Wij willen met u aan tafel zitten en in een openhartig gesprek uitvinden welke uitdagingen en vragen er bij u spelen om zo, gezamelijk, tot een beste oplossing te komen. Oftewel, hoe kan de techniek u ondersteunen in plaats van dat u de techniek moet ondersteunen.

Amy Errett’s company, Madison Reed, sells women’s in-home hair coloring products. It may not sound like a glamorous business but, as it turns out, it’s a very durable one, done the right way. Not only has the seven-year-old outfit been slowly chipping away at the dominant personal care giants like L’Oreal that have long controlled what’s currently a $ 30 billion market, but during one of the most dramatic economic downturns of the past century, it has been attracting new customers.

In fact, Errett — who was previously a VC with Maveron Ventures and has a side hustle as a venture partner with True Ventures — says the 300-person company is seeing revenue in excess of $ 100 million per year and that it will be profitable in the second half of this year. Presumably, that makes it a likely candidate for an IPO in the not-too-distant future.

We talked with Errett earlier this week about the business, which has raised $ 125 million to date from investors, including True Ventures, Norwest Venture Partners, and Comcast Ventures. We wanted know if, like so many other consumer companies hard hit by the pandemic, it has conducted recent layoffs, whether it is re-opening the “color bars” it has launched in the U.S., and where it’s headed next. Our chat has been edited for length and clarity.

TC: Like a lot of direct-to-consumer brands, you more recently began opening real-world stores — color bars. How many did you have up and running before COVID-19 took hold?

AE: We had 12. We are reopening them now with 20 [because we had] eight that never got opened in March, April and May.  We’ll end the year with 25.

TC: Are they just scattered around the U.S.?

AE: They’re in hubs that we have selected based on the demographics of the women that live in those hubs and what we know from our online business. So they are in Northern California, where we’re headquartered. They’re New York, Dallas, Houston, and the Washington D.C. area. And we’re reopening in Atlanta, adding more in Dallas and Houston, and by year end, we’ll be in Miami and Denver.

TC: Can you comment on the financial metrics of the company? At one point, we’d read the company was doing around $ 50 million annually with 78% gross margins.

AE: The product margin of the business is in excess of 80%, meaning the actual product; the gross margin of the business, meaning fully loaded, is 60%. The growth has been amazing. We have 300,000 subscribers now, and we’re ahead of 2x the financials [you stated]. We’re a private company, so I don’t disclose [specifics] but we will be profitable the second half of this year.

TC: Obviously, you’ve captured some new customers who couldn’t go to a salon during this national lockdown. What percentage of your overall business do those 300,000 subscribers represent?

AE: It moves from day to day. So 52% of women in the U.S. color exclusively at home; 48% go to salons, some to our color bars; then 25% are called duelists. They’re excessively gray, or they want to stretch out salon appointments, so they do their hair at home [in between bookings].

Typically, 60% of the people that come to us that are salon goers, and 50% are home users. During the surge, the numbers did tip in the direction of 70% of the people that were coming to us were salon goers because they had no other place to go. The good news is that we are retaining an enormous amount of them. The average [subscriber] orders from us every six weeks, then we have people who buy a single box but there are serial one-timers who act like subscribers, so these are startlingly sustainable cohorts compared to typical D2C businesses.

TC: So you didn’t lay off anyone even as you were closing these color bars?

AE: I think seven employees decided they had kids at work and couldn’t even work on a distributed work basis, but we have not done any furloughing. We closed all of our color bars around March 15. . . and we moved all of our in store colorists to our call center. We had to buy and send headsets to everyone at home, teach them about all of the technology support in customer service, which is very different than the skills you’d use working in the store. And away we went.

[Everyone at our call center] was already a certified licensed colorist as our sale is a very technical sale. Every woman in the world has at least five bad hair stories, so we put what I call a belt and suspenders around the advice because the most important thing for a customer at Madison Reed is to get the color right. You get one shot.

TC: States are reopening. As colorists return to your stores, what precautions are you taking, and how uniform are your processes across different states?

ER:  We are reopening stores, at first with retail only [where] we’ll get the bag and bring it out to you, and [over time] with sensible scheduling. We don’t know when we’ll go back to every chair.

