EPISODE 1589 [INTRODUCTION] [0:00:00] ANNOUNCER: Data breaches at major companies are now so common that they hardly make the news. The Wikipedia page on data breaches lists over 350 between 2004 and 2023. The Equifax breach in 2017 was especially notable. Because over 160 million records were leaked. And much of the data was acquired by Equifax without individuals' knowledge or consent. Data breaches are increasingly costly to companies and to affected users who must deal with the ensuing identity theft. In 2018, the European Union implemented the General Data Protection Regulation or GDPR. Despite its mild name, the GDPR had major consequences for individuals' right to control their data and for companies that operate in the EU. Among other things, it gives the right to have personal data removed from a company's records. This is the so-called Right to Be Forgotten. Gal Ringel is the co-founder and CEO of Mine, which allows users to identify which companies have their data. And it automates the process of removing data on behalf of its users. In this way, Mine aims to reduce online exposure and minimize risk for anyone using online services. Gal joins the show today to talk about his company, the impact of GDPR and how his experience in military intelligence, venture capital and tech led him to co-found the company. This episode of Software Engineering Daily is hosted by Jordi Mon Companys. Check the show notes for more information on Jordi's work and where to find him. [INTERVIEW] [0:01:43] JMC: Today we've got Gal Ringel all joining us all the way from Israel. Welcome to Software Engineering Daily, Gal. [0:01:51] GR: Thank you, Jordi. Great to be here. Thank you for inviting me. [0:01:54] JMC: Oh, my pleasure. Where specifically are you joining from? I presume from Tel Aviv. Right? [0:01:59] GR: Tel Aviv. Yeah. [0:02:00] JMC: They say about Israel being a tech nation. It's absolutely true. Everyone works in software, right? You yourself, your whole career has been connected in some way or the other two software, right? [0:02:10] GR: Correct. Yeah. I started my experience. I don't want to say career. Because I was 10-years-old. But I started writing code and hex stuff since I was really young. This is what eventually got me drafted to the Israel intelligence. You mentioned Israel and the startup nation. I think that one of the most successful and powerful sectors out of the startup nation from Israel is the cybersecurity space. Thanks to different units within the Israel intelligence. I was fortunate to be serving for one of these units for six years. I'm an ex-officer. In Israel, you have to do three years mandatory. I extended my journey there with three additional years. [0:02:55] JMC: My understanding that the compulsory draft was in the first three – in those three years, are you able to choose what you want to do? Like, yourself, you were interested in cybersecurity. Would you be able to tell the Israeli military, "Hey, I know this is compulsory. This is mandatory. But I'd like to –" because I know my friends from Israel, they were "forced". It was chosen for them. One went to tanks, however you call that. I'm very unfamiliar with anything military. But they weren't able to choose what area in the military they would be eventually serving. Was it different for you? [0:03:27] GR: This is high-level correct. The army gets your profile in advance when you are in high school. And then according to what you study at school and different things, they give you a few options. In terms of technological roles, it depends on what you studied at high school. I did five units in computer science, in math, in physics and in robotics. That combination essentially got me to get a few interviews from specific units. And I passed this. I had like six or seven interviews and I passed that. And typically, if I remember the numbers, it's like 10,000 kids every year starting this interview process. I was lucky to pass all the exams and interviews that I had there. And yeah, and I joined that unit. And I served for six years. Really enjoyed every minute. Met a lot of friends from the cybersecurity space today that are friends for life. And even at Mine, my current startup, we are three co-founders. And one of my co-founders, another Gal, we're two Gals. We serve together in the same team. We know each other for – this year, it would be 20 years. [0:04:40] JMC: I think that's a common trend among tech startups. I guess it's common, right? The same happens in the US that probably there's a tendency, an incentive to found a startup early in your career, but also with the friends that you've probably coded a project with in the university. But I think this trend, this incentive is more likely to happen in Israel. Because at least in my experience – this is anecdotal data. I don't have any particular research or so. But I know three companies. And the three of top nine are LinearB, if I'm not wrong. And another one that I can't remember. At least a few of the founders of those companies met when they were doing the mandatory military. What you just described. And not necessarily as cybersecurity, but elsewhere. I guess you bond pretty well. What about the rest of – from then on, what did you – did you move on to something else? Or were you still in cybersecurity elsewhere in the private sector? [0:05:35] GR: In my case, I didn't found a startup right after I got released from the army. I started mine when I was 32. A little bit late comparing to other founders from Israel. What I did afterwards, I kept engineering in a few different places. And then after 12 years of hands-on engineering, I was always intrigued by the business side. But I'm a geek. Writing code, this is my DNA. And I