| I think this is an excellent architecture for powerful, respectful, hosted applications. I’ve been thinking about a few extensions of this idea: First, use advances in privacy technology to create a service-wide data warehouse that has enough information to help you make good decisions without exposing any specific user’s data. Done properly, users will benefit from your improved decision-making without giving up their personal data. Differential Privacy can do this. Second, give users the opportunity to download their own little database in native format (e.g. SQLite) This is the ultimate in data portability. I think Dolt [0] might be good for this, because its git-like approach gives you push/pull syncing as well as diffing. That would make it easy for users to keep a local copy of the data up to date. Third, you can start to support self-hosting and perhaps even open-source the primary user-facing application. The hosted service sells convenience and features enabled by the privacy-respecting data warehouse. The big questions, of course, are many: - Would users pay for this? - Does increased development cost and reduced velocity outweigh the privacy benefits? - Would the open-source component enable clones that undermine your business, or attract new users who may eventually upgrade to your paid service? I would like to find out the answers! [0] https://github.com/dolthub/dolt |