Donata Stroink-Skillrud is the President at Termageddon and the vice-chair of The Privacy Committee of the American Bar Association. In this episode, she explains why companies need privacy policies and emphasizes the risks if businesses don’t comply with the law. But there’s more: As a business owner, Donata faces many challenges, so she reveals ways of dealing with them.
In this episode of Reverse Engineered, Jon Penland introduces Donata Stroink-Skillrud. Donata is the President at Termageddon. She is also the Vice-Chair of The Privacy Committee of the American Bar Association.
Donata explains why companies need privacy policies and emphasizes the risks if businesses don’t comply with the law. She also talks about Termageddon’s services, including policy education.
As a business owner, Donata faces many challenges, so she reveals ways of dealing with them. The guest also says, having an investor is great because it ensures stability, especially in times like this.
- Donata’s path: From writing policies to helping companies be compliant. It all comes from an educational perspective, Donata explains. At first, she wrote privacy policies, and now she educates people on why they need a policy and creates solutions, especially for small businesses. ”As much as we would all love to have our private attorneys that write our privacy policies and terms, most small businesses can’t afford that. And it’s coming to the point where the cost of non-compliance is so high, but then also you can’t afford an attorney, and you’re between a rock and a hard place. But now, you have a solution that’s accessible to small businesses. “
Today’s Guest: Donata Stroink-Skillrud, President at Termageddon
Donata is the Vice-Chair of The Privacy Committee of the American Bar Association and the chair of the Chicago Chapter of the International Association of Privacy Professionals.
- Company: Termageddon
- Where to find Donata: LinkedIn | Twitter
”Websites collect what we call personally identifiable information or PII, and that’s names, emails, phone numbers, IP addresses, anything that could identify someone. A lot of people don’t think that they collect PII. But, if you have a contact form, if you have a newsletter sign-off form, if you have analytics, you do collect that information.
Don’t Pick Vendors Too Quickly
We Started Very US Centric
”I think it was a bit naive on our part when starting this. We thought we are going to have customers in the United States only and that no one else will be interested in our product. Well, two years down the road, that was pretty stupid. So, currently, we provide compliance solutions for people located in the US, UK, Canada, and we’re working on launching in other countries shortly. Right now, we’re creating policies for our Australian customers. We’re launching into more and more countries and needing to focus on more and more privacy laws.”
The Gold Standard of the Approaches
Termageddon: I Would Call It My First Venture
”I was in private practice beforehand. I didn’t want to write privacy policies anymore, but people still needed them. Right before I went full-time for Termageddon, I worked for a company that did marketing for banks.
We started Termageddon, and I was working full time. And we saw Termageddon take off. We saw more privacy bills, we saw CCPA coming around, and we just got more customers. And I was like, this is the right time for me to go into something that I’m really passionate about. That’s when I decided to go full time.”
The Biggest Challenge Is Mapping Privacy Laws Together
“My biggest challenge is mapping all of these privacy laws together. And as new privacy laws get added, you’ll get new questions and variations to the point where there are millions of different combinations that you can make.”
Having Investors Is Nice
”I’m personally more of a bootstrap person. But we do have investors, and I have to say having investors is nice. It can be hard sometimes. But having that kind of security and being able to draw a salary and take vacation days is very important. If you’re on your own and have no support from anybody else, it’s a lot harder to make it. I’m very happy that we went the route that we did.”
[00:00:04] Jon Penland: Hey everyone. My name is Jon Penland and Reverse Engineered by Kinsta a Premium managed hosting provider. In today’s episode, I’m talking with Donata Stroink-Skillrud President of Termageddon. Donata, welcome to a Reverse Engineered.
[00:00:18] Donata Stroink-Skillrud: Thank you so much for having me, I’m very excited to talk to you guys about privacy today.
[00:00:23] Jon Penland: Awesome. We’re really excited to have you on Reverse Engineered. To get us started, can you introduce yourself to our listeners?
[00:00:30] Donata Stroink-Skillrud: Sure, so just like you said, my name is Donata and I am the President of Termageddon, which is a generator of privacy policies and terms of service and more for websites. I am a licensed attorney focusing my work in privacy and a certified information privacy professional as well.
[00:00:49] Jon Penland: Okay. Awesome. For any of our listeners who may not be familiar, you gave Termageddon a really brief plug, give Termageddon in a little bit more of an introduction. What’s Termageddon all about for our listeners’ sake?