didn't know how to change my career to the business side. My first degree is also related to computer science. And I wanted to move to the business side. My practical MBA, if you would want, was to join the venture capital community. I worked – that was my pivot, basically. I worked for four and a half years for two corporate VCs. The first one was Nielsen, the market research company, which invented the TV rating. This is how most of the people know them. For them, I did early stage investments in Israel. Typically, first money into the company. Seed and pre-seed even. And this is the first time that, through these investments, I got to learn how to do product, and finance, and hiring, and fundraising and marketing, but from the point of view of the investor, which is completely different from being at the founder driver seat. But it opened my head. I could really learn a lot in a very short period of time. And after two years, moved to Verizon, the telco, the US telco. I joined Verizon Ventures. And there I led all kind of different cybersecurity investments, but a little bit later stage. I would say series A, B and C. I had the chance of seeing also bigger companies. To sum up this short investor career, four and a half years, I had the chance of investing in 22 companies. In drones, AI, hardware, cybersecurity, AdTech, marketing. Very diverse background. And I learned so much. And I was fortunate to work with all kind of different teams and escort them or walk with them along different stages of the company. [0:07:53] JMC: I don't know about Neilsen's corporate VC arm and Verizon's. I'm sure they are great. But in general, the people that you chose in your career, in order for you to learn the skills that would enable you to then become an entrepreneur or a product person, right? Instead of just an engineer. I think that choice was fantastic. Because as you say, I mean, it's different. You do have some skin in the game, right? Depending, I guess, on your compensation. But you do put money. You put your money where your mouth is. You're not in the company, right? You're in the board or sometimes in the board. But, yes. I mean, it gives you such a broad experience with so many founders and C-level executives. All of the different verticals that you just mentioned. AdTech, cybersecurity, drones, et cetera. I mean, there's no better way to learn that landscape and then and get a gist of management, business, product, marketing, all the things that entrepreneurs do. I guess did you found the company right after that experience? Or did you still have a stint of engineering or product maybe? [0:08:55] GR: No. Right after that. My main goal of doing this four-and-a-half years transition was to learn as many skill set as I can, which is not coding or engineering. And once I – [0:09:06] JMC: Excel. [0:09:07] GR: Exactly. Excel. Finance. How to work with different teams? How to hire people? How to do sales? When I was doing Investments for Verizon, I had to find different champions within different business units and sell them, sell them the startup, right? And it's not an easy thing to do. I bring an early-stage startup to a big conglomerate like Verizon. And I need to convince one VP that that startup can do the work that he got budget to do better than what he can do it. And it's not an easy thing to do. [0:09:44] JMC: Lots of soft skills there that you don't learn easily. [0:09:48] GR: Soft skills, politics. Yeah, definitely. [0:09:51] JMC: How did you get the idea? I guess, did you come up with the idea? Did a co-founder? How did that came about? And tell us about the company. [0:09:57] GR: As I mentioned earlier, we're three co-founders. The other Gal and I, since we served together, we always had a dream to fund a company someday, right? But life took each one of us for different path, right? He kept engineering in one startup that got acquired. And then five years with Microsoft. And one day I told him that, "Listen, let's quit our jobs and start working on something exciting." And Kobi, which is our third co-founder, who leads the product. I knew him from the venture capital experience. He worked for a different fund. We met in a conference. We became friends. We tried to do deals together. Unfortunately, failed. But we started the company, which is even better. And when the three of us started to sit together, we actually started to do a quick ideation process. A lot of the things that Kobi and I learned in the venture capital on how to do market research, how to look at different markets, how to assess a business, how to assess an opportunity. We started doing a quick ideation process, which we knew that it has to be around data. Because the three of us on different junctions within our career, we dealt with personal data in all kind of different angles and purposes. And we knew that we wanted to be in the intersection between security and privacy. Why? One, because we have a lot of experience from the security space, right? But also, privacy was something that was very close to our hearts. Each one of us connected to that angle, to the privacy space from a different angle. Personally, I got my identity stolen, which is horrible, really. [0:11:44] JMC: Oh, wow. Tell us about that. What happened? [0:11:46] GR: It was actually pretty stupid. This is what happened to most of the people in the internet. And by the way, part of our original vision was to exactly reduce this – [0:11:56] JMC: Prevent this. Okay. [0:11:57] GR: Prevent this. Yeah, reduces the chance that your data can be used against you. But in short, what happened to me is – every day we use the internet, right? Personally, I love the internet. I think the internet, it's a great place. But we have to