Interview with Andra Robinson of Airship

Andra Robinson is Associate General Counsel at the app experience platform Airship. She was formerly the General Counsel for Concord, a leading contract management SaaS platform, where she had responsibility for all legal, commercial and compliance matters. She is licensed to practice in California and holds a Certified Information Privacy Professional certification.

What is Airship, and why are contracts and contract cycles central to what it does as a company?

Airship helps brands master mobile app experiences. At the dawn of apps, Airship actually powered the first commercial messages, and has since expanded with a data-led approach to all re-engagement channels — mobile wallet, SMS, email. Our enterprise Software-as-a-Service (SaaS) platform AXP (short for App Experience Platform), helps product, digital or marketing teams create and adapt rich native app experiences without ongoing developer support.

Contracts are central to guiding Airship’s relationship with our customers. The market is increasingly conscious of privacy and data compliance regulations, so our contracts with customers have become more complex. Now they may include the main services agreement, as well as separate data and security agreements. Thinking through all of the data compliance considerations for our customers from the start of the sales cycle means faster contracting cycles, and ultimately faster go-live and deployment cycles for our customers’ apps. 

How have privacy regulations impacted the contract cycle, and what problems do those impacts create?

Our customers are routinely working at the forefront of mobile applications. Interactions with their own customers and questions around complying with the evolving privacy landscape are fundamental to how the mobile app will function. These types of questions are no longer exclusive to companies concerned with EU transactions because of the General Data Protection Regulation. Questions about privacy compliance come up in almost all of our pre-sale evaluation and contracting conversations with customers, regardless of their location. For customers based outside the United States, the contract cycle must include time to build up additional trust in how we will protect their data once we go live. Those considerations can typically add 30-90 days to the contract cycle, meaning that brands’ marketers and app developers have to pause their projects while all the data protection agreements are finalized. 

How do you keep the contract cycle as short as possible?

From the beginning of development for Airship’s Application Extension Platform, the company has been hyper-focused on these issues. We took particular care to incorporate the principles of Privacy by Design throughout the process. The contracting transaction very much follows the same spirit. Our legal and security teams work to evaluate the contract terms so they align with the evolving privacy ecosystem.

The most effective way is to have a practical conversation from the start about how data will be handled, and getting as much of the data privacy compliance information passed through the teams in charge of compliance approvals. We mapped our security policies and measures with the EU guidelines on GDPR compliance. We also make sure to give our customers information pre-sales, including talking through their specific use case, determining the types of data that will be sent through their systems, breaking down the security measures in place, and giving any other information needed for them to conduct data mapping or transfer impact assessments. Legal and privacy professionals need to have a tremendous amount of knowledge of how their company’s product works, and the specific use cases customers want to enable.

How does the company modify privacy policies, strategies and procedures to accommodate commercial negotiations and contracts?

We continuously monitor the evolution of data privacy regulations and global business trends to make sure our contract terms — and company policies and procedures — are responsive and aligned with market standards. A big part of my role is commercial negotiations and privacy. Privacy aspects come up in about 85 percent of the negotiations that I am personally involved in. This also involves working on the company’s privacy policies, procedures and strategy. The other aspects of my role are focused on working with our Senior Contracts Manager to improve team operations and efficiency. We are a small and mighty legal team, so another large part is pitching in on all other aspects we need to help with, including vendor negotiations, which are also heavily impacted by privacy compliance requirements. 

Navigating the alphabet soup of privacy regulations that change almost weekly — the GDPR, CCPA, CPRA and more — is a challenge for marketers, but it also introduces a whole new set of roadblocks for businesses with respect to the length of the sales process and contract cycle. These delays prevent brands from implementing new solutions as quickly as they’d like.

Once terms are finalized with the marketing lead/buyer, and pricing and features are approved, other functions like data privacy or information security can introduce additional review and requirements. Naturally, these folks aren’t as clued into the use cases for the technology as the buyer and what they are trying to achieve. They just don’t want to deal with having to manage any more data. This typically adds 30-90 days to the contract cycle and means that brands’ marketers and app developers have to pause while all the details are sorted out — unless you have a practical conversation about handling data privacy in the right way, and educate your company about why this is happening. 

Businesses can no longer let the data privacy conversation come at the end of the sales cycle. If the salesperson isn’t aware of this other set of stakeholders and processes, it could delay your project launch or cause you to miss a budget window. Shockingly, a lot of tech providers tend to put a wall up, and won’t engage in the data privacy conversation unless it’s with a large enterprise company. We embrace a proactive approach to data privacy as a competitive advantage. Doing the right thing is good for business.