Forem: Aman

How We Attract Top Talent at Courier

Aman — Wed, 25 Jan 2023 17:33:00 +0000

How do you fairly compensate your employees for a job well done? It’s a question that often gets ignored in favor of the bottom line and one that not enough companies talk about.

We’ve never been shy about discussing some of the perks and benefits that come with being a Courier employee, but we’ve never detailed our approach to compensation. It’s time we changed that.

We recently received another round of funding and plan to grow our team quite a bit in the near future. And our compensation policy needs to be organized and fair in order to reach that goal.

We’ve also officially become a fully remote company. This affects how we fairly compensate employees—do we offer the going rate where our employees live? The going rate of the area where our headquarters is located? Every remote team approaches this issue differently.

Our compensation policy and leveling framework are critical for Courier’s success. Here’s how we make it work.

Salaries Stay in the 90th Percentile

Everyone wants to know how much a job pays before anything else. That’s probably never going to change.

At Courier, we know our employees make this organization a success. And salaries allow our employees to live and enjoy their lives. We also want to attract and retain top talent, so we offer new employees salaries in the 90th percentile of San Francisco’s local market rates. We also keep current employees in the same range to keep turnover low and retain our incredible people.
Our compensation philosophy at Courier has historically been to target the 90th percentile of market rates. That sounds great, but determining exactly what that means isn’t easy. It can be a complicated process, so we’ll walk you through the factors we consider.
First, market rates vary by location. The 90th percentile for a software engineer in California is different from Kansas. So, even though we’re now a fully remote team that hires employees around the globe, we had to choose a location to base our compensation on. Since we originated in the Bay Area, our employees are compensated based on San Francisco’s local market rates.
We also consider more factors like the job title and level, as well as our company’s stage—for example, small startups obviously don’t usually pay the same as large enterprises. We are currently in between these two stages, so we need to factor that in while we’re building out our team. We use datasets from our own company history to make comparisons against going rates for similar roles at other organizations.
Obviously, there’s room for error here, and the datasets we use from our own employee history are small. But we find that these factors help us keep the most important elements in mind as we decide on compensation going forward.

Salary Bands Help Us Reward Top Performers

When it comes to employee development and advancement, we want employees to be empowered at Courier. And we want everyone to pursue the track that works for them. Promotions are largely determined by individual performance but not just individual performance. The needs of the team and business as a whole are also large factors in our employees leveling up.
We review compensation for each level and role during the second quarter of each year. And every time we hire for a role, we try to review our compensation banding and update it to ensure we’re truly offering our candidates the 90th percentile of the market rate.
Many of our employees increase their level without becoming managers. We believe that excellence should be rewarded and that not every employee’s career path looks the same. There are many ways to contribute and develop as part of the team at Courier. That’s why we don’t require employees to be on a management track to get to a new compensation level.
Specific titles and expectations for each employee are decided by each team rather than at the company level. There are some nuances to each role and performance that only a supervisor or other co-worker involved in the day-to-day work can effectively evaluate. That’s why we leave the final say to the supervisors running the team.

Additional Benefits Sweeten the Deal

While salaries are very important—we all need to eat—we know it’s not the only aspect of compensation that matters to employees. Other benefits play an important role in attracting and keeping employees.

We offer unlimited paid time off (that includes vacation time as well as sick days). Of course, we also offer robust medical insurance benefits for employees, including vision and dental. For parents who’ve just welcomed a new child into their home, we offer 14 weeks of fully paid parental leave.

As we mentioned above, we have shifted to a fully remote company, so our employees can work from anywhere. That’s a major benefit that can attract serious talent. The most recent Gallup survey on the issue of remote vs. onsite work found that 34% of employees prefer to be fully remote, yet many organizations are still pushing their employees to return to shared offices. As a remote-first company, our potential employees know that we will never force them to go to an office.

To ensure our employees have everything they need in their respective office spaces, we offer a home office stipend. We also pay for a DashPass for all employees to make ordering lunch throughout the week a little more affordable. And on Fridays, we buy our employees lunch just to say thank you and start their weekends on a high note.