click, I agree, all the time, right? Anytime that we want to sign up, to purchase something, to book tickets, whatever, we have to give our personal data. This is how the internet works. But most of the internet interactions that we're doing, 85%, according to our research, is due to a one-time-off interaction. Meaning, you signed up to a site, or you booked a flight ticket with a low-cost airline, or you booked a hotel, or you did something, which was a one-time-off interaction. Meaning, didn't do any business with that company afterwards. And what happened to me is that I booked a hotel in my honeymoon, seven years ago, in South America. And that hotel got breached. Part of that data breach, my personal data got stolen among millions of other customers. And suddenly, after – it happened after – I think it was 5 years. And suddenly, I saw a new credit card issued on my name. And this happened – if you start asking around, you would see that so many people are affected from whether it's identity theft, reputation damage, financial loss, manipulation, all kind of different digital threats. And it's beyond their control, right? Because we trust companies. We put our data there. And sadly, this is the reality. It's not the fault of the companies. But sadly companies, get breached. Privacy leaks happen. And then we are paying the price as individuals. Because our data there gets stolen. The whole vision of Mine and why we connected to the privacy space is, one, how can we find our data online? Right? It's almost impossible. Because it's so fast. It's so dynamic. [0:13:56] JMC: It's all over the place. [0:13:58] GR: It's all over the place, right? How can we find the data? And second, how can we learn whether we are still using a service? Whether I get value from the company for the fact that I gave them my data. Whether I have an ongoing relationship. And then the kicker for the company was the GDPR. We started researching the GDPR in 2018. Literally, the end of the year. A few months after it got legislated and went live officially, we started researching around this amazing law. And we saw that it's actually going to change the internet because it's going to put on the one hand accountability and a responsibility on companies. Anytime that the company wants to collect data, to process data, now they need to justify it. They need to have a good reason. But on the other side, individuals are now granted with powerful rights. For example, you can activate your right to be forgotten. You can go to almost any company and ask for a copy of your data. You can start interacting or control your data. But we knew that it would be so uneasy for the average person to interact – [0:15:11] JMC: Impossible. [0:15:12] GR: Impossible. Right? I even asked lawyers that read these privacy laws. And even them were not able to exercise these rights in an easy way. We wanted to make it accessible for people. [0:15:24] JMC: Before we move on – because this is fascinating. First of all, I hope you solved the identity theft issue. And that maybe you even caught the person. But hopefully, you were able to cancel that credit card and hopefully get rid of that. That first. Second, I am a huge advocate of privacy and a defender of GDPR in particular. And I'm happy that it has enabled a market that allows companies like yours to actually exist and hopefully thrive. But it is true that it would have been a bit great if the rights that it has granted the citizens to take control of their data and so forth would have been maybe a bit more enabled. Or maybe it's me that I don't know about products like yours, right? Maybe it's just a market right now. The market of take control of your data that is very new. And that citizens still don't know, A, about their rights. And B, that there are companies enabling them to take – fulfill those rights. I'm really, really happy that a company like yours exists. Exactly, how much data is there out there? And how does one – or your product actually is able to collect it? Is it possible? [0:16:37] GR: Yeah. Good question. By the way, the complete vision that we had for the company is also to help the companies. Because being compliant with these privacy regulations and handle all the requirements is very challenging. But we will get there. But we started as a purely consumer offering. And in terms of your question, after having more than 4.5 million users, this is what we have today, we learned that the average digital footprint, which is the total number of companies that holds the personal and sensitive data of the average user worldwide, 350. Personally, I had 826. Yeah. But just to put it in a perspective. Any time that you travel, on average, you add six new companies that now have your data. Because you need to purchase a flight ticket to book a hotel. Maybe to rent a car. Maybe to go to a concert, restaurant tables, shopping, right? Seven services easily. And I'm not counting shopping holidays, like Black Friday, Cyber Monday. When you change jobs. There are a lot of specific personal events that are happening in your life that suddenly you spread your data even more than the average day-to-day. [0:18:01] JMC: That's fascinating. I mean, I wasn't expecting those figures to be so high. On the other hand, I do understand companies, right? One, company like yours, but any company believes in their vision, right? They want to make money from providing a service or product. And they want to be relevant, right? They usually have an expertise in something. And they would like to communicate such expertise to those that don't know about the company. In a way, they do need data. And also, targeted advertising requires a lot of data precisely to be relevant. I guess data