Episode 497 | Documenting SaaS for a Sale, Email Harvesting and Spam, and More Listener Questions

Rob: Welcome to this week’s episode of Startups for the Rest of Us. It’s episode 497. I am your host, Rob Walling. Each week of the show, we cover topics relating to building and growing startups using an ambitious yet a sane approach. This week, I’m answering listener questions with my friend and co-founder of TinySeed, Einar Vollset. Welcome to the show.

Einar: Hello. Good to be here.

Rob: Good to have you back. If you’ve been listening to the show, even for the past few months, Einar has been on several episodes talking about entrepreneurship he has experienced. He went through Y Combinator in 2009, the company he started there was later sold to Google, and he’s been on the sell side of many seven- and eight-figure SaaS acquisitions, so he has expertise. My go-to for Einar is partnerships, business development, sales, outreach like cold-calling, cold-emailing, buying and selling SaaS valuations, pricing. That’s the high level. Anything I missed in there?

Einar: No, I think that’s pretty good. You’re making me sound like Glengarry Glen Ross salesperson but that’s good.

Rob: You’re going to get booed off the stage here at the Startups for the Rest of Us. People are like, “Get that guy.” But here’s the thing. You’re also a developer, so you have the cred with the crowd. You’ve been writing software for a few decades. You have a PhD in computer science which I’m going to let that one slide.

Einar: That’s fair. Absolutely.

Rob: Yeah. When we were hiring at a company I worked at in LA, we would get folks with a PhD in CS to apply for a senior developer position and instantly set off a yellow flag of can this person actually write code? Can they ship code? We had to see if they didn’t have work experience and they had just come out of the Masters or PhD, we’re just a little concerned about it.

Einar: Yeah. I get it. I don’t get so much with Masters and PhD. Actually there is a diminishing return if you start doing a PhD. It’s a problem, actually, for some of the people who were in grad school with me and then later on. They were like, “Yeah, I can’t even get an interview because everyone thinks I’m this non-producing wonk who comes up with opinions all day.” I know the feeling.

Rob: Academia can have that effect. It doesn’t always do that, of course. Hey, if you want to have a conversation with Einar, especially about TinySeed Fund too, just head to tinyseed.com/invest. Fill out that form, he’s on the other end of that. We are starting fundraising for that fund under five or six C.

Einar: That’s right.

Rob: All right. We are going to answer listener questions today. I picked a nice sampling of questions about SaaS and all the stuff that we talk about all the time and think about it. The first question is from Roger. The subject is documenting SaaS for a sale. He says, “I work on the technical side of a SaaS and the owner is interested in selling the company. They asked me to look into documenting the technical side but I have no idea where to start. Do you know of any resources or have any advice?” After listening to this question, let’s flip it and talk about what you should have documented for financial and SaaS metrics type of stuff because I think that’s interesting as well.

Einar: Yeah. I actually think—having done this a number of times—it obviously depends on the complexity of the product that’s being sold. There’s no indication here of what’s going on. But typically, actually quite surprisingly, I think the technical documentation and the sort of technical diligence that gets done in an acquisition is certainly better than what gets done for venture capital investments.

I’ve always been surprised at how light the technical diligence is during an acquisition. Typically, it’s confirmatory because fundamentally, if your business is able to be sold and it’s profitable, it’s growing, it’s doing what it needs to do on the business metrics, then the buyers usually have the assumption that you have your […] together to some degree. They’re like, “Well, it’s not going to be totally fake.”

That being said, certainly during diligence, at least if you’re talking a deal north of (say) $20 million, then there’s likely to be technical diligence and they’ll usually bring in—if it’s a financial sponsor—an external technical team to do the diligence. Sometimes there are firms that specialize just in doing that or they’ll have their internal development team take a look.

I think most developers think of, how am I documenting the code? Can I explain the code of this working? Are we doing best practices as it relates to X, Y, Z inside the code? I find that most of the time actually, what they’re looking for is more high level. Is there a single point of failure in terms of either technically or with a person?

Quite often what ends up happening in the smaller acquisitions is that there’s one guy who knows how a critical piece of this something works. Whatever it is like scheduling, whether it’s how to bring the site up if it goes down. A lot of the time, what they’re trying to ascertain is whether there is redundancy and business continuity in place. They are not in the situation where they buy the company, then it goes down, and it turns out that John, who was the only person who knew how something worked, has been fired, left, or whatever.

