title: How Not to Ruin Your Startup Valuation
author: Founders Podcast
contenttype: podcast
publication: Founders Podcast
published: 2026-02-10T09:00:00+00:00
sourceurl: https://anchor.fm/s/10542bd40/podcast/play/113931082/https%3A%2F%2Fd3ctxlq1ktw2nl.cloudfront.net%2Fstaging%2F2026-0-13%2F416035935-44100-2-82c411637156a.mp3
word_count: 6480
Hello Shane, how are you doing today? I'm doing great, thanks. How are you? I'm good. Thank you. Welcome to the Founders Podcast. Before we start, Shane, do you have a favorite quote, Something that motivates you, inspires you, you would like to share with our audience? It's a General Eisenhower quote or President Eisenhower quote. It says plans are worthless. Planning is everything. The idea that the process of planning and working through all the potential scenarios and outcomes is really where the value is because you have to always be prepared to pivot. Indeed, indeed. And then again, as as now we can't say is that like, you know, there there are 8 billion people on the earth and they're almost everyone is thinking about business and they have the ideas, but it's what matters when you get those ideas out of your head and then start implementing, planning it and put it on the paper right. So that makes sense. I. Mean you lose control of it a little bit once it's out of your head. Indeed, indeed, you, you get to know the reality, right? Yeah, exactly. Great stuff. So so Shane, imagine we are in a room of full of ambitious founders, early stage builders and they're all waiting for you in in a in a room you know no one knows you, no one have heard your name before. And you walk in into the room. The spotlight is on you, the mic is on with you. What would you tell them about your story? That they will listen to it and they will stick with us for the rest of the episode. What they will learn, what they will understand with this story. And you know, most of our listeners are founders or people who want to become founders, right? So how do you how do you communicate that peace? I think probably the best, the best thing I would be able to share in that situation would be an anecdote that led to me becoming a founder myself. I had not set out to be a founder or set out to be an entrepreneur at any point in my background. But I saw a problem that definitely needed a solution. It happened when my Co founder, like my spouse actually was on the acquisition side of an M and A deal. And I learned about this after the fact. It was a an AI SAS company, probably Max. It was a couple of founders with Max 20 employees total, but they were getting acquired, which is I think for most founders huge. It's a goal, a potential goal. And they started going through the diligence process for this acquisition and it was uncovered that six years prior when they started the company, they hadn't adhered to data privacy guidance and regulations. And as a result, they were subject to an A penalty called algorithmic disgorgement, which is a mouthful. But in the US, it is becoming increasingly common because it's easy to for a company to do the calculation and say, I'm not going to comply because this product's going to make me $10 billion and the fine will be a billion dollars. There's that's easy math. You just take the fine. So what regulators have started to do is make you delete everything that was built on the data that was handled on compliantly. That's algorithmic discouragement. And so it essentially wipes out an entire product. You can't reverse engineer that. And so the valuation of the company went from like low 8 figures, not the biggest deal in the history of business, but substantial if you're a founder, down to mid 6 figures, basically the value of their debt. And it was a 96% drop. Like it's, I mean, it was devastating and they had to become basically acquisition hires. And it's not the kind of thing that you can then cover back up because it's like if you are selling a house and you discover there's mold in the basement, you can't just not disclose that to the next buyer because that would be fraud on top of everything. So just seeing that when it was 100% preventable, if these weren't bad people, they just didn't know what they didn't know. It showed it was really educational or enlightening for me in that just because I understood something about trust and compliance and data privacy didn't mean anyone else does. And there wasn't a good solution for the small company starting out. So seeing that problem, identifying it and understanding that knowledge gap and realizing that people needed that from me, I think was huge. But we really just wanted to make sure that other founders don't fall into the same issue where there is that knowledge gap, that fall into the same problem where there is that knowledge gap. And they don't, they don't find themselves in a situation that's irreversible because they didn't know what they didn't know. So, So what you're what you're saying is one day I woke up and I received an e-mail from my from from my accountant or, or the person who is doing the deal for me for the acquisition that Ash, the company who was trying to acquire you for 10 million are saying that they cannot give you more than 1,000,000. And everything started burning. I went to office and I started digging and I realized because the startup I build with my blood and sweat for last two years, I was not aware of the data privacy laws on which my startup was built. And that is why when the acquisition was going forward, they dig deep in and they understood that I did not follow those laws. That's why all the data I acquired in the last 2-3 years with all of my SWAT equity is worthless because the government is now penalizing me to wipe all the data out and then do the deal. And the acquisition party understands it very well and that's why they have reduced the valuation from 10 million to 