brokers are collecting a lot of data. Because you're talking about companies that are one-off interactions, like the car hire company that I just – on my holidays and will never see again in my life. They've got one data point or one interaction with me with enough personal information. But what about those data brokers that actually collect those data points from everywhere and profilers? As I told you before, I'm quite adamant about protecting my privacy. But I don't know how to balance that with the perspective of a marketer that only wants data to profile correctly users and then target them with only relevant information. I think that is also a valid claim. And I don't know how to balance this view of data hoarding, and profiling and targeted advertising. Anyway, my question is, I guess, what about data brokers? What's their business model? How much data do they collect? And how do they profile? [0:19:27] GR: It's a very good question. When we thought about what types of data we're going to find in terms of the users that we want to bring, I thought about myself, we drew a very clear line. We are dealing with the discovery of personal data. We call it first-party data. Meaning, this is data that you willingly, willingly gave to these companies when you clicked I agree, when you signed up, when you did the action that provided the company the data, right? When you think about data brokers, cookies, all of these, typically, this is data that is either collected passively. So, without your knowledge. Or data that was sold or leaked out in, let's call it, bad actors' way, right? We decided that we're drawing a clear line. We're not dealing with that types of data for now. The reason is why would you use our consumer offering? How it will help you? Not only to discover your data, to learn about where it is, the risk and everything. But to be able to control it. And every time that you see that there is a service or a company that has your data but you don't use it anymore, you can ask the company to remove your data, to delete it. Essentially, we created a journey where we help you reduce your online exposure from all the unnecessary places. And by doing that, as we said earlier, we allow you to reduce the chance that when these companies would get bridged or anything bad would happen, and it will, because this is life, we cannot really prevent it, you would reduce the chance that your data would be there and used against you. What I'm trying to say is that we wanted to focus on preventing security incidents. Not that I'm – when you think about data brokers, typically, it's about advertisement and things like that. It's less – not that I think it's not concerning. But if you think about real digital threats that can hurt you, whether it's personally or financially, it's more the sensitive data. We deal with your physical address, your date of birth, your Social Security number. [0:21:39] JMC: Yeah. Data brokers, probably to profile one, use behavioral data and my interest. And that is, I guess, less risky. I do agree with you. And so, I think data breach is, like you say, an everyday life thing. I mean, hopefully, they go down. But it turns out that software is really, really difficult, if not impossible to secure completely. It's just really difficult. It's inherent to software, right? While it's kind of easy, although costly to secure gold, for example. Vault under six- foot of metal, wherever. It turns out that private information is much more difficult to secure. Even for someone that like me, uses two-factor authentication. And I get breaches all the time. I've got my own way of finding out. If spam just skyrockets, I know that my email has been just shared in some occult, dark website. And then, eventually, I'll get the notification of the breach. But anyway. I'd like to talk about a type of data protection system that I think Tim Berners-Lee promoted. He's got a startup about it. But later. Before we move on to that, which is called Inrupt or Solid. The protocol is Solid, I think. How do companies – data brokers might be a bit dodgy about how they collect this data. You mentioned it. All respect to that business. But, hey, maybe a gray zone. But what about businesses that want to be compliant with GDPR? I've worked with so many that want to be incredibly not only compliant, but like proficient and being able to allow their users to delete their data. Because, again, they want to be relevant. And that means having the data. And having the intent from the user to be communicated at to, right? Not communicate with someone that just doesn't want to know anything about you. Many companies find it impossible to manage data. Because it is quite difficult. I wish actually GDPR was a bit more expressive about that. But, hey, how does – you guys have an offering in that sense, right? [0:23:24] GR: Yeah. Correct. This is exactly our second – the other half of our vision. As I mentioned earlier, when we started, we wanted to focus on privacy and privacy regulations. And to leverage the fact that there is now new internet rules, if you would want, right? A new sheriff in town. The other side is that we knew that when we looked and read through the law, specifically the GDPR, we immediately understood that companies would find it very challenging to be not only compliant. I think it's very hard to say that you are fully compliant to GDPR. Because there are so many – as much as I like GDPR, I think it has to be revised and fixed from the company point of view. It has to fix a lot of holes that are left open. But in general, we identify that companies are going to be struggled with that. The second half of our vision is to bridge the gap between individuals and companies