|
|
|
|
|
|
by Androider
1921 days ago
|
|
|
I think what would help is, and what I've seen other companies do: - First add a security page, I need to know you're doing basic things like encrypting the data on your end etc. Hopefully you're using at least something like KMS for your at-rest encryption (all DBs and disks) if using AWS. - Then also publicly state on the security page something to the effect of "No Pry employee has the ability to access customer data without your explicit approval, and all access is audited". Meaning, if you need to work a support case for some customer, you have to ask them before you look at their data, and you have to track when this access occurs - Ultimately you'll get something like a SOC2 cert to show that you actually have these controls in place that you say you do I think with this, you'll be able to overcome some of the fears. Native apps is a shrinking market and a distraction for you IMO. Your customers are already fine with cloud solutions, since they're using Quickbooks Online, Xero etc. by definition, you just need to convince them you're trustworthy as well. |
|
|