Security Directory

H

Hund, LLC.

hund.io

71

Hund, LLC. operates a hosted status page and monitoring service platform designed to help organizations monitor their services and communicate incidents effectively. Positioned as a trusted provider for universities, Fortune 500 companies, and smaller enterprises, Hund offers a subscription-based SaaS model with a free trial and a straightforward pricing plan. Their key services include automated status pages, multi-channel notifications, rich metrics, and customizable branding with API access. Technically, the website is hosted on AWS infrastructure, uses modern TLS protocols, and integrates JavaScript libraries including jQuery and Google Tag Manager. Performance is somewhat slow with a large page size and many resources, but mobile optimization and user experience are good. Security posture is solid with strong TLS configuration and SPF/DMARC email protections, though improvements are needed in DNSSEC, CAA records, HSTS, and certificate transparency compliance. The site lacks a cookie consent mechanism despite using tracking tools. Overall, Hund demonstrates a mature digital presence with room for security enhancements and privacy compliance improvements.

R

Retarus GmbH

retarus.com

62

Retarus GmbH is a leading enterprise cloud services provider specializing in secure and efficient digital communication solutions including email, fax, SMS, and EDI. Positioned as a top player in the secure email market and certified under ISO 27001 and HITRUST, Retarus serves a global enterprise clientele with a comprehensive portfolio of cloud-based messaging platforms. Their services emphasize compliance, reliability, and integration with major business ecosystems such as SAP and Microsoft 365. Technically, the website is built on WordPress with modern frameworks and libraries, hosted on Amazon AWS infrastructure, and employs strong security practices including TLS 1.3, OCSP stapling, and SPF/DMARC email authentication. However, there is room for improvement in DNS security and HTTP security headers. The company demonstrates a mature security posture with certifications and a GDPR-compliant cookie consent mechanism, though incident response contact details are not publicly disclosed. Overall, Retarus presents a professional, trustworthy, and technically sound digital presence aligned with enterprise-grade security and compliance standards.

E

Edgar Ambient Media Group

edgarartscreen.de

51

Edgar Ambient Media Group operates the Edgar Art Screen, a digital communication channel targeting the gastronomy sector in Germany. The service provides free 42" LED screens to bars, bistros, cafes, and restaurants, allowing them to display their own content such as menus and events. The business model is supported by advertising and cultural content, positioning the company as a media provider within the hospitality industry. The website is professionally designed with consistent branding and good content quality, targeting primarily German-speaking users. Technically, the site uses modern web technologies including Webflow CMS, Google Tag Manager, and cloud hosting on AWS. However, the site performance is somewhat slow due to large page size and resource count. Security posture is basic with TLS 1.3 support and no critical vulnerabilities detected, but lacks advanced features like HSTS, DNSSEC, DMARC, and OCSP stapling. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. Overall, the company demonstrates a solid digital presence with room for security and performance improvements.

E

Edgar Ambient Media Group GmbH

edgarfreecards.de

53

Edgar Ambient Media Group GmbH operates the Edgar Freecards platform, specializing in distributing free postcards as an innovative advertising medium targeting urban audiences, particularly generations Y and Z in Germany. With over 30 years of experience and a presence in more than 4000 locations, the company has established a strong market position in the media sector, leveraging creative and sustainable advertising solutions. The website reflects a mature digital presence with comprehensive content, structured data, and multiple analytics tools integrated for performance and user behavior insights. However, the absence of a valid SSL certificate and modern TLS protocols represents a significant security gap that undermines user trust and data protection. The company demonstrates compliance awareness through a dedicated privacy policy, cookie consent mechanisms, and a compliance hotline linked to its parent group, Ströer OOH. Strategic improvements in security infrastructure and performance optimization are recommended to enhance overall risk posture and user confidence.

S

Ströer

plakate-buchen.de

57

Plakate-Buchen.de is an online advertising booking platform operated by Ströer, focusing on poster and campaign advertising across Germany. The platform offers access to over 300,000 advertising locations with daily updated availability and convenient online payment options, targeting businesses seeking to promote their stores or campaigns locally. The website is primarily in German and provides a phone contact for customer inquiries but lacks visible email contacts or terms of service. Technically, the site runs on an Apache server with modern TLS protocols (TLS 1.3 and 1.2) and uses Google Tag Manager for analytics and tracking. Security headers such as Strict-Transport-Security and X-Content-Type-Options are present, but improvements are needed in HSTS configuration, OCSP stapling, DMARC, DNSSEC, and certificate transparency compliance. The site implements cookie consent with express consent type, aligning with basic GDPR requirements but lacks comprehensive privacy and security policies. Overall, the platform demonstrates a moderate security posture with room for enhancement in email security and transport layer protections.