Company Culture Plays a Big Role in Our Compensation Philosophy

As we define compensation for roles and work to recruit the best employees for those roles, our philosophy keeps us focused on fair compensation and benefits. But we also want to acknowledge that there will always be a subjective element to salaries and the promotion process. This fact often makes people uneasy because it can easily lead to favoritism and competition between teams. In our experience, the best way to avoid that problem is by building a healthy, inclusive work culture.
Attracting the best employees to your organization and keeping them around requires a space where support and collaboration are normalized. We lead by example and share our leadership's decision-making process when we make big decisions.
What we’ve shared with you is an early framework for Courier. We will continue to iterate on this just like we do with everything else. Expect this to evolve as we grow.
And if you’re interested in learning more, you can read about what it’s like to work at Courier by visiting our careers page.

How Courier Became HIPAA Compliant

Aman — Thu, 21 Jul 2022 15:55:02 +0000

When thinking about handling PII (Personally Identifiable Information) for SaaS companies, standards like SOC 2 compliance and GDPR immediately come to mind. One of the most sensitive types of information for a tech company to handle, however, is actually PHI, or protected health information. To be able to handle this type of data, a company must become HIPAA compliant.

HIPAA, or the Health Insurance Portability and Accountability Act, regulates the way PHI is collected, processed, stored, and shared in the United States. Protecting PII remains as important as ever to maintain a person’s security and privacy online, but in addition, the improper handling of a person’s health data can actually be dangerous. For example, data concerning a child’s vaccinations that are improperly stored could cause the patient to receive a double dose, no dose at all, or the incorrect vaccine entirely.

Today, we are excited to announce that Courier is now HIPAA compliant and this post will get into why SaaS companies should be HIPAA compliant, why this is important for our company, and the steps we took to get here.

Why SaaS companies should be HIPAA compliant

2020 introduced us to healthcare complexities the likes of which the vast majority of people had never seen within their lifetimes. While the world has experienced health emergencies before, none of this size have landed in our current era of tech expansion. We now have SaaS tech tools to help healthcare providers organize and digitize to provide a higher quality experience for patients, both in-person and online. Even mental health services are now often provided at high volume and quality through online counseling options like BetterHelp.

With the demand for healthcare tech growing and the digitization of medical care expanding, even existing SaaS companies can expect a greater portion of their customer base to deal with PHI, which means that they themselves will need to be equipped to handle this sensitive data. Becoming HIPAA compliant is therefore likely going to be necessary in the near future, if it isn’t already, for many SaaS companies.

Why Courier invested in HIPAA compliance

Here at Courier, in particular, we knew from the start that HIPAA compliance would be necessary sooner than later. Courier’s mission is to make software-to-human communication delightful, currently by providing excellent notification infrastructure. We are happy to work with our current set of customers such as Hospitable to provide better communication between guests and hosts and LaunchDarkly to help retain users. Another line of important communication, however, exists between healthcare providers and patients, or with other providers.

A patient who could receive notifications about blood test results, for example, could access their data more easily through a HIPAA-compliant Courier instead of having to deal with terrible UX to get the information they would be waiting for. Other notifications that would require HIPAA compliance include reminders for doctor’s appointments, flags that prescriptions are ready for pickup, and as a more timely example, notifications for Covid test results.

Courier’s journey to compliance

To become HIPAA compliant, we had to consider two major parts of the process of handling PHI: who all will be touching the data and how it will be presented in the product.

For any technical product, data must go through several touchpoints, often repeatedly. PHI collected from a user, for example, would reach our sub-processors in addition to our own databases along with those of our customers who are collecting the data itself. To maintain the integrity of HIPAA as this data moves around, every organization involved signs a BAA, or Business Associate Agreement. According to the U.S. Department of Health & Human Services, a business associate is any person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. For Courier, this includes all our vendors, including AWS, for example.

In terms of how PHI would be presented in the product, we thought about this as an engineering issue from the start. HIPAA applies to communication just like stored data and by nature of how Courier works, that means that the amount of PHI stored for a particular user will only increase rapidly over time. This means that the way data is accessed needs to be considered while designing the product itself.

As an example, employees of Courier’s customer companies can generally see logs of notifications with their end users to help them gather data to improve their notification strategy over time. However, if a Courier customer is HIPAA compliant, their employees should not have access to their end users’ PII. In this situation, Courier must provide customers with the right tools to manage which employees can access which types of data. This is something to consider particularly carefully if you are an engineer at a SaaS company who is building a notification infrastructure in-house instead of using a tool like Courier - the complexity of building the infrastructure compounded with figuring out how to handle the data in a way that would be HIPAA compliant would be a massive undertaking that is best mitigated by early design considerations around data collection and logging.

