Hey! Justin here, and welcome to Just Go Grind, a newsletter sharing the lessons, tactics, and stories of world-class founders! Today’s deep dive is sponsored by Mine as part of my Partner Program, where I interview ambitious founders building amazing companies and write about their stories.
Gal Golan, Gal Ringel, and Kobi Nissan, Co-founders of Mine
The founders of Mine, a data privacy and data governance platform, are bridging the privacy regulation gap between consumers and companies by attacking the problem from two sides.
On the consumer front, they’ve already helped 5 million individuals be smarter with their data online.
For businesses, their MineOS platform creates a single source of data truth, and it’s already being used by thousands of companies like Reddit, Shark Ninja, Hello Fresh, and FIFA.
In October of 2023, on the heels of that progress, they raised a $30 million Series B co-led by Battery Ventures and PayPal Ventures with Nationwide Ventures, Saban Ventures, Gradient Ventures, MassMutual Ventures, and Headline Ventures also participating.
I sat down, virtually, with Mine’s three co-founders to discuss their journey, including the opportunity they initially jumped on, progressing from a B2C to a B2B product, what companies need to know about evolving regulations, and much more.
On May 25, 2018, after a couple of years of preparation, the General Data Protection Regulation (GDPR) started to be enforced in the EU.
A few months later, Gal Golan, Gal Ringel, and Kobi Nissan, seeing an opportunity, decided to start Mine, creating a brand new category in the privacy space - data ownership.
The three of them had known each other for years, working together in various capacities, and it was clear to them that with GDPR, companies and consumers were entering a new reality:
The hope was that GDPR would pave the way to other countries to legislate similar privacy regulation.
So our vision from day one, and not everyone knows that, was to take GDPR and make sure both end users and companies would use it.
But as with any new regulation, we knew it would take time for companies to digest it.
When GDPR emerged back in May 2018, it was a big thing. It was a totally new reality for them.
It changed everything, we quickly understood that, and we wanted to start from the consumer side.
After researching the data privacy space more in-depth, they knew they wanted to create a solution to allow consumers to discover and manage their data engagements with all companies, regardless of how they interacted with them.
Email was the key to doing so:
From a technical point of view, we selected the email approach because email is the most generic and abundant channel. You don't want to use APIs, you don't want to use phones or SMS or scanning apps because those are very specific to some companies.
Email was a great solution because it's generic, everything goes down to email. We started there and I think it was clear for us how to solve the consumer side of the problem because we ourselves were consumers, so we were part of that.
They were truly leading the way in this effort:
We were the first company worldwide to take the right to be forgotten within the GDPR and make it accessible in an experience that you and any other individual could use to reduce your online exposure, your online footprint, and just keep your data where you need it.
Kobi Nissan, co-founder and CPO, was a big part of making sure that was the case:
From a product standpoint, what we have done was to ask questions nonstop.
It's like, OK, so we now have these privacy regulations, we have rights as consumers, and I can reach out to any company and ask them to remove my data or send me a copy of my data or something like that.
But even though you have those rights, how do you even know where to start? How do you even know what to look for? How do you know which companies hold your data in the first place?
From those questions, Kobi and the team created a product that gave consumers visibility of their digital footprint.
As Kobi described, starting with a focus on consumers forced Mine to create a simple, fast product:
It has to be something that is fun, that is easy. And it has to be quick, instant. The technology that you build has to be very sophisticated, however, it should be wrapped in something that is super, super easy and it feels like magic. And I think we spent somewhat like a year building that.
The product resonated with consumers immediately.
On January 22, 2020, when they launched Mine on Product Hunt after three months of preparation, they became the #1 Product of the Day, eventually becoming the #1 Product of the Week and #2 Product of the Month.
In the 12 months that followed, Mine’s consumer product gained 200,000 users, 90% of them coming organically through content, thought leadership, SEO, and media relations, something Gal mentioned in 2021.
But the consumer product was just the start.
The B2B product was part of the plan from the beginning:
We always knew that some time later we could implement the company side because if individuals are exercising and interacting with privacy regulations, obviously companies need to honor those as well. They need to have something on their end that can deal with them.
To develop the B2B product, the team thought through the process much like they did for the consumer product:
Companies are now being asked by regulators to justify the reason that they are processing data and to demonstrate that they have control of all the data that they have in the organization.
