FOUNDERS & FRIENDS PODCAST

With Scott Orn

A Startup Podcast by Kruze Consulting

Subscribe on:

Scott Orn

Scott Orn, CFA

Jonathan Grant explains how Osano helps companies manage their privacy programs

Posted on: 10/25/2022

Jonathan Grant

Jonathan Grant

VP of Finance & Operations - Osano


Jonathan Grant of Osano - Podcast Summary

Jonathan Grant, VP of Finance & Operations, explains how Osano helps companies manage their website privacy programs and maintains compliance with the data privacy laws of 40 different countries.

Jonathan Grant of Osano - Podcast Transcript

Scott: Welcome to Founders and Friends Podcast. Before we get to our guests, special shout out to Kruze Consulting. We do all your startup accounting, startup taxes, and tons of consulting work, kind of whatever comes up like financial models, budget actuals, maybe some state registration, sales tax, VC, due diligence support, whatever comes up for your company, we’re there for you. 750 clients strong now, $10 billion in capital raised by our clients, I can’t believe it. 2 billion this year. It’s been a crazy awesome year. So, check us out at kruzeconsulting.com and now onto our guest.
Singer: (singing) So, when your troubles are mounting in tax or accounting, you go to Kruze and Founders and Friends. It’s Kruze Consulting’s Founders and Friends with your host, Scotty Orn.
Scott: Welcome to Founders and Friends Podcast with Scott Warner Kruze Consulting. And today my very special guest is Jonathan Grant of Osano. Welcome, Jonathan.
Jonathan: Thanks, Scott.
Scott: So this is amazing, let’s first retrace your career. Tell everyone how you had the idea to join Osano and how you’re helping to build this company. And then we’ll talk about how we ended up on this podcast together.
Jonathan: Awesome. So, my long winding journey to Osano, I was working at PWC out of college in New York, dropped everything to move to San Francisco when a good buddy from high school opened up a wine bar and said, Hey, maybe I could use some help. Got my job transferred, thinking it would kind of feed the need. I had to do something more entrepreneurial. It ended up fueling it a lot more. So, I got to San Francisco, working at PWC, did not last long. Had heard about startups and tech and didn’t know anything about that. Found a company that had raised some money and the founder had worked at PayPal in the heyday. I was like, “Yeah, let me try this out. We’ll see. It’ll be an interesting learning experience.” So, I was hired as a financial analyst at Yammer and got to work really closely with David Sachs and-
Scott: Wow, that’s awesome.
Jonathan: My joke is back in the days of SaaS when there was two blog posts, David Scott and instead of the-
Scott: Millions.
Jonathan: Exactly, instead of the millions of blog posts now. So, we were all learning the business of SaaS at the same time and it was such an awesome experience being able to work really closely with him and Yammer. I was there for 15 months. We raised a bunch of money and got acquired by Microsoft and I’ve been pretty much looking for another version of that ever since and haven’t been able to find it. I’ve had some really interesting learnings along the way. Joined a bunch of other Yammer execs at a video conferencing tool that we were pitched as ready to grow but ended up being more of a turnaround. Then rejoined Sacs and a bunch of other Yammer folks at Zenefits built out their initial finance team and saw the crazy rocket ship that went up high and came down fast as well.
Scott: We were one of your bigger partners I think.
Jonathan: Yep, Kruze.
Scott: We were, and now we’re still really close to Rippling. A lot of the team went over to Rippling, but-
Jonathan: Totally. I have lots of thoughts about my time there. We could probably do 30 minutes on that. The business model was just, it’s ingenious. It was something that small businesses needed but weren’t willing to put the budget behind and I understood that and it was a really interesting way of solving that problem. And you learned that going too fast is an issue too. And you learn that there’s just a natural pace that companies and organizations can grow. And this is where I really liked finance because finance was, strategic finance was implemented at Zenefits at 400 people, but there was already so much under investment in other areas so that we couldn’t keep up. And by the time you get the feedback that like, hey, this isn’t working, it’s too late a lot of times.
Scott: So also one of my business school professors said this, which I always thought… He was a innovation consultant and he’s always would say, “One of the groups I interview first when I go into a company is the finance team because they actually can follow all the money and cash and ops through everything. And so, they have this very abstract visualization of what the company is doing, what’s working, what’s not working, and how it can get improved.” So, that spot inside of Zenefits was probably fascinating to be in.
