Security & Compliance FAQ

Our technology is build to the highest performance and security standards.

Table of Contents

Is there any vulnerability with our JavaScript or API?
No, the only network requests we make are to track page views and sessions for analytics. We don’t send any PII or other data over the network. The JavaScript embed code is hosted by us and adds the HTML elements to the DOM, which render the calculator.

Is our hosting secure?

Yes, the embed code comes from a single file hosted on a Heroku server with transport security via TLS/SSL and Automated Certificate Management, located in the United States region. TLS 1.1 and TLS 1.1 are not enabled. We only have TLS 1.2 enabled, per PCI compliance best practices.

Do you capture PII?
No we do not capture or store any PII. We do not collect any identifiable info, no emails, addresses, etc. The only data we record is anonymous session and page view data (see above).

What types of companies do you work with?

We work exclusively in financial services with dozens of highly regulated financial institutions, our customers typically fit in one of four industries.

  • Banks
  • Credit Unions
  • Insurance
  • Mortgage

For legal reasons, we do not actively disclose a full list of our clients are, but we host calculators for several fortune 1000 financial brands. 

Do you have a TLS 1.1 option or a timeframe to enable that? 
We're actually already using TLSv1.2. If you curl our embed code server, you'll see all of the security and encryption details in the TLS handshake

curl -vI

How do you publish your calculators?

We publish using a simple embed code. You can find the embed code FAQ here.