1,000,000 straight away. Yes, not just erasing the data, but everything that you've got from the data, everything you built on the data. So you know, I think we all know AI basically is data. It's built on data, that's it's foundation. So if you're leveraging AI, it's all data. And then all of marketing, all of you know, everything in a company's CRM, that's data. The number of times I talk to somebody and and they're like, oh, well, we don't collect personal data. I'm like, do you have a mailing list? That is data, right? Yeah. Cool. So that essentially means that if you have started a startup and you haven't been following the data protection laws or data privacy laws, you might be sitting on a ticking time bomb. Essentially, yes, there are things that can be done where you build up a defensible narrative, but you have to. I mean it. It has already created what we call compliance debt. It's like tech debt where you have to reverse engineer and fill the gaps and everything after the fact. But there is an opportunity. And what we found in our experience is that building a defensible narrative, building out what you're trying to do right, goes a long way. Though I will say we kind of think of for compliance, for trust, we think of there being 3 regulators. Most people go to three, sorry, 3 audiences. Most people think of the regulators. Clearly that was top of mind for me too. But we sort of think of them as a distant third. They are not omniscient, they're not omnipresent, and mostly they are focused on bigger names for founders. With startups, the biggest audiences are for B to B companies. I would say it's potential customers or clients. If you want to sell to enterprises, if you want to sell to a sophisticated consumer like another business, a lot of them are going to actually require certifications or information security assessments or RFPs before they'll purchase from you because they want their environment to be safe or at least defensible. And then otherwise, for startups, investors are a huge audience because they don't want to invest their money in something that's going to tank. Evaluation and things like compliance are part of that essential valuation security. So let's let's take further this particular imaginary scenario, right? It's perfect. Anyone could fell into this particular scenario if they are building not just an AI but any kind of software or data related startup, right? Do I still have hope at this point? At this day when I received the call, I rushed to the office and I saw that my valuation has dropped 10X. Do I still have hope? Can I treat it as compliance that can I reach out to Shane and ask for help or is this is it for me? I think there's always the hope that there's always hope. There's always a way of building it back up. I think in the scenario you described, it's a pretty big hole to dig out of because you're already at the point of trying to sell, so you would have to rebuild quite a bit. So that's why a lot of our clients we start working with actually while they're building a product even or while they're still in development or pre revenue, because building it in people like to say by design is the easiest. But that being said, like I said, it's I use the phrase defensible narrative. I think that is really illustrative of what investors in particular are going to want to see. They're going to want to see that you course corrected or on the right track and are focused on what needs to be done in reality as opposed to just burying your head in the sand and ostriching about the issue. So yeah, I think, I don't think anything is permanent or what have you. I rarely say 100% about anything. So it's there's always a way to manage the situation if you can get enough ahead of it. Interesting. So, so tell me one thing is OK, I still have hope, we could still do something about it. But what if somebody is working on a data startup right now? What kind of is there a checklist? Is there something which they should refer to? What kind of data protection privacy complies they should be following in terms of making sure that they don't fall into this kind of, you know, scenario? So I think if anyone listening is pays attention to the landscape of AI regulation and data privacy, especially AI is in the news so much right now with all the changes, you'll know the landscape and the regulations and how things are being determined. It changes weekly, if not day-to-day. There are things coming out. So what we actually recommend is aligning to certifications and frameworks because they are much more static. And the big secret is that no company is ever going to be or is 100% compliant with anything. It's just not possible if you're going to run an effective business because you have to make business decisions and make those risk calculations. And so those certifications and frameworks, if you do the analysis and align it to your specific business needs, that's going to get you 8590, maybe even 95% of the way there. And that gives you that defensible narrative where if somebody starts to drill down, you actually have something objective to refer to where you're saying that we're, we're aligning to ISO 27 OO one for our information security. And if you're building AI, you add in 42,000 and one. And then you can say that you're there, your timeline is X number of months until you're aligned, but you're not posting any certification at this point because XYZ. There's a story you can tell that aligns to things people understand. These certifications are a heuristic or a shorthand for. I'm trying to do the right thing. So basically we are what we are saying. Even the giants like Meta, Google, they're not even 100% compliance because. No, it's not possible if you want to run a profitable business. I mean, you would be completely paralyzed trying to make any business decisions if you were trying to