It’s usually quite surprising to people the kind of things that get asked. Certainly, they’ll be asking questions like where are you hosting things. Typically, the more standardized the answers are, the better. If you come and say, “Hey, we have this custom rack that runs out of my brother’s apartment and that’s where we’re serving everything in order to save 50¢ on the dollar and hosting cost,” they’re probably not going to be as impressed with that as if they just say, “Oh, yes. Just on AWS. It’s easy to use AWS,” or whatever. They like standard things.

They’ll ask higher-level questions like what are your development procedures? If a feature comes through from a product, how does it get implemented? What is the process by which things go into engineering? They’ll ask questions like what is your testing procedure? What’s your deployment procedure? Usually, it’s actually more higher-level process stuff and people than that is like, explain to me how you’re modularizing your code. They will ask some of those questions.

When I did diligence stuff, I would sometimes say, “Okay. Show me the last 10 pull requests with the code.” That used to freak people out but that level of detail and that low-level detail is actually quite unusual. With the exception of what you’re selling is a very technical, very detailed, technical product where it’s critical that the people understand exactly how your product works. Whereas you’d be surprised a lot of the time for the business people doing acquisitions, it actually doesn’t matter all that much specifically how you’ve written the code as long as they understand there’s a good process in there.

This is something where they could hire more people and it’s not completely loony tunes. If it’s something that’s hosted in your basement on a custom version of Lisp with a database that’s no longer supported, that’s going to be a problem. Even if it’s not a hack on PHP but if it’s PHP hosted on EC2, that’s great. They’re not really going to care that much about specifically which framework or PHP you’re using, or anything like that. That’s my high-level view of it.

I think you’d be surprised at what kind of thing they’re looking for during diligence in this most often process. Do you have that checklist of things in place? Do you have version control? If you’re using open-source software, are you using that according to licensing? Are you publishing things that you need to publish on the GPL? Things like that come up much more often than I think most developers assume. They think that I get into diligence, somebody will come through, they’ll have me like they’ll sit next to me and go through line by line of code and have me explain how it works. I’ve never seen that happen.

Rob: That’s been in line with my experience as well. I’ve been involved on the sell side of a lot fewer deals than you. But still, if I were to put it, personally, it’s two or three that are substantial enough that people wanted to review code, and then I think there were maybe four that I’ve been pulled into by startups that I’ve either invested in on an advisor or whatever. That’s typically advice I give as well as no one cares about your code comments because the people buying it aren’t developers and they don’t need to get into that level of detail of the code.

It’s a lot like I’ve compared it to a real estate investor who buys investment properties, will often buy multiple properties without ever seeing the properties because what they’re looking at are the numbers. If things have been rented for this many years and the maintenance has been X, Y, Z for this many years, they want to make the numbers work. If that happens, they don’t care if the kitchen has been granite, if it’s fake granite, or whatever because they’re not living there.

For better or worse, when a company is spending $10, $20, $30, a hundred million dollars on a product, they’re not buying it for the code quality. Unfortunately, as a developer, that’s not what is driving the price. Unless, as you said, it’s some extremely limited IP where it’s like we built the Google search engine and that’s worth a bunch of money or whatever but that’s not really what I’m looking at. I have a few things I jotted down. Specifically, when we sold Drip. They were really concerned. They asked a lot about any open source stuff that we used.

Einar: Oh, yeah. That happens all the time.

Rob: Yeah. There are certain types of licenses that essentially mean that if you use it, you should open-source all of your code for the entire app. We had been careful about that but you have to prove that there’s nothing in. They sent a consultant out who brought a Raspberry Pi, opened it up out of the package, plugged it. He said, “I’m not going to walk away with any of your code or any devices that plug into any of your machines.” He plugged it into Derek’s laptop into this big scan of the code and then he handed us the Raspberry Pi at the end. He was doing a big scan for patterns of license. I’m assuming that headers are there. Certainly much like a virus scanner, it just picks up a pattern of like, ding, this is a red flag license.