Jonathan: It was super interesting and I wrote a blog post about this afterwards, which is I think strategic finance is an amazing place to learn how businesses work because you’re aware across the entire company and trying to tell every different function how they fit into the puzzle and knowing that why can’t we hire more engineers? It’s like, well, because our sales team needs to be at a certain size of producing to be able to afford a larger engineering team. And if your engineering team’s too large, then you don’t have enough revenue producers and your burn gets too high, which shortens your runway. And it’s all these relatively simple algebra formulas. And it’s hard because I usually do it at a series eight company where I can do it all in my head and I’m excited as Osano grows to really figure out how to democratize it and communicate this out to the organization so that they understand.
Scott: We were just talking about that for Kruze internally, because we’re getting pretty big now and all of our business unit, people run the business units, need to understand what everyone else is doing, but also what their financial constraints are. It’s just so fascinating.
Jonathan: You can only make so many long term bets at once. Right?
Scott: Yeah, yeah.
Jonathan: And then after Zenefits, Yeah, so I told you it’s a long journey. So, after Zenefits, I went to Atomic. I really wanted to try my hand in VC and I thought Atomic was an awesome way to get a bunch of at-bats and it happened faster than I expected. So, I was only at Atomic for a year where my role was ultimately building out the back office. It was probably building a mini cruise within Atomic, helping founders focus on product market fit and distribution. And we had a team of people that did everything on the back end, but-
Scott: I didn’t know that.All the stuff. Wow.
Jonathan: Yeah. But then I finally got my opportunity to go into VC and I worked at Comcast Ventures focusing on enterprise software.
Scott: We did talk about that.
Jonathan: And very much realized it is a sales job and I was not prepared for it, but it was a really interesting experience. Listen, I got to work with amazing product founders, David Sachs, Parker Conrad, Jack Abraham, and I got to see some really interesting things, companies doing really well, companies doing really well and then doing really poorly. And I thought I could take that to VC and I really loved partnering with founders, but just VC wasn’t the right role to do that as a non-partner. My job was sourcing and getting the deals in, not necessarily being that confidant.And helping companies see around the corner. So ultimately wnt back to operating, was at Mixmax for a couple of years initially with just finance, but ended up actually building out an analytics team. I was responsible for HR and recruiting at one point, responsible for sales and customer success at one point. And that was a really interesting opportunity because we were kind of transitioning from, oh, we made the transition while I was there, of being a VC backed company to hey, let’s become a sustainable company and let’s get burned to zero so that we can write our own journey, which was really interesting and happened through the pandemic. The best thing I did at Mixmax was sublease one of our floors. March 13th, 2020, the day before the pandemic started.
Scott: Oh my god.
Jonathan: I just wanted the best thing I did.
Scott: That’s amazing. Well I was just talking to Olaf today actually.
Jonathan: Oh nice.
Scott: Super nice guy. And he’s as good as it goes.
Jonathan: Totally.
Scott: He’s really cool.
Jonathan: Totally.
Scott: And then Osano came a-knocking? You found it.
Jonathan: Yeah. So, Arlo and Scott, the founders of Osano, I actually met while I was at Comcast Ventures and they were building a remote business. It seemed like the rationale on how they came up with the idea for Osano made a lot of sense. They had started a previous SaaS management business called Meta SaaS and in all of their conversations… They sold that business and in all their conversations, CIOs and CISOs were asking about privacy risk. And so, they ultimately focused on that.
Scott: Meta SaaS. Was that a healthcare analytics company?
Jonathan: No, Meta SaaS was like Zilo or Blissfully, anything that manages all of the SaaS subscriptions within your organization.
Scott: Oh, okay. Sorry about that. Yeah, yeah.
