Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Website Launch Qs

  • 24-05-2021 2:27pm
    #1
    Registered Users, Registered Users 2 Posts: 69 ✭✭


    Hi all

    I am hoping to get some use cases and advice from devs on here who may have knowledge on this particular area of launching a website. I plan to investigate the topics below thoroughly (before launch), but I was hoping to get some advice from people who have had first-hand experience first.

    I'm a software developer and I have been building a web app (React +Django(REST)) for the past few weeks - still a WIP concept. It will be a SaaS website. I have a placeholder domain name and will host it on Heroku. It will be a freemium service initially.

    My questions/concerns on this project are on the legalities/gotchas of launching such a website and they are:
    • Users: Visitors to the site can sign up for free (initially - plans for pricing after PoC) where they will give basic details such as email/name/etc. After signup they can continue to put in additional personal data as part of the web application. This information will be stored on PostgresDB on a separate host. What are the core areas of compliance to be aware of here RE storing this information(GDPR etc.) on such a freemium site? Would a tailored privacy policy and T&C confirmation on user signup be sufficient cover here? Is there legislation that details how to launch/operate a website that stores user information etc. from signup?
    • Website Company: Services like Heroku/AWS allows anyone to launch such a site in minutes, where users can sign up to use the website. My question on this is; is there a requirement for such a site to have a registered limited company as the backdrop to the site? I have already registered as a sole trader to provide software dev services (totally separate to this SaaS site). I have also registered a business name with CORE (different to my personal name). Is this sufficient or would the registration of a PLC to be advisable/beneficial here or does this matter greatly? 
    • Development/Partners: This is a general query I had in relation to development of a new SaaS website. What is the best practice to protect IP, when approaching potential business partners, investors, hires, advisors etc.? Is it advisable to get NDAs drafted/signed up every time you want to initially discuss your idea with others? 

    I would love to hear any advice and stories you guys could provide on any points above and indeed if there is anything else to be aware of - let me know! 
    Furthermore, if anyone has suggestions to the best source of information on this particular topic or link me to an individual/organisation that provides services in this area I would be very grateful.

    Thank you and be safe!


Comments

  • Registered Users, Registered Users 2 Posts: 6,289 ✭✭✭Talisman


    What data are you storing exactly? How are you protecting it? The answers to those questions determine your liability before you run the gauntlet of charging people money for the service.

    The idea of using a company to front the website is to limit your own liability, as a sole trader you personally would be on the hook in the event of anything going wrong.


  • Registered Users, Registered Users 2 Posts: 69 ✭✭Daawaa


    Hi Talisman
    What data are you storing exactly? How are you protecting it?

    To give a ballpark idea of the concept - It is a buy/sell type of web app. The user data being stored would be somewhat similar to the type of data that users upload to adverts.ie - user logins (email) and uploaded items for sale etc.

    At the moment Im using a JWT authentication system in user sign up - Im aiming to add AuthO eventually and trial this(free plan allows for 7000 users with unlimited logins)

    Using a custom user model in django, with associated user data connected via ForeignKey models. Stored in a Postgres DB.


  • Registered Users, Registered Users 2 Posts: 6,289 ✭✭✭Talisman


    For the purpose of GDPR you need to document how you thought about the consequences of the database potentially being stolen and how secure the data needed to be.

    If you are only capturing the email address then you have to decide whether or not that piece of information is essential to the users. If it is then you would need increase its security - don't leave it as plain text in the database.

    Essentially that's GDPR covered in your happy path use case.

    What liability do you have if a person perpetrates a crime using the service?


  • Registered Users, Registered Users 2 Posts: 2,781 ✭✭✭amen


    Talisman wrote: »
    What data are you storing exactly? How are you protecting it? The answers to those questions determine your liability before you run the gauntlet of charging people money for the service.

    The idea of using a company to front the website is to limit your own liability, as a sole trader you personally would be on the hook in the event of anything going wrong.


    Even as a director of Limited Company he may still be liable.


  • Registered Users, Registered Users 2 Posts: 69 ✭✭Daawaa


    Thanks for that additional info on GDPR and the suggestion for plain text emails in the DB! Something I didn't have previous but found a few alt solutions to manage this.
    Talisman wrote: »
    What liability do you have if a person perpetrates a crime using the service?

    I don't see this as an issue based on the type of web app it is - ( that ballpark idea of it being a buy/sell site was a rough example)


  • Advertisement
Advertisement