follow every regulation across even the United States, much less the world. They make calculated risk decisions. Indeed, indeed. It's about. Yeah, yeah. I mean, I totally get that. It's it's difficult it's even in health in Health Science most of the vaccine medicines we are consuming for you know, cure their effectiveness is their effectiveness range goes from 65 to 8085%. There really any vaccine or any medicine manufacture tested which actually have 100% effect on 100% of human rights, right? So even the nature dictates with a similar kind of data. There are no absolutes and definitely tacticals. Right. Yeah, Yeah, Great stuff. So what what what advice would you give to founders who who rely heavily on algorithmic visibility but worry that data privacy, audit or integration during acquisition could temporarily harm their their reach? The reason I'm asking is this is because this is the first time I'm hearing this. You know, algorithm algorithmic panel T, which you have mentioned. I can't even pronounce it properly. Mouthful. Yeah. And I mean we, we in UK, we follow very closely the AIEU act. They're really good. They're so good that they are pioneers in at least in Europe when it comes to formalize the accountability, the transparency, the explainability part of AI systems. They're doing really good. We are trying to follow up with them and kind of learn from them as well as implemented in in house. Also, I'm sure you are also doing something similar, right? But but still, it's new. It's still in the baby phase, right? It hasn't been there for a long time. It's, it sounds like when the Internet arrived in this world and then the first search engine in 1998, Google was there. People started popping up their businesses and for first, I don't know, 5-7 years there were not, there was not even a confirmation box under the e-mail list capturing lead form, right? Like you put your e-mail and that's it. Now you have to do all these kind of GDPR compliance, you know, double opt in all this kind of thing because we have been mature in that particular vertical of of the data harvesting part being at the baby phase maybe stage right now in this in this world in particularly in the data space. Is there, is there step by step sort of like a framework or blueprint you have created for your customers or, or or potential clients, which they can look into and say, OK, my particular use case fits into this area and I think I should start thinking about this SoC 2 ICO compliance in U KG DPREU. Is there something available like that or is it still have to go back to ChatGPT and ask the same questions? Well, there are frameworks already for EU, for EU, for AI governance. They're in place already, the ISO IEC that puts out data privacy and information security frameworks and certifications. They released the 42,000 and one certification framework and NIST for cybersecurity has an AI framework to align to. I think we are in the baby phase of regulating AI. But you know, it was, I think it was about 10 years ago almost exactly that GDPR was passed as a regulation as opposed to guidelines, something, you know, optional. And this time around with the AI Act, it's very interesting because I think people learned by not taking GDPR seriously beforehand. And so this time around, we saw so many people who are in the space preparing for the AI Act implementation rollout as opposed to what happened with GDPR where so many companies got caught unawares of how massive the impact was going to be on business operations. So I think we're maturing not just in what we're. Applying guidance and governance and ethical standards to, but also in how we're preparing and what we're, what our expectations are also and how a business is going to conduct itself like when governance is required or recommended or whatever it is or even be hanging out there as an ethical question. I think businesses are more sensitive to taking it seriously because they saw how how much they had to scramble when GDPR was rolled out. Yeah. And and I see that. So we, we, we create a lot of iOS applications and we distribute it on App Store. And I see that because we are in the EU, we've been scrutinized pretty hard compared to the organizations outside EU when it comes to the data privacy laws here by Apple itself, you know, and, and, and Apple is worldwide, right? And you can't even publish an application on App Store if you don't adhere to EUGDPR laws. And don't you know, provide clear links to the GDPR guidelines for the for your application? One thing I was wondering is what's the range of this penalty? For example, you said that if the penalty is lower enough to just pay and get out of that problem. What's the range of it? How does it? It's like, I mean for it's a EUAI act, it's depending on how egregious the the violation is. So any it's either the high greater or lesser of 7% of your annual in revenue, not, not net, not profit your revenue worldwide or I think off the top of my head, I believe it's 30 million, €35 million. So and then if it goes above that. Then it's if it's a minor infraction, it's the lower of the two. It's really egregious. It's the greater of the two. OK. So you're saying that let's say if I'm making a million revenue in a year, I could have end up paying penalty 7% which is almost around £70,000 for for that year for is that penalty last until you don't get compliance or is it just one time? So it's just rolling out. We don't know exactly how enforcement's going to look, but it's if it's mirroring GDPR, it's a one time penalty. It's I think if you continue to, you know, ignore it. There would be multiple infractions though I think would be more of how it would play out. Got it. And if if I'm making 1000 million revenue in a year than my penalty would be €35 million or? Well, if you're making, I mean 1000 million, so a billion, it would actually be 