1
It's nothing fancy, but it was made specifically to solve the main pain points she had.
Fast forward, she convinced herself that the product is way too good and we should try selling it to other business. So, she made a couple of videos demoing it and spent 20$ on ads in Instagram. We got a couple of interested people, but no one actually asked for using it.
Last week we got an email from a company that was interested in trying in. Then we created an account for them and shortly explained how to use it. They've got really impressed by and now want to use it.
For now, I've said that they can have a free trial for a month. But they already signaled that they're interested in paying the price I've proposed.
So, what's next? Should I go after bootstraping a company? What about taxes? GDPR? SLA? Should I go after a lawyer and accountant? My current recurring cost for maintaining the system is ~10$ and I'm expecting to start receiving ~$200 per customer.
This should be just a side gig, but I think it might actually grow.
In addition, I'm currently living in Italy, but this client (and probably others comming) lives in Brazil.
1. AWS account 2. Gmail account
Both keys (account secrets for AWS and user/pw for gmail) were only used in a single repository hosted on Github, private, with only me as a collaborator. Both accounts were accessed within the same week, thus this .env is likely the source of leakage.
For this project, I only work from the same PC. If my PC was compromised, I would expect other accounts to be compromised as well.
The application server (in DigitalOcean), that also reads from this repository, has no signal of intrusion.
I know that it's a bad practice of keeping production keys on the repo, but was confident that if I was careful, it would not be easily leaked.
Am I missing something else?