A few weeks ago I went down a rabbit hole. I'd been reading about how every SaaS company eventually has to deal with GDPR / SOC 2 / HIPAA, and how the existing tooling space basically goes like this: > "Do you have a password policy document?" > "Ye...