DEV Community

Discussion on: Hottest Security Startup with Open-Source Spirit

Collapse
cblte profile image
cblte

Hi Yuli,

I am not so familiar with your product but so far what I have read, it looks good to me. I do like the concept of having authenticated access to PII and to prevent it from spreading all over the database. But normally this does not happen, because you should only have one users table and then referencing it everywhere. The only benefit I see is, that the name, phone number and more is stored behind an access controlled API which could be a good thing if needed.

Here are some observations I made:

Looking through the demo, I recognized that for the demo user, there are already 14000+ entries. 11 entries got generated just by accessing the site and clicking through the links. Have you thought about this? I see a huge pile of log generated here which could add up fast when you have a lot of users. Just imaging 100 users in the db, and every time you access the data by a service worker accessing the list of customers. This could lead into a problem.

Other things I have recognized while browsing your website. You speak abut GDPR and compliance and all the things when you seem to use the same shady cookie techniques into tricking users to accept all cookies by making buttons big and change settings super small. You could do a lot better when you make the accept all button smaller and the "adjust settings link" much bigger.

I could not find a link to an "Impressum" or an "Imprint" or an "About us/me" page with contact information. When I want to get in contact with you, e.g. as a company, I do not want to sign up to slack, github or some other third party service.

The order on the top links does not match the order of content of the page. Showcase and Use Cases. The section Why Databunker is missing at all.
There is inconsistent use of single page and multi page content. clicking on Docs redirects to a different page, where as API lead to Postman-Domain where cookies are stored, but not asked for (only on the main page but not on the API page).

If you really care about GDPR, and we all hate the cookie banners, you maybe want to look into this.