S

SoSafe

sosafe-awareness.com

70

SoSafe is a leading European provider specializing in security awareness training and human risk management solutions. The company offers a behavioral science-based platform that empowers organizations to enhance their cybersecurity posture by educating employees and managing human-related risks. Positioned as Europe's largest provider in this niche, SoSafe delivers personalized, gamified training, phishing simulations, an AI-powered chatbot, and a comprehensive human risk management platform. Their market presence is reinforced by multiple certifications including ISO 27001, TISAX, and GDPR compliance, alongside strong customer testimonials and industry recognitions. Technically, SoSafe's website is built on WordPress and integrates a robust set of analytics and marketing tools such as Google Analytics, Matomo, Cookiebot for consent management, HubSpot forms, and Visual Website Optimizer for A/B testing. The infrastructure is hosted on Amazon AWS with DNS managed via Route53. While the site supports modern TLS protocols and has valid SPF and DMARC records, it lacks DNSSEC, CAA records, and HSTS, which are recommended for enhanced security. The website performance is moderate to slow, with room for optimization. From a security perspective, SoSafe demonstrates good practices including strong SSL configuration, OCSP stapling, and comprehensive cookie consent mechanisms. However, there is no public vulnerability disclosure or security.txt file, and incident response contact details are not explicitly provided. The company maintains a strong security posture with certifications and compliance but could improve transparency and DNS security. Overall, SoSafe presents a mature digital presence with a focus on privacy and compliance, extensive integration with enterprise platforms, and a clear commitment to security awareness. Strategic improvements in DNS security and incident response transparency would further strengthen their security posture and trustworthiness.

L

Lineup

lineup.com

55

Lineup is a specialized software provider offering ERP and revenue management solutions tailored for the media and advertising industry. Their flagship product, Adpoint, integrates CRM, order management, finance, and analytics to streamline media sales processes and boost revenue. The company has a solid market presence with notable clients and significant ad revenue processed through their platform. Technically, the website is built on WordPress using the Salient theme and incorporates multiple marketing and analytics tools including HubSpot, Google Analytics, Hotjar, and LinkedIn Insight Tag. However, the site currently lacks a valid SSL certificate and modern TLS support, which poses a significant security risk. While SPF and DMARC email protections are properly configured, the absence of HTTPS undermines user trust and data security. The company demonstrates good privacy compliance with GDPR-aligned cookie consent mechanisms and detailed cookie categorization. Overall, Lineup presents a professional and trustworthy digital presence but must urgently address its SSL/TLS deficiencies to improve security posture and user confidence.

R

RTL+

rtlplus.de

61

RTL+ is a major German media streaming platform offering a wide range of entertainment content including live TV, movies, series, podcasts, music, and audiobooks. It operates under RTL interactive GmbH and provides tiered subscription packages to cater to diverse customer needs. The platform is well-positioned in the German media market with a strong brand presence and extensive content library. Technically, RTL+ utilizes modern web technologies such as Angular, Google Tag Manager, and Sourcepoint for consent management, hosted on EuroDNS infrastructure. The website demonstrates good SEO, mobile optimization, and accessibility standards, though performance is moderate due to resource load. Security-wise, the site employs TLS 1.2 with strong cipher suites and has valid SPF and DMARC records, but lacks TLS 1.3, HSTS, and OCSP stapling, which are recommended for enhanced security. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Overall, RTL+ presents a professional, trustworthy, and user-friendly streaming service with room for security enhancements.

P

ProSiebenSat.1 Media SE

commerceandventures.com

48

Commerce & Ventures is the investment business of ProSiebenSat.1 Media SE, focusing on supporting consumer-oriented start-ups and growth companies through a combination of media-for-equity, media-for-revenue, minority, and majority investments. The company leverages the extensive media reach of the ProSiebenSat.1 Group to build brand awareness and accelerate growth for its portfolio companies. Technically, the website is built on modern frameworks such as Next.js and React, hosted on AWS, and integrates marketing and tracking tools like Google Tag Manager. Security posture is adequate with support for TLS 1.2 and 1.3 and no major vulnerabilities detected, but lacks some best practices like HSTS and OCSP stapling. Overall, the site is professional, well-branded, and provides comprehensive information about its investment activities and portfolio. However, direct contact information and explicit security policies are not prominently available, which could be improved to enhance trust and compliance.

A

Atom

nucomgroup.com

54

Atom operates a premium domain marketplace platform offering domain sales, branding, naming contests, trademark services, and audience research. The company positions itself as a trusted marketplace with strong buyer protections and flexible payment options. The website is professionally designed, mobile-optimized, and integrates modern web technologies and analytics tools. However, the absence of a valid SSL certificate is a critical security gap that undermines user trust and data protection. The platform demonstrates moderate digital maturity with extensive user tracking and marketing integrations but requires improvements in security posture to meet industry standards.

S

SevenVentures

sevenventures.de

52

SevenVentures is a strategic media investment arm of ProSiebenSat.1 Media SE, specializing in minority equity investments and media cooperations for established digital B2C companies. Their business model leverages media assets to accelerate growth and brand awareness in the German and Austrian markets. The website demonstrates a mature digital infrastructure using modern web technologies such as Next.js and integrates marketing and tracking tools like Google Tag Manager and trkkn.com. Security posture is solid with TLS 1.3 support and valid SPF records, though improvements such as enabling HSTS, DNSSEC, and DMARC would enhance protection. Overall, SevenVentures presents a professional and trustworthy online presence aligned with its market position as a leading media investor.

M

Mpirical Limited

mpirical.com

69

Mpirical Limited is a UK-based telecommunications training provider specializing in 5G, 4G LTE, and wireless network technologies. With over two decades of experience, the company offers certified and accredited training courses delivered online, live onsite, and on demand. Their market position is strong, supported by industry certifications such as ITP, CPD, and ISO standards, and a broad portfolio of learning aids including the proprietary NetX tool. The company targets individuals, teams, and enterprises seeking up-to-date telecoms knowledge and certification. Technically, the website is built on WordPress with a modern tech stack including Google Analytics, Hotjar, Zoho SalesIQ, and Vimeo integration. Performance is moderate to slow, with good mobile optimization and SEO practices. Security posture is good with valid SSL, SPF, and DMARC policies, but could be improved by enabling HSTS, DNSSEC, and OCSP stapling. No explicit security policy or incident response contacts were found. Overall, Mpirical demonstrates a mature digital presence with strong trust indicators and compliance with privacy regulations.