So once again, they need to do a discovery, they need to understand where the data is, who has access to it, what data do they process.
In order to do that, you would have two approaches, one would be very manual. The other one would be let's boil the ocean and connect to every single bit of information in the organization.
It's just too much, too expensive, and for what? What's the value? What are we trying to achieve?
When we brought the technology that we have built, it was magic in a capsule if you will. When we brought that into the workspace, all of a sudden we saw that we have something to offer that is truly unique.
And what was the technology they built?
Building for B2B Customers
Starting on the consumer side of the equation gave Mine an advantage and the sequencing was important:
If you want to create a very strong and unique solution for the B2B side, we actually proved that you have to understand the consumer, because the regulation is about consumers at the end…
We didn't know to what extent the B2C would actually succeed. It went really crazy at the beginning, even today, far beyond what we thought and anticipated.
It was somewhat of a smooth migration. It's not really a migration, it's like those are practically working hand in hand.
You develop the consumer in order to truly understand the need, to truly understand the pain of users and the pain of customers.
When you then go to reach out and work together and cater to companies, you can do it so much better than any other competitor in the market. I think that's what put us in a very unique position.
Catering to those companies meant solving several different challenges, which presented the team at Mine with an opportunity to build a product uniquely suited to solve them:
On the B2B side, you will see so many requirements for compliance. Privacy folks need to create assessments that will demonstrate to the regulators that they know where the data is and what the data is being used for.
Then you have IT folks that will need to do some vendor risk assessments and all of a sudden you have another regulation with AI governance and you need to justify what AI models and assets you have and create some assessments on top of that and you have shadow IT and you need to support the data subject, request handling, and all sorts of requirements around the data governance layer.
We like to think about it from the second that the data enters the organization, when it's collecting consent of the user, how do we use the data, how do we share the data internally, what do we do with that all the way until it is being removed?
So, you have requirements of compliance and control that the company needs to have. The common ground on all of them is that you really need to understand and to know what the data map looks like.
You need to have visibility into all the systems, where the data is, the systems that are sanctioned and unsanctioned. You need to understand if you are collecting consent or not, you need to have a clear visibility into what you're dealing with.
Many of the other available solutions for companies are very manual and often involve having to ask other people within the organization for all of the information needed, information that is quickly outdated.
There is also a lack of practical best practices in a space that is evolving quickly.
This is all a massive struggle for companies.
It also can cost hundreds of thousands of dollars per year and take months to implement.
MineOS, which takes a no-code, automated approach, helps companies by providing a data map at a very granular level, providing a much more cost-efficient solution:
No one actually keeps track of all these systems they use, the systems they used to use, who has access, what types of data.
Building the map is a big mystery. How can you actually do that efficiently?
Customers struggle with practical methods and efficient methods to get the job done, especially those privacy teams. And that's where we come in.
We use technology to allow them to execute their wishes and we actually help them to not be dependent on other colleagues in the organization and get that job done efficiently so they can focus on doing their job and not just running around the organization manually trying to figure stuff out.
The no-code, automated solution MineOS provides has become especially appealing to companies today as shrinking headcounts and budget cuts in the last couple of years mean there are fewer people to manually handle compliance work.
In 2023, the team at Mine noticed something else with B2B customers.
Beyond simply “checking the box” for compliance, companies started to understand how being compliant elevates their trust and loyalty with customers, something they can use as a revenue generator.
How does Mine generate revenue?
What is their business model?
Are they a B2B company? B2C? Both?
A company that raises $40+ million has to, you know, make money, like, lots of money.
Of course, I asked the team about this:
In terms of business models we started B2C, so obviously the immediate suspect was subscription, whether it's monthly, annual or whatever, but that was the immediate suspect.
I think we were lucky that when we launched our consumer offering, we had explosive growth…
Then we were lucky again to not be concerned about business models until we had actually built the second part of the business, which is MineOS. Then we had to face a decision to choose one business model.
So, this is where we had to inject that focus and we chose to have our main business model as MineOS, as you know, helping companies.
I think that our consumer offering is like our service to the community and for those 5 million users, over 500,000 of whom we helped save from a data breach, that’s what really gets us excited every morning, realizing that we are helping people.
The team at Mine continues to support both the B2C and B2C sides of the business, but, as Gal mentioned, their business model relies on MineOS.
And what are companies thinking about now more than ever?
When we talk about AI, it’s not exactly new.
