Show HN: Free mortgage analysis tool to avoid getting screwed by closing costs

Allow me to expound on @kojeovo's remark. Please take this as a constructive criticism to improve your success potential. Much of it is from a quick glance, and am sure there are many other facets to improve.

A business is not just about the product.

Your Privacy Policy. There is no default way to download it (see 9.), and since it is window-ed cannot print entire doc. That means I cannot keep a copy of it for myself.

> We collect the following types of information:

> Mortgage Documents: Loan Estimates and Closing Disclosures you upload for analysis.

Okay, but

> 4. Data Security

> We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, and destruction.

This means nothing. Are you ISO 27001:2022, NIST SP 800-53, CIS, CE+, Essential Eight, or something else? Have you been audited, and proof? Who is your ISP? What regs do you follow around data sovereignty?

Terms of Service. Again, no default way of download. Overall, I would never agree to this ToS. It demands all kinds of requirements on the user, but takes no responsibility for anything - or as described above, explain how you will protect your customers.

You have no reference anywhere where you are geographically. No address, no about us, no who you are. I would be very leery on uploading anything.

Would it matter if they had a "perfect" privacy policy? I don't believe there's anything legally that enforces it. So they can promise the moon then turn around and sell your data.

Maybe I'm wrong here, but, My mental model of privacy policies and the like has always been: This is a lie, the company will do whatever it wants with my data. And I will have no recourse.

As such I've always acted accordingly. And very few websites have legit info on me.

Legitimately curious, what’s the worst they could do with this data?

Thanks for the constructive feedback.

I just added a way to easily download the entire privacy policy and terms of service, also quickly added an about page with some info about me - https://closing.wtf/about

Eventually I'm going to get a certification and will keep your other points in mind.

Aside from the personal details (name, address, etc), they can collect pricing info on houses, run analytics, and swoop the deal with a slightly better offer or better yet, sell it to wholesale buyers, reits, and whoever is interested in stealing the deal.

The most common scams around home buying are wire fraud - contact the buyer pretending to be the title company and steal their money. The data in a mortgage is exactly what you need to enable these scams and you're getting people to hand it to you and at the same time tell you they are about to wire money.

That...is not how mortgage servicing companies operate.

> name, address, etc

In my country all that plus your social security number and tax declarations etc are public information. What's your opinion on that?

People aren't concerned about giving their details to a mortgage servicing company, they're concerned about giving their details to a random website called "closing.wtf", which promises to provide mortgage advice for free with no other obvious revenue source.

>they can collect pricing info on houses, run analytics

AFAIK house sale prices (ie. property transactions) are open in many (most?) jurisdictions.

>and swoop the deal with a slightly better offer

How does that even work? The winning bidder is presumably someone who gave the highest offer. Why would another company pay above and beyond that, considering that there's probably several other serious buyers who aren't willing to pay more?

I have never done a wire transfer at a residential closing. I come to the closing at the title company office with a cashier's check from my bank for the amount they told me to bring.

I think acting 'as if' is the safe option here but encouraging change for the better in someone willing to engage in dialog is still better than not doing it. Maybe you didn't intend to make a counterpoint, i just wanted to point that out.

The terms are not public until the house is sold. In the contract pending state you don’t know how much it is going to sell for. Theoretically if they saw a buyer accepting a crazy low offer they could alert the troops.

But it doesn’t need a lot of the data in that document, so really they need a way to redact all the unnecessary data to require less trust.

Edit: words.

Did you bought enough houses to assume that's always the case?

My experience was that I was told to send the cashier's check using overnight FedEx because they did not have office in my area.

The only method available to me at closing was a wire transfer. It is dumb.

The deal isn’t always about the price. For example, a $1M house bought with $100K down and $900K mortgage is a worse deal for the seller as compared to $500K down and $500K financed. Assumption here is that it is more likely to get a $500K loan irrespective of the appraised value of the house.

A lower all cash offer (say $975K) is likely a better offer for the seller because it reduces the risk for them and closes the transaction much quicker than a mortgage transaction.

I have been a buyer in two transactions where my offer was slightly lower than the highest bidder, but with better terms.

No, fair enough. I would not close anywhere other than a local title company though. I've had a few odd things surface at the last minute that were resolvable because everyone was sitting around the same table.

Wire Transfers are not undoable and instant, much like Zelle. So I always recommend people send $10 first, and confirm everything works, before sending real money. When doing the confirmation, try using a different channel of communication, to ensure you are getting the right person. i.e. call them directly from known good phone numbers or something.

Yes many banks charge $30 or more for a wire transfer, but I'd rather just pay the $60 than have a large sum wire transfer lost, stolen, etc.

Some banks/Brokerages are sane and do not charge extra for wire transfers. Fidelity is one such. BOA also(if you have enough assets there, $100k will do it).

As a home buyer, I've been beaten many times by an all-cash offer that was significantly lower than my financed offer. For example, a $450K all-cash offer where they'd close in 7 days beat my $525K 80/20 offer where it would have taken me 25+ days to close.

