At my last company we built a personalization feature that recommended content based on user behavior. Midway through the project our legal team flagged that we needed a GDPR-compliant consent flow, so I designed the consent banner and the data deletion pipeline. I also added TLS encryption for all data in transit and at rest. After we shipped, user trust scores in our NPS survey went up, which showed the work paid off. I learned that privacy matters to users and I now make sure to include it in every project I work on.
When we built an on-device search feature for user notes, my first architectural decision was that the index never leaves the device. I had a server-side option that would have been faster to build, but it would have required syncing plaintext note content to our servers — data the user never agreed to share. Instead I scoped the problem: what is the minimum the device needs to answer a query locally? We built an inverted index stored in the app's sandboxed container, processed entirely in-memory at query time, with no network call. Result: sub-80ms search with zero data egress. User adoption of search doubled within six weeks of launch because users who had previously avoided the feature — I know this from session analytics — turned it on once we shipped a clear indicator that search was fully local. Privacy wasn't a constraint I worked around. It was the reason the feature worked.