←back to thread

273 points aaln | 2 comments | | HN request time: 0.412s | source
Show context
kojeovo ◴[] No.42149815[source]
The privacy and security part is not inspiring confidence. Scrolling to the next section got me thinking "Don't get scammed at closing, get scammed before closing after uploading your mortgage documents to a random website."

Cool idea though.

replies(2): >>42150061 #>>42150121 #
aaln ◴[] No.42150061[source]
Hey, Aaron the builder here.

The scamming that happens to homebuyers is not even comparable to the risk in uploading docs to a website which promises they won't share user data with anyone. This is genuinely a pro buyer tool with no association with any 3rd party.

The tool has already helped many people negotiate and get a better deal on their mortgage. Please before judging understand that 70% of buyers overpay in their mortgage 1-3% in closing costs and bad rates. It's mind boggling how much lenders get away with profiting in junk fees from stressed out homebuyers.

replies(15): >>42150103 #>>42150132 #>>42150169 #>>42150219 #>>42150406 #>>42151085 #>>42151198 #>>42151240 #>>42151281 #>>42151328 #>>42151929 #>>42152370 #>>42153139 #>>42154561 #>>42164650 #
WaitWaitWha ◴[] No.42150219[source]
Allow me to expound on @kojeovo's remark. Please take this as a constructive criticism to improve your success potential. Much of it is from a quick glance, and am sure there are many other facets to improve.

A business is not just about the product.

Your Privacy Policy. There is no default way to download it (see 9.), and since it is window-ed cannot print entire doc. That means I cannot keep a copy of it for myself.

> We collect the following types of information:

> Mortgage Documents: Loan Estimates and Closing Disclosures you upload for analysis.

Okay, but

> 4. Data Security

> We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, and destruction.

This means nothing. Are you ISO 27001:2022, NIST SP 800-53, CIS, CE+, Essential Eight, or something else? Have you been audited, and proof? Who is your ISP? What regs do you follow around data sovereignty?

Terms of Service. Again, no default way of download. Overall, I would never agree to this ToS. It demands all kinds of requirements on the user, but takes no responsibility for anything - or as described above, explain how you will protect your customers.

You have no reference anywhere where you are geographically. No address, no about us, no who you are. I would be very leery on uploading anything.

replies(3): >>42150822 #>>42150852 #>>42150889 #
1. mmh0000 ◴[] No.42150822[source]
Would it matter if they had a "perfect" privacy policy? I don't believe there's anything legally that enforces it. So they can promise the moon then turn around and sell your data.

Maybe I'm wrong here, but, My mental model of privacy policies and the like has always been: This is a lie, the company will do whatever it wants with my data. And I will have no recourse.

As such I've always acted accordingly. And very few websites have legit info on me.

replies(1): >>42151436 #
2. T4iga ◴[] No.42151436[source]
I think acting 'as if' is the safe option here but encouraging change for the better in someone willing to engage in dialog is still better than not doing it. Maybe you didn't intend to make a counterpoint, i just wanted to point that out.