Einar: Absolutely. I think most developer types think that it’s not a big deal to use open source and that’s true, it isn’t. But it’s a big enough liability that typically if you’re selling a software company, you have to warrant that you’re not in violation of open source licenses. Basically, what that means is that if you do that and they get sued, the acquirer gets sued because of GPL violations that you did, they’ll come to you for the money. It’s that serious. If you have very good clarity on like, these are exactly the licenses we’re using. If we’ve made changes, for example with the GPL, then we publish those changes as required by the license. That stuff is important.

Rob: Yeah. The other thing that I’ve seen asked for a lot is not code-related but it’s IP agreements. Do you have an IP assignment agreement from every contractor, every employee, everyone who has ever touched basically anything in your code? That can be a big deal. Backup and recovery is something else that they asked. That’s like you said.

Einar: Disaster, continuity. Yeah.

Rob: Yup. It’s like, how often do you backup? How often do you recover? How do you test your backups? That kind of stuff. That’s something I would include in a technical doc. The original question is what should I document? Technically, it can be a four- or five-page doc plus a network diagram that is kept up today as best you can. It doesn’t have to be some 30-page home. In fact, we didn’t even have a network diagram. When […] was doing due diligence, click-ons flew out with their senior engineer like the head of engineering. He just said, “Walk me through on a whiteboard,” and that was the network diagram. They took a picture of it.

It was like Derek writing things and talking through, this is where there is a single point of failure in the database and blah, blah, blah. That was good enough for them. There was also a level of trust between Clay and I because he and I knew each other. He also knew that, as an engineer working with a co-founder who is an engineer, we would say we have 2½ lines of unit tests for every line of production code, which is pretty good. It implies that these guys probably know what they’re doing, so we were given a little bit of leeway there.

The last thing I’ll say is to document the tools you use. Just high-level languages, what editors you use, obviously, the database—Postgres, MySQL, whatever—version control, we use GitHub on this thing and it’s never been out in public or whatever. It’s just the basics if you think about it. I think both of us, what we’re saying is, it’s very unlikely that anyone will dig deeper than basically the top-level things that we’ve said here.

Einar: I think it’s true. I think the most helpful thing to think about is the documentation isn’t required to be at a level of detail where if you got a fresh developer and gave them the documentation, that was sufficient for him to start developing features on the code. That’s too detailed. The way you should think about it is what does a project manager need to know? What does an engineering manager need to know about the process by which we build software here and roughly how it’s structured? That’s the right level of documentation, at least to start. Inevitably, during the process, during some diligence, there’ll be some further questions, but then they can dig into that. You don’t need to write 100 pages worth of documenting every single thing. I think that’s probably a waste.

Rob: Our next question is from Fabbri. He said, “I bootstrapped the guilt box, a personal and SMB financial software as a side project for a few years. We’ve also developed our own banking data aggregation system for our B2C products. We’ve been approached a few times by companies to provide this service, the banking data aggregation, but haven’t had much bandwidth to also take on the B2B opportunities (obviously, of selling that to other businesses).

Recently, I was offered to provide the aggregation service to another startup. At first, I agreed with the founder on a fee per user and a retainer. Later, he offered me 5% equity, I assume, and in the startup to integrate the aggregation system, plus some additional funds because he wanted more control and a commitment for me. I’m hesitant to accept this since the aggregation system still serves my business and has the potential to serve others. Also, it took a few years of work to get it right for only 5% equity in another startup, but I think it could negotiate that. What are your thoughts on this?”

The subject line is a business partnership or B2B client. He’s kind of trying to decide between those two. It’s a little muddy and we don’t have all the details. I wish we have more info, but do you have thoughts on this about going into a business partnership versus keeping someone at arm’s length as a client?

Einar: Yeah. My gut feeling would be that this 5% equity to get more control and commitment like that, I’d be extremely wary of just because what kind of controls is he talking about? Does this preclude you from doing changes that you want to do? Are you now required to maintain this in a way that fits their business rather than yours? Also, what is the value of 5% of the equity? Now, you have to effectively do due diligence on them to figure out what is the value effectively of what they’re offering you for this.

It almost doesn’t sound like a partnership, it almost sounds more like a joint venture, that proposal. Although, it’s quite vague so it’s hard to tell. But certainly, I’d be very wary of doing the 5% equity piece. This sounds to me more like you have an enterprise-type integration plan, white-label plan, or something like that. It’s easier to do this lighter touch and effectively say, “This is something that you can buy, it’s going to cost a lot of money, or if you’re reselling it, then you have to give us a good chunk of the whatever revenue you’re getting in.”