As the engineering team hammered out the best way to handle how the data is compiled and logged, we also needed to make sure to have internal policies designated around PHI as well as processes to implement security safeguards, conduct risk assessments, and handle documentation.

Conclusion

After this full process, we are happy to announce that Courier is now fully HIPAA compliant, which applies to all U.S. PHI. To learn more about how Courier approaches security, check out this series of articles. If you’re looking for HIPAA compliant notification infrastructure for your own organization, check out Courier here.

Designing the Perfect Mobile Push Notification

Aman — Thu, 23 Jun 2022 20:07:39 +0000

Here at Courier, we recently announced a new focus on mobile notifications, which is the next big step to meeting our goals for our product. The biggest reason to focus on mobile is because it will drastically improve the user experience for anyone using mobile apps - which at this point, is everyone. This post explores the importance of building better quality mobile notifications and how to go about creating them.

The potential of mobile push

In a perfect world, a mobile push notification would be the perfect mode of communication between app and user. It’s the ping that your ride is here, the notice that your takeout has been delivered, and the heads up that the airline ticket you were considering is the cheapest you should expect it to get. Well-crafted push notifications are timely, immediately actionable messages that cement the bond between users and the product.

A 2017 study by Airship concluded there was a direct correlation between the frequency of your push notifications and your app’s retention rate. App users who received push notifications within their first 90 days had 190% higher retention rates than those who did not. Plus, frequent messaging could increase app retention rates by three to 10 times. It’s important to note that Airship is a push provider, so this isn’t exactly impartial research. But, it’s also worth noting that push notifications do consistently perform better than emails when it comes to click through rates and deliverability. Push notifications have open rates as low as 3.4% (average iOS performance via Swrve) and as high as 20% (BusinessofApps),depending on who you ask, as opposed to email’s 1-2% open rate.

So you have a notification channel (mobile push) that gets more interaction than other channels and could likely improve retention rates on your app - what’s stopping you from closing this article to send your users a push notification right now? Well, you’re amazing, and I’m sure your notifications are as well, but there are a lot of you’s out there, and it’s likely your user is already dealing with a plethora of notifications from them.

Learning from the history of push notifications

We’ve come a long way since the push notification was first invented in 2009. Today, these notifications are supported across Apple iOS, Google Android, Huawei Android, Amazon Echo, macOS, Windows, Chrome, Safari, Firefox, and Edge. Push notifications have evolved to include rich media, icons, customizable sounds, and up to four action buttons, among other developments. Today, the average US smartphone user receives 46 push notifications every day.

For every study that speaks to the value of push notifications, there’s another that speaks to their risks and pains. A 2021 HelpLama survey of over 500 US-based smartphone users perfectly illustrates the fine line notifications need to walk in order to be deemed valuable. While the aforementioned Airship survey recommended sending daily push notifications to improve user retention, 43% of the users in this HelpLama survey said they would disable the app’s push notifications if they received two to five a week. 13% of survey participants said they’d hit disable if they saw even ONE push notification. And 64% of participants indicated that receiving daily notifications would motivate them to stop using an app entirely.

At this point I’ll amend my topic sentence: a push notification is the perfect most polarizing mode of communication between app and customer. Assuming both push-positive
and push-negative surveys are valid, how should you hold both in your mind as you plan your next push notification campaign?

How to send better mobile push notifications

Send as few notifications as possible

Notifications are only valuable if they’re relevant. Since push notifications don’t have the typically ignored spam or promotions folders email providers have, app deletion is often seen as the best solution to unwanted pings. To avoid letting users come to this conclusion, I’d recommend taking a step back and writing down a question before you send that first message:

Is this notification necessary for my user’s success?

If so, really try to press yourself and ask why. If it’s still an essential notification, decide which action users should take when they see it, write some copy that points users towards that action and send that sucker. Push campaigns will be more successful when rolled out cautiously and thoughtfully. As you build the essential messaging in your campaign, you’ll be able to step back and analyze how this notification adds value, how different segments of users are responding, and how messaging frequency and language might be better tailored to 60+ demographics vs. the 18-29 demographic. Well-crafted push notifications are thoughtful nodes in the product ecosystem. Poorly designed push campaigns are bacterial spores.

