Interesting PPC numbers. If they don't like the figures they were seeing<p>> Whether it is “project management” (€ 6.00 per click), “social collaboration” (€ 4.40 per click) or other similar keywords, the costs are in high ranges.<p>They would absolutely hate my industry. HR software, the number one keyword for people looking for our app <a href="http://www.staffsquared.com" rel="nofollow">http://www.staffsquared.com</a>, is currently about £30 per click! It's symptomatic of this particular niche being occupied by incumbents who can afford not to optimise their Adwords campaign.<p>I should probably write a blog post at some point about how we got around using Adwords to grow.
I'm glad you found a strategy that got you your first 100 paying clients. But now you're unable to determine your CAC or CLV and have no idea how to scale acquisition. Or at the very least, your CAC is through the roof because your employees are the ones hustling (social, support, visibility, etc). That's difficult to scale and/or measure properly.<p>Have you completely abandoned the traditional methods?
It must be a lot more satisfying to have new customers that were recommended by people that trust your product rather than some dumb/probabilistic marketing channel.<p>In a VC-backed world, that is hard to come by because everybody is so focused on hypergrowth, but if the company can afford to organically grow the business based on timeless good features (your product delivers value and you care about your users) than it should feel much better.
I was curious about their "encryption" since they seem to emphasize it a lot.<p><a href="https://www.stackfield.com/security" rel="nofollow">https://www.stackfield.com/security</a><p>This page indicates they're using RSA-2048 and AES-256. Wow, that's so vague. So I signed up.<p>It's using Javascript Cryptography, which is never a good sign: <a href="https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/" rel="nofollow">https://www.nccgroup.trust/us/about-us/newsroom-and-events/b...</a><p>Their RSA implementation is vulnerable to a padding oracle attack (Bleichenbacher's 1998 attack):<p><a href="https://www.stackfield.com/Scripts/Plugins/rsa.20160122054154.min.js" rel="nofollow">https://www.stackfield.com/Scripts/Plugins/rsa.2016012205415...</a><p><a href="https://www.stackfield.com/Scripts/Plugins/rsa2.20160122054154.min.js" rel="nofollow">https://www.stackfield.com/Scripts/Plugins/rsa2.201601220541...</a><p>They're using AES-CTR, but they're not authenticating the ciphertext.<p><a href="https://www.stackfield.com/Scripts/sf.wssecurity.20160122054154.min.js" rel="nofollow">https://www.stackfield.com/Scripts/sf.wssecurity.20160122054...</a><p>(JSBeautifier comes to the rescue:)<p><pre><code> function DecryptOrganisationByMaster(e, a) {
if (e === undefined || e.MyOrgRoleId === 3) {
return false
}
var b = e.EncryptionCode,
c = e.EncryptedCode;
if (b === undefined || c === undefined || b === "" || c === "") {
return false
}
if (OrganisationPasswords[e.OrgId] !== undefined) {
return true
}
var d = Aes.Ctr.decrypt(c, a, 256);
if (d === b) {
OrganisationPasswords[e.OrgId] = a;
return true
}
return false
}
</code></pre>
This really should have been reviewed by a cryptographer before being branded so heavily as an "encryption" solution.<p>EDIT: Also, their Aes.Ctr.encrypt() function doesn't accept a nonce:<p><a href="https://www.stackfield.com/Scripts/Plugins/jquery.aes.20160122054154.min.js" rel="nofollow">https://www.stackfield.com/Scripts/Plugins/jquery.aes.201601...</a><p>See <a href="https://gist.github.com/paragonie-scott/53428f0947337d66a786" rel="nofollow">https://gist.github.com/paragonie-scott/53428f0947337d66a786</a>
Not being snarky, but you really need a copywriter to review the wording on your site.<p>dayly (should be daily)<p>the data are encrypted<p>Over 10.000 companies joined Stackfield<p>Keep your information, that are not intended for the public,
I think what's useful here are the numbers around PPC. I think many people have totally unrealistic expectations about CAC through these channels.<p>I'd be interested how they would now perform if they returned to PPC...
There's a typo on your home page:<p>"Stackfield offers you a selection of tools that every team needs to get the dayly work done."<p>Dayly should be daily.<p>Also cool post!
Summary: Company did not find a marketing channel. Company relies on word of mouth.<p><pre><code> Orig wordcount: 2152
TlDr wordcount: 13
Saved: 99.40%</code></pre>