[00:01:00] Donata Stroink-Skillrud: Yeah, of course. So basically what we do is we create privacy policies, terms of service, disclaimers, and end-user license agreements for business websites. And the way that we do it is we actually figure out what laws apply to you, ask you a series of questions, and generate a customized policy based on your answers.
[00:01:44] Donata Stroink-Skillrud: Exactly, exactly. And that’s something that’s become a lot more important over time.
[00:02:17] Donata Stroink-Skillrud: Sure, so so websites collect what we call personally identifiable information or PII, and that’s basically names, emails, phone numbers, IP addresses, anything that could identify someone. And a lot of people don’t think that they collect PII, but I’ll tell you right now, if you have a contact form, if you have a newsletter sign off form, if you have analytics, you do collect that information and privacy laws govern the collection of that information.
[00:03:35] Jon Penland: Yeah. Yeah. I can tell you, at Kinsta we have a lot of conversations around privacy and we’re not a really small operation and it is a major undertaking, even at a, maybe even more so at a larger company, trying to wrap your head around, what are the implications, what are we gathering, where are we storing it, all of these different details.
[00:03:54] And I think one of the things that a lot of website owners might not realize is that even if you say this is purely a brochure site, I don’t have a contact form, I just have a phone number on my site, whatever, coming from the hosting side, you are still collecting personally identifiable information because your hosting provider is logging every visitor who comes to your site and they’re getting that IP address and they request information. So it’s almost impossible to have a website and not be gathering some sort of personally identifiable information. Is that what you found working with your clients as well?
[00:04:33] Donata Stroink-Skillrud: Yeah, absolutely. One of the questions that we ask when creating these policies is, “Do you share this information with anyone?” And anytime we ask that question, the gut reaction is to be offended, like, “How dare you ask?”
[00:04:47] Jon Penland: “I would never do that”.
[00:04:49] Donata Stroink-Skillrud: “I would never do that.” And then, it turns out that they use a hosting provider. Turns out that they have a mailing list on MailChimp or Constant Contact or something like that. It turns out that they share that information with our website designer. A lot of people are sharing information and not realizing it and I think it’s important to note that, when you host a website, it’s not just a Kinsta thing to collect this information, you have all the hosting providers collecting that. And, I think Kinsta does a great job with privacy. I’ve looked at your privacy policies and data protection agreements out of curiosity, which I’m sure I’m like the only person that’s done that out.
[00:05:33] Jon Penland: Yeah, out of curiosity.
[00:05:37] Donata Stroink-Skillrud: Yeah. I think it’s important to choose a hosting provider that’s privacy-conscious as well so that’s a determination that you should make as a business owner, too.
[00:07:16] So when they contact you to opt-out, you have to respond to that request within a certain period of time. You have to respond to it properly, you have to honor their privacy rights. So, really what we do is we provide different compliance guides to our customers as well and a lot of different resources explaining what these privacy law laws mean and what they require.
[00:08:30] And then, if your practice has changed, you can always go into your account and then update that policy to reflect your practices. And then that policy will update to make sure that it’s accurate to what you do with that information.
[00:08:42] Jon Penland: So outside of Termageddon, I think you also just practice as a data privacy attorney. Is that accurate?
[00:08:53] Donata Stroink-Skillrud: I did. So before, yeah, so before I started Termageddon I was in private practice. And that’s actually how Termageddon got started. So I used to work with website developers and I used to write like website design contracts, website development contracts, marketing contracts, stuff like that.
[00:09:37] And it was just a really tedious, boring process. And I’m like, there’s gotta be a way to automate this. And then my boyfriend at the time, now husband, was working in web design as well. And his clients wanted privacy policies, but couldn’t afford a privacy attorney. And the generators that he would send his clients to, wouldn’t give anything to him, he’d just send them all this business and it was like, okay, thanks, bye.
[00:10:05] So we added both of our frustrations together and came out with Termageddon which generates the policies. And we also have an Agency Partners program so we give agencies the way to make a recurring revenue with us too.
[00:10:17] Jon Penland: Sure. When you… I’m coming at it from the perspective of an operations person. And one of the things that I really wrestle with in the data privacy space is what I refer to as SaaS Sprawl, which is the fact that as a company, we’re constantly checking out a new tool, marketing will come and say, “Hey, we wanna look at this new tool, something that ties in with HubSpot or whatever.”