around private regulations. Now the way we did it, we interviewed dozens of legal teams that are tasked with making sure that they know what data the company process. Why they process that? What types of data they collect? And it's very hard. That process or that exercise, which most of them are doing manually, by the way, which is insane, is called data mapping. And data mapping is basically the process of – this is the core for every privacy program. You cannot handle a privacy request. You cannot complete your ROPA report. You cannot do anything without understanding what systems you have within your company. A system can be any asset that lives within your cloud environment or any SaaS application, like your CRM, your email marketing, whatever that you are using. This is step number one. Let's map all the systems. And step number two, which is even harder, called data classification, which is to say, "Okay, I want to classify the data that I keep in my Salesforce, or in my database, or whatever and to scan the data." There we have machine learning and natural language processing algorithms that can scan the data and give you a report of all the types of the data that you keep there. Credit cards, and financial information in general, and health information and how many? When we help companies with privacy regulations, today it's beyond GDPR, right? You have all the states laws in the US, in Canada, Australia. It's everywhere. One of the key modules that we're selling to them is the automation of the data mapping process. We took a no-code approach. Meaning, you don't need any engineering involved in the process. And without installing any agent, we can help you discover all the systems that you are using and then scan the data and classify it and give you a report and a clear understanding of what you are dealing with. And this is priceless. Our customers today say that they think about us like as another team member. By the way, the product called MineOS. [0:26:27] JMC: Oh, yeah. We didn't say so. Yeah. [0:26:28] GR: Yeah. Yeah, MineOS. And again, the one liner is that we are automating all the daily privacy activities that are related to building, maintaining and making sure that the privacy program stays intact. [0:26:41] JMC: The fact that that is being managed manually, the mapping. When you were talking about it just a minute ago, I was imagining like an explorer, a Phoenician explorer in the Mediterranean sort of like literally going with this ship through the coast of Libya or wherever and mapping manually the coast, and the capes and all that. Because it's just insane. And then classifying in that metaphor, that example. [0:27:08] GR: You would not be surprised to learn that, still, 2023 almost – we're half through there. More than half. Many companies, even the biggest one you probably know, are doing that manually in a spreadsheet. They have like a master spreadsheet. Someone within the company is tasked to be the – it's called data inventory. To be the owner of that spreadsheet. And once a year, if the company lucky, they can do it twice a year. That person goes and email different people within the company and literally ask them, "Hey, dear VP engineering, dear VP sales, dear whatever, please let me know what systems are you using and what data you keep there." Now let me share one interesting story. Anytime that we scan a CRM, whether it's Salesforce or Hubspot, we typically find that sales rep, sales rep keep financial information in the meeting notes related to their customers or their prospects. And in some cases, we even found passwords that are being saved as meeting notes. Now this is free text. No one can really enforce it. Anyone can open his Salesforce account and write and enter, insert any types of data. Doing that manually and asking people what types of data they think exist there is inaccurate. Because they cannot know, right? You have to have a piece of technology that can do it for you in an automated way. It doesn't make any sense to do it manually. [0:28:36] JMC: I agree. And I'm grateful that such thing exists. And I'm also with you in the sense that, being myself a GDPR supporter and mostly a defender, I think it should be a bit more realistic for companies. It's ambitious. It's positive, especially for users for, end users, for citizens, if you wish. But for companies, it's been a bit too broad. And although the aim is positive, I think it should be slightly amended. In any case, okay, obviously, the tools that you describe, mapping, then data classifying, would eventually enable businesses to provide users with the tools for them to fulfill those rights that we mentioned at the beginning. Whether it's forget me. Delete my data. Exactly. Right? [0:29:20] GR: Correct. Yeah. You said it correct. And I think a big shift that happened in the last two years – GDPR is more than 5 years with us. But I think something happened in the last two years is that when GDPR emerged, many companies wanted to tick the box, right? To do the bare minimum or even a little bit more. But they wanted to tick the box. They were afraid of that. They wanted to take the box. Now I think that over the last two years, that burden replaced with understanding that honoring privacy regulations and making these accessible in an easy way to their customers would not only gain trust points and loyalty. That would even – if a customer want to delete the data and the company can process that immediately, that customer would come back to do business again with the company. They understood that it's a brand necessity to honor privacy regulations and to make it easy. I think that another differentiation that we took when we build our product is not just the no-code. It's