Jonathan: And I wanted a remote company. My family relocated from the Bay Area to San Diego. I wanted multi-time founder. It was also relatively early, which was exciting for me that someone wanted to invest in the finance function before their series A. So, that’s whereI ended up joining. It’s really nice and a lot of it has to do with company building philosophy. Arlo’s philosophy is hiring senior people to build out functions who are willing to get their hands dirty, to build a strong foundation for our company growth versus hiring more junior folks to try to figure it out along the way. And so, we have a really great leadership team, which means that we’ve been able to bring in really great people across the organization. We were remote from day one, so that’s just how we operate. It’s not hybrid, it’s not a different way of working. So, people kind of self-select into that environment and culture. A lot of it is with any business idea, it’s making sure that you’re in the right place at the right time. And so, data privacy regulations just is increasingly complex and we’re building the tools to take offload that complexities for our customers.
Scott: It’s an amazing product. So, we had hit this podcast because I would probably a month ago was looking for a tool to solve our data privacy, our website cookie stuff and all that. And a friend of mine recommended it, Osano, one of our other clients who’s a security company, Drata recommended Osano. And then so I signed up, did the whole thing. By the way folks, it’s super easy. It’s so easy. If I would’ve known how easy it was, I would’ve done it two years ago. So please do this and you can do it in half a day. It’s even easier than that. And then I was talking to one of the Kruze people and they’re like, “Oh yeah, Osano’s a client.” And it used to be I knew every single client at Kruze.
Jonathan: That’s great.
Scott: And I actually remember when you left Mixmatch, you were like, “I’m going to this company,” but I had just not put it together.
Jonathan: And I snuck back into Kruze.
Scott: Yeah. And I’m like, it’s a good nice thing for us. We’re bigger now. But it was so cool. And I was like, oh my gosh, I emailed you and the CEO, Arlo CEO, and was like, Oh, my gosh, I’m using you guys. And I got it up and running in one day and thank you so much so I was like, let’s go do the podcast because this is something I love to promote, but it’s so easy. It really, it’s just nice. And I remember every time I’d go to our website I’d be like, I wonder if we need to have the cookie thing up, do I need to do that? Is in this back of my subconscious all this time and now we’re covered. Now Osano covers us. It’s great.
Jonathan: Well one thing I forgot to add is actually at my last company I was the data privacy officer or data protection officer and it was something that I just dreaded. So, going to Osano, I knew I would not have to do that role again. So that was another reason why I joined.
Scott: Well you’re doing it for us too. That’s really great. But for people don’t know, it’s like a SaaS solution that basically you drop some code into your website. We have a content management system that runs our website and boom and we tested it a bunch, there’s a really cool… Maybe talk about the product a little bit. There’s a really cool dashboard and you can click different parts of the world and it automatically kind of makes you compliant for where you’re serving people and things like that. And it was super intuitive. I really like the process.
Jonathan: Yeah, we really focused on, we think that the winner in the space is going to have be a full functioning platform to deliver a privacy program for an organization. So, there are definitely other vendors out there that focus on different aspects of what constitute a privacy program. It’s kind of similar to security where in the sense that you have a lot of different aspects that you need to have in a good spot. And while we think that one pane of glass that works together is going to be super important, at the end of the day, a lot of these regulations which offer up rights to individuals and businesses for the data that they’re providing, it’s really the right to understand what businesses add on you, understand whether you can ask them to delete it, ask them to change it out and ask them not to share it with other people. But now as compnies are continuing to use all these third-party tools and shared data across them, it’s increasingly hard to understand where that data lies, who has access to it. And so Osano’s built a suite of tools to allow you to do that. The first tool that we built our wedge for the platform, which you’re talking about, Scott, is our consent management platform, which is that annoying cookie banner that allows you ultimately saying you have rights and how do you want to exercise those rights? Do you want us to click yes and we’ll continue to use your information for marketing or for analytics