Why I'm building a trust center company, what I've learned so far, and every number I'm willing to share.
My name is Anton Lissone. I'm building INeedTrust — an AI-native trust center platform.
This is the third publication in a five-part series about the trust center market. The first two were analytical — the security tax that companies pay, the graveyard of trust center products that didn't survive. This one is personal.
I'm going to share why I started this company, the decisions I've made (and the ones I regret), and the real numbers from the early months. Not because transparency is a marketing strategy — though it is — but because I'm building a company whose entire thesis is that trust is proven, not claimed. It would be hypocritical to hide behind a polished narrative.
I didn't start INeedTrust because I saw a market opportunity on a spreadsheet. I started it because I lived the problem.
I spent years watching smart engineering teams burn hundreds of hours answering the same security questions. The same SOC 2 summary, repackaged. The same "yes, we encrypt at rest and in transit" written slightly differently for each evaluator. The same CTO staying up past midnight before a deal deadline to finish a questionnaire.
When Drata acquired SafeBase in early 2025, I ran the numbers. Three acquisitions in three years had removed every independent, affordable trust center option from the market. The companies that needed trust centers most — startups and mid-market SaaS — had nowhere to go.
That's when I stopped observing and started building.
Every startup is a sequence of decisions made with incomplete information. Here are the ones that shaped INeedTrust:
$120K of personal capital. No external funding in Year 1. The reasoning: a trust center platform can reach profitability with 2 FTEs if you use AI aggressively. Raising money before proving unit economics would have diluted equity and created pressure to grow before the product was ready. The trade-off: slower initial growth, zero safety net, $0 founder salary.
The conventional wisdom for B2B SaaS is "start enterprise, expand down." I went the opposite direction — $150/month Starter tier, credit-card purchase, self-serve. Why: every trust center company that went enterprise-first either got acquired or got stuck at $15K+ price points that excluded the mass market. I'd rather have 500 customers at $150/month than 5 at $15K/year. The math works out the same, but the distribution flywheel only works with volume.
Not "AI-enhanced." Not "with AI features." AI as the primary operator. The trust center populates itself from a URL scan. AI proposes updates. AI handles maintenance. The human reviews and approves. This isn't a philosophical position — it's the only way 2 people can operate a platform that would normally require 8-10.
Even if a customer churns, their trust center stays live in read-only mode. The reason is partly ethical (deleting a trust center could disrupt active evaluations) and partly strategic (every live trust center is a "Powered by INeedTrust" billboard). This is the single decision I'm most confident about.
Zero paid acquisition budget. LinkedIn, content, AI-powered outbound, and the "Powered by" flywheel. The reasoning: paid ads reward proven messaging. We don't have proven messaging yet. Spending $5K/month on LinkedIn ads before we know which headline converts would be burning cash on learning we can get for free through organic content. Paid comes in Year 2, after the message-market fit is clear.
Here's where the company stands. These are real numbers, not projections.
That's the honest picture. Revenue is growing but still a fraction of expenses. Runway is comfortable but not infinite. The product is live and being used. The marketing budget is almost nothing — AI does the heavy lifting.
Two people built what would normally take a team of 6-8. AI code generation, AI-powered testing, AI-drafted documentation. The "AI replaces headcount" thesis isn't theoretical — it's our operating model. The $9,400/year in AI tooling replaces $150-250K in additional staff.
Even the Coming Soon pages generated inbound interest. Free trust center pages became lead gen pages before we had a paid product. The viral mechanic validated faster than expected.
The AI-powered "enter your URL" onboarding converted significantly better than the manual setup flow. Lesson: the moment you ask people to input data manually, you lose them. Output before input is the correct architecture.
The customers who stay aren't the ones who love the features. They're the ones whose trust centers are current. The AI maintenance — expiration alerts, update proposals — is the retention mechanism. This was the hypothesis. Now it's validated.
Building in public means sharing the failures. Here are three:
"The hardest part of building in public isn't the vulnerability. It's the discipline to share the numbers when they're not impressive yet. The whole point is that trust is built through transparency over time, not through a perfectly timed reveal."
— Anton Lissone, FounderI'm sharing this because I believe the B2B SaaS ecosystem needs more founders who are transparent about what it actually takes to build a company. Not the "we raised $10M and here's our launch post" version. The "$0 salary, $120K of personal money, and here's every decision I've made" version.
The trust center market specifically needs this transparency. The incumbents are opaque about their pricing, their architecture, and their acquisition plans. The acquirers are silent about what happens to existing customers post-acquisition. The enterprise GRC vendors publish polished case studies but won't tell you their actual churn rates.
INeedTrust's thesis is that trust is proven, not claimed. If I can't apply that thesis to my own company's operations, I have no business selling it to others.
Trust is proven, not claimed. Building in public is the founder-level application of that thesis. Every number in this post is real. Every decision is documented. Every mistake is acknowledged. This is what it looks like to build a trust company by being trustworthy first.
Next in the series: demystifying enterprise security for the rest of us.
Next: Security Demystified →