Context is everything

Within your user analysis, you should pick up details about when and where a user would like to be notified about your product. I know there’s a reason I receive more news articles in the morning and more pings from Netflix in the evening. These are the times of day I, and many users like me, are more likely to engage with those notifications. Netflix has a large team that has analyzed and optimized click-through rates across different time zones to create the strategy we see today. But this wouldn’t work for every engineer.

If you’re wondering when a user would like to hear from you, there’s a good rule of thumb: let them tell you. Duolingo sends nudges to study a language the user has already indicated they’d like to learn. An e-commerce site like Boxed might send you a reminder to complete your purchase if you abandoned your cart midway through an order. A content platform like Courses is designed to serve push notifications to users when there are pauses in streaks - consecutive days during which users have listened to podcast snippets and completed daily practice exercises. In all of these examples, the product didn’t send a push until it felt confident it understood its users’ interests and behavior.

If you want to read more about how to know what to say when, I wrote a journey mapping article earlier that’s about crafting empathetic interruptions in your user’s experience. Feel free to check it out for some more context.

Allow your users to set notification preferences

Allowing users to opt-in or opt-out, snooze, and schedule different categories of notifications can go a long way towards cultivating a user's trust in your product. This author has never been the biggest fan of the cortisol spikes he feels every time he receives a Slack notification, but the product does an incredibly good job offering granular preference control to their users all within the space of a modal. On top of the ability to join and leave channels (preference groupings in this context), users can schedule notifications, momentarily pause notifications, and even adjust their notifications sounds and appearance. This is of value to even the most skeptical push recipients. In the same HelpLama study referenced above, 61% of users will use the app more or at the same level if the notifications received are related to their preferences.

Aside from offering users a general sense of notification management, this level of granularity also offers important control to users with color and sound sensitivities. If the Slack “knock brush” default is grating to the ears, it can be changed to a ding, boing, drop, ta-da, or a female voice inexplicably saying “hummus”, among numerous other options. Slack also allows its users to decide whether or not they’d like to see a red unread badge when there are notifications waiting for them. In Twist, an app that positions itself as an alternative to those “burned out by real-time, all-the-time communication” they’ve done away with the red notification badge entirely because of the stress it induces. Whilehile Intercom offers moderated chat services that let users flag concerns about notifications they find obnoxious or distracting.

The future of mobile notifications is mindful, user-led communication. Check out how Courier is solving these problems by getting a demo here.

Why Courier is Now Remote-first

Aman — Mon, 25 Apr 2022 22:39:43 +0000

Last fall, we published a post on how despite the ongoing impact of Covid-19, Courier would remain committed to keeping our office in San Francisco and focusing our hiring efforts on local talent in the Bay Area. As the company has evolved, we’ve decided to shift our approach to a remote-first model. Although we had good reasons to choose not to go remote earlier, this eventual change in mindset led to several new initiatives during the hiring process and to maintain company culture in a remote-first environment. This blog post will highlight some of these initiatives and why we chose them.

Why weren’t we already remote?

There were a few reasons we didn’t move to remote-first sooner. Firstly, we believed it would be easier and quicker to onboard new employees in-person vs. remote. When you’re a small team, every single hire changes the entire dynamic of the company so it’s really important to make sure they have a great understanding of the company’s culture, strategy, product, tools, and customers. People generally tend to be less hesitant to ask questions when they see people in-person than over Slack, especially if they’ve never met them before. When speed is critical, poor communication can become a bottleneck and we thought focusing on in-person hires would shorten the onboarding process. Secondly, we believed that certain kinds of collaboration were not feasible in a remote environment - especially in scenarios that call for creativity and quick decisions such as product design, marketing campaign construction, and deal strategy. Third, we also believed that maintaining a physical presence as an early-stage startup would actually serve as a differentiator since we saw many other similar startups shift to remote-only and we had a handful of people join the team citing our office and the in-person experience we offered as motivating factors. We believed there were many other similar candidates who specifically sought out an in-person experience after over a year of remote-only work and we would be well-positioned to compete for their talent.

We’ve since learned that, while these assumptions were not completely unfounded, we overestimated the negative impact of shifting to remote-first. We had also always intended to eventually hire outside of the Bay Area as the company grew, but after another year of learning about the benefits of remote vs. in-person work, we decided to rapidly accelerate our timeline and immediately shift to a remote-first approach.