70 million potentially. Right. OK, so and it's. A really bad yeah. Yeah. So 35,000,000 is not the top threshold. It's not. It's basically just there to showcase. If you come under that threshold, then this might be something you have to. It's yeah, it's waiting and GD with GD parts 3%. So it, they're raising the stakes. But honestly it's, it comes down to what the regulators are able to see and enforce. Like I said, they tend to be the third most important audience. We try not to lean into scare tactics because it is it's a process and we've actually never run into a situation where it ended in a penalty. It's always just been like a get well plan. It's hey, like what do we need to do to get in line? And then they'll give us some recommendations and we implement. Indeed, yeah. Because, you know, we all want the same thing, right? We want to be compliance. We want to be, you know, serving our customers in a way that it works for all, for all of us. And, and the government agencies are also trying to do that to make more more, more and more organization, more aware of these compliances so that it's more productive. The and the government agencies, the regulators, they come in more with B to C companies. I think that's where it's more of a consideration, especially if you're operating in a space that touches on, you know sensitive data, sensitive information like health data, financial data, kids data, that sort of thing. It's our biometrics. It's it's more about protecting individual consumers who are not the sophisticated consumers that AB to B company would have. Indeed, indeed. And have you have you heard about this recent glitch happened in in Twitter X? So you know the grok AI on Twitter. So if you go to Gemini and you upload a famous celebrities picture and then you ask Gemini, can you like do this and that Gemini would say no, I would not do it because I recognize this face or the the response is basically saying no, I would not be able to do that In Croc. It was doing it. It was doing anything and everything, whatever people were asking. And then people started complaining about it to must and I don't know what happened. They stopped it or not. Is that something which could cause problem to to an AI startup founder or organization if they're using a third party underlying technology IP? 100% unfortunately every company is exposed by their vendor stack in the US. We had a few years ago the Target data breach. Everyone knows it because everyone shops at Target. But what most people don't remember is it was actually 1 of Targets vendors that had the breach. It wasn't Target. It was a vendor that had actually, ironically just completed their sock 2, Type 1 audit for the year, which is an audit that shows a snapshot in time versus the Type 2 audit where they watch you over a period of 90 days typically. But they had Sock 2 certification. They weren't keeping up with the actual operations to maintain practices that they said they were doing when they did the audit. And then and as Target's vendor, Target ended up in the news all over the place for having a data breach. It's the same like I you're just because your vendors have certifications, it doesn't bubble wrap you, but also every vendor you have is a potential vulnerability that you need to consider and be careful about. You need to look at for risk. Do the analysis, make sure that they're keeping up with their certifications, all of it. It's, it's, it kind of feel like an overwhelming task, but it goes into that defensible narrative that I keep referring to it because you want to make sure that you're, if you're going to be sharing your data for processing with a, with a, with a third party, they're going to treat it as if in the same way you would want them to treat it. I had ACRM startup contact me to beta ACRM with AI that sounded like the solution to so many of my operational headaches. And I said, well, I just need to know you're not going to train your model on my data. And they wouldn't guarantee that. So I had to say no, you have to ask those questions and take responsibility because ignorance is not ignorance, is not a defence. Yeah, that makes sense. That makes sense. And that is why it is very important that I mean, at least in the Google I have started seeing that they have been forcing, not forcing. They've been advising that a governance layer for every single AI rag or architecture you create is kind of necessary now to make sure that the input and output is treated in in in the fair manner. I think Microsoft results are doing it in Azure with their with their Foundry platform. Would you be able to give our listeners some numbers around how much these compliance actually cost? I was looking at some numbers around SoC 2. I don't know if you discourage this. Does that cost like $100,000 or something to get? For a large enterprise, yeah, absolutely it can. OK, but not. First, talk about start-ups. Let's talk about start-ups then. For a start up, often times the certification platforms that actually conduct the audit will base pricing on the number of employees, usually full time employees. And so if you're a new startup just getting your first year of certification, you have 10 or fewer employees. Stock 2 is usually around for the certification portion, not for the other things that go into it. Around 10,000, so a fraction of the 100,000 you just quoted. Other frameworks I think ISO 27 OO one is similar, more specific or narrower. Narrower ones like HIPAA in the US for health data cost a lot less. I think between 3 and 5000 for the certification with ISO the first one you get is. Also, it's a three-year timeline instead of A1 year renewal on the front end because it is a pretty heavy lift to get it initially. So software is also one year or how long is? That 2 is every year it has to be renewed. Every year and HIPAA is also every year. HIPAA