Yep. When we closed on our house we got a whole lecture from the title company about how frequently data breaches lead to wire fraud and to not trust anyone. Mortgage originators are constantly under attack to try to get at the information that OP is asking people to just casually upload.

Their aggressive dismissal of the concern is not a good look.

> a $1M house bought with $100K down and $900K mortgage is a worse deal for the seller as compared to $500K down and $500K financed.

Do sellers in the US know how large your down payment is? AFAIK that's not a thing in Canada. Offers either have a financing condition, or don't. If the offer doesn't have a financing condition, the buyer might be paying cash. But they could just be trying to present an offer with better terms, gambling that they'll definitely find financing somewhere or the other.

Cashier's check was only accepted for amounts less than $10k at our closing by our title company. This seems common to require wire. The title company contracted with a 3rd party escrow service so the money was required into the title company's account at the escrow service. I assume a cashier's check would need to be mailed to the escrow company

Lol no revenue source and a promise to never sell or share their data.

Gotta figure this one out...

I am not dismissing the concern, I was stating the tool solves an even larger concern. I'm doing everything I can to setup it up to be secure, private, and worthy of trust and addressing the feedback points.

If you have suggestions more than "don't trust this random internet tool even if it gives you free advice, regardless of the value it offers", please let me know [thanks emoji]

Yup, the seller is (at least should be) made aware of the financing structure, as it’s part of the offer.

Every time I’ve sold a house it’s been a factor in deciding which offer(s) to pick or counter.

I think based on your responses so far, it’s disappointing, but people should not upload these docs.

There isn’t anything actionable in them. It seems like you are running some kind of scheme to collect these documents. And it’s not clear why you need them at all: you could provide the same advise to everyone regardless of their contents, which is to compare options, or to ask for more lender refunds.

Is it too paranoid that even for first time Zelle (with people I know in real life) I send a $ and ask them to see if they received it, before sending anything else?

That's interesting. My last house was $$$ and I had no RE agent. Negotiated with the seller's agent myself. Never once disclosed financing info.

With all due respect, that is the fundamental problem here. Your tool may provide value to your users but uploading mortgage documents to random third parties is de facto dangerous and encouraging users to act irresponsibly.

A great analogy would be a website that asks users to provide their usernames and passwords for sites to see if it’s a strong password or if it’s been compromised. “Sorry, the credentials stouset / hunter2 were found in our database for Hacker News.”

Sure maybe you’re a saint and don’t store or misuse this data. But such a site would in the best case be training users to do a very wrong and dangerous thing. In the worst case you get breached by attackers who do use the collected data to do evil.

This makes sense for the seller depending on how often a financed offer falls through. Our agent mentioned that in Amsterdam for example over 1/3rd of the offers with a financing condition fall through. And they do so weeks after the signing of the agreement so it costs the seller significant time and money.

With such a high chance of not actually getting the sale done, sellers are motivated to take 475 immediate cash instead of 525 with a 1/3rd risk of having to do it all over. Especially if they need the cash to buy their next home.

I do / did this between my own bank accounts when entering details the first time.

On a per individual basis, I think most individuals would prefer to overpay mortgage fees slightly rather than lose the entirety of the money they wire.

> A great analogy would be a website that asks users to provide their usernames and passwords for sites to see if it’s a strong password or if it’s been compromised. “Sorry, the credentials stouset / hunter2 were found in our database for Hacker News.”

This is actually a really good analogy because it does illustrate that it's not a completely crazy ask—people do trust Troy Hunt to run such a site. But OP should be much more understanding of how dangerous the concept is and offer options to resolve concerns (Troy allows downloading the passwords list to check locally), especially while they're not Troy Hunt-level famous and still are trying to build up trust.

100% not paranoid. I do this for basically all payments.

> industry-standard security measures

The industry-standard is to get hacked and have your info leaked online.

"Industry-standard" is like saying "military-grade"

> I've been beaten many times by an all-cash offer that was significantly lower than my financed offer

Note that all cash commonly means no financing contingency. I put in an all-cash offer and financed it. I just didn’t have an out if I couldn’t find financing I liked. (Legally.)

Just replace the entire contents of the privacy policy with the word “None.”

You’ll never ever please the privacy commenters on HN who are armchair security enthusiasts. They’re never going to use your product and they’re never going to stop complaining if you show your product to them.

Normal people just don’t care. For a tiny side project spend your time on the thing that’s potentially useful to people not trying to appease the privacy crowd on HN.

3rd party. ROFLMAO.

At least put a patron link on there or something, so people can have a legitimate way to pay for the cost associated with running the website. Perhaps make a suggested amount of 10% of the savings.

This gives you a obvious profit motive, and makes you seem more sketchy because you now have more skin in the game to keep it operating as a valid and useful business service

Troy's site isn't actually handling the user's real password to check, its doing a lookup of hashes to see if a similar hash is there. The password and final hash checks never leave the client side. Still a lot of trust involved in a site like that, and yeah he encourages you use the API to do the comparisons yourself.

This is actually uploading all the information to the backend and storing it in a database. Like a page that is asking for a service URL, a username, a password, a TOTP secret, sending it all to the server, and having the server check if the credentials have been pwned and saving it all.