That’s a much better, at least, starting point than getting to the point where it sounds like this potential partner effectively wants to control how this piece is being built, maybe exclusively get access for themselves. Giving all that away for 5% equity in an unknown startup is not something that I would do without a lot more information. It depends. If the startup is Zoom, sure, but if the startup is some no-name thing I’ve never heard of, then my general view is that I’d be very wary.

Rob: Yeah. I would echo that. Anytime you take a minority stake in a private company that you have no control in, that has no liquidity prospects—

Einar: Are you describing TinySeed, Rob?

Rob: No, of course not. I’m describing a lot of these stock deals. Whenever I hear there was an acquisition, I hear the purchase price, I always want to know how much of that was stock because if it’s stock in a public company, great, good for you. You can sell that in 6 or 18 months. But if it’s a private company, you are basically tying yourself to the fortune of that company for years. You can say I got $20, $30, $40 million in stock in a company that then goes bankrupt, you actually get nothing.

Einar: That’s happened to friends of mine, actually. They sold their startup to a company. This is 2001—got them old—and they were like, “Yeah. I sold my company for $10 million,” and they got $10 million worth of stock in a startup that went to zero. It happens.

Rob: I know. If someone were to approach me about selling my startup and they want to give me an all-stock deal, like you said, it just really depends on the company, their prospects, and where you think they’re going. But almost in all cases, I’d be like, you got to get enough cash that you feel good about this, that if that stock goes to zero, you at least don’t have massive regret around it.

Einar: That’s true for a type of M&A work we do, too. It’s not unusual in a deal that, say, $25 million that the founders are going to ask. Okay, you get some cash, you get some earn-out, you get some maybe owner financing, and then you have to roll a portion of your proceeds into the new company. Usually, the hurdle there, at that point, I always advise people, we need to do some diligence on the acquirer, that they’re not just something that’s going to blow up. That’s worth thinking about.

If that gets on that level, then you shouldn’t just accept 5% to walk away because there are all sorts of things like 5% preferred stock, 5% common stock. Are there any anti-dilution things in place? It agrees for 5% equity. If there’s no anti-dilution, this is common stock. The other guy could just issue another $10 million shares and dilute you down to 0.005% and you have no recourse.

Rob: Yeah. I’m in the same boat. I feel like the B2B client is the first step in an integration. Get to know them and how they are as a customer. It’s like the crawl-walk-run-type thing or that they’re dating before you get married. A B2B partnership, an acquisition, whatever, often those relationships are built over time so that you can see how they operate and learn more about the people involved and the company involved. If that’s helpful, Fabbri.

The next question is from Chris and it’s about email harvesting and spam. He says, “I recently read an article published on Medium. It’s about how to harvest email addresses. In one of the discussions with Bluetick, Mike Taber has talked about warm versus cold emails. Can you guys comment on the practice of sending unsolicited emails these days?

If you get enough spam complaints, won’t Mailchimp, Constant Contact, Infusionsoft, et cetera, shut down your account? I get a reasonable amount of these. If it’s something I have zero interest in, the company sounds cheesy, or I’m certain I did not sign-up but often the spam button. I have two small companies and I understand the need to fill up the funnel but I’m annoyed that someone is taking up my time to click delete.”

Before I toss it over to you, I do want to chime in that is a very big difference. If you scrape emails and get an essence of a cold email list and you put that in MailChimp, Constant Contact, Infusionsoft, Drip or anything, you will get banned. They will block your account because those tools are not designed for cold email. They’re designed for warm email, folks who have opted in to hear from you.

When this thing […], if you harvest emails or God forbid, by an email list, that is where you could go to a tool like Bluetick that uses your own known inbox, your own Gmail inbox or outbox (in this case) to send Yesware, ToutApp—there’s a bunch of them, you probably know more—that’s where those won’t be on you because it’s sending from your email inbox. It’s not like their IPs are impacted. With that, you want to comment on this?

Einar: Sure. I agree. These are definitely not the tools to use, although I’m constantly surprised at how many people are running cold outbound processes using tools like this and don’t realize how close they are to getting their whole account shut down. If they have marketing stuff in there too, that’s problematic.