And we’re taking the most stringent guidelines of any state and laying that across the entire system. So even if a state says that a client doesn’t need to wear a mask, we’re wearing masks and our clients are wearing masks. Some people don’t want to do that. That’s okay. Then we’re not the right place for people to come if that’s true [because] our clients’ and our team members’ safety comes first.

TC: Last year, you announced a plan to roll out 600 stores, 100 of which would be operated by the company and 500 that were to be franchised. Is it fair to say that those plans are on hold and, if so, are they perhaps permanently on hold?

ER:  We were just starting to sell franchises in February. We actually had our first set of meetings with potential franchisees and we were about to file the documentation that one needs to file for disclosure of franchises — then this happened. And we made a decision right now that for the rest of this year, we’re pushing that decision off. We have not decided whether that’s final or not.

I think one of the things that I’ve learned through all of this is that making big, broad decisions right now isn’t the smartest thing a CEO can do. The world is just in flux. I can’t tell you with certainty what date we can take people back into our headquarters. I can’t tell you with any certainty if there [will be a] vaccine or a drug protocol or if it’s going to spread again or there will be hotspots. I can’t tell you, and I don’t think anybody can.

TC: Given your traction, is there any reason your next funding event wouldn’t be a a public offering?

ER: This is a massive category that has been widely overlooked. And when you look at the size of the prize — $ 15 billion alone in the U.S., with repetitive purchase patterns – – it has all the characteristics of a successful–

I’m an investor [too]. I was a GP and open and ran Maveron’s office in the Bay Area. Connie, you and I probably first met while I was a VC, having a more relaxing life. I’m also a partner at True, so I do invest as well as part of the investment team. And so I’m actually just commenting with that hat on. Like, 80%-plus of our revenues are recurring in this company. At our color bars, we’re the only people who have the ability to use our own product.

TC: Meaning?

The stylist is never going to give the product to most women going to a salon today. They’re never going to say, ‘Oh, you’re going on vacation? Take this home with to you.’ I use Madison Reed and I can walk into a Madison Reed color bar and get the same consistency. The same exact color that I could take home, someone’s going to apply for me. That is a game changer in this industry.

We are the only people who are agnostic as to whether you want us to color your hair [in a store] or you do it at home. If you look at L’Oreal, 85% of its business is selling tubes of color to stylists in salons. It is not a direct relationship with a consumer. The direct relationship with the consumer is the box sitting at Walgreens, which is a very small percentage of their business and it’s not a percentage they’re [focused on] because the margins are so thin. Remember, they’re charging $ 10; I’m charging $ 25.

The secret sauce here is that L’Oreal’s and Unilever’s professional channel [creates] a conflict for them to innovate directly, based on technology or otherwise, to the direct consumer.

TC: Do you see them moving in your direction?

They are smart and they can decide that they’re going to come after us in different ways, and that’s fine. I’ll take the customer service, the relationship to the client, the product innovation, the way that we lead with mobile technology first any single day.

TC: Speaking of these giants, how many products does Madison Reed sell currently, and what might you roll out that would surprise customers?

AE: We have about 15 products, all in the category of [ammonia-free] hair color that’s better for you, whether it’s permanent hair color, semi-permanent hair color, glosses, toners, a highlight kit with non-ammonia bleach . . .We’re also rolling out color depositing masks [that you apply in the shower] that aren’t permanent.

And then I’ll just give you this hint: right now our business is really focused on women, so you can imagine that there’s a separate gender that may color their hair. That is a market that’s just terrific, right? Just for Men?  I mean, are you kidding me? We’re going to blow the doors off that market.


TechCrunch

Hours after security researchers at Citizen Lab reported that some Zoom calls were routed through China, the video conferencing platform has offered an apology and a partial explanation.

To recap, Zoom has faced a barrage of headlines this week over its security policies and privacy practices, as hundreds of millions forced to work from home during the coronavirus pandemic still need to communicate with each other.

