Is it worth building? 🔥 or 🚀

Hey Indie Hackers,

While I plan to move forward with building a heavy MVP for my idea, I'm wondering about validating it first. Is it worth moving forward in the first place?

The idea is related to the personal data privacy and building a sort of personal data wallet, where users will be able to safely store their personal data and share them with external applications. But the application makers would be the customers here and will have to integrate with this solution. There are a number of benefits to the application makers for doing it, like more secure and transparent data store solution, potential access to the already registered users. On the other hand, users gain more control over their personal data, which might be discouraging for the makers form the data ownership perspective...

Since you guys are actually building a lot of stuff where you mostly need to have logged-in users with some of their data stored, I'm wondering what is your opinion about the idea itself?

I've recently released an initial landing page for it, but since it will need heavy MVP prior to any commercial integration, I'm not promoting it anywhere yet. You may reference it for more information, though.

  1. 2

    Unbelievable how, to this kind of services, I always see remarks about user experience or simplicity or traction or lead generation or whatnot, but rarely I see technical and security questions, which is what ultimately really matters

    users will be able to safely store their personal data

    Exactly, what tells me you are really storing my data safely? Data security is NO JOKE, you're going to be in HUGE troubles (legally and financially) should you leak just a tiny information from you users. And I'm not just talking about ending your activity, I'm talking about trials and fines - big, big fines.

    I don't know how it works where you live, but if you want European customers you need to spend so much money on security for the GDPR regulations that it's really not worth it, unless you have a HUGE market. Think about all the attacks you WILL get, from really advanced sources - big companies lost some of these battles, how are you going to fare compared to them?

    I really suggest you to think really well before jumping into this kind of activity.

    1. 1

      Well, when you do your own solution to store personal data you face the same problems, aren't you? And when you do SaaS or other service, there is no way you can avoid processing and storing personal data. Actually, the regulations are the same, and you are obligated by GDPR, CCPA or PII to protect personal data the same as in this solution here. My solution can sort of free you up from storing securely personal data and let you focus on your business case implementation.

      I agree with you from that point of view that it will have to be well secured. That's why I'm talking about heavy MVP to build something secured in cooperation with the best security people, having cyclic pen tests and always up-to-date libraries with the best security practices implemented. Not an easy thing, I agree... That's why want to ask first if it's worth the effort...

      Considering all the above is possible, would you use this as a developer in your solutions, or rather consider other options for storing personal data?

      Thank you for sharing your perspective, appreciate it!

      1. 1

        That's why I avoid at all costs storing personal data (and data in general) : I don't make SaaS nor host something for other people nor anything of that sort: I'd have a lot of services and ideas to implement but the security / privacy aspect is to tricky and a PITA that the best solution is always moving to something less problematic - when I'll have the time and resources I might change my mind.

        I would never use a site that I don't feel trusted for anything than a testing environment (as a developer)

        1. 1

          Understand! Thanks again.

  2. 1

    Hey Piotr,

    I'm not totally sure I understand your idea correctly. I'm probably missing Moonjelly value proposition.

    In terms of authentication flow, I would use service like Auth0, Okta or Keycloak. It saves a lot of time & provides security ( at least impression of 😉 ).

    When building CrossKeeper, we decided to go with custom authentication flow. We wanted to have contact info ( usually email ) on our side.

    Plus, all in all, Moonjelly needs scale to provide some benefits described on landing page.

    I'd definitely find potential customers and talk with them directly to verify idea.

    Good Luck 💪

    1. 1

      Hi Bartek, it probably means that I haven't explained value proposition behind Moonjelly clearly ;)

      But for the authentication flow, it will be the same as for the competition you mentioned, but better ;). Considering that everybody that have Moonjelly account would be able to login to your solution right away without registration, with ready to use data you need. This is where I think additional value is at scale. And right, scale will be desired here.

      Thank you for your comments and advise. Keep your fingers crossed ;) !

  3. 1

    Good questions to ask. I'd have a few reservations and questions about using the service.

    #1. Is it going to mean extra dev work to integrate with your service? (Vs. an integration that somehow saved me dev time...) And if so, what benefit do I get, an especially tough question for early adopters, who will be sending new users to you to register, and getting little in return if you don't have users to send to them yet.

    #2. Will this limit my ability to scale or to take control in the future? If I don't have a way of identifying my users, then I'm stuck with you forever. What happens if your service is slowing me down or causing some issue or conflict later on? Can I get back out with whatever information I would need to do it in-house?

    I'm not sure how others feel, but I have doubts.

    1. 2

      Thank you @servantofmany! Appreciate your feedback.

      Referring to the points you made.
      #1. In the initial version, I thought that it was integration over API with help of standard Oauth 2 libraries for authentication. Seamlessly as you integrate with external identity provider. What you gain here is that you don't have to care so much about database security, since you don't store personal data directly.
      For early adopters, great insight!. They will definitely gain in the future (with user base grow), but maybe I should think about special offer for early adopters?

      #2. It should help you in future to grow as the user base grow. You will not lose the ability to identify your users if there is a valid business relationship with the user (ie. there is a subscription plan in effect). As a platform, I secure access to whatever was shared with you, as well as user right to not share some data with (ie marketing). You may lose the ability to identify users which do not want to use your service anymore and there is no valid business case. And yes, within the right to access user data, you can always bring them to your in-house solution.

      1. 1

        Good answers! I'll have to think about this some. By the way, if you do decide to start marketing your landing page, it needs some work. There are some typos and things that need to be fixed. Sneakers instead of snickers for example (unless you mean Knickers?)

        1. 1

          @servantofmany, right... sneakers, of course. If you had any more comments fell free to share. Thank you again!

Trending on Indie Hackers
IH invite system is broken 29 comments Let me promote your product! 20 comments Roast my 3D landing page! 15 comments The world's fastest startups are working on just ONE metric... 13 comments Catching up to my main competitor Veed 6 comments Do You Find It Tough To Take Good Decisions In Uncertainty? 🤔 2 comments