or do you want to click a couple of other buttons to say “No, please don’t use this information.” That information needs to be stored, it needs to be defensible in court. You have to respond in certain ways. And so Osano is building tools to allow for companies to comply with all these different regulations. So, whether you’re a business in… I’m going to get some of these examples wrong, but it’s the gist of it. Someone who speaks Hindi in France, you need to have the French laws or the French regulations delivered to you in Hindi. Or you are in Colorado, which is in the process of implementing a law. And Virginia signed its own law. And California, the CCPA has its own law that is up and running now and going and there’s going to be another aspect that comes live in January 1st. They all have slight differences whether you have to opt in or opt out or you have to respond to people in 48 hours or 72 hours. And similar to all of the tools that are being built today, there’s no reason why each company needs to build this themselves. And so, we’re building it for companies to focus on what they do to delight customers. And we can take on that regulation complexity.
Scott: You’ve built in the software, different methodologies or tracks or options to treat people who are in different locations the appropriate way, which is so smart. And the one thing you mentioned about the space, but it’s also changing. And a guy like me and working, our lawyer’s really good and gave me a lot of high level stuff, but this is something that’s not my day job and I just need to get covered on it.
Jonathan: Totally.
Scott: And you guys, you get me going on that path and I think it was pretty inexpensive, it was like a hundred dollars or I think. I tried signed up for that and then tried to do the pro version for another a hundred dollars. But it’s very affordable and it’s like, it’s kind of like you were talking about investing in financials early on. It’s the same thing. Just doing this stuff and making sure you’re covered, it’s not worth the procrastination, it’s not worth the risk.
Jonathan: Totally.
Scott: It’s not worth the cleanup if you don’t do it correctly. And so I just think this is a really, really great product.
Jonathan: Companies buy insurance all the time to mitigate risks that they don’t think will happen. And buying Osano is pretty much the same thing. You can forego paying the $1,200 and take the risk, but it’s much easier to just sign up and be in a good place. And what we really want to do as this space evolves, is get to a place where similar to the SOC two report, is creating some type of trust within the industry. We want people to understand and ask the questions about privacy and what are you doing with our data. Uber just came out and said that they had a breach and there’s been vulnerability reports that have been leaked out. So there’s a lot. And the thing that we couldn’t have written on any better ourselves, but the attorney generals fined Sephora the cosmetics brand, $1.2 million a couple of weeks ago under the new CCPA and pretty much said like, “Hey if you’re doing business in California, this is your wake-up call to follow this. This is not just something we’re using as a scare tactic, we’re going to enforce these regulations.”
Scott: Hey it’s Scott Orn at Kruze Consulting, taking a quick pit stop to give some of the groups at Kruze a big shout out. First up is our tax team, amazing. They can do your federal and state income tax returns, R&D tax credits, sales tax help, anything you need for state registrations. They do it all. And we’re so grateful for all their awesome work. Also our finance team is doing amazing work now. They build financial models, budget actuals and help your company navigate the VC due diligence process. I guess our tax team does that too on the tax side, but the finance team is doing great work. And then I think everyone knows our accounting team is pretty awesome, but want to give them a shout out too. Thanks. And back to the guest.The thing that got me going just to start finally was Gunderson sent out an email to all, and we’re not a Gunderson client, but I’m on their mailing list.
Jonathan: Gunderson’s a customer of ours as well.
Scott: Okay. Well, they sent an email out everyone saying there’s basically, not patent trolls. It’s like privacy troll. It’s a negative term but it really doesn’t need to be negative. But basically people litigating this stuff and I was like, you know what? I’m the kind of person, I just want to take care of it before I even get into any of that. But CCPA is something, we’re still a little bit small for that but we’re getting close so hopefully next year we’ll be taking care of it or we’ll be closer to the threshold. But your system actually basically makes it very easy to comply. You got a winner here, man. I think this was a really good career choice and I also really like how Arlo’s thing about investing in more seasoned people who know how to build something and put something together the right way the first time. Because it does save a lot of headaches down the road. And I think the companies can move faster when they do that because they’ve just got locked in. They’re not learning on the job, so to speak.