[00:11:33] Donata Stroink-Skillrud: Sure. So, I think when it comes to picking vendors, don’t pick them too quickly. So a lot of teams will find a new tool and it’s shiny and fun and nice. And all of a sudden, now you’re changing all of your processes and sending them all of your customer data without ever looking at what they’re doing.
[00:12:10] The last time they updated it, yeah, if they updated in 2020, 2021, maybe even 2019, that can be more or of a sign that maybe they’re more up to date with things. I would also contact their support and say, all right, so I’m going to send you all this data. Let’s say I get a request from one of my customers to delete their data. How do you handle those requests?
[00:12:39] Jon Penland: Interesting.
[00:12:54] Because certain privacy laws, you have a requirement to respond to requests within let’s say, 30 days. So if you email them and your email is never responded to, they’re not compliant. And see who’s on their team, see if they have a compliance person on their team, see if they have a data protection officer on their team, or even like a privacy compliance specialist.
[00:13:19] And, it really depends on what you’re sharing with them and how much you’re sharing with them. You kind of do almost like risk analysis and maybe even see a search by company name and lawsuit. So if you go to Google and search, like for example, Iron Mountain lawsuit, you’ll see if they’ve been subject to any lawsuits in the past and what those lawsuits have been regarding. Those are some of the things that you should look out for when choosing vendors.
[00:14:49] Donata Stroink-Skillrud: Yeah. That’s, I think that’s the first couple of steps that you can take to easily weed out vendors that don’t care about compliance. And then, if you get good results on those items, you can go in a little bit further and look further, but you’ll be surprised with the things that you can find just by searching company name and law suit. Some of those things can get funny, but…
[00:15:36] And I’m curious why you chose to go the route of updating those policies automatically, as opposed to say, notifying your customers “Hey, you should update your policy, here’s a new copy.” So why are you updating it? If I understand it correctly, you’re doing it in the background. Why have you chosen to go that route?
[00:15:56] Donata Stroink-Skillrud: So what kind of I do both, right? So let’s say there’s a new privacy law that passes that requires a new disclosure that we can’t answer for you. So for example, let’s say there’s a privacy law that says you need to disclose whether or not you sell the personal information that you’re collecting.
[00:16:11] Obviously we can’t answer that question for you. So what we would do in that case to send you an email, ask you that question, you’ll respond yes or no, and then the policy would be updated automatically to be customized to your answer. But there are also privacy laws that require new disclosures that we know the answer to because they were asked from previous questionnaires for previous privacy laws that were passed. In which case, we know your answer, and we can just make that automatic update for you, but we will always notify you and let you know.
[00:17:10] Nobody else is excited to do that. So we tried to make the processes easy and seamless and to take the least amount of time possible for our customers because it’s just kind of like a task, chore that you have to do so I try to make it as easy as possible. So that’s why we chose the automatic updates, but we do include notifications every time, too.
[00:17:32] Jon Penland: Yeah. And I’m curious, one of the, one of the points of conversation on a regular basis, between folks who deal with terms of service and privacy policies, is notifications to end users, right? With a notification to an end user, should you be notifying an end-user via email every single time something changes? Should you, should updating the date, be sufficient? I’m curious how Termageddon approaches that question of updates to policies from the end-user perspective.
[00:18:55] What you’re required to do really depends on what laws apply to you and then what you’re comfortable with. So some people will notify their customers only with material updates, so let’s say you decide to sell information where you’ve never sold it before. Others send an email every single time, even if it’s just like a grammatical change.
[00:19:17] Jon Penland: Right, or editorial change.
[00:19:20] Donata Stroink-Skillrud: That, yeah. But I think it’s important to remember that you don’t want to overload your customers with these notifications because they will stop reading them. So if you’re sending them an email every time you change one word that has no legal consequence, you might be overdoing it a little bit. But then, if you’re using information in new ways, or sharing it with new third parties, or you’re selling information, or doing something that’s drastically different from what you’ve done before, then I would say you should probably let people know because otherwise, they have to be able to make a choice, whether they want to do business with you, whether they want to give you their personal information and you have to be transparent about that.
[00:20:46] Donata Stroink-Skillrud: Yeah. And I think that’s probably the right thing to do even if you’re not required to do it by law. To me, as I try to approach things as a consumer myself. If I was using the service, what would I want to know? And I think that’s, you guys are doing the right thing.
[00:21:47] Donata Stroink-Skillrud: Absolutely.