also the fully automated approach. Meaning, we identified all the hard areas where a computer can really automate and do the work for you. And then keep the 20%, 30% that you have to have a human in the loop. We're not replacing lawyers. This is why our customers really like to think about us as another team member. We help them automate all the daily, repetitive, manual work and to get it very accurate. And then they can take that data and not only process privacy rights, but also to prepare all kind of different requirements. Like ROPA, which is record of processing activity. Article 30 under GDPR. To run DPIAs. To assess data transfer. To visualize data flows. There are still a lot of use cases within privacy regulations that no AI can really do. You have to have a human in the loop that understand the context and can inject what is really missing. [0:31:26] JMC: There's still a lot of work to be done. Like you just mentioned, most of this is being done manually in a very cumbersome way just to check the box. And there's probably a few extremely proficient companies, especially those that want to be compliant with GDPR. Because not everyone needs to, right? If they don't operate with European citizens, they don't. But if you want to be a global business, then you need to. But let's talk a bit about – there's a lot of work to be done there. And I can only see a bright future for a company like yours. Because in general, companies want to be good with their client and, again, stay relevant and so forth. But let's talk about a bit about the future. Because, again, I'm not an expert in privacy. But I do look at this and two companies caught my attention. One is I think the company is called Inrupt, the startup. It was founded by Tim Berners-Lee. The creator of the World Wide Web. And I think the protocol that it's based on is Solid. And there's another company that called the @ company. The @ sign company. Like @ in an email address, right? And I believe that both of them work – there's probably more companies, by the way. I just like what I understood was the underlying idea. And I think what I'm about to express now, describe as more – probably describes better the Solid than the @ sign approach. But in any case, I think they're pretty similar, which basically says that, in the future, citizens, user, internet users, will be able to have a pod. Meaning, a safe place in which to keep all the information. And then instead of going to the hotel, like you said before, instead of going to the car hire company, to the car rental company, to whatever service you want to contract, you want to transact with, instead of giving them your data in the way that you described, like accepting the terms of service, providing the data and having them store it, and keeping it and putting the burden on their side, you would be telling them, "Hey, this is my pod. I allow you access for this transaction." It's like an API in a way, right? That keeps all the information in one place and allows businesses to connect. And I presume that in that permission that you're giving to businesses, all the levels of access are granted. Allow this car rental company to access my driving license ID, my age and I presume something else, right? And not my address and something different. I think this is the way both companies work. And this is very futuristic. I wonder what your thoughts on that approach is. I mean, you're probably much more aware of those. What is their adoption? Is anyone using this? Is this realistic at all? Or no? [0:34:01] GR: When we started, we obviously looked at the competitive landscape to understand players are there? What other different technology solution are there that try to solve the problem? I think that the two companies that you mentioned, I'm not going to get into the technology architecture and the things there. Although, it's very interesting. One of them is a blockchain and one of them is even like a specific token that you can use. I think that let's talk about the main concept in general. I think that the problem, it's a security event problem, right? The problem of data breaches and the reason why they happen is that companies are keeping data in one central place, right? It can be a few. But the sensitive data, usually it's in one central place. For hackers to – when they hack a company, they typically search for these central places, right? Because this is what they're looking to find. And I think that what Inrupt, and Solid and all of these companies are trying to do, and blockchain in general, is to break that centralized way, right? Everyone keeps his own thing. Everyone can speak with each other. And if one gets hacked, only that person gets affected. In theory, that approach is brilliant, right? Because you keep your own data. You can control who has access to that. You keep it, right? And people need to get your permission. The problem with that is the adoption, as you asked earlier. In my perspective, I think that five, even 10 years from now, maybe this is the way to solve it, if you think about it theoretically. But the big problem is that you need two for tango, right? Even if individual us want to play a part in that amazing vision, you need the companies, right? Now – to implement that technology. Now, why would they do it? What incentive the companies have to implement their technology? It's a waste of time. It's a waste of money for them. They need some incentive in order to spend time and money on implementing these technologies. And think about it. It changes the entire tech infrastructure. And I think you mentioned at the beginning of the call that – you mentioned that companies are collecting data because they want to do money out of