Jonathan: I think that’s exactly right. Listen, SAS businesses are pretty well oiled machines from a business modeled perspective at this point. So I do think finding someone who is willing to take that step back, I always joke around as we’re recruiting people who are willing to take a step back to go to an earlier stage company as masochists, why do you want to go back to that point when you have all these things to do, but no resources to do it? But it does mean that you do kind of understand, all right, here’s what we need to do to get where we’re going. Here are the things that don’t really matter that much, here are problems we can solve later on. So, it is really nice to have a team of people across the organization that have that same mindset.
Scott: Yeah. When you talk about Osano, I’m on the starter service, but what other kind of levels are there and what other things can you handle for companies?
Jonathan: Like I said, we handle all the different things needed to have a full function privacy program. So what you’re talking about is our consent management platform, which is usually what people come to first to start privacy. Privacy is not a get one tool, get you up and running. You need to have that cookie popup, that platform to manage all the consents. There’s also data discovery, understanding where the data that you have lies within your organization. So when people ask for it, you know where to get it, there’s what we call, it’s called data subject access requests or DSARS. It’s ultimately the ability for someone to say, “Hey, what do you have on me?” But where it’s a bit more complex is what I was mentioning earlier in the sense that you do need to respond within a certain amount of time. So we actually use AWS’s blockchain technology to show that the requests come in at a certain timeframe and we are responding. Our customers can respond in that timeframe on AWS’s blockchain so that it’s irrefutable in court. And then the next piece.
Scott: That’s amazing.
Jonathan: And the next one, the last piece is vendor monitoring. You are responsible for your data supply chain. And so we think that these four products together are what is needed to build out a privacy program. I mean, listen, it’s like HR laws, it’s like sales tax laws. You’re never a hundred percent compliant, you’re never done. But if you have these things up and running, the risk that you have for privacy regulation infraction is very minimal. Osano actually even has, I think it’s a $200,000 guarantee that if any fines happen while you’re Osano’s product, obviously in its fullest capacity, in the recommended settings we will cover up to $200,000 worth of fines.
Scott: Wow, that’s awesome.
Jonathan: And with all these regulations being relatively new, the Sephora example is the first I’ve heard, but usually what’s happening, these regulators are saying, “Hey, we notice and we’ve gotten complaints, you have 30 days to fix it or respond,” not “You’re guilty, here’s your fine.” They’re trying to help companies and start that dialogue.
Scott: There’s also a point there you’re talking about, which I think is, you mentioned sales tax and this is for dealing with IRS or states, people don’t maybe always realize this, but regulators, they actually give you credit if you’ve taken steps and are trying to do the right thing and maybe you messed it up or maybe you missed something. But being on that path towards getting fully compliant and trying and putting resources, they actually look at that. Because we have this all the time with, we’ll get on the phone with an IRS agent or California state techs, whatever, and be walking them through. Our client will get a notice and we’ll be walking through what we did, what we messed up, or the client messed up or whatever.And they give you the benefit of the doubt more often than not. And I think it’s probably the same path that you’re talking about, which is there’s the Sephora find, which is a shot across the bow, but there’s probably so many more conversations happening on a daily basis where people are checking if they’re doing it right or in compliance or they’re getting a warning, but then they can fix it. It makes a lot of sense to make the effort ahead of time.