[00:21:49] Jon Penland: So the data privacy legislation landscape is really complex and fractured, right? So you’ve got, I think the big ones everybody knows about are GDPR and CCPA, the two prime most well-known, but there’s data privacy legislation in Canada, Brazil, South Africa, there’s legislation in a couple of different states as well.
[00:22:11] Do you try to be an expert in all data privacy legislation? Or do you try to consider some of it out of scope? How do you approach just this fractured and complex legal environment that you operate in?
[00:22:23] Donata Stroink-Skillrud: So would the question be how I approach it or how our customers should approach it?
[00:22:58] Donata Stroink-Skillrud: Yeah, when we first started the business, we started very US-centric. I think it was a bit of naivety on our part when starting this. So, we kinda thought we were going to have customers in the United States only, and that no one else was going to be interested in our product.
[00:23:16] Two years down the road, that was pretty stupid. So yeah we focus on, so currently we provide compliance solutions for people located in the US, UK, and Canada. And we’re working on launching in other countries shortly. So right now we’re actually creating policies for our Australian customers, right?
[00:23:43] So as time goes on, we’re launching into more and more countries and obviously needing to focus on more and more privacy laws. For me, I’m an expert in privacy policies. So I don’t pay too much attention to the portions of the laws that talk about security and all that, except for when it comes to our internal security, obviously.
[00:24:05] When you focus your work on privacy policies, it’s very complicated, but it’s not as bad. Essentially, what we do is we pay attention to the legislation that talks about privacy policies for business websites where, whether it be large businesses or small businesses, and information that’s collected by these websites.
[00:24:28] So these websites don’t really collect biometric information. So that’s a whole slew of laws that kind of falls away there that we don’t need to worry about too much. There are certain industries that we don’t cover. So for example, we don’t cover HIPAA compliance and we don’t cover COPPA compliance.
[00:24:47] So those are certain things that fall away as well. So, when it comes to these established privacy laws, those are the ones that we care about and the ones that I study and work with. And then also keeping track of privacy bills in the US and abroad. So, I’m actually very lucky to be a part of a couple of really great organizations.
[00:25:09] So I’m the Vice-Chair of the ePrivacy Committee of the American Bar Association and the Chair of the Chicago Chapter of The International Association of Privacy Professionals. And both of those groups are absolutely crucial in helping me stay up to date with these developments and I don’t really know where I’d be without them.
[00:25:28] The work that I do comes from a multitude of different sources so the ABA IAPP privacy bill trackers, software that helps me track privacy bills, and all of that. So my work comes from a lot of different sources and I understand that it’s unrealistic to expect a small business to purchase a subscription to LexisNexis State Net and read every single privacy bill, which I think there’s 25 now that are in play.
[00:26:00] So first of all businesses, it’s a lot more difficult to keep track of all of this than it is for a licensed attorney who has access to all of these different resources.
[00:26:10] Jon Penland: Yeah. Yeah, because you brought it up there at the end and you brought it up when I first asked the question, As a small business with limited resources, how should they be thinking about the Data Privacy Legislation Landscape, because it’s so complex and you’ve outlined the challenges. They’re not a licensed attorney that can spend their time digging through legislation. So how should they approach this problem?
[00:26:38] Donata Stroink-Skillrud: Sure. And maybe if I can speak to the problem a little bit more to help people get a background, if you’re not an expert in privacy law. So in Europe which is the European Union is a combination of a multitude of countries, instead of each country having its own privacy law, they came together and came out with GDPR, which is an overarching privacy law.
[00:27:02] In the United States we don’t have that. So we don’t have one set of rules. There is very little to no movement on the federal level, unfortunately, to pass an overarching privacy law. So each state is passing its own privacy laws. So we have ended up at this patchwork, right?
[00:27:22] And privacy laws are unique in the sense that they protect customers and not businesses. So they have a very broad application. So for example, when a California’s privacy laws, CalOPPA will apply to any website that collects the personal information of California consumers. As we all know, that’s every website with a contact form, right?
[00:27:44] Anybody from anywhere could submit their information. And that’s the issue. So as we see more and more of these bills being passed, we could end up with 20, 30 privacy laws that a small business is going to need to comply with, which is essentially impossible unless you want to dedicate your life to Privacy Law Compliance, which I’m sure no one wants to do that.
