Privacy

The Growth Tool I Turned Down

I had a one-click way to add a referral program to my app. It would have quietly handed off my users' contacts. Here's why I built it myself instead.

Most founders bolt on a referral system without a second thought. Invite a friend, you both get something; every app does it. Last week it was my turn, and I nearly did the same.

The easy path is one of the off-the-shelf referral tools. An afternoon of wiring and you’ve got invite links, founding-member tiers, all of it. I had one picked out. Then I read how it actually works.

It runs on your users’ contacts. The email list lives on their servers. They build out the social graph of who invited whom and keep it under their own privacy policy, to use however suits them. So the moment someone signed up for my app, their information — and their friends’ information — would land with a company I don’t control.

Plenty of apps ship that and nobody notices. I couldn’t. I’m building software for families, and the promise underneath all of it is that your life stays yours. You can’t say “we’ll never sell your family’s data” out of one side of your mouth and pipe your users’ contacts to a growth vendor out of the other.

So I built it myself. It took longer, and it was unglamorous work. But the data sits on infrastructure I run, and nobody’s contact list touches a server I can’t answer for. It’s the same reason I sweat the parts of a system no one ever sees: the promise only counts if it holds where nobody’s looking.

I keep bumping into the same thing. The convenient option is usually convenient because somebody already decided your users’ data was fair game. That was true of the cheap integration and the one-click growth hack, and it’s getting truer of every AI feature that “just works.” So before I add anything now, I ask where the data goes and who makes money on it. More often than I’d like, the answer is to walk away.

That’s the slower way to build. I’m fine with slower. If you’re going to tell people their privacy matters, the code has to mean it in the places no one ever checks — even something as small as a referral link.