M

Mondoni Press

mondonipress.com.br

48

Mondoni Press is a Brazilian PR and communication agency specializing in press advisory, institutional communication, digital marketing, and content creation. The company positions itself as a trusted partner for businesses seeking to enhance their credibility, media presence, and visibility. It has received recognition such as the PR Agency of the Year award in South America (Prestige Awards 2023/24) and serves a diverse client base across various sectors. Technically, the website is built on WordPress with a range of popular plugins and marketing tools, including Google Analytics, Facebook Pixel, and Hotjar, indicating a mature digital marketing infrastructure. However, the website suffers from a critical security issue: the SSL certificate is invalid or missing, which undermines user trust and data security. The cookie consent mechanism is implemented, but no explicit privacy policy or terms of service pages were found, which may pose compliance risks. Overall, the company demonstrates good branding and content quality but should urgently address security and compliance gaps to maintain trust and regulatory adherence.

H

Hispasat

hispasat.com

66

Hispasat is a leading satellite telecommunications operator specializing in the distribution of audiovisual content in Spanish and Portuguese across Europe and Latin America. As a large enterprise and a subsidiary of Redeia, Hispasat offers a broad portfolio of satellite and data services including internet access, cellular backhaul, tele-education, and satellite programs. The website reflects a mature digital presence with multilingual support, modern UI frameworks, and a comprehensive content structure targeting telecommunications customers and partners. Technically, the infrastructure leverages Microsoft Azure hosting and AWS Route53 DNS, with a tech stack including jQuery, Bootstrap, and Google Tag Manager. Security posture is moderate with valid SSL certificates and SPF records but lacks advanced protections such as HSTS, DMARC, DNSSEC, and OCSP stapling. The site employs cookie consent mechanisms and analytics tools, indicating awareness of privacy compliance, though no explicit security or incident response policies are published. Overall, Hispasat demonstrates a professional and trustworthy online presence aligned with its market position.

K

KM Business Information Canada Ltd.

lawawards.ca

63

The Canadian Law Awards website serves as a digital platform for promoting and managing an annual legal industry awards event in Canada. It is operated by KM Business Information Canada Ltd. and closely associated with the Canadian Lawyer and Lexpert brands, positioning itself as a reputable media and event organizer within the legal sector. The site targets legal professionals, law firms, and sponsors, offering event information, winner announcements, and sponsorship opportunities. Technically, the website is built on WordPress with Bootstrap and uses various third-party marketing and analytics tools including Google Analytics, Google Tag Manager, HubSpot Forms, and Bombora. However, the site suffers from significant security shortcomings, including an invalid SSL certificate and lack of modern TLS support, which undermines user trust and data protection. Despite enabling HSTS, the absence of a valid certificate renders it ineffective. There is no visible privacy or cookie policy, and no direct contact emails or phone numbers are provided, limiting transparency. The site exhibits good design and user experience but is slow to load due to large page size and many resources. Overall, the website is a moderately professional media event site with room for improvement in security and privacy compliance.

K

KM Business Information Canada Ltd.

risingstarscanada.com

55

RisingStarsCanada.com is a media and event website dedicated to the Lexpert Rising Stars Awards, which recognize outstanding lawyers under 40 in Canada. The site is operated by KM Business Information Canada Ltd., a medium-sized media company specializing in legal industry events and publications. The platform targets legal professionals and law firms across Canada, providing nomination and award event information supported by established legal media partners. Technically, the website is built on WordPress with modern front-end frameworks like Bootstrap and uses multiple third-party marketing and analytics tools including Google Analytics, HubSpot, and Lytics. While the site supports strong TLS protocols and has some security best practices in place, it lacks critical security headers such as HSTS and DMARC, and does not publish a privacy or cookie policy, which impacts its compliance posture. The website performance is slow due to a large page size and numerous resources, but mobile optimization and SEO are adequate. Overall, the site is professional and trustworthy within its niche but requires improvements in security and privacy transparency to meet modern standards.

P

Press Manager

pressmanager.com.br

63

Press Manager is a Brazilian technology company specializing in software solutions for press management and communication services. Positioned as a market leader in Brazil, it offers a comprehensive SaaS platform targeting marketing departments, public agencies, press offices, communication agencies, freelancers, and journalists. The platform provides key services including press mailing, release distribution, news monitoring, and online management, supported by a strong brand presence and client trust signals. Technically, the website is built on WordPress, hosted on AWS infrastructure, and employs modern web technologies and SEO best practices. However, the security posture is weakened by the absence of a valid SSL certificate and lack of advanced security configurations, despite proper email authentication records and cookie consent mechanisms. Overall, the company demonstrates a mature digital presence with room for critical security improvements.

J

JET e-Business

jetshopping.com.br

91

JET e-Business is a Brazilian e-commerce platform provider offering high-performance, customizable solutions for B2C, B2B, D2C, and B2B2C business models. The company positions itself as a strategic partner for businesses seeking to scale their online sales with integrated marketplace management, analytics, and shipping solutions. Their website reflects a mature digital presence with comprehensive marketing and analytics integrations, including Google Analytics, Facebook Pixel, Hotjar, and Bing Ads. However, the site lacks a valid SSL certificate and modern TLS support, which poses security risks. DNS configurations are properly set with SPF and DMARC policies, but DNSSEC and CAA records are absent. The company provides clear privacy and cookie policies with consent mechanisms, but no explicit security or incident response policies are publicly available. Overall, JET demonstrates a strong market position in the e-commerce technology sector but should urgently address its SSL/TLS deficiencies to improve security and trust.

