Security Is Not a Feature — It’s a Responsibility

Founders Notes
Written By Shirley Druyeh

How I’m Thinking About Trust and Data as a Solo Founder

I came across a question recently that stuck with me:

“You’re building a financial app — how do you guarantee client data security?”
— LinkedIn Discussion

I’m not building an app just yet, but I’m exploring the possibility. Tools like Spend This, Not That™ and Buy, Rent or Wait™, tools I am currently working on and could have real potential to evolve into simple decision-support apps. And over time, other parts of my digital ecosystem — like QS Flow™, QS Match™, and Trusted Tradies™ — (all in development and at different stages at present not sure all of them will come to light but will see), could also benefit from being mobile-first or tech-enabled.

But regardless of format — blog, spreadsheet, digital tool, or app — they all involve one thing:

People trusting me with their time, decisions, or data.

And even though I’m a solo founder working on this as a side business, I take that trust seriously.

🔐 How I Think About Security — From the Inside Out

Even in this early stage, I’ve taken deliberate steps to structure my work in a way that reflects my commitment to privacy, confidentiality, and data protection.

I think about security at three levels: design, compliance, and culture — all scaled to suit where I am now, and where I’m headed.

🔹 1. Designing for Safety

Right now, it’s just me — but that doesn’t mean I take shortcuts.

  • I keep access limited: no one else sees client or subscriber data.

  • I use trusted platforms like Microsoft 365 for Business, encrypted cloud storage, and a dedicated password manager.

  • I avoid storing anything sensitive in open, shared, or informal spaces.

  • Anything I share externally (e.g., links, files) is done with intention — no open folders or risky shortcuts.

This isn’t about enterprise-grade firewalls. It’s about being mindful and intentional — and building strong habits now, before things grow.

📋 2. Following Good Practice, Not Just Rules

Because I may one day serve clients or users outside Australia — or handle larger datasets — I look ahead to the standards I want to grow into, not just the minimum I have to meet.

Here’s what I currently align with:

  • Australian Privacy Principles (APPs)
    These sit within the Privacy Act 1988 and guide how personal information is collected, stored, used, and deleted. I use them as my base standard.

  • ISO 27001
    A global framework for managing information security. In Australia, it’s recognised under AS ISO/IEC 27001:2015. It’s widely adopted by businesses that take data protection seriously, and it informs how I structure access and assess risks.

  • GDPR (EU Law)
    While I don’t currently have users in Europe, I aim to design with GDPR principles in mind — things like data minimisation, explicit consent, and the right to be forgotten. These aren’t just regulations — they’re good ethical guardrails.

Privacy isn’t just a legal checkbox — it’s a reflection of how much I respect the people using my work.

🧠 3. Security as Culture (Even When It’s Just Me)

One of the biggest risks to data is human error — and I work hard to reduce that by making privacy part of my workflow.

  • I use strong, unique passwords and multi-factor authentication

  • I’m selective about what I automate or delegate

  • I avoid over-collecting — if I only need a name and email, that’s all I ask for

And because this is a side business, I’ve put firm boundaries in place between my employer and my business:

  • I do all business-related work on my personal laptop, phone, and iPad

  • I’ve removed any work-related apps or platforms from those devices

  • There is no syncing of business data to my employer’s systems, and no overlap of tools, storage, or accounts

As soon as I made the decision to treat this like a real business, I restructured everything to support that— from where I store documents to how I handle data requests.

Having worked in both construction and law — two industries where confidentiality is non-negotiable — I carry that same discipline into my creative and consulting work. The scale may be smaller, but the responsibility is still real.

🧩 In Summary

Security isn’t something you bolt on later — it’s something you build into the foundation.

Even if I’m only building spreadsheets, digital templates, or email workflows right now, I’m designing them with respect, safety, and future-proofing in mind.

Because trust starts long before someone buys a product.
It begins the moment they visit your site, share their email, or download something with your name on it.

And I want everything I make to live up to that trust.

Shirley Druyeh

Shirley Druyeh is a writer, creator, and quantity surveyor redefining what work and wealth look like. Based in Sydney, Australia, she is Ghanaian and British—born in Ghana, raised in the UK, and now an Australian citizen. She writes about financial freedom, homeownership, identity, and the journey of redesigning your life—one decision at a time. Her work explores the intersections of money, independence, womanhood, and what it means to build a meaningful life beyond the 9–5.

Next

🚀 “Ship It.” And 8 Other Lessons I’ve Learned Since Starting My Business