←back to thread

Ask HN: How to handle sensitive document uploads as a one-person SaaS?

16 points wayoverthecloud | 1 comments | 14 Nov 24 00:47 UTC | HN request time: 0.207s | source

I am thinking of a product many businesses would find it useful but my only concern is that the product revolves around sensitive documents(like lawyer's documents but can be extended to other industries too). The product is already built by many companies but I have found a unique angle that I think would benefit my users. I am not a team and I don't know how to handle laws of sensitive documents as a business entity(and those documents might live on AWS S3/similar services).
Show context
bootstrpppin ◴[14 Nov 24 00:53 UTC] No.42131963[source]
This'll be unpopular, but if you want to keep it super lean and avoid being asked for compliance certs like SOC2/ISO, you could consider building it as an installable app on top of a platform your customers already trust

ie. a Salesforce App.

That way, they already use/trust the environment where the storage/processing of their sensitive data is taking place, akin to an old school 'on prem' solution (but without as much headache for you)

Worth thinking about

replies(2): >>42132380 #>>42134276 #
1. vdvsvwvwvwvwv ◴[14 Nov 24 01:58 UTC] No.42132380[source]
The helps only if your extendee is providing a PaaS for you and makes guarantees. Last time I made a slack extension, for example, I had to egress and ingress client data.