I’m leaving my employer soon, and one of the things I wanted to do was to keep some of my old correspondence from Slack that was more personal in nature. I wrote a script (well, I prompted AI to write a script) that exported all my DMs to a JSON file. I then built a quick local RAG, ran through them all, and had a local model categorize what was “personal”. From there I had it spit out a list of conversation topics and people that I went through by hand. The ones I wanted to keep got exported into a clean JSON file that I then copied over to a personal device.
Honestly, I think even that is at least very close to the line of what’s acceptable. I did everything I could to protect the company’s interests, and am confident that even if they were fully aware they wouldn’t have an issue with it, but I’m not at all confident it would be defensible in court if it came to that. If I thought it would, I wouldn’t have done it.
I would never even consider uploading the output to a third party, much less everything.
Interesting that it seems that you're using proton mail. I confess that I wasn't aware about that platform till few days ago.. that's what I'm also willing to achieve.
I'm not sure I understand - what are you willing to achieve exactly?
I switched to Protonmail years ago after learning that the US courts had ruled that third-party email hosts like Gmail do not receive Fourth Amendment protections. I had originally intended to fully self-host, but between the effort required to maintain my own email server and keep it off blacklists, I was looking specifically for something hosted outside direct US jurisdiction and that wasn't "responsive" to informal requests from the US.
Protonmail isn't exactly that, as I expect they would answer a subpeona, but that's OK. I'm not doing anything that I need to truly hide from the state; I only wanted my normal correspondence to not be vacuumed up with everyone else's by the NSA. At least the information that they have access to (and is therefore discoverable) is limited by design.
Their security posture also means that some of their other products - calendar, in particular - are virtually useless to me. Email not being available via IMAP is a bummer, but manageable since they have decent native apps for the platforms I care about. The only exception to that is visionOS; their iOS and iPadOS apps aren't installable on the Vision Pro, so I'm left using the web client there.
Trevally has the data encrypted and, in order to get authorized by Gmail or even Microsoft, we need to face a hard process to show them that we're following the requirements to keep the user data safe... apart from the data being stored in the cloud and other elements around it.
So, the idea behind this platform is a way to keep you email and other elements related to that (contacts, for example), synced and backed up.. and not only that, but also share informations about your data that most of these solutions doesn't offer.
Maybe, moving the servers to outside the US would avoid this 4th Amendment situation in respect to the user data.
But, I'm not sure how people are so scared about security but they're everywhere, in social platforms, using smartphones, etc. I really don't believe that there's a safety place in this WWW, but, we're trying to do that, at least, for contacts and emails, attachments.
Yup. I don't know of any U.S. state where this wouldn't be considered a proprietary and confidential information violation given the usual slate of NDA clauses.
Unless the individual is already actively seeking whistle-blower protections (and they better be extremely highly financially incriminating) there's no legal support here.
I'm willing to get behind many "wild" start-up ideas, but this business model is dead-on-delivery in the U.S.
This is almost surely in violation of a bunch of corporate policies... The whole point is that they don't want you having access to anything once access is cut.
Contacts might be fine, but I don't know of any company that would allow an employee to sync work email messages and attachments to an unsanctioned third party, let alone retain access after termination.
After going through two layoffs, I realized I had the same painful problem both times: I lost all my:
- contacts,
- personal messages,
- and important information that were tied to my company email.
None of these were business-related — they were personal, and yet I had no way to recover them once my access was removed.
Because of that, I decided to build a solution (for free) that lets people safely sync their accounts to a platform where messages, attachments, and contacts are backed up.
If they ever lose access to their original account, they can quickly and easily recover everything.
The most interesting feature is that, if you already lost something (by deleting in your end) but some friend of yours sync its account.. you'll recover it back
I’m currently looking for 5 users to test this POC (for freeeeeeee).
Would you be willing to test the platform for me and share your feedback? Specifically:
What you think overall
What worked well (and what didn’t)
What could be improved
Any issues or bugs you find
Your feedback would be incredibly valuable and would directly help me make the product better.
> After going through two layoffs, I realized I had the same painful problem both times: I lost all my: - contacts, - personal messages, - and important information that were tied to my company email.
> None of these were business-related — they were personal, and yet I had no way to recover them once my access was removed.
You are describing a problem in your ability to store your contacts, not any problem with retaining the emails themselves.
If I want to keep a contact, I send the information to my personal professional email. Done.
If I want to have a personal conversation, I intentionally shift it to my personal professional email - or at the very least, CC: or BCC: the same.
There's no need to violate security standards at my company, just to preserve the 0.01% of the information for myself.
Isn’t my employer going to see me logging in to some random service with my work account? Will the corporate Microsoft identity provider even have you in the allowlist?
Some more product focused “tough questions:”
Is this a problem you think is common?
Example A: I can just connect with everyone I know from work on LinkedIn
Example B: I avoid doing personal business on my work machine so when I am terminated I don’t lose anything
Example C: anything I know I want to keep long term I save in some way that the company can’t keep
Example D: I don’t actually want to engage in Example C because it violates company policy and nothing I do at work is worth getting sued over.
Q:Isn’t my employer going to see me logging in to some random service with my work account? Will the corporate Microsoft identity provider even have you in the allowlist?
- It's like having your accounts synced into Apple Mail (or some other Google app). The difference is that it organizes your contacts and keep your data stored in the cloud;
Q: I can just connect with everyone I know from work on LinkedIn
- That's for sure, but, the idea here is more a CRM than a social network;
Q: I avoid doing personal business on my work machine so when I am terminated I don’t lose anything
- But again, the idea here is to use in many different situations. For instance: you had an old domain but instead of using the Apple Mail, you used a service that store it for you in the cloud. So, you can still have access to it because the data belongs to you... but after a while you don't have the domain anymore.