My view is—this is also in the CAN-SPAM Act—actually sending cold business mail or solicit mail in the business context is not considered spam. Effectively, what’s going on is what’s annoying is not necessarily unsolicited, it is unhelpful email where you’re getting an email and it’s clear that this person knows not only anything about you and has never heard from you before but doesn’t really know what your business is.

To me, I get offended as a sales guy. I think you should do enough research so that you at least have a half a chance to know what kind of a company you’re trying to email. A good example of this actually is, I don’t know if you saw this, but we keep getting emails into the TinySeed account, at least I do, that says, “Hi. Been really excited about what you guys are up to there at TinySeed. Just wanted to let you know that our B2B SaaS accelerator is open for applications and would encourage TinySeed to apply.” I’m like, “You have no idea what TinySeed is. We’re not a B2B SaaS company, we’re effectively your competitor.” That’s generally my view of it.

Sales in general, particularly when it comes to B2B sales, the best stuff is almost like being an outsource consultant for your prospects. You’re effectively trying to figure out how do I reach out to this person or this company where I have figured out that they can add significant value to their bottom line or whatever by using the tool that I’m providing. You can imagine a consultant being hired by the company in question to figure out how to better do X, Y, Zs so that we improve our bottom line and they get paid to go out and pick your tool.

The best kind of consultative enterprise-type sales is effectively the inverse of that where you’ve done enough research that you’re confident that if this prospect took up your tool and used it, they would get significant benefit. You’re going to get a chunk of that as the sort of price you take for the service, whatever. But I don’t think you should email people unless you are pretty confident that this actually would be a value-add for the company in question.

It doesn’t sound like Chris is getting an awful lot of well-targeted emails. Similarly here, I get a bunch. It seems to be anything on LinkedIn, there is outsourced software, developing firms are notoriously bad at this. They just sort of blast everybody. There’s certainly a much better way to run that than what they’re doing.

Rob: Yeah. I have bought things, I’ve signed up for a couple of SaaS apps that have cold-emailed me over the years. I’ve also hired someone off in essence, an email campaign consultant. But let’s say I’ve done it five times. Each of those times, it was really well-targeted and it was obvious that they knew something and they were presenting something that made sense to me, not like a round of venture funding to an accelerator which is what I got in email this morning about that. We have in my TinySeed address like we have a list of venture capitalists who invest in companies like yours. I’m like really? Are you sure?

Einar: I don’t think you do.

Rob: Nope. That’s targeted. You should see the stuff we get to the podcast email address. It’s probably 10 emails a day, maybe 7 or 8 emails a day. A lot of its guest pitches, but a lot of it’s like SEO stuff like, “Let’s trade links and let’s do an article,” this and that. They’re so badly targeted. You can just tell a mile away if they’re actually a listener because they all act like they’re a listener but you can’t just say, “Hey, I’m a big fan of the show,” because that doesn’t cut it anymore. It’s like you really have to speak the language. All right. Thanks for the question, Chris. Hope that was helpful.

Next question is from Adam […], it’s about how to increase sales. He said, “I let go of my salesperson this week and this was about seven or eight weeks ago, right as the quarantine started. She’s now employed on a commission-only basis. But navigating from here, what would you suggest I do to make sales? It put some ideas like starting a blog. Should I start ads? Should I automate my sales flow as much as possible? It currently requires a demo so we started by opening it up past the demo. Should I just focus on maximizing profitability out of existing customers or give existing customers a significant discount so that there are still customers on the other side of this in my industry?”

Obviously, this is industry-dependent. I think he’s in one of those I have been talking about how it’s about 10% or 15% of companies that have knowledge of taking off because everyone’s working remotely. 10% or 15% are completely getting decimated because they are involved in things that when people are remote, they can’t can’t be done. There’s kind of this middle, let’s say, 70% -ish, 70%–80% that are just floating and just watching. They’re slowing down maybe, but they’re not certainly not cratering and they’re waiting to see what happens on the other side of the quarantine. I think Adam’s company falls within that. He has a lot of ideas here.

Einar: I have some meta thoughts, to be honest with you. Obviously, I think this was asked a month or two, I guess, ago. If they’re US-based, I think it probably was a mistake to let them go because you could have gotten PPP to pay for it.

