One of the things I tell them is to never upload financial documents containing personal information unless:
- The company they’re uploading it to is well known like a major bank and the domain in the address bar matches.
- They know the company they’re dealing with - which means a business address at a minimum and preferably a phone number.
- Avoid anything which claims to save money or be necessary which has a call to action to start uploading personal, documents.
This site fails all 3 tests. I was able to find the founder via the name and LinkedIn link. But at least put up a legitimate business name and something like a PO Box.
Registering a business name is $35 where this developer is located. A PO Box is around $80 a year. The name “closing.wtf” doesn’t seem to be registered with the state as a legitimate business. These are all red flags to “avoid”.
If you’d like a free cybersecurity analysis of your site, I’d be happy to offer a few free expert consulting hours to aain. Reply here and I’ll contact you on LinkedIn.
AND you have to give some new nebulous federal entity because "money laundering," or sometimes "OFAC enforcement."
I'm glad to take you up on your consulting offer.
Cool idea though.
The scamming that happens to homebuyers is not even comparable to the risk in uploading docs to a website which promises they won't share user data with anyone. This is genuinely a pro buyer tool with no association with any 3rd party.
The tool has already helped many people negotiate and get a better deal on their mortgage. Please before judging understand that 70% of buyers overpay in their mortgage 1-3% in closing costs and bad rates. It's mind boggling how much lenders get away with profiting in junk fees from stressed out homebuyers.
A business is not just about the product.
Your Privacy Policy. There is no default way to download it (see 9.), and since it is window-ed cannot print entire doc. That means I cannot keep a copy of it for myself.
> We collect the following types of information:
> Mortgage Documents: Loan Estimates and Closing Disclosures you upload for analysis.
Okay, but
> 4. Data Security
> We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, and destruction.
This means nothing. Are you ISO 27001:2022, NIST SP 800-53, CIS, CE+, Essential Eight, or something else? Have you been audited, and proof? Who is your ISP? What regs do you follow around data sovereignty?
Terms of Service. Again, no default way of download. Overall, I would never agree to this ToS. It demands all kinds of requirements on the user, but takes no responsibility for anything - or as described above, explain how you will protect your customers.
You have no reference anywhere where you are geographically. No address, no about us, no who you are. I would be very leery on uploading anything.
Rather than talking up the value of the tool as superceding the concerns, a more constructive approach might acknowledge the concerns and emphasize how you already do minimize risk or commitments you're willing to make towards doing so.
Being dismissive doesn't help worried or skeptical people feel more secure, and worried and skeptical people make perfectly good users too.
For example, you could advise the person uploading to remove PII prior to the upload, and link to pdf editing tools that allow them to do that.
You could say that not including PII like full name(s) found on just about every loan estimate does not take away from the value of the tool.
Another thing that could be done is to provide clear means for removing any data uploaded, or opt-out pre-upload of any data being used for training.
For example by creating an account first.
Providing some skin in the game such as putting the removal behavior in the terms of service and a personal guarantee to do everything to ensure sensitivity to privacy of this information will be handled carefully staking your reputation, probably would help.
I have no reason to think you're not completely sincere in this!
But, realize it doesn't mean anything.
Unless that promise is backed by some ironclad contract, it means nothing. Companies grow and hire new people who don't care about the original values. Or they get acquired and all bets are off. Or they start running low on cash and suddenly decide monetizing all that data is a good idea after all. Or it becomes visible enough to attract attention of the government who shows up demanding copies of data. And so on.
I've been in one or more startups where all of these things have happened.
Privacy concerns are real but the importance of that matter in your project is overestimated here by an absurd level.
What I read is not a constructive criticism and the suggestions laid down are not realistic nor business relevant at all. I feel like this is some sort of mass wishful thinking.
> We never sell or share data with third parties. All information is used solely to generate analyses to help borrowers analyze and optimize their mortgages.
I even looked further into the privacy policy, just to be diligent here.
> We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, and destruction.
With how much info I have been provided, I'm just not gonna upload a document to your site. Like I said, just doesn't inspire confidence as I scroll your landing page. Could just be a copy change to fix this.
What happens when you get hacked? Not if. To come back at someone with valid concerns with a "no, you don't understand my point of view" does nothing but a disservice to you.
Expecting people to just accept things is just not a good way to operate. When you receive push back, you need better responses than this. Will the vast majority of your users push back, sadly, probably not. However, you did post this to HN and then reacted poorly to valid criticism. Tsk tsk
Well as long as you promise, my privacy fears are allayed!
/s
Scammers pay a lot of money to people who can get them those kinds of lists.
Anyways the security could be fine. But if a user's primary action is uploading that document then maybe wanna have more than a quick sentence on it.
Create a known good OCR to calculation mechanism, then generate reports based off it. If it is inaccurate, its probably a small amount of logic to fix it.
With GPT you could even get it to write the parsing logic for you perhaps, and maybe process bill data when a bill doesn't exactly match existing parser data.
I'm a licensed real estate agent, I actually got my license not just to learn about the business but to be able to save myself on agent commissions if I want to make an offer (if you can pass a CS data structures class you should be able to get a real estate license online in a matter of months), and I still would not try to optimize on closing costs.
Do I shop loans ? Absolutely. Are closing costs a scam ? Absolutely.
Would I try to optimize closing costs in the context of making a purchase ?
No.
In the time you have to decide the one really important question (whether to proceed or not) you need to spent it understanding the worst possible parts of the transaction you are about to make, NOT focusing on the closing costs.
Some class action lawyers should be worrying about optimizing these fees. Shop your loan, but spend your time investigating the property.
Pretending to be a site helping mortgage borrowers not get scammed while actually being a mortgage lead gen portal though : chef's kiss.
