be unethical. I'm just answering your question on how
to communicate trust. Be pretty. Talk smoothly.

------
kiloaper
Speaking just as a normal user with no expertise in data privacy etc, the
things which negatively affect my trust in a service are:

\- lack of a visible monetisation plan. If I can't see how you'll make money I
will assume that'll it be through selling all my data to advertisers.

\- A copy/paste Privacy Policy

\- Being based in the US (prejudiced maybe, but not without reason). As a
European I don't want my data on US servers and subject to ever seemingly
weakening data protection laws.

\- Not knowing who is behind the company. If I can't see Linkedin profiles,
blogs or similar for the founders I will assume it's shady and walk away.

\- Responding to questions about privacy with vague meaningless canned
statements that don't address the issue.

\- Inability to see _exactly_ what the company stores about me. E.g. I can't
see what metrics Google has generated from my GMail account to use for
targeted advertising

~~~
malandrew
These aren't the views of normal users. You may not be 99% percentile when it
comes to privacy awareness, but given your answer, you are among the 95%+
percentile for sure.

normal users don't know or care about monetization plans. they don't know a
privacy policy has been copy/pasted. In fact, they won't read it. They won't
go far enough to check if the business is in the EU or US. Most normal users
of your service aren't in the EU, unless your service is targeting mainly
people in the EU. Most people don't care who is behind a company and won't
investigate this. Normal users won't look far enough to find canned statements
about privacy on your site. Normal users won't try to see what a company
stores about them. Normal users don't know or care about metrics or know about
targeted advertising.

Imagine the average internet user. By definition 49.9% of all internet users
are less aware and less capable than that person. Remember this. It keeps
perspective grounded in reality.

------
debacle
Transparency, and a crystal-clear privacy policy that takes less than thirty
seconds to read and comprehend.