[00:30:38] Jon Penland: Yeah. We’ve just found that operationally we can’t. It’s just so much more efficient. So if somebody comes to Kinsta and says I was your customer, I’m not anymore and I want to be forgotten, we don’t even bother asking the question where are they from. They’re just like, okay, we have a process for deleting this user’s data and then a process for confirming that we deleted and then actually removing our communication.
[00:31:01] So all we’re then storing is a record of the fact that we complied with their request and that’s it. And that’s just easier than making it complex by adding in a step where we have to figure out where they’re from and yeah, it’s an unnecessary complexity.
[00:31:17] Donata Stroink-Skillrud: That’s what we do too. Let’s say somebody is working at a company and their email changes, or they got married and their last name changes, like I’m not gonna bother with of that. Just I’ll just do it, it’s no big deal. I’ll just do it. And I think it’s really important to map your data as well.
[00:31:37] It’s gonna be way easier to get in compliance with these requests and just do them if you know where your data is. So if you have a map and say “Okay, I collect this at the website, this is who I share it with, this is where I store it, okay.” And then I can just go down a checklist and say, all right, delete that email, or delete that contact from SendGrid or contact this provider and ask them to delete that information.
[00:32:05] It can be a very easy process where you get a data deletion request and especially for small businesses where you don’t share data and don’t keep it in too many places. You go down this checklist and if for us, if we get a data deletion requests, the process is about 20 minutes long and then it’s over and then we’re done.
[00:32:23] Jon Penland: Yeah. It’s about the same for us. There’s one step that requires the involvement of somebody from our technical team. But with the exception of that it’s a 10-minute process, rope somebody in from the technical team, delete it and you’re done in 10, 15, 20 minutes and you can move on with your day.
[00:32:40] Okay, shifting away a little bit from the product of Termageddon, I wanted to talk about just your own experience as a founder. So is Termageddon your first venture, have you had other projects you’ve started before Termageddon?
[00:32:58] Donata Stroink-Skillrud: I would say Termageddon is yeah, I would call it pretty much my first venture. I was in private practice beforehand, that was for a couple years. I wouldn’t really consider that as a quote unquote venture. So I think so, yes.
[00:33:15] Jon Penland: Okay. What convinced you that it was time to make the leap and start, more of a startup less of a… I think of private practice, I was a freelancer for a while where I was a content producer. And I see those where you’re, you’re really just exchanging your time for payment.
[00:33:35] So it’s just, it’s really just you’re selling your time and moving from that to selling a product or a service. So, what convinced you that it was time to make that transition into the startup space?
[00:33:45] Donata Stroink-Skillrud: So, two things. One is I had a problem that I needed to solve, and that was, I didn’t want to write privacy policies anymore. But people still needed them and I was still being bugged 24/7 to write these things. And it was just boring and repetitive, and I was like, I don’t want to do this anymore.
[00:34:07] And then two when before I went full-time for Termageddon, I was actually working for a company that did marketing for banks. So, I’m sure everyone here has received that pre-approval letter for a credit card? That’s what the company did, and I was “What am I doing here?” Like I have personally opted out of receiving those junk mail.
[00:34:32] I see, yeah- I see like millions of people getting these letters, that everybody’s throwing out and it’s just garbage. I’m like, I don’t want to do this, this feels weird, it feels wrong. Like I work in privacy and I’m like working for a company that sends people junk mail. I don’t want to do this anymore.
[00:34:51] And we started Termageddon and I was working full time. And we saw Termageddon take off. So we saw more privacy bills. We saw CCPA coming around and we just got more and more customers. And I was like, you know what? This is the right time for me to be done with this junk mail nonsense and go into something that I’m really passionate about. And that’s when I decided to go full time.
[00:35:20] Jon Penland: Yeah, but it sounds like really the transition you made was to transition from writing policies to helping companies be compliant. Is that a good distinction to make in that, before you were writing privacy policies for people, now you’re doing more than that. You’re really trying to help companies be compliant with data privacy.
[00:36:38] Jon Penland: Yeah. Yeah, I know. It’s funny you say that. I feel pretty good about where Kinsta is in terms of our approach to privacy but I do remember when GDPR was first about to come into enforcement or into effect, and the company was much smaller and our resources were much more limited and I literally spent a week on the ICO website. Cause they had the best summary at the time.
[00:37:04] Donata Stroink-Skillrud: They have a great website, I love theirs.