G

GBM Administradora de Activos S.A. de C.V. S.O.F.I.

gbmfondos.com.mx

63

GBMfondos is a well-established Mexican financial services company specializing in investment funds and personalized investment advisory through its GBMadvisor platform. With over 35 years of industry experience and recognition such as Morningstar Awards, it holds a strong market position in Mexico's finance sector. The company targets investors seeking accessible and intelligent investment solutions, supported by a mobile application and a comprehensive digital platform. Technically, the website is hosted on Amazon AWS and employs modern tracking and analytics tools including Google Analytics, Facebook Pixel, and Hotjar, indicating a mature digital marketing strategy. However, performance is slow and some SEO and accessibility aspects are basic. Security-wise, the site uses TLS 1.2 and 1.3 with a strict DMARC policy, but lacks advanced SSL features like HSTS and OCSP stapling, and does not have a published security policy or incident response contacts. Overall, the site is professional and trustworthy but could improve in security posture and privacy compliance.

G

GBM App

appgbm.com

60

The website appgbm.com appears to be a minimal React-based authentication portal with limited publicly visible content or business information. The site uses modern technologies such as React, Google Tag Manager, and New Relic for analytics and monitoring, hosted on Amazon AWS infrastructure. However, the site lacks essential compliance and security disclosures such as privacy policies, cookie policies, terms of service, and contact information. The SSL configuration is good with support for TLS 1.3 and 1.2 and no known vulnerabilities, but important security enhancements like HSTS, DNSSEC, DMARC, and OCSP stapling are missing. Performance is suboptimal with a high load time and large page size, indicating potential technical debt or unoptimized resources. Overall, the site demonstrates a basic technical maturity but lacks transparency and comprehensive security posture, which may impact user trust and regulatory compliance.

G

GBM

gbm.com

57

GBM is a leading financial services company in Mexico offering a broad range of investment products, trading platforms, and advisory services targeting both individual and institutional investors. The company positions itself as a comprehensive investment ecosystem with strong market presence and a wide product portfolio including stocks, ETFs, bonds, and alternative investments. Their digital platform is supported by WordPress CMS with advanced SEO and marketing integrations, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Marketing and analytics tools are extensively used, indicating a mature digital marketing strategy but raising privacy considerations. Legal and privacy documentation is comprehensive and available in Spanish, supporting regulatory compliance. However, explicit security policies and incident response information are not publicly disclosed.

G

Greyd GmbH

greyd.de

47

Greyd GmbH operates the Greyd.Suite, an all-in-one WordPress platform designed to help freelancers, agencies, and enterprises scale their WordPress businesses efficiently. The company positions itself as a comprehensive solution provider with a unique block-based builder, centralized content and design management, and advanced features such as headless CMS capabilities and dynamic content management. Their market position is strengthened by a consistent brand presence, extensive feature set, and a focus on performance and accessibility. Technically, the website is built on WordPress 6.8.1 with a rich tech stack including custom plugins, Borlabs Cookie for GDPR-compliant consent management, and Chargebee for subscription billing. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocols, which poses risks to user data confidentiality and trust. The site demonstrates good SEO and accessibility practices, with comprehensive legal and privacy documentation. Overall, Greyd GmbH shows strong digital maturity but should urgently address SSL and TLS issues to improve security and user trust.

F

Formalize ApS

formalize.com

79

Formalize ApS is a Denmark-based technology company specializing in compliance software solutions designed to streamline governance, risk, and compliance operations for organizations. Their platform supports compliance with major regulatory frameworks such as NIS2, DORA, ISO 27001, and GDPR, offering customizable dashboards, automation, and a Trust Center for sharing compliance documentation. The company is positioned as a trusted provider with over 8,000 customers and strong partnerships with leading law and accounting firms. Technically, Formalize leverages modern web technologies including Alpine.js, AWS hosting, and integrates marketing and analytics tools such as Hubspot, Google Tag Manager, and Cookiebot for consent management. However, the website currently suffers from an invalid SSL certificate and lacks modern TLS protocol support, which poses a significant security risk. Despite this, the company demonstrates strong security practices with SPF, DMARC, and HSTS configurations, alongside certifications like ISO 27001 and ISAE 3000. Overall, Formalize presents a mature compliance platform with excellent user experience and comprehensive content, but should urgently address SSL and TLS issues to maintain trust and security.

K

Koelnmesse GmbH

koelnmesse.de

58

Koelnmesse GmbH is a leading international trade fair and event organizer based in Germany, with a strong market position and a comprehensive portfolio of over 80 trade fairs and events globally. The company serves a diverse audience including exhibitors, visitors, and business partners, providing key services such as exhibitions, conferences, and venue management. Technically, the website employs modern web technologies including jQuery, OneTrust for cookie consent, Google Tag Manager, and Plausible Analytics, hosted on Amazon AWS infrastructure. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocol support, which poses risks to secure communications. Despite these issues, the company demonstrates strong compliance with GDPR and provides clear privacy and cookie policies, along with active incident response contacts. Overall, Koelnmesse maintains a high level of professionalism and trustworthiness in its digital presence.