The latest findings landed earlier today when Citizen Lab researchers said that some calls made in North America were routed through China — as were the encryption keys used to secure those calls. But as was noted this week, Zoom isn’t end-to-end encrypted at all, despite the company’s earlier claims, meaning that Zoom controls the encryption keys and can therefore access the contents of its customers’ calls. Zoom said in an earlier blog post that it has “implemented robust and validated internal controls to prevent unauthorized access to any content that users share during meetings.” The same can’t be said for Chinese authorities, however, which could demand Zoom turn over any encryption keys on its servers in China to facilitate decryption of the contents of encrypted calls.

Zoom now says that during its efforts to ramp up its server capacity to accommodate the massive influx of users over the past few weeks, it “mistakenly” allowed two of its Chinese data centers to accept calls as a backup in the event of network congestion.

From Zoom’s CEO Eric Yuan:

During normal operations, Zoom clients attempt to connect to a series of primary datacenters in or near a user’s region, and if those multiple connection attempts fail due to network congestion or other issues, clients will reach out to two secondary datacenters off of a list of several secondary datacenters as a potential backup bridge to the Zoom platform. In all instances, Zoom clients are provided with a list of datacenters appropriate to their region. This system is critical to Zoom’s trademark reliability, particularly during times of massive internet stress.”

In other words, North American calls are supposed to stay in North America, just as European calls are supposed to stay in Europe. This is what Zoom calls its data center “geofencing.” But when traffic spikes, the network shifts traffic to the nearest data center with the most available capacity.

China, however, is supposed to be an exception, largely due to privacy concerns among Western companies. But China’s own laws and regulations mandate that companies operating on the mainland must keep citizens’ data within its borders.

Zoom said in February that “rapidly added capacity” to its Chinese regions to handle demand was also put on an international whitelist of backup data centers, which meant non-Chinese users were in some cases connected to Chinese servers when data centers in other regions were unavailable.

Zoom said this happened in “extremely limited circumstances.” When reached, a Zoom spokesperson did not quantify the number of users affected.

Zoom said that it has now reversed that incorrect whitelisting. The company also said users on the company’s dedicated government plan were not affected by the accidental rerouting.

But some questions remain. The blog post only briefly addresses its encryption design. Citizen Lab criticized the company for “rolling its own” encryption — otherwise known as building its own encryption scheme. Experts have long rejected efforts by companies to build their own encryption, because it doesn’t undergo the same scrutiny and peer review as the decades-old encryption standards we all use today.

Zoom said in its defense that it can “do better” on its encryption scheme, which it says covers a “large range of use cases.” Zoom also said it was consulting with outside experts, but when asked, a spokesperson declined to name any.

Bill Marczak, one of the Citizen Lab researchers that authored today’s report, told TechCrunch he was “cautiously optimistic” about Zoom’s response.

“The bigger issue here is that Zoom has apparently written their own scheme for encrypting and securing calls,” he said, and that “there are Zoom servers in Beijing that have access to the meeting encryption keys.”

“If you’re a well-resourced entity, obtaining a copy of the internet traffic containing some particularly high-value encrypted Zoom call is perhaps not that hard,” said Marcak.

“The huge shift to platforms like Zoom during the COVID-19 pandemic makes platforms like Zoom attractive targets for many different types of intelligence agencies, not just China,” he said. “Fortunately, the company has (so far) hit all the right notes in responding to this new wave of scrutiny from security researchers, and have committed themselves to make improvements in their app.”

Zoom’s blog post gets points for transparency. But the company is still facing pressure from New York’s attorney general and from two class-action lawsuits. Just today, several lawmakers demanded to know what it’s doing to protect users’ privacy.

Will Zoom’s mea culpas be enough?


TechCrunch

In a wide-ranging conversation at TechCrunch Disrupt San Francisco last week, Postmates co-founder and chief executive officer Bastian Lehmann made light of the company’s lack of IPO documents.

The San Francisco-based on-demand delivery business was expected to publicly file its IPO prospectus in September in preparation for a fall exit, sources familiar with the matter told TechCrunch this summer. September, however, has come and gone and we’re still waiting on Postmates to release the critical document.

“The reality is that we will IPO when we believe we find the right time for the business and the right time for the markets,” Lehmann told TechCrunch. “And if you look at the markets right now, I believe they are a little choppy. They are a little choppy when it comes to growth companies specifically … We are hopeful that we find a good window to get out there.”