Jonathan: Totally, totally. And I think that’s why you see a lot of people with the cookie popups. I mean you can actually even see sometimes where you hover over the button and you see that it’s a link to nowhere. That is kind of a way to say, it’s having a sticker on your house that you have an alarm system with no alarm system. Listen, there’s ways to say, “Hey, we think we’re doing what we’re supposed to be doing or we want to give you this. Even in that situation, maybe you’re not complying fully, but you’re at least letting the user know, hey, we do have cookies or we are tracking certain aspects, we want to let you know that which is better than nothing.” So, there’s definitely different degrees. And like we talked about before, every business views privacy risk differently so they value it differently.
Scott: But you know what, a lot of times that value is driven by people not quite understanding two things, what the ramifications are and how easy it is to fix it. And we see this in our business all the time. If companies just call us early on, they get on the right track the whole way. And I think it’s the same thing for you guys, if they just knew how easy it was, they can implement it in a day and it’s something they don’t have to worry about and then they can ride your product cycle up as they get bigger and they’re getting… I also just like your, I don’t know if it’s weekly or what, but I get some good content management, it’s like content marketing, but it’s very helpful stuff. Every week I get an email from Osano talking about something new that I probably didn’t come across my desk. And so I actually like that aspect of the service too, and I know it’s a reminder and it’s probably good marketing and things like that, but it actually does provide value to me as a user.
Jonathan: All of us are running businesses, but we’re also all users of all these different tools. So we are stewards, individuals, PII and we also provide our PII to all of these different businesses. So, everyone has a direct example or a direct connection to these privacy stories that are coming out.
Scott: It’s great, man. Well I need to respect your time here. Can you tell everyone how to reach out if they want to use Osano or just get the demo? I think I just got the demo and then I converted.
Jonathan: Yeah, sure. So, you can go directly to the website, osano.com, O-S-A-N-O dot com. We have premium product, we also have self-serve. If you are looking for that full-functioning privacy program, we have an amazing implementation team, an account management team to make sure that you are up and running. And I really believe that this is a complex topic, similar that you hire someone to do your books, you hire someone to do your taxes, you hire someone to be a lawyer, why not offload the complexity of data privacy to a vendor who can help you and stay on top of it? Because as you mentioned, things are changing fast. You are getting to the place where there’s potential that there’s 50 different privacy laws across the United States. And for a business that’s not Facebook, Google, Amazon, to be able to comply with that on their own is cost prohibitive. So that’s one place. You can find us on Twitter where we put out a lot of the great content that Scott’s mentioning as well. So, that’s the best place to find us.
Scott: I also have to say your salesperson, your salesperson was really good because we came in the call with a lot of questions because we weren’t fully indoctrinated or didn’t fully know exactly what they didn’t know. So, I’d recommend people if they’re listening to this, we did like a sales call and it was very helpful. The lady was really nice and informative.
Jonathan: Great.
Scott: So that’s another alternative for folks, instead of just signing up, I think you sign up and then you book a call and it’s very informative.
Jonathan: Great, I’m glad you had a great experience.
Scott: Awesome, man. Well thank you for coming on. So awesome to be working together again. And thank you for protecting Kruze’s website and Kruze’s privacy, and all our customers and the people who use our site.
Jonathan: Thank you for making me have clean books.
Scott: Yeah, thank you. I love it, all right, buddy. Thank you so much.
Singer: (singing) So, when your troubles are mounting in tax or accounting, you go to Kruze and Founders and Friends. It’s Kruze Consulting’s Founders and Friends with your host, Scotty Orn.

Kruze Consulting is regularly reviewed as one of the preeminent providers of finance, accounting, tax and HR services to high-growth companies. For our offices in San Francisco, San Jose, Santa Monica, New York and now Austin, TX, our experienced team serves venture and seed backed companies in diverse industries from SaaS to biotech to hardware to eCommerce.

Explore podcasts from these experts


Important Tax Dates for Startups

  Talk to a leading startup CPA