- HTTPS everywhere; HSTS; sub-resource integrity where applicable.
- No 3rd-party trackers. Minimal first-party analytics (aggregate only).
- Strict CORS; CSP default-deny with required allows only.
Trust: security, privacy, accuracy
Everything runs client-side where possible. When we must fetch data, we minimize scope, avoid storing PII, and show the steps. Below is what we do—and what we refuse to do.
Pillars
- Local-first: calculators compute in your browser.
- We do not sell or share personal information.
- Opt-in sync only for features that need it (not enabled by default).
- Plain-English steps next to every result.
- Versioned formulas with changelog.
- Edge-case handling is documented and testable.
Compliance & uptime
Uptime (30d)99.98%
Uptime (365d)99.95%
Incidents (90d)0
Targets: ≥99.9% uptime; maintenance windows announced at least 48 hours in advance.
Policies & docs
Privacy policy
We collect the minimum necessary to operate the site. We do not sell personal information. See the full policy and DSR instructions.
Security overview
Report a vulnerability at security@correct.exchange. We run regular dependency audits and patch cycles.
Math transparency
Each calculator links to its formula and version. Changes are recorded with rationale and tests.
Changelog (high-lights)
- 2025-10-15 — Unified design across Capital, Exchange, Credit.
- 2025-10-10 — Added amortization CSV export & copy summary.
- 2025-09-28 — Introduced utilization coach per-card targets.