Comment by WaitWaitWha
7 days ago
Allow me to expound on @kojeovo's remark. Please take this as a constructive criticism to improve your success potential. Much of it is from a quick glance, and am sure there are many other facets to improve.
A business is not just about the product.
Your Privacy Policy. There is no default way to download it (see 9.), and since it is window-ed cannot print entire doc. That means I cannot keep a copy of it for myself.
> We collect the following types of information:
> Mortgage Documents: Loan Estimates and Closing Disclosures you upload for analysis.
Okay, but
> 4. Data Security
> We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, and destruction.
This means nothing. Are you ISO 27001:2022, NIST SP 800-53, CIS, CE+, Essential Eight, or something else? Have you been audited, and proof? Who is your ISP? What regs do you follow around data sovereignty?
Terms of Service. Again, no default way of download. Overall, I would never agree to this ToS. It demands all kinds of requirements on the user, but takes no responsibility for anything - or as described above, explain how you will protect your customers.
You have no reference anywhere where you are geographically. No address, no about us, no who you are. I would be very leery on uploading anything.
Would it matter if they had a "perfect" privacy policy? I don't believe there's anything legally that enforces it. So they can promise the moon then turn around and sell your data.
Maybe I'm wrong here, but, My mental model of privacy policies and the like has always been: This is a lie, the company will do whatever it wants with my data. And I will have no recourse.
As such I've always acted accordingly. And very few websites have legit info on me.
I think acting 'as if' is the safe option here but encouraging change for the better in someone willing to engage in dialog is still better than not doing it. Maybe you didn't intend to make a counterpoint, i just wanted to point that out.
Thanks for the constructive feedback.
I just added a way to easily download the entire privacy policy and terms of service, also quickly added an about page with some info about me - https://closing.wtf/about
Eventually I'm going to get a certification and will keep your other points in mind.
> industry-standard security measures
The industry-standard is to get hacked and have your info leaked online.
"Industry-standard" is like saying "military-grade"
I think based on your responses so far, it’s disappointing, but people should not upload these docs.
There isn’t anything actionable in them. It seems like you are running some kind of scheme to collect these documents. And it’s not clear why you need them at all: you could provide the same advise to everyone regardless of their contents, which is to compare options, or to ask for more lender refunds.
Just replace the entire contents of the privacy policy with the word “None.”
You’ll never ever please the privacy commenters on HN who are armchair security enthusiasts. They’re never going to use your product and they’re never going to stop complaining if you show your product to them.
Normal people just don’t care. For a tiny side project spend your time on the thing that’s potentially useful to people not trying to appease the privacy crowd on HN.
Legitimately curious, what’s the worst they could do with this data?
The most common scams around home buying are wire fraud - contact the buyer pretending to be the title company and steal their money. The data in a mortgage is exactly what you need to enable these scams and you're getting people to hand it to you and at the same time tell you they are about to wire money.
Yep. When we closed on our house we got a whole lecture from the title company about how frequently data breaches lead to wire fraud and to not trust anyone. Mortgage originators are constantly under attack to try to get at the information that OP is asking people to just casually upload.
Their aggressive dismissal of the concern is not a good look.
5 replies →
Wire Transfers are not undoable and instant, much like Zelle. So I always recommend people send $10 first, and confirm everything works, before sending real money. When doing the confirmation, try using a different channel of communication, to ensure you are getting the right person. i.e. call them directly from known good phone numbers or something.
Yes many banks charge $30 or more for a wire transfer, but I'd rather just pay the $60 than have a large sum wire transfer lost, stolen, etc.
Some banks/Brokerages are sane and do not charge extra for wire transfers. Fidelity is one such. BOA also(if you have enough assets there, $100k will do it).
3 replies →
I have never done a wire transfer at a residential closing. I come to the closing at the title company office with a cashier's check from my bank for the amount they told me to bring.
6 replies →
Aside from the personal details (name, address, etc), they can collect pricing info on houses, run analytics, and swoop the deal with a slightly better offer or better yet, sell it to wholesale buyers, reits, and whoever is interested in stealing the deal.
>they can collect pricing info on houses, run analytics
AFAIK house sale prices (ie. property transactions) are open in many (most?) jurisdictions.
>and swoop the deal with a slightly better offer
How does that even work? The winning bidder is presumably someone who gave the highest offer. Why would another company pay above and beyond that, considering that there's probably several other serious buyers who aren't willing to pay more?
8 replies →
> name, address, etc
In my country all that plus your social security number and tax declarations etc are public information. What's your opinion on that?
That...is not how mortgage servicing companies operate.
3 replies →