Lehmann made reference to Uber and other companies to recently float, citing market conditions as an IPO deterrent. Uber, Lyft, Slack and other fast-growing unicorns have struggled since entering the public markets earlier this year despite sky-high private market valuations. WeWork, a money-losing endeavor, recently decided to delay its IPO after demand from Wall Street devalued the business by the billions. Whether Postmates will complete its debut by the end of the year is unclear.

Postmates confidentially filed with the U.S. Securities and Exchange Commission for an IPO in February. Shortly after, Postmates held M&A talks with DoorDash, another food delivery unicorn, according to people familiar with the matter, but failed to come to mutually favorable terms. DoorDash has previously declined to comment on these reports. On stage last week, Lehmann declined to confirm the reports.

“I don’t think it does any good to speculate on M&A,” he said. “I think you have four well-funded players here in the U.S. in this space. I think everyone is well aware of the strengths and the weaknesses of each other and you know at some point down the line, if we take Europe for example, you will see consolidation in the market. People have conversations all the time but I wouldn’t read too much into it.”

Postmates operates its on-demand delivery platform, powered by a network of local gig economy workers, in more than 3,500 cities across all 50 states. The company does not yet operate in any international markets aside from Mexico City, however, Lehmann’s comments suggest the business could be plotting a foray into Europe, where Deliveroo, Just Eat and others dominate the market.

Postmates has raised about $ 900 million to date, including a $ 225 million round announced last month that valued the company at $ 2.4 billion. DoorDash, on the other hand, reached a $ 12.6 billion valuation in May with a $ 600 million Series G and has raised more than double that of Postmates. When asked why DoorDash, a similar and competing business, needed that much more capital, Lehmann joked “Maybe [DoorDash CEO Tony Xu] needs a jet, I don’t know.”

Postmates, founded in 2011 by Lehmann, is backed by Spark Capital, Founders Fund, Uncork Capital, Slow Ventures, Tiger Global, Blackrock and others. In our interview with Lehmann, the long-time CEO discussed the ‘choppy’ public markets, competitors, the company’s autonomous robotics delivery efforts and more.


TechCrunch

Security researchers at Google say they’ve found a number of malicious websites which, when visited, could quietly hack into a victim’s iPhone by exploiting a set of previously undisclosed software flaws.

Google’s Project Zero said in a deep-dive blog post published late on Thursday that the websites were visited thousands of times per week by unsuspecting victims, in what they described as an “indiscriminate” attack.

“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Ian Beer, a security researcher at Project Zero.

He said the websites had been hacking iPhones over a “period of at least two years.”

The researchers found five distinct exploit chains involving 12 separate security flaws, including seven involving Safari, the in-built web browser on iPhones. The five separate attack chains allowed an attacker to gain “root” access to the device — the highest level of access and privilege on an iPhone. In doing so, an attacker could gain access to the device’s full range of features normally off-limits to the user. That means an attacker could quietly install malicious apps to spy on an iPhone owner without their knowledge or consent.

Google said based off their analysis, the vulnerabilities were used to steal a user’s photos and messages as well as track their location in near-realtime. The “implant” could also access the user’s on-device bank of saved passwords.

The vulnerabilities affect iOS 10 through to the current iOS 12 software version.

Google privately disclosed the vulnerabilities in February, giving Apple only a week to fix the flaws and roll out updates to its users. That’s a fraction of the 90 days typically given to software developers, giving an indication of the severity of the vulnerabilities.

Apple issued a fix six days later with iOS 12.1.4 for iPhone 5s and iPad Air and later.

Beer said it’s possible other hacking campaigns are currently in action.

The iPhone and iPad maker in general has a good rap on security and privacy matters. Recently the company increased its maximum bug bounty payout to $ 1 million for security researchers who find flaws that can silently target an iPhone and gain root-level privileges without any user interaction. Under Apple’s new bounty rules — set to go into effect later this year — Google would’ve been eligible for several million dollars in bounties.

When reached, a spokesperson for Apple declined to comment.


TechCrunch

Created by R the Company. Powered by SiteMuze.