There were two primary factors that led to our decision. The first is that even though we were ostensibly an in-person company, after March 2020, we never mandated office attendance even after many of the in-person restrictions were no longer legally enforced. The result was that we had many employees who, while based in the Bay Area, rarely came in person and who had onboarded and operated 100% remote since the day they joined. We found that they were just as effective as employees who were coming in regularly and we had not sacrificed any operational velocity or our existing company culture. Second, we also found that even though there were candidates who did indeed appreciate our commitment to maintaining a physical presence, there were many more who wanted the flexibility afforded by remote work. By shifting to a remote-first approach, we could actually offer an attractive work environment to both of those types of candidates and, after experimenting with this approach for a few of our open roles, we saw a large increase in our inbound talent pipeline for those roles. We simply could not move fast enough on hiring if we focused only on Bay Area talent. So if we had nothing to lose and lots to gain, it seemed like shifting to remote-first was a pretty obvious decision.

Compensation and leveling philosophy

Of course, shifting to remote-first isn’t as simple as making an announcement and writing a post - we had to consider the long-term impact this would have on the company and how best we could support the growing percentage of our team that would be permanently remote. Firstly, we had to decide how we would compensate remote employees. We’ll be writing a separate post detailing our compensation and leveling philosophy, but ultimately, we decided it made the most sense to pay everyone the same amount regardless of where they were based (within the U.S.) and to make compensation and leveling information completely transparent internally and in all external job postings. This would be the fairest approach for all team members and would minimize the associated administrative overhead while also making expectations clear to any prospective candidates.

Cultural and communication expectations

We also decided to make our cultural and communication expectations more explicit in the recruiting and onboarding process for new hires. Some examples of the kind of communication behavior we now explicitly outline for all employees include: preferring public Slack channels to DMs, encouraging asynchronous communication over synchronous, and sharing notes from in-person meetings with context in Slack. We also introduced a handful of new ongoing company activities to help remote employees get to know everyone on the team such as monthly virtual hangouts (escape rooms, games, etc.), quarterly in-person events where we bring the entire team in for some fun, and starting new employees in cohorts when possible instead of by themselves and encouraging them to come in-person for at least a few days in their first few weeks (travel expenses all covered by Courier).

Reviews for new hires

Lastly, in an effort to help us better identify how we as a company could support new employees when they first join, we are instituting a 30 day review process for all new hires when they hit 30 days from their start date. Instead of focusing exclusively on performance indicators as most review processes do, we are going to be emphasizing behavioral indicators of success at Courier via peer reviews. Some examples of indicators that we believe will be correlated with success are “proactively asking questions”, “offering feedback”, “taking ownership”, and “proactively suggesting improvements”. The goal of this process is to help reinforce the work philosophy at Courier for new hires (and reviewers - they’ll have to be on the lookout for these behaviors) and help us think about what we should be looking for in the hiring process to make sure there is a mutual great fit with all candidates.

The impact of this decision

Since we announced this change to the team a few months ago, we’ve seen a largely positive reaction. Ultimately, this change allowed existing team members more flexibility since they can now live anywhere in the U.S. without any changes to their compensation or they can keep coming into the office as they already were. We’ve also noticed a significant increase in our inbound talent pipeline across all roles from candidates who want a primarily remote experience. It’s worth noting that even among the non Bay Area hires we’ve made, they’ve all come and visited at least once already and our Head of Developer Relations, Nočnica, who is based in Portland, actually cited her experience having lunch with the team in the office during the interview process as a primary factor in her decision to join Courier. We’re excited to see that this has been received well by our existing team members and potential candidates alike and will be continuing to think of improvements we can make to build a world-class workplace at Courier.

If you’re interested in learning more about opportunities at Courier, check out our open roles here.

How Courier Became SOC 2 Type 2 Compliant

Aman — Mon, 04 Apr 2022 04:44:40 +0000

The consumerization of SaaS has resulted in a massive handling of PII (personally identifiable information) over recent years. The security and protection of said PII has therefore become central to the foundation of a quality SaaS product, and Courier is no different. In a world where there seems to be a new data breach every time we look, users continuously demand transparency into how their data will be handled. SaaS engineering and product teams who care about how secure their apps are are just as eager to fulfill this demand. Today, in a big step toward this transparency, we are excited to announce that Courier is now fully SOC 2 Type 2 compliant.

But what does this mean? Software security and compliance is constantly evolving and is as complicated a topic as it is important. So we wanted to take this opportunity to talk a bit about what it means to be SOC 2 Type 2 compliant, why it is important that we are, and what our journey looked like on our way here.