[00:37:06] Jon Penland: I spent a week reading through the ICO and walked away going I don’t know how we can afford the comply. Because and it wasn’t a matter of like we needed to make large changes. It was just my perception of the amount of legal assistance we needed to get to a point where I felt strongly that we were compliant and at the time it’s just not something, it just wasn’t in the cards. And it was a really challenging time to make that transition. So, I can vouch for the value of something like Termageddon to help a business through that process.
[00:37:43] Donata Stroink-Skillrud: Yeah. And we have clients that are one person, right? Their whole company is one person. And they’re doing tax returns for their clients, 24/7 and working really hard. And there’s just no time and there’s just no resources and while other governments, like, for example, the UK, the ICO’s website is super helpful and they provide a lot of information and yes, it can be overwhelming, but at least they provide you that guidance. In the US, there’s very little to no guidance provided. And even when you look at regulations, sometimes the regulations conflict with the law itself and sometimes it’s just impossible to even know where to start.
[00:38:28] I would love to see more resources from our government being put forward as to how people can comply with these laws. But since that’s not provided, you have to figure it out.
[00:38:39] Jon Penland: Yeah, certainly a more rewarding business model than sending people junk mail.
[00:38:46] Donata Stroink-Skillrud: Yeah.
[00:38:46] Jon Penland: I have to mention this. I have a six-year-old daughter and she by and large checks our mail and our mailbox just out by the road. And she already knows to look for pre-sorted standard and stick that state and straight in the trash.
[00:38:59] Donata Stroink-Skillrud: She knows what’s up.
[00:39:00] Jon Penland: Yeah. It doesn’t even make it onto the counter. If it says presorted standard, it, we don’t even need to mess with that, yeah.
[00:39:05] Donata Stroink-Skillrud: Yeah, it’s funny. I don’t even list that job on my resume because yeah, I’m kind of embarrassed about it.
[00:39:10] Jon Penland: It’s just hard to be excited about it.
[00:39:15] Donata Stroink-Skillrud: Yeah.
[00:39:16] Jon Penland: What are some of the challenges that Termageddon is facing today, what are some of the hard problems you’re trying to solve today as a company?
[00:39:24] Donata Stroink-Skillrud: Yeah. So I’m a legal engineer. So I do the stuff that’s behind the scenes that you don’t see. So, when you go into the questionnaire, you’ll see a series of questions and it just looks like they just pop up and that’s it. But what most people don’t realize is that the questions can be completely different.
[00:39:43] So there’s hundreds and thousands of variations of these policies that we’ve created. So the first set of questions will help us determine what privacy laws apply to you. So if you need CCPA, the rest of the questions will change. If you need GDPR, you’ll get completely different questions and different texts.
[00:39>59] So personally, my biggest channel challenge is mapping all of these privacy laws together. And as new privacy laws get added, you’ll get new questions and new variations to the point where there’s millions of different combinations that you can make. So, I think that’s probably my greatest challenge, is figuring out how to map all of this and how to ask these questions in a way that makes sense to the layperson and explain what these things are. Like, if I ask you “Do you have a data protection officer?” you probably know the answer to that, if I ask Jess, who has a jewelry company, she probably doesn’t know what that even is.
[00:40:41] Explaining all of that to the customers providing adequate guidance and providing adequate explanations and education and things like that, I think that’s probably the greatest challenge, for me is combining all of these things together. And I think at a certain point when we get to 30, 40, 50 privacy laws in the US maybe my brain will be ca- It will be replaced by a computerized brain, maybe.
[00:41:15] Jon Penland: No, that’s a really don’t think challenge. I hadn’t really thought about just the degree of logic that has to go in and then, cause you don’t want to spit out something that’s not a high-quality end product. You’ve got to map all these questions to identify the different pieces and then the resulting product has to be something that you can be proud of and you can read and it makes sense.
[00:41:35] Donata Stroink-Skillrud: Exactly. And what’s really interesting is we actually have a lot of lawyers in law firms using our service. So, we’ll have privacy attorneys generate the privacy policies with Termageddon, review them, make sure that they’re accurate for their clients and then, that’s their end work product for attorneys.
[00:41:53] I have a lot of people checking what I do it’s very important to get those correctly because if you don’t, fines can be from $2,500 per violation to 20 million euros or more in total. So it’s not something that you want to mess around with.
[00:42:10] Jon Penland: Yeah. If you had one piece of advice to give to somebody else who was about to go out and start their own first venture, what advice would you give to a new would-be entrepreneur, something that you’ve learned over the last couple of years that you wish you had known when you started?