- effectively shopping around items like title insurance, appraisals, etc by pointing out differences b/c competing vendors - identifying BS items that are not even on all offers, and simply having them removed. people like to add bogus fee lines.
For sure doing this as lead-gen is great. Agree that there is a huge risk of uploading personal info -- in the future local AI's will be able to do this. In the short term, they should partner with a known brand to give credibility.
Its going on nearly 20 years I have been watching this train wreck
I also at first didn't notice there is action needed to choose between uploading a Loan Estimate vs Closing Disclosure. It doesn't seem insurmountable to have the site automatically figure out the difference between those two.
There are many reasons the document will fail processing, it's usually because the wrong document type was selected or the original pdf from the lender has been modified. Sometimes, users upload a document they received which is just random text in a pdf they received as a pre-offer from a mortgage broker or lender.
I want to pay less
I want to pay less, and here's a document an AI wrote for me
The goal is to help mortgage borrowers get better deals on their mortgage. All mortgage terms are outlined in the loan estimate and closing disclosure documents as required by the CFPB (consumer financial protection bureau) - https://www.consumerfinance.gov/owning-a-home/loan-estimate
The tool requires uploading these documents since they have all the data needed to generate the analysis on the mortgage. Technically I can have the user paste in all the data via a textbox, but then it would be much more difficult to reliably parse. Also requiring the upload of the original documents is a much cleaner experience.
I don't get it. Better, LendingTree, Credible, Bankrate, and a dozen other firms all aggregate mortgages. If there are some "best" mortgages in absolute terms, show them, you don't need anything on the form to do that; if there are offers that have lower upfront costs in exchange for higher rates, because the buyer is sensitive to upfront costs, show them. Why do you need to see the document in order to give the user what he wants?
Since you already know all of this, it begs the question: why do you specifically want to collect these documents? I'm not saying there is some conspiracy or anything.
Does it scan to see if some of the fees I am agreeing to are higher than average? If I am paying for some services that should be no-cost or have no real value?
When I was closing on a house, I called a few friends to help review my mortgage, and we found lots of mistakes. For example, I was getting charged transfer tax, which didn’t make sense for Florida where the seller typically pays that. The deeper I dug, the more I realized how much gray area there is with these documents - what’s negotiable, what’s inflated, what's normal in the property's jurisdiction, and what’s just non-competitive but seems ok since there's a lot of simplified complexity that goes into mortgages and what's an extra 1-3% on a mortgage that's "just going to be refinanced in 6 months" when interest rates go down.
Having recently taken a company through ISO 27001:2022 it's a pretty expensive and time consuming process, that doesn't seem reasonable to do early on in a projects creation - you don't yet know if you have product market fit.
However, you're wanting people or companies to trust you with their data - so it starts to feel a little chicken/egg
What's the best middle ground here for building trust whilst acquiring your first users?
I'm interested in what the best strategy to build/establish trust when you can't yet afford to pay for certification is.
Does your target demographic understand "startups" or do they just want to solve the problem?
All either have the problem now or had in the past and are curious if they got a good deal.
You can see they have a page for mortgage lenders to sign up for the other side
Shows a graph in your terminal: find out if it's better to put in a smaller downpayment and invest the rest.
I can see why this could be useful, but I also think it might be overkill compared to just an explanatory doc a homebuyer could reference that explains each section of their estimate. It also opens the developer to loads of potential risk in handling personal financial data.
https://closing.wtf/terms-of-service https://closing.wtf/privacy-policy
I plan to go through SOC 2 / other compliancy certification in the near future. Happy to answer other questions
Can you answer the question of why this tool doesn’t work when redacting irrelevant personal information? I took my own info, redacted personal information you don’t need, and it doesn’t work.
If you don’t like some of the costs, go with another lender, or negotiate those with your loan officer.
I’m not sure what this tool is offering that individuals don’t already have.
However in practice it's more complicated. Homebuyers receive these documents after they already signed a binding contract to purchase. Most people don't even know what questions to ask, much less how to properly negotiate, and they're under the stress of just getting the deal done which include affording a down payment, getting a home appraisal, and making sure they're not getting into a bad deal.
Also throughout the closing, the real estate agent/mortgage broker/lender aren't incentivized to get the buyer the best deal; they usually just want to close. In general the mortgage broker/lender are not going to advise and how the customer how to shop around since it's technically illegal for them to give a "bad" loan to a buyer.
https://www.bankrate.com/mortgages/bi-weekly-mortgage-calcul...
Also, I’m not entirely sure what costs this avoids? Inspection fees are already paid at this point, notary fees are paid to your broker, and transfer tax happens months later.
I can see it being useful for many home buyers.
I’m curious if AI tools like this are just wrappers around ChatGPT? Do they use their own LLM?
If you upload mortgage documents directly to ChatGPT can you get similar results?
AI tools like this don't generally need their own models or fine tuned LLMs. Uploading mortgage documents to ChatGPT may get some useful results but it really won't be comprehensive, it most probably won't take into account jurisdictional laws and mortgages rate data, and would be hard(er) to trust because of hallucinations without guardrails.
Technically this is an LLM wrapper but it utilizes around 5-10 prompts to extract and structure data from the document and ~15 prompts to analyze.
As a LLM wrapper (is it wrapped around ChatGPT?) would you say what makes your product unique is the specific prompts you have designed?
Again, great job! Planning, building and launching should always be commended!
ahem get a damn lawyer to redo it before you get sued my some State AG....
in this area you cross all t's and dot i's before launch rather than half ass-launch right into a lawsuit.
How are you handling the distribution?
A bit unrelated question, but what is the fastest way to obtain a similar looks and feel for the UI? Is there a framework?
the CTA buttons across the site are inconsistent in shape, form, and color.
the text color in the footer has awful contrast, so it's hard to read.
Dark grey on white is awful contrast these days?