B

Bentley Systems, Incorporated

virtuosity.com

69

Bentley Systems, Incorporated is a leading global infrastructure engineering software company offering a comprehensive portfolio of software solutions for design, construction, and operations of infrastructure projects. Their e-commerce platform, Virtuosity, provides Bentley software subscriptions bundled with customizable expert training and support, targeting engineers, architects, constructors, and owner-operators. The company maintains a strong market position with a consistent brand presence and a large enterprise footprint. Technically, the website is built on the Magento Commerce platform with extensive use of JavaScript libraries and integrations including HubSpot, OneTrust, VWO, and New Relic. The site offers multi-language and multi-currency support, with good mobile optimization and accessibility features. However, the SSL configuration is currently invalid or missing, which poses a significant security risk. From a security perspective, the site implements SPF and DMARC for email protection and uses cookie consent mechanisms compliant with GDPR. Despite these strengths, the lack of a valid SSL certificate, absence of HSTS, and no evidence of a security policy or incident response plan indicate areas for urgent improvement. No explicit vulnerability disclosure or data protection officer contact information was found. Overall, while the business and technical infrastructure are robust and mature, the security posture requires immediate attention to protect user data and maintain trust. Strategic recommendations include securing the site with valid SSL/TLS, enhancing security headers, and formalizing security and incident response policies.

C

Cesium GS, Inc.

cesium.com

70

Cesium GS, Inc. operates a leading platform for 3D geospatial data visualization, data pipelines, and analytics, serving a broad range of industries including aerospace, defense, real estate, and smart cities. The company leverages an open source core and open standards to provide interoperable and precise geospatial solutions. Technically, the website employs modern frameworks such as React and Next.js, is hosted on AWS, and integrates accessibility and analytics tools, reflecting a mature digital infrastructure. Security posture is strong with valid TLS certificates, SPF and DMARC policies, and OCSP stapling, though improvements in HSTS and DNSSEC are recommended. Overall, Cesium demonstrates a high level of professionalism, community engagement, and technical sophistication, positioning it well in the competitive geospatial technology market.

N

NordProtect

nordprotect.com

68

NordProtect is a comprehensive identity theft and cyber protection service operated by Nord Security, targeting U.S. customers with a subscription-based model. The service offers a broad range of features including dark web monitoring, credit monitoring, security alerts, identity theft recovery coverage up to $1 million, cyber extortion protection, and online fraud coverage. The website is professionally designed with excellent content quality and clear branding consistent with the Nord Security group. Technically, the site uses modern web technologies such as the Astro framework and Solid-js, hosted on Cloudflare, with moderate performance and good mobile optimization. Security posture is solid with valid SSL, SPF, and DMARC policies, but lacks advanced DNS security features like DNSSEC and CAA records. No explicit security or incident response policies are published on the site. Advertising and analytics are managed primarily through Google services with a moderate level of user tracking and good privacy compliance. Overall, NordProtect presents a trustworthy and professional identity protection service with room for security enhancements.

W

Wake Experience

allin.com.br

54

Wake Experience, formerly All In, is a technology company specializing in customer data platforms and AI-driven marketing solutions. Positioned as a medium-sized enterprise in Brazil under the parent company LWSA, it offers services that enable businesses to capture, integrate, and leverage customer data to create personalized experiences across multiple channels. The website demonstrates a mature digital presence with integrations for consent management and analytics, reflecting a commitment to privacy compliance and data-driven marketing. However, the absence of a valid SSL certificate is a critical security gap that undermines data protection efforts. The DNS and email security configurations are well-managed, indicating operational security awareness. Overall, the company shows strong market positioning in technology-driven customer experience but needs to address fundamental security infrastructure to reduce risk and enhance trust.

S

Storytel AB (publ).

storytelgroup.com

65

Storytel AB operates one of the world's largest audiobook and e-book streaming platforms, serving over 2.3 million subscribers with a vast catalog in multiple languages. The company combines digital streaming with print publishing, positioning itself as a leading media entity in Sweden and internationally. Their website reflects a mature digital presence with strong investor relations and corporate governance transparency. Technically, the site is built on WordPress with Bootstrap, hosted via Cloudflare, and integrates Cookiebot for GDPR-compliant cookie management and Google Tag Manager for marketing analytics. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent significant security weaknesses. The site also exhibits slow load times, which could impact user experience and SEO. Security headers are minimal, with only SPF and DMARC configured, and no advanced protections like HSTS or CSP are present. Overall, while the business and content quality are excellent, the security posture requires urgent improvement to protect user data and maintain trust.

M

Mofibo

mofibo.com

62

Mofibo is a prominent Danish digital media platform specializing in subscription-based access to a vast library of over 600,000 audiobooks, e-books, and podcasts. As part of the Storytel group, it holds a strong market position in Denmark, offering tailored subscription plans including individual, family, and student options. The platform emphasizes user experience with features like offline downloads and exclusive content under the Mofibo Originals brand. Technically, Mofibo leverages modern web technologies such as Next.js, Cloudflare, and integrates multiple third-party services for analytics, marketing, and payment processing. The website demonstrates good digital maturity with a comprehensive cookie consent mechanism and GDPR compliance. Security-wise, Mofibo maintains a valid SSL certificate and implements SPF and DMARC policies, though improvements like enabling HSTS and DNSSEC are recommended. Overall, Mofibo presents a professional, trustworthy, and user-centric digital service with extensive tracking and marketing integrations.