it. It's a business intelligence. And you're right. It's like asking them to – and data is king. Data is the new oil. You have all of these phrases. But you are basically asking companies to give away something that is very critical for them. Companies that are using data, let's call it, in a good way. [0:36:42] JMC: Yeah. Yeah. Exactly. Yeah. Yeah. Yeah. Which is, by the way, the majority, I think, of the companies. It's just a few rotten apples that actually – [0:36:49] GR: Correct. [0:36:50] JMC: I'm gradually changing my mind. Just for the record, I'm not a WhatsApp user, right? I have nothing against Meta or Facebook, right? Or Meta rather, right? It's just that I don't want to give away all my intentions, all the things that I like and so forth. Because I think Meta is that, is a company that says, "I will allow you to interact with anyone in Facebook, with anyone in Instagram, with anyone in WhatsApp." Which this one is the one that is for me critical. And I'll explain in a minute why. As long as you give me that information, which will allow me to offer you adverts that are incredibly targeted. Because I know that you like weightlifting and not CrossFit, for example. And I know you like painting with oil and not with watercolors, right? And that difference for you is key. I offer – I'm gradually changing my mind towards the companies that are really gathering data to make their sense of their business. To stay relevant. But I'm not sure. I think I've been damaged by several companies that did not behave in such a way, I guess. [0:37:52] GR: Let me tell I think about it. When I provide my data to different companies, and I do it all the time. I'm okay with that. I always think what I get in return. And the thing that I get in return is the service. It's what – I'm giving my data and I get something. There is a data transaction, right? We call it cost versus value, right? Let's take a few examples. Even let me connect even an AI example that everyone is freaked about AI. And so, do you have an iPhone? [0:38:19] JMC: I do. Yeah. [0:38:21] GR: How do you open your iPhone? [0:38:23] JMC: With my face. [0:38:23] GR: Face recognition, right? AI, right? Built-in here. They scan your face. They keep it. And I'm not getting into security practices and how they do it. But you allow them to scan your face. To learn it for all kind of different angles. And you're okay with it. You don't think that Apple would get breached and your different faces would get stolen. But why? Because that's really help you, you know? You place your phone like this. You open – it provides you with a value. And every time that the value is greater than the cost, meaning the data that you are giving in your perspective. And it's something that is very individual. Anytime that, in your point of view, the value is greater than the cost, you have no problem. I can give you another example. I'm using Spotify. I'm using Netflix. I'm giving them my entire watching and listening history. Because they provide me with great recommendations. Why not? Mileage account, for example, is with United or whatever, Delta, right? And you can keep your passport information and Visa inside. When you need to do check-in, it would be one click check-in instead of – why would you do that? You place your both sensitive information. Now United or Delta can get hacked like any other company, right? It doesn't mean, if they have a lot of money, that they have good security in place. I don't know. But even the history shows that all the big companies get breached. [0:39:46] JMC: Correct. [0:39:47] GR: But you are willing to give them the data. What I'm trying to say is that what we're doing with our consumer offering is to show you a picture of your digital footprint. So you can learn, I'm using this, I'm using that. This is what they keep about me. Blah-blah-blah. [0:40:02] JMC: And make your own decisions. [0:40:04] GR: Yeah. It's about managing your risks. We are not forcing you to delete your data and go to a dark shelter and to go back to the cave, right? Essentially, we put you in the driver's seat and you can make your own decision. It's about managing the risks. [0:40:20] JMC: I think you're very right. And I think I'll still stay away from WhatsApp. Although I use messaging services. Ones that I consider that are not reading would I – because I honestly don't think that WhatsApp is a profitable business, like any other. Just by – and this is not a question for you. I don't want to put you in an awkward spot. But I don't think that WhatsApp is a profitable business in the way that actually Meta handles businesses just by gathering revenue from WhatsApp business, the branch, right? Which I guess it's allowing businesses to have a WhatsApp channel to connect with their client. I do think that it does in a way read text just in the same way that Google does with Gmail, right? Not to understand specifically what I'm writing, but to understand intend, right? With natural language understanding algorithms. And I guess I put more value, to connect with your idea, to that than my face. I think that the risk of having my face a digital representation of a mathematical one is stored locally in my phone that can be breached and then my identity might be – my face would be used for other purposes, negative ones. But I do put more value, I guess, in my ideas, right? Which is what I share in WhatsApp. And I don't have any weird ideas. I'm just an average citizen. But anyway, I think that you're absolutely right. In general, regardless of WhatsApp, or my face, or iPhone, so forth, what I do like about GDPR is that sense of enabling the citizen to know, "Yeah, you've got your information here, there, there. You have the right to