Why Courier invested in SOC 2 compliance
Courier’s mission is to make software-to-human communication delightful, currently through providing excellent notification infrastructure. Product notifications can include a wide range of content. A rideshare app may need to include a user’s location information to provide the best experience, while a banking app may send notifications with personal financial information. Because of the sensitive nature of many notifications, it is important to us, and our customers, that Courier provides safety and security for sensitive data and peace of mind for our end users.

Also worth keeping in mind is that SaaS companies tend to use other SaaS tools to build their own products, which must be disclosed to customers using sub-processors agreements. One requirement of SOC2 compliance is ensuring that all of your sub-processors are also SOC2 compliant so this is a necessary step for providing software to many other SaaS tools.

SOC compliance is one way Courier, like other SaaS companies, can reassure customers and end users that their data remains and will continue to be as protected as possible. Having a Systems and Organizations Control (SOC) report shows that we have the important security controls in place, are using best practices to prevent, detect, and remediate any breaches, and will be transparent with our customers in how we use their information.

Why all SaaS companies should be SOC 2 Type 2 compliant
To understand the steps to take to be SOC 2 Type 2 compliant, we should better understand the myriad of SOC reports a company can produce and why SOC 2 Type 2 is the best option of them all.

A company that is SOC 1 compliant reports on security controls around financial information and objectives. SOC 2 compliance steps beyond finance and focuses on reporting on security controls concerning the five trust services principles (TSP) including security, availability, processing integrity, confidentiality, and privacy. Recently, there has been a trend towards producing and sharing SOC 3 reports in place of the more rigorous SOC 2 report. A SOC 3 report is typically generated during a Type II Audit and is intended to be a publicly available report that describes the internal controls a company has in place for SOC compliance at a high-level. They generally do not include enough information to be considered a substitute for a full Type II report, but can provide a third-party with general information on a company’s policies without divulging any sensitive information about internal controls.

Because of the detail and depth provided, SOC 2 compliance is the best option for most companies. Of SOC 2 reports there are two types: Type 1 and Type 2. Type 1 reports are quicker and easier to generate because they cover security controls and their functions on a single given day. Their purpose is to show that the controls exist, but do not provide any context on whether the controls are used in practice. Type 2 reports, on the other hand, consist of a one-year audit period requiring evidence of effective policy and control enforcement. . While these reports require more time and resources, they also provide a better view of the effectiveness of a company’s ability to detect and repair security vulnerabilities.

Courier wanted to be able to not only state our intent, but also prove to interested parties that we are following through, which a SOC 2 Type 2 report would allow us to do.

What did Courier’s journey to compliance look like?
Over a year ago, when Courier started acquiring customers in industries with sensitive data like financial services and healthcare, it became important to show our customers that their data (and their customers’ data) would be in good hands. To do so, like many early stage tech companies, we went for SOC 2 Type 1 compliance first.

In order to become Type I compliant, we needed to develop a set of policies and controls for our business practices covering a range of activities from financial reporting and hiring, to how we ship code and store data. We used a software service called Vanta, a Courier customer, to develop these policies and ensure we had covered the entire set of requirements. The process after this was fairly simple - we engaged with an auditor to go over our policies and ensure we were meeting all of the criteria to be Type I compliant. After they completed their brief audit, they generated a SOC 2 Type I report for us. We completed this in November 2020.

Since Type II compliance requires going through a one-year audit period, we had to wait a full year before we could begin the process. In December 2021, we began an engagement with Geels-Norton, an advisory service that is a qualified auditor for SOC 2. In order to complete their audit, they requested and analyzed evidence from Courier that we had effectively enforced all of the necessary policies and controls for SOC 2. Some examples of evidence included proof that we enforced hard drive encryption on all devices, enforced multi-factor authentication on all engineering systems, and regularly conducted meetings with our board. Once we satisfactorily completed the audit, they issued a Type II report for Courier.

Conclusion
The journey to ensure that we are doing our best to protect our customer’s data does not end with becoming Type II compliant. In addition to continuously evolving our policies to follow best practices in the industry and baking them into our company’s culture as we scale, we are also working towards other compliance standards such as HIPAA so that we can support healthcare organizations with their customer communication infrastructure and ISO 27001. As a provider of core infrastructure, it is extremely important to our customers that we remain on the cutting edge of security practices and we remain committed to earning their trust.