H

HBL Solutions

hblsolutions.ch

61

HBL Solutions is a Swiss Banking-as-a-Service provider operating under the regulated banking license of Hypothekarbank Lenzburg AG. The company specializes in embedding banking products such as accounts, cards, payments, securities portfolios, and pension plans into the digital customer journeys of partner companies. Their market position is that of a Swiss pioneer in embedded and open finance, supported by a robust banking infrastructure and regulatory compliance. Technically, the website is built on Umbraco CMS with modern JavaScript libraries like Swiper.js and jQuery, and employs Cookiebot for GDPR-compliant cookie consent management. However, the absence of a valid SSL certificate is a critical security gap. The security posture shows strengths in regulatory compliance and consent management but weaknesses in transport security and DNS security features. Overall, the business is well-positioned in the Swiss finance sector with a clear focus on embedded finance, but should urgently address SSL and DNS security to improve trust and compliance.

F

Finstar AG

finstar.ch

69

Finstar AG is a Swiss-based company specializing in integrated IT solutions for private and universal banks as well as fintechs. With over 40 years of experience, the company offers customized and cost-effective banking software and services, positioning itself as a trusted partner in the financial technology sector. Their offerings include a broad range of products and services such as APIs, digital onboarding, and digital asset platforms, supported by a strong ecosystem of partner banks and financial institutions. The company is a subsidiary of Hypothekarbank Lenzburg AG and holds the prestigious 'swiss made software' label, underscoring its commitment to quality and reliability. Technically, the website is built on the Umbraco CMS and leverages modern JavaScript libraries including GSAP and ScrollMagic for enhanced user experience. It integrates Cookiebot for GDPR-compliant cookie consent management and Google Tag Manager for analytics and marketing. However, the website currently lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical security gap. Performance is slow, likely due to the large page size and resource count, but mobile optimization and accessibility are rated good. From a security perspective, the domain has well-configured SPF and DMARC records with a strict reject policy, reducing email spoofing risks. Despite this, the absence of HTTPS and security headers significantly lowers the security posture. No explicit security policy, incident response contacts, or vulnerability disclosure mechanisms were found. The cookie consent mechanism is comprehensive and transparent, supporting GDPR compliance. Overall, Finstar AG presents a professional and trustworthy digital presence with strong business credentials and compliance in privacy and cookie management. The primary risk lies in the lack of HTTPS, which should be addressed urgently to protect user data and maintain trust. Strategic improvements in security infrastructure and transparency around security policies would enhance the company's risk profile and customer confidence.

H

Hypothekarbank Lenzburg AG

hblasset.ch

56

HBL Asset Management, a brand of Hypothekarbank Lenzburg AG, operates a professional asset management and investment product platform targeting private investors primarily in Switzerland. The website offers financial market news, investment insights, and profiling tools to support investor decision-making. Technically, the site is built on the Umbraco CMS and integrates several modern web technologies including Google Analytics, Cookiebot for GDPR-compliant cookie consent, and Google Tag Manager. However, the site lacks HTTPS encryption, which is a critical security deficiency. While cookie consent and privacy policies are well implemented, the absence of SSL/TLS and security headers exposes users to risks. The company maintains a strong digital presence with social media integration and clear contact information, but should urgently address security gaps to protect user data and enhance trust.

D

DKB Grund GmbH

dkb-grund.de

61

DKB Grund GmbH is a German real estate company specializing in property sales, financing, insurance, and investment services. With over 25 years of experience, it serves private and commercial clients across Germany. The website presents a comprehensive portfolio of services including property valuation, financing certificates, and energy-saving advice, supported by a strong regional presence and recognized industry partnerships. Technically, the site uses modern web technologies and analytics tools but currently lacks a valid SSL certificate, which impacts its security posture. The company demonstrates good GDPR compliance with a clear privacy and cookie policy and employs consent management tools. However, there is no explicit security policy or incident response information available. Overall, the website is professionally designed, user-friendly, and trustworthy, but the lack of HTTPS is a critical security gap that should be addressed promptly.

A

ABIMÓVEL

brazilianfurniture.org.br

54

Brazilian Furniture is a project supported by ABIMÓVEL and Apex-Brasil focused on promoting the Brazilian furniture manufacturing sector and design industry. The website serves as a platform for industry news, events, and export promotion, targeting furniture professionals, designers, and international buyers. The site demonstrates a moderate level of digital maturity with use of common web technologies and marketing tools but suffers from significant security shortcomings, including an invalid SSL certificate and lack of security headers. The absence of privacy and cookie policies indicates compliance gaps. Overall, the business is well positioned within its sector but should improve its digital security and compliance posture to enhance trust and protect user data.

F

Finance Forward

financefwd.com

59

Finance Forward operates as a leading German-language online media platform specializing in new finance topics such as fintech, blockchain, and banking. The website offers a comprehensive range of services including news articles, podcasts, newsletters, and event information, targeting professionals and enthusiasts in the finance sector. The business model is centered on digital content delivery with monetization through advertising and partnerships. The company maintains a strong market position as a trusted source for fintech and finance news in Germany, supported by consistent branding and high-quality content.

