- HTTPS everywhere; HSTS; sub-resource integrity where applicable.
- No 3rd-party trackers. Minimal first-party analytics (aggregate only).
- Strict CORS; CSP default-deny with required allows only.
Trust: security, privacy, calculation transparency
Everything runs client-side where possible. When we must fetch data, we minimize scope, avoid storing PII, and show the steps. Below is what we do-and what we refuse to do.
Pillars
- Local-first: calculators compute in your browser.
- We do not sell or share personal information.
- Opt-in sync only for features that need it (not enabled by default).
- Plain-English steps next to every result.
- Versioned formulas with changelog.
- Edge-case handling is documented and testable.
Compliance & uptime
Uptime (30d)99.98%
Uptime (365d)99.95%
Incidents (90d)0
Targets: ≥99.9% uptime; maintenance windows announced at least 48 hours in advance.
Policies & docs
Privacy policy
We collect the minimum necessary to operate the site. We do not sell personal information. See the full policy and DSR instructions.
Security overview
Report a vulnerability at security@correct.exchange. We run regular dependency audits and patch cycles.
Math transparency
Calculator logic is kept transparent and reviewable. Current formulas are embedded in the page logic and can be audited before future formula/version pages are added.
Changelog (high-lights)
- 2025-10-15 | Unified design across Capital, Exchange, Credit.
- 2025-10-10 | Added amortization CSV export & copy summary.
- 2025-09-28 | Introduced utilization coach per-card targets.