is a voluntary one. It's not mandated, but it is typically on an annual cadence. OK. And you mentioned something about like when you were talking about like soft two, there was other bits, what's what's those other bits other than the certification? So. So a lot of companies pursuing A certification will want a governance risk and compliance platform of some sort that automates some of the data collection and the monitoring. And typically there's some sort of bundle with these platforms and the audit portion, there's a way of, you know, streamlining that a little bit. And then the other cost you have to consider are just the hours involved. It's the opportunity cost, the the employee time. I think estimate estimating for like ISO, which is more the international standard instead of SoC two, it can be anywhere from 120 to over 600 hours to prepare for the audit. If you're, you know, just doing it as part of your day job. When it's someone like us facilitating, it's a lot less because we do it, we were familiar. It's a lot more efficient and Atos takes it off the plate of the actual startup founders. But for most companies that are embarking on this on their own that it is a lot of hours. One of our clients came to us after having Vanta subscription for a year and Vanta is starts at 5 figures a year for just the service without the audit. And after a year they were 3% of the way complete on their way to stock too because they just didn't have the bandwidth to tackle it. So that's another consideration. You have to do it at the right time. And in some situations, like this particular client, their customer was requiring it, so they had to get the certification. But it is part of the calculus. You want to do it at the time that makes sense for your business where you're able to dedicate the time or the resources either hiring to tackle it or you know, diverting engineer time or what have you to the process. Got it, got it. OK, so let's take a very simple example. In our case, Shane is starting a new startup. It's an AI startup. It's a simple, very simple app where people go register their cell. They provide their name, their date of birth and their e-mail. That is the data we are collecting from them. What does this app do? Is this app let's them create some stories for their kids? I don't know bedtime stories for their kids, but what this app do is takes that input from the user, like kids name their age, sends it to the AI, create the story for that particular person, the child. Let's say the child's name is Isabel, right? Four years, five years old, recently learned how to talk and it creates a voice story with AI text to voice conversion. And then that bedtime story is something which the user can play to their kids. What precautions would Shane will take before he went thinking to work on this idea? I would first consider whether we needed a birth date as part of the collective information. It doesn't seem relevant as long as you can attest that you're, you know, above 1816, whatever the age is for the geography. I'd want to look at making sure that none of the user inputted data was going to go back to train the broader model that is going to be segmented to prevent any inputs that they put in that they're entering in order to customize it could be coming out in someone else's story. You don't want, you know, someone who's not Isabel's parent getting a story about Isabel. You want to make sure that there are there is that governance overlay what you were alluding to, to ensure that nothing inappropriate is being put in there to generate stories. So you want you want to be part part of the rag would have to contain like watchwords, things that you would be looking for that would be inappropriate. You know, I tried to after Halloween, I tried to put a picture of my kid dressed as a vampire in a graveyard and Gemini wouldn't let me do it. You need that kind of guardrail and then you want to make sure that it isn't well may back up. You want to think hard about whether the child is designed to interact with the story, if it's just an output that's being told to them or if they're going to get to ask questions. Because then you got into all of the, the issues around advertising or having child users and controlling what they're putting in and controlling their data because that's a whole other kettle of fish. You want to be really careful about targeting children with your product or your platform or whatever it is. And there, there are a lot of regulations pending and ideas out there about what age cut off is appropriate for kids to have access to the 2 LLMS. So top of mind, that's my initial first blush. I think that would be, that would be my first round of questions. And then I'd want to dig into how it's how the model is actually being structured, Where are the gates, how are they designing it, that sort of thing. So the whole architecture, what kind of cloud services they're using, what kind of guardrails, guardrails are there, what kind of governance is in place in terms of data injection and if there is a model they're training or not. If they're not training it just using a wrapper, then it comes with more complications I guess because you have to protect the data before it goes to the. The vendor, yeah, if it. If it's just a wrapper, then you need to have watertight agreements in place with whichever LLM you're leveraging to make sure that they're not going to train on the data. Indeed, indeed, great stuff. I think we have got quite a lot of understanding of how the data protection could influence the privacy laws, could influence you, your company being in the startup space. Before we move towards our Lightning round, Shane, I would like to know if somebody has this problem right now, what's the best way to deal with it and how can they connect with you? I think that if they have a resource internally