P

PMHinvestments

pmhinvestments.com

52

PMH Investments is a Dutch investment company focused on small and medium-sized enterprises with strong growth potential (scale-ups). The company positions itself as an active investor providing not only capital but also strategic, financial, and coaching support to entrepreneurs. Their market niche is well-defined within the Dutch finance sector, targeting growing businesses. The website is built on WordPress with a solid SEO foundation and multilingual support, indicating a moderate level of digital maturity. However, the technical infrastructure shows weaknesses in security, notably the absence of a valid SSL certificate and lack of modern TLS protocols, which undermines user trust and data protection. Tracking and analytics are implemented via Google Tag Manager and WPMU DEV Analytics, but no cookie consent mechanism is present, which may raise compliance concerns. Overall, the security posture is basic with significant room for improvement, especially in SSL/TLS configuration and email security policies. Strategic recommendations include securing the website with a valid SSL certificate, implementing DMARC, and enhancing transparency around privacy and security policies.

S

SoftBank Group Corp.

softbank.com

65

SoftBank Group Corp. is a leading multinational holding company specializing in technology investments and telecommunications. The company operates significant investment funds such as the SoftBank Vision Fund and Latin America Fund, focusing on AI and breakthrough technologies to drive sustainable growth. The website reflects a mature digital presence with comprehensive investor relations, sustainability initiatives, and corporate governance information. Technically, the site uses modern frameworks like Next.js and React, hosted likely on AWS infrastructure, with integrations for analytics and performance monitoring. However, the current SSL/TLS configuration is invalid, posing a critical security risk that undermines user trust and data protection. The site employs cookie consent mechanisms and maintains GDPR-compliant privacy and cookie policies. Overall, SoftBank's digital footprint is professional and content-rich but requires urgent security improvements to align with best practices.

N

Nomupay

nomupay.com

66

Nomupay is a payment solutions provider offering a comprehensive suite of services including global acquiring, online payments, payouts, and fraud prevention tools. Positioned as a global payment platform with local licenses and extensive payment method coverage, Nomupay targets businesses seeking seamless and scalable payment processing solutions. The website demonstrates a mature digital presence with WordPress CMS, Oxygen Builder, and multilingual support via TranslatePress. Integration of Google Analytics, Tag Manager, and LinkedIn Insight indicates moderate user tracking and marketing sophistication. However, the absence of a valid SSL certificate and lack of TLS support represent significant security vulnerabilities that undermine user trust and data protection. While privacy and cookie policies are present and GDPR compliant, the site lacks explicit security and incident response documentation. Overall, Nomupay presents a professional and trustworthy brand but requires urgent security improvements to safeguard its digital assets and customer data.

P

Prêmio Salão Design

salaodesign.com.br

44

Prêmio Salão Design operates a Brazilian-focused design award platform that integrates designers and industries through contests, virtual catalogs, and galleries. The website is built on WordPress with a mature technical stack including SEO optimization and multiple marketing and analytics tools. However, the site lacks a valid SSL certificate, which poses a significant security risk to users. While cookie consent mechanisms are implemented, no explicit privacy policy or terms of service pages were found, indicating compliance gaps. The site maintains partnerships with multiple industry organizations and sponsors, reflecting a solid market presence in the design sector.

C

Confederação Nacional da Indústria (CNI)

portaldaindustria.com.br

57

The Portal da Indústria website serves as a comprehensive digital platform representing the Confederação Nacional da Indústria (CNI) and its associated institutions SESI, SENAI, and IEL. It provides industry news, educational resources, statistical data, and compliance information targeted primarily at the Brazilian industrial sector and related stakeholders. The site demonstrates consistent branding and a broad content offering that supports its position as a leading industry portal in Brazil. Technically, the site leverages modern JavaScript libraries and is hosted on Microsoft Azure, but suffers from critical security shortcomings including an invalid SSL certificate and lack of HTTPS enforcement. The presence of cookie consent mechanisms and privacy policy pages indicates some compliance awareness, though GDPR compliance is uncertain. Overall, the site offers good user experience and content relevance but requires urgent security improvements to protect user data and enhance trust.

D

DataSebrae

datasebrae.com.br

56

DataSebrae is a Brazilian government-affiliated platform focused on providing data intelligence and research to support micro and small businesses. It offers a variety of studies, thematic research, and infographics to help entrepreneurs and policymakers make informed decisions. The platform is linked to Sebrae, a well-known Brazilian institution supporting small businesses, which strengthens its market position and trustworthiness. Technically, the website is built on WordPress using Bootstrap and jQuery, with integrations for Google Analytics, Google Tag Manager, and Mailchimp for marketing and analytics. However, the site suffers from an invalid SSL certificate, no advanced security headers, and lacks DNSSEC, which poses security risks. The site is moderately optimized for mobile and accessibility but has slow load times. No explicit privacy, cookie, or terms of service policies were found, indicating compliance gaps. Overall, the platform serves as a valuable resource for its target audience but requires significant improvements in security and compliance to protect users and data.

D

Deen - Agência de Marketing Digital

deen.com.br

52

Deen - Agência de Marketing Digital is a small Brazilian digital marketing agency specializing in branding, social media, and website development services. The company targets businesses seeking to enhance their digital presence, primarily within Brazil. The website highlights notable clients and awards, positioning Deen as a recognized player in the digital marketing sector. Technically, the website employs multiple marketing and analytics tools such as Google Analytics, Hotjar, LinkedIn Insight Tag, and Jivochat, indicating a moderate level of digital maturity. However, the site suffers from significant security shortcomings, including an invalid SSL certificate, lack of HTTPS enforcement, and absence of essential security headers and DNS security features. These issues expose the site and its visitors to potential risks and undermine trust. Overall, while the business demonstrates good branding and content quality, the technical and security posture requires urgent improvement to align with industry best practices and regulatory compliance.