Consider Hybrid Work

Aman — Thu, 16 Sep 2021 21:31:11 +0000

We all spent a year getting used to remote work; now, the big question is how do we transition back to the in-person work pattern in a new world with Covid-19? Or should we transition back at all? In a study of workers by Buffer (both pre-pandemic remote workers and workers who became remote during the pandemic), 97.6% confirmed they would like to continue working remotely at least some of the time.

The two most significant benefits for these remote workers were the flexible schedule (32%) and the ability to work anywhere (25%). However, aside from the benefits, they also expressed their two biggest struggles as “not being able to unplug” and “difficulties with communication and collaboration.”

Courier was founded in April 2019. Although that was only a couple of years ago, the way people work has changed dramatically since then. Until March 2020, we operated under the same assumption that almost all of America had operated on: we’d get an office, and people would come into the office pretty much every day. Since then, we’ve gone on a journey that’s ended at the destination of a hybrid-remote approach to work—and here’s how we got there.

We Appreciate the Benefits of Remote Work

Generally, remote work gives employees the freedom to plan and organize their schedules to suit both their work and personal lives. It also increases the level of productivity and employee retention. A Gartner study showed that 43% of workers stated their higher productivity levels came from flexible work hours.

We think of ourselves as an innovative company. But we weren't set up to work remotely, so we found ourselves scrambling to adjust to being remote. Some things were easy—our product is software, so nothing stopped our engineers from building or our customers from using our API. Other things weren't. For instance, we rebuilt our onboarding process for new users earlier this year, but virtual whiteboard sessions were noticeably slower, less productive, and less imaginative compared to how the same sessions went after coming back to the office.

Over time, we made many changes to account for the remote nature of our work, and we noticed many improvements. For one, remote work increased the visibility of our communication. We shifted our communication on Slack to center around public channels instead of direct messages to increase visibility. We also simplified our meeting structure to spend less time in meetings and instead communicated information asynchronously via Google Docs or Notion docs when possible. As a result, the average efficiency of every meeting has gone up, so we've been more selective about which meetings we have and which ones we cancel.

We also found ways to spend time together virtually since we couldn't hang out in person (if you haven't done a virtual escape room, we'd highly recommend it!). Remote work also helped us better acknowledge employee contributions. For example, we made copious use of a Slackbot called HeyTaco to celebrate our progress and recognize everyone for their achievements.

We Built Our Company Culture Around Face-to-Face Interactions

The culture at Courier had been built around collaborating face-to-face because we believe that working in the same office is more conducive to speedy execution and decision-making, and collaboration for an early-stage startup. So getting on the same page when we transitioned to working remotely was difficult and inefficient. This challenge only increased as we expanded beyond being an engineering organization and added team members in customer success and marketing.

When you’re a small startup, part of your edge is the ability to organize rapidly, iterate on experiments quickly, and naturally build a strong team ethos. These become logistically challenging to create as a company grows larger. And these deficiencies can be more glaring in a remote-only setting.

First, remote work has yet to replicate the kind of high-bandwidth collaboration an in-person meeting naturally creates. Sure, not all meetings need to exist, and there are a plethora of productivity tools that simulate in-person collaboration. Still, we haven’t found any of them to equal the experience of gathering around a whiteboard and physically writing out a workflow or drawing a mockup.

Part of what we’ve found lacking is convenience and ease of use. The missing piece here is that non-verbal communication is effectively non-existent when working remotely and the natural spontaneity that occurs during in-person meetings is absent over Zoom. In practice, you can notice when your colleague seems a little puzzled in a face-to-face meeting, and you can ask them where they disagree or what they think. It’s easier to miss that over Zoom unless someone vocalizes their thoughts.

Sometimes, people don’t want to ruin the conversation flow with a tangential idea. However, there’s an opportunity for a teammate to engage via a sidebar to the primary conversation when you’re in-person so you can still explore the tangent without disturbing the broader meeting. These things seem trivial, but, particularly during the more creative parts of development, they have a significant impact.

The other loss from working remotely is unplanned conversations, particularly those among members of different teams. At a company level, this blocks information flow across teams and reduces collaboration. It makes it harder to learn about how the rest of the business functions at an individual level. It’s one thing for an engineer to read a Google Doc laying out the plan for a marketing campaign after a series of planning meetings among the growth team. It’s another thing to catch the postscript of a meeting at lunch and throw some ideas out that help improve alignment between the product roadmap and growth plans.

