Vulnerability Disclosure Program

At Sagewise, security is a top priority. We welcome reports from security researchers and the public to help us identify and address potential vulnerabilities in our systems.

Scope

This program covers vulnerabilities discovered in Sagewise-owned websites, applications, and systems. Vulnerabilities in third-party services we use are not in scope.

Guidelines

Do not exploit a vulnerability beyond what is necessary to prove its existence.
Do not access, modify, or delete data that does not belong to you.
Do not disrupt or degrade Sagewise services during testing.
Provide us with enough detail to reproduce and understand the issue.

How to Report

If you believe you have found a security vulnerability, please contact us at:

📧 [email protected]
📞 (insert phone number)

What to Expect

We will acknowledge your report within 5 business days and follow up with additional questions or updates as we investigate the issue.

Independent service. Sagewise is an independent, advertising-supported comparison service. We are not affiliated with, endorsed by, or acting on behalf of HUD, FHA, VA, or any government agency. Content is for educational purposes only and is not legal, tax, or financial advice. Rates, fees, terms, and product availability are subject to change without notice and may vary by lender and borrower profile.

Sagewise is not a consumer reporting agency under the Fair Credit Reporting Act (FCRA) and does not furnish consumer reports. Lenders make credit decisions using their own criteria.

Consent to contact. By submitting your information, you agree that Sagewise and participating lenders and affiliates may contact you at the phone number and email you provide using live agents, autodialers, artificial/prerecorded voice, SMS/MMS, instant messaging, or email, even if your number is on a Do Not Call list. Consent is not required to obtain credit or services. Message & data rates may apply. Frequency varies. Reply STOP to opt out of SMS; HELP for help. Use the “unsubscribe” link in any email to opt out of marketing emails. We maintain internal Do Not Call lists and honor applicable laws. If you opt out, we may still send transactional/service messages.