[00:42:31] Donata Stroink-Skillrud: Yeah, that’s actually a great two pieces of advice. One software as a service is where it’s at. Recurring revenue is extremely important and recurring revenue will make sure that you’re not as stressed out. It will make sure that you have something to a good base to fall back on.
[00:42:54] So, I would make sure that you have that and two, if you are starting a business, I’m personally more of a Bootstrap person. But we do have investors and I have to say having investors is really nice. It can be hard sometimes but having that kind of security and being able to draw a salary and take vacation days and all of that is very important. Especially now, we’re going through some tough times, the entire world and the entire country.
[00:43:36] If you’re just on your own and you have no support from anybody else whether it be your partners whether it be investors, it’s a lot harder to make it. And I’m very happy that we went the route that we did.
[00:43:48] Jon Penland: Yeah, I can say the recurring revenue piece was really foundational in Kinsta’s story as well is. Before my time but the four original founders, it was really getting from, getting paid for doing a job to recurring revenue that Kinsta was built on. That was the idea. They were doing internet marketing and they were doing, they were building websites for customers. And then it was like “How do we get some recurring revenue because we finish a project and we feel great” and two months later the bank account’s empty. So yeah, you can’t over, I don’t think even overemphasize the value of recurring revenue to a young company.
[00:44:27] Donata Stroink-Skillrud: Absolutely.
[00:44:29] Jon Penland: Sure. Okay, so as we wrap our conversation move it towards a close, I do have two quick wrap-up questions for you. So the first one is, do you have a go-to resource that you would recommend to our listeners? Now, this could be a newsletter, a blog, somebody that you follow, a book, an event, really anything. What’s something that our listeners should definitely check out?
[00:44:52] Donata Stroink-Skillrud: So I would say if you’re really looking to check out one thing, I would go to the International Association of Privacy Professionals. So go to iapp.org. And it’s a huge resource, so don’t be overwhelmed, but you can at least look at the news pages and that will tell you everything that you need to know about what’s going on in privacy and it’s a really great resource. They provide a compliance guide, some of my compliance guides have actually been published by them too in the past. And those are really good because they provide more information about what you need to do to comply.
[00:45:30] Jon Penland: So that was iapp.org?
[00:45:33] Donata Stroink-Skillrud: Yes.
[00:45:33] Jon Penland: Okay. So if you are a business owner, somebody who has a website, or if you’re responsible for data privacy at your organization, using IAPP as a resource to stay abreast of what’s going on in the privacy landscape would be an invaluable resource, is what I’m hearing you say.
[00:45:41] Donata Stroink-Skillrud: Absolutely. And also they’re so nice over there, they’re like the nicest group of people, like the most helpful group of people, so it’s a great place to be.
[00:45:59] Jon Penland: Very cool, all right. And final question. Where can our listeners either connect with you or learn more about Termageddon?
[00:46:07] Donata Stroink-Skillrud: Sure. So, you can learn more about Termageddon at termageddon.com. That’s T E R M A G E D D O N.com, and that’s the same for all of our social media as well. Actually, now that I think about it, I thought of another tip. If you don’t mind. Have fun with it, right? So our name is Termageddon, which is terms and Armageddon.
[00:46:31] Unfortunately, terminator.com was taken, so we couldn’t do that. But we try to have fun with it as much as we can. And I think that’s what really helps us get through the day and connect with our customers too. Especially if you have a little bit more of a boring product, like we do. It’s important to have fun with it.
[00:46:51] Jon Penland: Absolutely. That name Termageddon immediately, I mean, I heard about Termageddon two years ago and if you say that name, I know what it is. I just immediately know what it is and it’s because it’s a fun name and it’s a serious product. Like it’s, the product is a serious work product, but the name really does make it fun and make it I dunno, it just it takes a serious topic and injects some positivity and lightness to it, so I really like it. Donata, thank you so much for spending an hour with me today here on Reverse Engineered.
[00:47:28] Donata Stroink-Skillrud: Thank you for having me, this is really fun.
[00:47:10] Jon Penland: Yeah, it’s been an honor. So that’s all for today’s podcast. You can access the episode show notes at Kinsta.com/podcast. That’s K I N S T A.com/podcast. If you enjoyed this episode, don’t forget to subscribe, to Reverse Engineered and leave us a review on Apple podcasts or the platform you’re listening on right now and we’ll see you next time. Awesome.