←back to thread

273 points aaln | 1 comments | | HN request time: 0.216s | source
Show context
kojeovo ◴[] No.42149815[source]
The privacy and security part is not inspiring confidence. Scrolling to the next section got me thinking "Don't get scammed at closing, get scammed before closing after uploading your mortgage documents to a random website."

Cool idea though.

replies(2): >>42150061 #>>42150121 #
aaln ◴[] No.42150061[source]
Hey, Aaron the builder here.

The scamming that happens to homebuyers is not even comparable to the risk in uploading docs to a website which promises they won't share user data with anyone. This is genuinely a pro buyer tool with no association with any 3rd party.

The tool has already helped many people negotiate and get a better deal on their mortgage. Please before judging understand that 70% of buyers overpay in their mortgage 1-3% in closing costs and bad rates. It's mind boggling how much lenders get away with profiting in junk fees from stressed out homebuyers.

replies(15): >>42150103 #>>42150132 #>>42150169 #>>42150219 #>>42150406 #>>42151085 #>>42151198 #>>42151240 #>>42151281 #>>42151328 #>>42151929 #>>42152370 #>>42153139 #>>42154561 #>>42164650 #
WaitWaitWha ◴[] No.42150219[source]
Allow me to expound on @kojeovo's remark. Please take this as a constructive criticism to improve your success potential. Much of it is from a quick glance, and am sure there are many other facets to improve.

A business is not just about the product.

Your Privacy Policy. There is no default way to download it (see 9.), and since it is window-ed cannot print entire doc. That means I cannot keep a copy of it for myself.

> We collect the following types of information:

> Mortgage Documents: Loan Estimates and Closing Disclosures you upload for analysis.

Okay, but

> 4. Data Security

> We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, and destruction.

This means nothing. Are you ISO 27001:2022, NIST SP 800-53, CIS, CE+, Essential Eight, or something else? Have you been audited, and proof? Who is your ISP? What regs do you follow around data sovereignty?

Terms of Service. Again, no default way of download. Overall, I would never agree to this ToS. It demands all kinds of requirements on the user, but takes no responsibility for anything - or as described above, explain how you will protect your customers.

You have no reference anywhere where you are geographically. No address, no about us, no who you are. I would be very leery on uploading anything.

replies(3): >>42150822 #>>42150852 #>>42150889 #
aaln ◴[] No.42150889[source]
Thanks for the constructive feedback.

I just added a way to easily download the entire privacy policy and terms of service, also quickly added an about page with some info about me - https://closing.wtf/about

Eventually I'm going to get a certification and will keep your other points in mind.

replies(3): >>42153451 #>>42156603 #>>42156750 #
1. paulcole ◴[] No.42156750[source]
Just replace the entire contents of the privacy policy with the word “None.”

You’ll never ever please the privacy commenters on HN who are armchair security enthusiasts. They’re never going to use your product and they’re never going to stop complaining if you show your product to them.

Normal people just don’t care. For a tiny side project spend your time on the thing that’s potentially useful to people not trying to appease the privacy crowd on HN.