These impromptu discussions lead to a better outcome for both teams, but it also gives everyone involved some insight into their counterpart’s workflow, which they may not have gotten otherwise. Because of the unprecedented speed at which venture-backed startups are expected to execute, building context across the entire business can help you come up with ideas, prioritize your own, and provide a useful perspective on new initiatives.

If you’re a younger member of the working world, in-person meetings with your colleagues are even more valuable. You’re even more likely to hesitate to interrupt people in Zoom to ask basic questions and will find it more challenging to pick up business context remotely than you would by simply observing your colleagues in the office.

Lastly, in our opinion, in-person work is more conducive to building great work relationships and, ultimately, making the startup journey more fun. Of course, being in person is not a requirement for getting to know someone, and getting to know someone is not required to get work done with someone. But for people who enjoy getting to know their colleagues and feed off the energy of being in a building full of people working toward the same goal, working in a remote-only environment can be less stimulating and more taxing mentally.

A Hybrid Approach Blends the Best of Both Worlds

Unlike many similar organizations, we don’t intend to become a fully remote workplace. Instead, we believe the best way forward for us is to adopt a hybrid approach.

A hybrid approach for Courier means we have an office, the team will generally be expected to come in one to two days a week, and planning happens on those days. The rest of the week is for working on assignments remotely. And since we’ve invested in making remote work viable for us, if we happen to be traveling, we can work remotely during our trip (or take time off, of course). For example, our VP of Growth, Nick Gottlieb spent two months working from Montana. Raymond See, our Head of Data, spent a month in Hawaii, and I frequently visited my family in New York.

At Courier, we’ve continued hiring folks exclusively in the Bay Area. We’ve even had team members move here from other parts of the country because they wanted to be part of a team that meets in person every week. I moved here from New York before the pandemic, Tejas Kumthekar, an engineer, moved here earlier this year from Chicago, and Andrew Youngwerth, another engineer, just moved here from Boise, Idaho.

"Having the freedom to work in the office has given me the feeling of wanting to go somewhere again. Synchronized work in a safe space brings a sense of community that I look forward to each day." — Micah Zayner, Sr. Growth Marketing Manager at Courier

Consider many factors — like your organization's norms and culture — before choosing your approach to a model that works for your company. While you can learn from our model, you have many other options. Check out McKinsey’s study on how you can effectively choose a model and reimagine your post-pandemic workforce.

Finally, we encourage you to be open about this with your team and start the conversation as soon as possible. That way, your company’s employees aren’t wondering and won’t get anxious about what the post-pandemic work pattern will be.

*Further reading: [Making Hybrid Work more permanent, set some ground rules](https://www.gartner.com/smarterwithgartner/making-hybrid-work-more-permanent-set-some-ground-rules/)*

Results So Far From our Hybrid Approach to Work at Courier

We started this hybrid approach work pattern in May 2021, and so far, we’ve seen a good turnaround in our creativity. Here are some significant achievements:

Since our team has grown throughout the pandemic, we had physical meetings to brainstorm ideas, refocus our mission statement, and figure out core team values.
We’ve run multiple cross-functional growth experiments and have iterated multiple times on different flows in the product (by contrast, the product development lifecycle during the pandemic was full releases with minimal design iteration involved).
We’ve also had countless examples of unplanned conversations leading to great outcomes for the product and business—we decided to change our pricing when Nick overheard a conversation Troy, our CEO, and I were having. We were talking about some customer feedback around the complexity of our pricing, and he suggested we offer customers simple per-message pricing. Another instance was when Suhas, an engineer on our team, overheard a conversation Seth Carney, our CTO, and I were having on notifying customers about their billing status. He suggested that we find a way to use our own product for these kinds of notifications, which made too much sense not to do. We’ve since continued expanding our usage of our own product inspired by his offhand comment.

"For me, I feel like my time in the office during collaborative activities is energizing and inspiring and allows me to form meaningful in-person relationships. Yet as an engineer I also highly value distraction-free focus time, which for me is best done in my home office. This balance has made Courier a really enjoyable and energizing place to work." —Chris Gradwohl, Engineer at Courier

While some companies may never return to the office again, Courier believes taking a hybrid approach retains many advantages of a remote-only organization while adding back significant aspects of in-person working. If you’re interested in our work environment, we have some open roles on our careers page.