
How we got our first 100 paying customers - mattiemass
https://www.stackfield.com/blog/how-we-got-our-first-100-paying-customers-33
======
simonswords82
Interesting PPC numbers. If they don't like the figures they were seeing

> Whether it is “project management” (€ 6.00 per click), “social
> collaboration” (€ 4.40 per click) or other similar keywords, the costs are
> in high ranges.

They would absolutely hate my industry. HR software, the number one keyword
for people looking for our app
[http://www.staffsquared.com](http://www.staffsquared.com), is currently about
£30 per click! It's symptomatic of this particular niche being occupied by
incumbents who can afford not to optimise their Adwords campaign.

I should probably write a blog post at some point about how we got around
using Adwords to grow.

~~~
aprdm
wow, £30 for a click?!

~~~
simonswords82
Yep, was about £10 three years ago before shit got crazy.

------
jjoe
I'm glad you found a strategy that got you your first 100 paying clients. But
now you're unable to determine your CAC or CLV and have no idea how to scale
acquisition. Or at the very least, your CAC is through the roof because your
employees are the ones hustling (social, support, visibility, etc). That's
difficult to scale and/or measure properly.

Have you completely abandoned the traditional methods?

~~~
mootothemax
I don't know why you've been downvoted, you're absolutely right: there's still
a cost of acquisition here, and it's likely one that's pretty difficult to
track down.

~~~
annnnd
That is true - do you have a suggestion? Apart from Facebook and AdWords, what
kind of marketing should OP try?

------
gtirloni
It must be a lot more satisfying to have new customers that were recommended
by people that trust your product rather than some dumb/probabilistic
marketing channel.

In a VC-backed world, that is hard to come by because everybody is so focused
on hypergrowth, but if the company can afford to organically grow the business
based on timeless good features (your product delivers value and you care
about your users) than it should feel much better.

------
sarciszewski
I was curious about their "encryption" since they seem to emphasize it a lot.

[https://www.stackfield.com/security](https://www.stackfield.com/security)

This page indicates they're using RSA-2048 and AES-256. Wow, that's so vague.
So I signed up.

It's using Javascript Cryptography, which is never a good sign:
[https://www.nccgroup.trust/us/about-us/newsroom-and-
events/b...](https://www.nccgroup.trust/us/about-us/newsroom-and-
events/blog/2011/august/javascript-cryptography-considered-harmful/)

Their RSA implementation is vulnerable to a padding oracle attack
(Bleichenbacher's 1998 attack):

[https://www.stackfield.com/Scripts/Plugins/rsa.2016012205415...](https://www.stackfield.com/Scripts/Plugins/rsa.20160122054154.min.js)

[https://www.stackfield.com/Scripts/Plugins/rsa2.201601220541...](https://www.stackfield.com/Scripts/Plugins/rsa2.20160122054154.min.js)

They're using AES-CTR, but they're not authenticating the ciphertext.

[https://www.stackfield.com/Scripts/sf.wssecurity.20160122054...](https://www.stackfield.com/Scripts/sf.wssecurity.20160122054154.min.js)

(JSBeautifier comes to the rescue:)

    
    
        function DecryptOrganisationByMaster(e, a) {
            if (e === undefined || e.MyOrgRoleId === 3) {
                return false
            }
            var b = e.EncryptionCode,
                c = e.EncryptedCode;
            if (b === undefined || c === undefined || b === "" || c === "") {
                return false
            }
            if (OrganisationPasswords[e.OrgId] !== undefined) {
                return true
            }
            var d = Aes.Ctr.decrypt(c, a, 256);
            if (d === b) {
                OrganisationPasswords[e.OrgId] = a;
                return true
            }
            return false
        }
    

This really should have been reviewed by a cryptographer before being branded
so heavily as an "encryption" solution.

EDIT: Also, their Aes.Ctr.encrypt() function doesn't accept a nonce:

[https://www.stackfield.com/Scripts/Plugins/jquery.aes.201601...](https://www.stackfield.com/Scripts/Plugins/jquery.aes.20160122054154.min.js)

See [https://gist.github.com/paragonie-
scott/53428f0947337d66a786](https://gist.github.com/paragonie-
scott/53428f0947337d66a786)

------
JonoBB
Not being snarky, but you really need a copywriter to review the wording on
your site.

dayly (should be daily)

the data are encrypted

Over 10.000 companies joined Stackfield

Keep your information, that are not intended for the public,

~~~
bshimmin
_the data are encrypted_ is correct - "data" is plural.

~~~
adrianN
Language Log has a post about this topic

[http://languagelog.ldc.upenn.edu/nll/?p=4396](http://languagelog.ldc.upenn.edu/nll/?p=4396)

I quote:

"My own view is that there are contexts where it’s okay to treat data as a
plural, but none in which you can’t treat it as a singular—and that contrary
to what many “reasonable” usage writers counsel, this isn't simply a matter of
“style and personal preference.” "

Other, shorter, humorous, posts about data:

[http://languagelog.ldc.upenn.edu/nll/?p=4401](http://languagelog.ldc.upenn.edu/nll/?p=4401)

[http://languagelog.ldc.upenn.edu/nll/?p=14970](http://languagelog.ldc.upenn.edu/nll/?p=14970)

[http://languagelog.ldc.upenn.edu/nll/?p=20635](http://languagelog.ldc.upenn.edu/nll/?p=20635)

------
retube
FYI "dayly" should be "daily"

But very nice site

------
scandox
I think what's useful here are the numbers around PPC. I think many people
have totally unrealistic expectations about CAC through these channels.

I'd be interested how they would now perform if they returned to PPC...

~~~
mschenkel
I operate a SaaS that is based around Google Analytics Dashboarding
([http://www.embeddedanalytics.com](http://www.embeddedanalytics.com)). I have
never had success with Google Adwords, very low conversion rate to signups
(<2%). Traffic coming from referral sites (mostly stackoverflow.com) is much
better.

------
smickie
There's a typo on your home page:

"Stackfield offers you a selection of tools that every team needs to get the
dayly work done."

Dayly should be daily.

Also cool post!

------
kfk
They mention going through an accounting department in the case of big
companies, I wonder if anybody had more luck with this?

~~~
toyg
"More luck" in what sense? All enterprise companies will have plenty of
obstacles thrown in the way of new suppliers. The most classic: if you are not
on the suppliers' list, i cannot buy from you; and you cannot get on the
suppliers' list unless I buy from you. Catch-22.

Joel Spolsky recommends to figure out the average limit for single-item
purchases on corporate credit-cards, and stay under that. This may or may not
work in your particular segment.

------
TlDrBot
Summary: Company did not find a marketing channel. Company relies on word of
mouth.

    
    
        Orig wordcount: 2152
        TlDr wordcount: 13
        Saved: 99.40%

~~~
timClicks
If this really is a bot, I'm just astonished. Well done to the crew behind
this.

~~~
slazaro
I'm skeptical. The phrase "marketing channel" does not appear verbatim on the
article. I'd say it either has really good NLP or there's a human somewhere.

------
feed16
What was the company? I didn't catch this in the article.