AI has been around, in one form or another, for many years, something Gal Ringel says many companies don’t understand regarding their employees’ use of AI.
Yes, ChatGPT is the obvious example recently, and it’s the first time that generative AI was productized to the mass market, but writing tools like Grammarly have used AI for years.
As Gal mentioned, this is one of the main concerns of companies - sensitive information being fed to third-party vendors leveraging AI.
Then what about the algorithms that the company is developing? There are all kinds of different questions about how we get the data for training.
How can we prevent algorithm bias if we use AI in business related, very important decisions?
If I'm a fintech company that has an AI algorithm that approves loans, how can I make sure that I'm not doing any type of bias, right?
How can I make sure that the algorithm is giving a true and honest answer, and, in some cases, it can affect real business or life decisions.
So, I think with GenAI, that made it productized for the first time, it elevated the risks…
This is, from a business perspective, what we are going to help companies address.
Diving deeper into what Mine is planning to do to help companies address these AI issues, Gal Golan shared more about their approach:
To do AI assessments, you need to discover all the AI-related operations you have in the company and that boils down into three different parts: You're either using AI, deploying AI, or you're developing AI.
Each of those three types of operations leave some different types of hints or footprint in your organization.
If you're using AI, we will discover vendors that are using AI.
If you are deploying AI, we will discover platform services or cloud services that host AI models that customers sometimes build.
And if you're developing AI, we will see data scientists, researchers, Python packages that are used to build ML and stuff like that.
We are basically coming up with a new offering that will use our existing discovery engines, just we're going to upgrade them to support that so they can find all those types of assets and link them to the different AI use cases.
So, you can complete your AI impact assessments and stuff like that again without chasing down different people in the company, asking them, interviewing them, without all of that.
In a click of a button, we will surface all the right stuff for you, organize them into different use cases, and take it from there.
To decide to build a product like this, Gal Golan says it all starts with interest from the market or existing customers. With their customers asking about AI governance, it was a no-brainer they needed to build something to help them.
To do so, the team at Mine had to figure out what the actual problem was, mapping different uses of AI in a company to various business risks.
From there, after doing their own research, finding best practices, learning the terminology, and discovering the processes their customers were already using, they could find blind spots and figure out ways to apply technology to efficiently address them.
Lastly, they developed a product that used that technology to surface the right information to their customers at the right time in a way that was easy for the user to interact with.
All of this is in line with what the team’s big vision is for the company.
The Future of Privacy & Security
For the team at Mine, the future of privacy and security is all about data.
As Gal Ringel mentioned to me, privacy is a use case on top of data that now companies need to do something with.
Companies need to understand what they are accountable for and what responsibilities they have for the data they ask of different people.
To help them, education and automation are essential:
I think it's all about education within the company. There is a term called shift left, which is highly familiar in the security space, where you are shifting the education or the responsibility to the engineers that need to, while they are writing code or doing things, think about these practices.
So, I think it's all about education. If the entire company would understand the consequences of the processes of collecting data and how to keep it, it would help the company solve it in a very easy way…
It's clear the privacy space is going through an evolution where many companies are doing the work manually, which is fine, but it's very hard when the company scales to do the data mapping process manually and many companies are still doing that.
Imagine a spreadsheet where someone owns it and once a year that person runs after different people within the organization and interviews them, “Hey, dear VP of R & D or dear VP whatever, what systems do you have, what data do you have inside?”
It's total chaos.
I think there is a point in time, in any industry, that automation starts to kick in because the manual effort is too time-consuming and too repetitive and it doesn't make any sense…
What we're going to see is companies that are adopting many more automation tools.
Where does Mine fit within the future of privacy and security?
Simple, they want to be the privacy and data governance platform that serves as a company’s single source of data truth:
Creating that one source of data truth means that our job is to create one place, wherein all the different teams within the company, whether it's privacy teams, security, legal, data teams, or engineering, can use that signal and each team has their own responsibilities or tasks that they need to solve in order to be compliant to different privacy regulations or even solve other business use cases.
So today, MineOS is all about creating that single source of data truth which powers different data governance activities within the organization.
Thanks for reading this sponsored deep dive on Mine.
Interested in having a deep dive written on your company and founder? Check out my Partner Program to learn how you can get your company in front of 24,000+ Just Go Grind subscribers.
Recent Founder Deep Dives