The need for privacy-first service providers

Carl Lischeske, Sridhar Ramaswamy and Avi Fein on 04/22/21

When we started Neeva, we became part of a movement of consumer-centric companies focused on privacy. We expected several challenges: how do you build a compelling service users are willing to pay for? How do you succeed in a crowded market? What we did not expect was how difficult it would be to not track users.

We can’t build privacy-first products without service providers that do the same. Make it easier for us to find and buy solutions that take privacy seriously. Respecting user privacy is something all of us should embrace.

So much of the infrastructure that we all rely on has not kept pace with the industry’s respect for user privacy. Let’s take email campaigns as an example. When we opened up our waitlist, we needed a way to track sign-ups and communicate with our prospective users. We picked a popular off-the-shelf email provider, one with rich templating tools and solid list management. We didn’t think we would run into issues with tracking. With no third-party advertising, there should be no incentive for invasive data collection. We should just be able to just turn it off, and we’d be good to go, right?

Wrong! Despite disabling every tracking option we could find, our provider still insisted on embedding tracking pixels in every email we sent. Sure, seeing the open rate on our campaigns is nice, but the tradeoff was not worth it. This is especially true because tracking pixels can cause much bigger privacy issues, potentially exposing user location, activity, and even personally-identifying information if third-party cookies are used. We just wanted to welcome our users to Neeva; instead, we wound up inadvertently intruding on their personal space. (Of course, we changed our email provider right away!)

The problem was that our original provider couldn’t imagine that we would not want to collect this data. Open rate is one of the fundamental metrics of a campaign’s success, and the idea that someone would be willing to forgo this information didn’t occur to them. For us, though, this tradeoff was essential: our users expect better from us.

Even more concerning, some B2B service providers reserve the right to misuse our customers’ data. We evaluated one communication provider whose privacy policy said that they were free to combine information that they collected about an email on their site with the information in the content that Neeva sent to those same emails. Similarly, when using URL shortener services, we could not reliably confirm from a leading provider that information resulting from Neeva users clicking and following shortened URLs would not be used for advertising! Needless to say, our commitment to user privacy must extend to every service we use. These services lost a potential client because they were unable or unwilling to commit to respecting user trust.

We don’t say this to call out particular providers, but instead to call out a mindset. Every platform advertises how it will help you understand your audience, from simple things like open rate or click-through rate to sophisticated options like audience demographics that rely on user tracking joining with third-party data. What very few of these products advertise is how they will help you protect your audience. User data is very valuable, and refraining from questionable and invasive data collection can seem like leaving money on the table. Service providers need to work to understand the mindset of companies who see user data as a sacred trust, and not a resource to be exploited. There are quite a few of us, and as people seek services that respect their privacy, the number will only grow.

As a company, we have to put our money where our mouth is. We have been careful to pick tools that serve our needs and allow us to protect our user’s privacy, such as Mailchimp for mail or for analytics. In cases where we have had difficulty finding options that align with our principles, we’ve built our own, as we did for collecting customer feedback and creating shortened URLs.

Our plea to the industry is to make this easier. Creating privacy-friendly services is becoming the norm for consumer services. Make it easier for us to find and buy solutions that take privacy seriously. Put data collection options up-front, and clearly explain what is being collected, where it’s from, and most importantly how to control it. As user-facing companies become more privacy-sensitive, there’s an increasing need for B2B services that share that goal.

Respecting user privacy isn’t something that can be done in the last mile. It requires us to respect our users from end-to-end and at every point we touch, whether it’s through email, social media, customer support, websites, or our apps. A chain is only as strong as its weakest link; we can’t build privacy-first products without service providers that do the same. As people become more aware of how their data is collected and used, they will hold us to an increasingly high standard. Respecting user privacy is something all of us should embrace.