who is familiar, like if they already have AGC, that's the first step because they may have some knowledge or expertise on the subject. That being said, I most startups tend not to get anyone specialized as AGC or a compliance officer until later later series. We are always available. We're at a toast-data.com, it's a ETOS dash data.com and I'm just Shane at a toast-data.com. I always available for an e-mail if anyone wanted to reach out directly with a question just to talk through a situation, review their circumstances and see if they if they needed any support. And you know, if we can't help them, we can't help them. But and we're and we're always going to be genuine and honest about that because we really did get into this sector to. Be available to founders and bridge that gap for them. Very tough. Thanks. Thanks for that, Shane. So let's move on to our Lightning round. I've got 6 quick five questions for you. If at any stage you don't want to answer a question, just give me a skip and I can move on to the next one. How's that sound? Sounds good, Bridgeton. What are the top 3 red flags? You have to always look into your data pipelines to figure out if you are breaking any compliance laws in your demography. So we don't align to laws because we can't practice law. They're very strict about that in the US, But data red flags would be if you don't know where your data is, if your departments or your different functions are not talking to each other about how they're using data, if your marketing team is not talking to your sales team, etcetera. And I would say the other one is if you simply don't have a policy for managing and retaining and what not. So the location it's the the where, The Who and the and the what or the how I guess would be a lot of fun. Who and what good? That's a good one. Where? Who and what I I should remember that? What book would you recommend to our audience and why? I honestly I stick to fiction primarily. I recently wrote an article about how I keep going back to The Phantom Tollbooth. It's an old kids book, but the messages about rhyme and reason and bringing balance between logic and creative thinking are always a good reminder for me. So what 1 attribute or characteristic in your mind of a successful founder? I think growth mindset, the ability to pivot, the ability to accept constructive criticism, to hear where you might not know everything is critical because otherwise you're going to get into an echo chamber. Yeah, yeah, totally agree. What's your favorite personal productivity tool or habit? I think that my favorite is just my my regular day planner. I actually have a paper one that I copy everything into in the morning and that helps me. Just the action of writing things down helps me organize my and prioritize my tasks for the day. Indeed, we love. We love planners, right? Some people just do digital. I love my book Once, so there you go. I have digital too, but the the act of writing and copying it over. It just soothes the soul in the morning in the lens, Yeah. What's a new or a crazy business idea you would love to pursue if you had time? I have been lamenting the loss of actual PDAs like the old, like the Palm Pilots, because I don't want to get my kids a phone when they're too young, but I want them to learn how to execute on executive functioning and organize their task list and their calendar. But you know, I do my planner on a day-to-day basis. It's, you know, because I already know what's set in stone. It's not efficient to do that for, you know, months in advance. So I I would love a digital way to for kids to learn the skills they need to stay organized and on top of their workload and their mental load without it being another Internet device really. Interesting. Yeah, I've I've seen some of the some of the startups around simplistic or minimalistic phones where the phone has the keyboards and just four function functions in it, so. Including snake, right? Yes. That's. What I was about to say, I think the description I saw that I'm looking the what I'm looking for is like a smart dumb phone or a dumb smartphone, something like that. Something like that, Yeah, Yeah. And last but not least, what's an interesting or fun fact about you that most people don't know? Gosh, I don't know how interesting it is, but I actually started my career as an art history major and was dead set on going into working in a museum until I panicked and returned to what I knew growing up, which was law school and nonprofit work. So I, I had a little, a little flight of fancy that I was going to be a curator at one point and took all sorts of classes and it, it's still a passion, but it's not what I do on a day-to-day basis. There you go. Now everybody knows about it. So if somebody hears then OK, I want to do the same. Let's contact Shane. Great stuff. Hey Shane, thank you so much for joining me and sharing your story and packing all these secrets in the data world and you know some of the ups and downs people can face in their start journey. If people want to check out your website or if people want to get in touch with you directly, You have already mentioned the website and your e-mail address, but is there any other way they can get in touch with you? Also on LinkedIn, feel free to reach out there, you can just look me up by my name. I'm fairly active on there, so it's easy to get me or there's also tools on our website that are available for any founder to see, you know how much compliance would cost as an investment potentially for them depending on the risk appetite market, etcetera. So that's also just out there and available if anyone wants to take advantage. Sure, sure. Jane, thank you so much for joining us today and sharing your inspiring journey and the impact for work you are doing. It's been an absolute pleasure having you on on this podcast. Thank you so much, Ash.