know that. And you know what? You have the right to literally remove it and so forth." Making it actionable like you guys do is brilliant. I mean, I think it's the vision of GDPR too. [0:42:04] GR: And by the way, what you mentioned about WhatsApp. This is a conscience decision that you're taking. Because you're more tech-savvy, let's say, and you're asking questions on how the data is being stored. Whether it's locally or cloud. But you're going back to my original thoughts, which is to manage your risks. In your point of view, WhatsApp is not secured enough. So, you can use Telegram or you can use Signal. It's fine. Today, privacy is so mainstream in terms of how people think about privacy. And on the other hand, there are so many options if you want to go more privacy-focused. But I would share something interesting. And I don't know if that would surprise you. We don't keep data. We built our entire consumer product in a privacy-by-design approach. And most of the processing that we're doing is done in memory. And we only keep metadata. Now we do keep metadata, which is anonymized and aggregated. We cannot trace back to a specific user and things like that. And one of the things that we learned is that we looked on 4. 5 million users and what types of services they want to delete. And I don't know if that would surprise you or not. But Facebook and Google are not in the top 50 even. And do you know why, by the way? [0:43:19] JMC: No. No. I don't know why. [0:43:21] GR: Do you use Gmail? What email provider are you using? [0:43:24] JMC: I use Proton mail. I do have a Gmail account. Because it's required for logins and stuff like that. But I'm a user of Proton mail. [0:43:32] GR: Got it. Yeah. You took it one step further. I get it. But many people use Gmail because it's a convenient service. [0:43:38] JMC: Oh, yeah. Of course. Yeah. And it's fantastic. Don't get me wrong. I think it's the best email service out there. [0:43:44] GR: And same with WhatsApp. Maybe WhatsApp is not the best service. But all of their friends are there. They can open Signal, right? But with who are they going to talk? It's about convenience. They get value. It's about cost versus value. [0:43:58] JMC: Yeah, of course. Yeah. Yeah. Yeah What is it, by the way? From that survey that you did, what are the main services? Maybe don't name the brands. But what are the main things that people want to get their data out of so? [0:44:10] GR: E-commerce is one of the more popular areas. Because many people are shopping in online websites, online e-commerce websites that it's a one-time-off. They saw a good price. They bought something. And that's it. And travel is also Al something that is very one-off again. A lot of the one-offs I would say. Media as well. If you moved from – I don't know. Netflix to Disney or whatever. Yeah, this in general. But looking at the watch, I think that I do want to end with the fact that, although privacy regulations are really amazing and change the internet, there is still a lot to be done. The privacy space is very immature, right? It's only five to six years. Depends how you choose. And I think that after working with so many legal teams, switching to the business side for a minute, but it's so hard to make sure that the company is meeting with different privacy regulations. And every month, there is a new privacy regulation somewhere. And how to deal with all the privacy regulations? And I think that what we are trying to do with MineOS is to simplify privacy. We're trying to come up with one rule that would catch most of the privacy regulations. And we're trying to simplify the work of different legal teams and to ease their day-to-day and help them do their job faster and more accurate. And by doing that, this is what we discussed earlier, it helps everyone in the industry. Because they can then provide privacy regulations, privacy rights in an easy way. They can keep their data safe. They can do all kind of different things. I'm excited about all the opportunities that privacy is about to give us in the coming years. Because it's only now starting, which is so exciting. [0:46:00] JMC: Yeah. I agree. MineOS is the business offering. What about the B2C? If you're an individual citizen that is concerned about how many services host their data and you want to get rid of it or just know, what's that business line called? [0:46:17] GR: The two businesses are called the B2B called MineOS. If someone wants to reach out to us, he can go or she can go to mineos.ai. And our consumer business called saymine.com. [0:46:28] JMC: Okay. Well, Gal, that was fantastic. It was a brilliant conversation. As you say, it's fascinating. It will only change in the future everything, like regulation. Hopefully, to standardize across the world. But right now, it's quite fragmented and quite complicated to take care of. Whether you're a business or so. Yeah. Actually, I'm going to explore the individual offering for myself to know what's going on there. And I really want to thank you for being with us today on the show. Thank you so much, Gal. [0:46:57] GR: Of course. I really enjoyed it. And at the end of the day, it's our data and it's our decision how much we want to be involved or not. And we can do it. It's very easy. Keep your data safe. And, yeah, there are also more regulations are coming. Cybersecurity regulations, AI regulations. Mine is trying to be in the front center of making sure that everyone around the world, both sides, companies and individuals, can always interact around these new regulations. Whether they are privacy, AI, cybersecurity, it doesn't matter. [0:47:29] JMC: Yeah. Okay. Well, thanks so much, Gal. Take care. [0:47:32] GR: Thank you very much. Bye-bye. [END]