Rob: I believe he’s in Australia.

Einar: Okay. Well, that’s even better. I actually don’t know about Australia, but in certain places like the UK, there’s Proper Paycheck Protection in the sense that they’re basically effectively paying a percentage of salary to keep them on payroll. That’s my first high-level comment. That’s something to look into. Just firing people willy nilly might not actually be the best move.

The second thing, which I have no idea what this product is, so it’s hard. In terms of his specific idea like a blog, I haven’t really done this. That, to me, sounds like someone who perhaps doesn’t realize how long the process is to build out a significant organic funnel-through a blog. I’ve seen several companies just decide, “Oh, we need to do a blog to get more customers.” They spend three or four months posting a blog post every week, they see zero inbound interest, and then they shut it down.

If it’s a hair on fire like, oh, crap, we’re going down, we just need more customers immediately, starting a blog is not going to do it in time. I think it’s a good thing to do, potentially, by yourself but it’s certainly not something they could just be like, “Oh yeah. I’m going to start blogging and then customers will come strolling through the virtual door.” Focus on ads, I think that’s the more interesting ones.

Obviously, it depends on your industry and whether people are a complete acquisition as it were spending freeze or whether people are potentially still looking in. I’ve actually seen several companies do pretty well right now with ads because they’re cheaper than they used to be, everything is at a discount like Facebook Ads or Google CPC. It can be immediate and they can scale. I actually think now is a pretty unique time to experiment with advertising just because, as you said, they’re at a discount, and if your industry is amenable and still buying then that potentially could work very well and it could scale pretty quickly.

The other stuff, honestly, I don’t know, automates the sales process. Well, that’s good, currently requires a demo. Give existing customers a significant discount so there are still customers on the other side, I wouldn’t volunteer it. People start canceling. I’d reach out and say, “Hey, what’s going on? Are you guys struggling? Do you need a discount? We can help you out.”

Rob: Discount or just deferment, right? “Hey, next three months, you’d have to pay, next two months, or whatever.” It’s scheduling software. I’ve actually talked to him about it before. He’s a super cool, dude. I was trying to remember exactly what it was, but I think it is for a lot of in-person businesses, I think like driving schools or just whatever, anything that needs scheduling and kind of back-office stuff. For him, I would think about deferments.

Einar: Yeah. Particularly, if you can say, if you have an annual plan, say like, “Okay. It’s coming up, you don’t have to renew it. Just renew it now, we won’t charge you for three or four months and it’ll run from a year from then.” Something like that makes sense, I think, because I think there’s a fair amount of industries which are in a position where they know that they’re going to reopen like, yes, summer for all time, hopefully. Part of the stuff they’re doing right now is looking at their processes and things. If you can land them now and like essentially book the revenue for the fall, that’s super helpful coming out of this.

Rob: Yeah, I’ve heard of a few companies. I’ve been watching a few companies do that where they are looking out to September, trying to find folks now, and basically giving them free access until then such that if things do re-open before then, the customer gets some value out of it.

It really depends, Adam. If your leads have completely dried up, is there some ads or some outreach you can do to companies? Like you said, if they’re totally shut down, then what are the owners or the managers doing? Are they thinking about how to improve the processes? Is this the time to potentially pitch that? If you still have leads coming in and your salesperson is on a commission basis and she’s able to handle them, I don’t know that I see a huge issue with that. Thanks for the question, Adam. I hope that was helpful.

Einar Vollset, that’s all the questions we have for today. If folks want to keep up with you, they can head to @einarvollset on Twitter or they can head to tinyseed.com/invest. Is that your contact info now?

Einar: That is my contact info now. It’s the easiest way to get my direct attention.

Rob: Exactly. […] there. You bet he will read that.

Einar: You’ll get a response pretty quickly.

Rob: That’s cool. Thanks for taking the time, man. Appreciate it.

Einar: Sure thing.

Rob: Thanks again to Einar for coming on the show. Hope you enjoyed our conversation. If you have a listener question, we only have about five or six in the queue. Remember, if you record an audio file, send me a Dropbox or a Google Drive link to questions at startupsfortherestofus.com. That will go to the top of the stack. I don’t believe we have any voicemails right now, so literally next Q&A episode, it would get answered. That’s all for this week. Thank you for listening, I’ll see you next time.