S

Short&Sweet Marketing

shortandsweet.com.br

66

Short&Sweet Marketing is a Brazilian digital marketing agency specializing in data-driven performance marketing, including SEO, inbound marketing, PPC, and lead generation. Positioned as an RD Station Silver Partner, the company demonstrates a strong market presence with over 15 years of experience and a portfolio of successful client case studies. The website reflects a professional and consistent brand image targeting businesses seeking to enhance their digital sales channels. Technically, the site is built on modern frameworks such as React and Next.js, utilizing Material-UI for UI components, and integrates various marketing and analytics tools including Google Analytics, Google Tag Manager, and reCAPTCHA for security. However, the absence of a valid SSL certificate and lack of HTTPS support represent significant security weaknesses. The site implements basic email security measures like SPF and DMARC but lacks advanced security headers and practices. Overall, the digital infrastructure supports the business model but requires urgent improvements in security to protect data and enhance user trust.

F

FoccoLOJAS

foccolojas.com.br

51

FoccoLOJAS is a specialized software-as-a-service platform focused on providing comprehensive management solutions for furniture retail stores in Brazil. The company offers a 100% web-based system that integrates all store processes from customer entry to product delivery, aiming to increase sales efficiency and profitability. Their key services include sales management, budgeting and negotiation tools, client portfolio management, mobile applications for remote management, and business intelligence analytics. The business is positioned as a trusted partner for over 2,000 furniture stores nationwide, supported by a strong brand presence and customer testimonials. Technically, the website is built on WordPress with the Elementor framework, utilizing a variety of modern web technologies and third-party integrations such as Cloudflare for DNS and CDN services, Cookiebot for cookie consent management, and multiple analytics and marketing tools including Google Analytics, Hotjar, and Microsoft Application Insights. Despite a rich technology stack, the website suffers from performance issues due to a large number of resources and lacks a valid SSL certificate, which impacts security and user trust. From a security perspective, the site has implemented SPF for email protection but lacks DMARC, DNSSEC, and CAA records, and does not have a valid SSL certificate or HSTS enabled. The extensive use of third-party tracking and marketing scripts indicates a high level of user data collection, though managed through Cookiebot's consent mechanism. No explicit security policy, incident response, or data protection officer information is found, indicating potential gaps in formal security governance. Overall, FoccoLOJAS presents a mature business with a specialized market focus and a comprehensive digital presence. However, its security posture requires significant improvements, particularly in SSL/TLS configuration and formal security policies, to enhance trust and compliance. Performance optimization and clearer contact information would also benefit user experience and credibility.

M

Mktnow

mktnow.com.br

57

Mktnow is a Brazilian digital marketing agency specializing in performance-driven advertising and e-commerce solutions, with a strong focus on the VTEX platform. The company offers a comprehensive suite of services including campaign management, design, development, email marketing, social media, and marketplace integration. Positioned as a medium-sized agency, Mktnow leverages partnerships with major platforms such as Google, Facebook, and HubSpot to deliver measurable results for clients. Technically, the website infrastructure is supported by Cloudflare DNS and uses multiple modern marketing and analytics tools, though performance optimization could be improved given the slow load times and large page size. Security posture is basic with a valid SSL certificate but lacks advanced protections such as HSTS, DNSSEC, and DMARC, which are recommended to enhance trust and email security. The site employs extensive user tracking via multiple analytics and marketing scripts, balanced by a cookie consent mechanism. Overall, Mktnow demonstrates a solid digital presence and marketing maturity but should address security and privacy policy gaps to strengthen compliance and user trust.

C

Contentserv

contentserv.com

63

Contentserv is an enterprise-level technology company specializing in AI-powered Product Experience Management (PXM) cloud solutions. Recently acquired by Centric Software, Contentserv offers a comprehensive suite of services including Product Information Management, Digital Asset Management, and Multichannel Publishing, targeting marketers, product teams, and IT professionals. The website is built on HubSpot CMS and integrates multiple marketing and analytics tools, demonstrating a mature digital infrastructure. However, the current SSL/TLS configuration is invalid, posing a significant security risk. While privacy and cookie policies are present and GDPR compliant, there is no explicit security policy or incident response information publicly available. Overall, the company maintains a strong market position with excellent branding and content quality but should urgently address its SSL/TLS issues and enhance transparency around security practices.

S

Spryker Systems GmbH

spryker.com

63

Spryker Systems GmbH operates a leading digital commerce platform tailored for enterprise B2B, B2C, and marketplace solutions. Recognized as a leader by Gartner and IDC, Spryker offers a modular, cloud-capable commerce stack that supports diverse business models and sophisticated commerce needs. The company targets enterprise clients seeking scalable and extensible commerce technology with a strong partner ecosystem. Technically, the website is built on WordPress with integrations including HubSpot, Google Analytics, and Cloudflare for hosting and DNS. While the site demonstrates good SEO and content quality, performance is slow with a high load time and large page size. Mobile optimization is good, but accessibility could be improved. From a security perspective, Spryker has implemented SPF and DMARC DNS records, indicating attention to email security and domain protection. However, the SSL certificate is invalid or missing, and no TLS protocols are enabled, which is a critical security concern. Other best practices like HSTS, DNSSEC, and OCSP stapling are not implemented, reducing the overall security posture. Overall, Spryker presents a strong market position and business model but should urgently address its SSL/TLS configuration and enhance security headers to protect its digital assets and customer trust. The website's comprehensive privacy and cookie policies, along with consent mechanisms, reflect good compliance with GDPR requirements.