Example C: anything I know I want to keep long term I save in some way that the company can’t keep
- And this is one example of how the platform is used for.
Example D: I don’t actually want to engage in Example C because it violates company policy and nothing I do at work is worth getting sued over.
- The problem doesn't happen only to company emails... that was my situation with stuffs that I saved by mistake...
> It's like having your accounts synced into Apple Mail (or some other Google app). The difference is that it organizes your contacts and keep your data stored in the cloud
It's not the same, though - it's a non-standard service with the specific, stated purpose of data exfiltration.
The issue here isn't so much the fact that it keeps contacts available after the account is disabled; it's that it's the stated intent.
To put it another way - if I wanted this, why wouldn't I just sync my email via Thunderbird on a personal device?
> That's for sure, but, the idea here is more a CRM than a social network
I have something similar for myself, but it's just iCloud Contacts with lists and tags.
> The problem doesn't happen only to company emails...
I think this is your core issue - messaging. While I don't know if the problem you're trying to solve is one other people have, I do know that the value proposition of "you may lose your company email" is... well, it's clearly going to be a violation of contract at minimum for most employees, and potentially even a criminal act.
Another question I’ll put into a separate comment because it feels like a very separate question than my first set of concerns.
What you describe on this post seems like a much different tool than what I see when I go to your landing page and watch the demo.
The landing page and demo strongly imply a sort of contacts power user application. I could imagine a salesperson or similar persona going for that product.
But this HN post describes more/different features than that which go beyond contacts.
Who do you imagine fits your ideal customer profile?
My last concern is your demo video. 30 minutes is crazy. A demo video should have absolutely zero “Um”s and other time wasting hesitations in it. It takes a full 1:30 before you even get past the login page.
The demo feels more like a “how to” tutorial rather than a sales demo.
It should be more like, 10 seconds to introduce, then, bam, start showing me the most valuable thing right away.
Someone clicking on your video is your golden opportunity to get to showing the value as quickly as possible. If they click on it and hear someone talking slowly about some boring product manual-style walkthrough and see the 30 minute run time they are going to dip out.
I know that’s going to be tough with English being a secondary language but it needs to be done over and over with a script until it’s perfect.
I also don’t want to discourage anyone from bringing their real self to a demo, but from a practical standpoint Daniel is very hard to understand sometimes. His accent is very strong and I am unable to understand some of the words he’s saying. Rehearsing a concise script down to the exact word until it’s perfect is one option that I think will improve pronunciation.
Another solution to avoid removing him from the demo would be to burn in subtitles (not just YouTube optional subtitles, force subtitles by burning them in).
Or, you can jump on a freelance platform and hire a voice professional to read off the script.
Either way, use a good microphone in a good recording environment. We shouldn’t hear echo like I am hearing in the video. I should hear the full dynamic range of the person’s voice rather than feeling like I’m on a zoom call.
Hey Dangus, thank you so much for your time writing it to me.
So, regarding the landing page: the reason why I implemented that in the past is that: today, is hard to show some "value" to the user that are familiar with so many PRO landing pages.. but, honestly, I'll change the landing page in order to make it more simple.. because it was built for personal use.
Answering your questions:
Who do you imagine fits your ideal customer profile?
- I'm honestly thinking about it... because, the user might have different purpose. If I'm looking for a contact management system that stores my stuffs in the cloud and gives me some insights about my contacts.
- But, why having different solutions for contacts and having a bridge to connect them? For example: Kanban, file sharing, message, etc.. everything is related to contacts.
- Another reason why I implemented it is because Gmail doesn't offer a way to know the ones that mostly sent messages to me.. including not desired messages. So, it makes easier to me to find those contacts and get rid of messages sent by them;
Regarding the video.. you're totally right. I'm a programmer.. I'm a nerd.. and I have 0 experiences with that.
Thank you so much for the ideas that you've shared with me. I'll start improving asap based on these feedbacks.
Basically, the short version of it is that you want to have a really good idea of the persona of the buyer that you want, what drives their urgency to buy, and how you address their pain points.
Some of this is more relevant to B2B selling but a lot of the ideas are still helpful.
At some point you might even want to think about who you don’t want to buy your product. Who will buy your product and then be unhappy with it?
dangus, thank you so much for such attention and feedback. You know might know that, as a business owner (not that I'm, but, willing to be), feedback like yours are precious.
Thank you all for the feedback, mainly the legal ones. The problem here is not only related to the company emails, but, it also helps to other that have own domain emails but at some point, loses it (because some reason).
People still sync their email in Apple Mail or similar apps, but, after getting the phone stolen or some HD problem in the computer, everything is done!
The idea is not to offer legal problems but, data problems, but I totally understand your point.
While I was targeting a different purpose and solution, a personal solution, people thought on this as business solution.
I had important emails lost from different domains that I had in the past without managing the contacts or attachments properly.. data not related to the company, but, personal data.
For those ones that faces the same problem that this solution is for.
I'm working hard to avoid that. In order to be approved by Google, we must follow a lot of data security preventions.
But it's interesting how people are talking about security but they are or using AI, or using social networks but never complain about that. I'm not saying about you, but, few people that I asked for to test.
Employees are not IT and Infosec teams. What an employee wants as it relates to a corp system is mostly irrelevant, as the company owns and governs access to the system. It is not the employee’s data, broadly speaking.
Giving third parties access to your business emails can't possibly have negative repercussions right!