Security Directory

S

Sustinere

sustinere.ee

60

Sustinere is a medium-sized ESG and sustainability advisory firm operating primarily in the Baltic region since 2016. The company offers a comprehensive suite of services including ESG strategy development, climate impact assessments, risk management, and digital solutions to support sustainability transformations. Their client base spans 11 sectors, indicating a broad market reach and trusted reputation. Technically, the website is built on WordPress with Elementor and Astra theme, leveraging modern web technologies and Google Tag Manager for analytics. The site is mobile-optimized and SEO-friendly, though accessibility features are basic. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities, but lacks explicit privacy and incident response policies. Overall, the website reflects a professional and credible business with room for improvement in privacy compliance and transparency.

H

HansaLaw

hansalaw.ee

45

HansaLaw is an internationally recognized legal and tax advisory firm with over 10 years of experience, operating primarily in the Baltic region with offices in Tallinn, Riga, and Vilnius. The firm offers comprehensive legal consulting and conflict resolution services tailored to clients seeking expert legal advice. The website is built on WordPress using the Avada theme, incorporating modern web technologies and third-party marketing and analytics tools such as Google Analytics, Facebook Pixel, and Adform tracking. The site is well-designed, mobile-optimized, and provides clear navigation, although it lacks explicit privacy and cookie policies, which impacts its privacy compliance rating. Security posture is adequate with HTTPS enabled and good SSL configuration, but could be improved by enabling DNSSEC and adding security headers. No WAF or blocking mechanisms were detected, and the domain registration data is consistent with the business claims, supporting legitimacy.

L

Lappset Group

lappset.com

65

Lappset Group is a global manufacturer and supplier specializing in playground equipment, outdoor exercise equipment, park furniture, and interactive sports equipment. The company targets diverse markets including schools, public spaces, private yards, sports facilities, healthcare, and leisure sectors. Their business model includes manufacturing, custom solutions, and lifecycle services such as installation, maintenance, and recycling. The website reflects a well-established brand with comprehensive product and service offerings, supported by certifications like Environmental Product Declarations (EPDs). Technically, the website is built on modern frameworks such as Vue.js and Tailwind CSS, with good mobile optimization and SEO practices. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers and explicit policies could be improved. The absence of WHOIS data is a notable anomaly but does not detract significantly from the overall legitimacy given the professional web presence. Strategic recommendations include enhancing security headers, publishing a security policy, and adding vulnerability disclosure information to strengthen trust and compliance.

IITEE OÜ is an Estonian IT service provider specializing in professional IT solutions for companies, particularly those in the manufacturing sector. Founded in 2006, the company offers IT maintenance, hosting services with high availability, and Office 365 business-class email solutions. Their business model focuses on providing reliable and efficient IT support to improve operational efficiency for their clients. The website reflects a small but professional company with clear contact information and a focus on B2B services. Technically, the website uses a modern frontend stack including Bootstrap, jQuery, Owl Carousel, and Google Fonts. Google Analytics and Google Tag Manager are employed for user tracking and marketing insights. The site is mobile responsive and well-structured, though accessibility features are basic. Hosting appears to be managed by Elkdata OÜ, consistent with the WHOIS data. From a security perspective, the website uses HTTPS and avoids exposing sensitive data. However, no explicit security headers were detected, and there is a lack of privacy and cookie policies, which impacts GDPR compliance. No vulnerability disclosure or incident response information is provided. The security posture is moderate but could be improved by implementing standard security headers and formal policies. Overall, the website is professional and trustworthy with a solid business foundation. The main risks relate to privacy compliance and security best practices, which should be addressed to enhance trust and regulatory adherence.

B

Baptist Bible Fellowship Internation

bbfi.org

58

Baptist Bible Fellowship International (BBFI) is a non-profit religious fellowship organization dedicated to serving Baptist pastors and their churches in fulfilling the Great Commission. With a history spanning over 75 years, BBFI organizes events, conferences, and provides resources to support its community. The organization maintains an active digital presence through its website and multiple social media platforms, offering event registrations, official reports, and educational materials. The website is built on the Squarespace platform, leveraging modern web technologies and multimedia content such as YouTube videos to engage its audience. Technically, the website demonstrates moderate digital maturity with good mobile optimization and a clean, professional design. However, it lacks some advanced security headers and explicit privacy and cookie policies, which are important for compliance and user trust. The site enforces HTTPS, ensuring secure communications, but could improve its security posture by implementing additional best practices. No forms or direct data collection mechanisms are present on the homepage, reducing immediate privacy risks. Overall, BBFI's website reflects a legitimate and established organization with consistent branding and clear contact information. The absence of WHOIS data limits domain registration insights, but the content and external partnerships support the site's authenticity. Strategic improvements in privacy compliance and security configurations would enhance trust and regulatory adherence.

M

MAINOR

mainor.ee

45

MAINOR is an established Estonian corporate group with a 50-year history, operating primarily in environment, education, healthcare, and energy sectors. The company acts as a parent entity to multiple subsidiaries and is involved in significant development projects including Estonia's third largest economic city. The website is professionally designed, multilingual, and built on WordPress with modern frontend technologies. It includes SEO optimizations and a cookie consent mechanism, reflecting a moderate level of digital maturity. Security posture is adequate with HTTPS enabled and no visible vulnerabilities, though security headers and explicit security policies are absent. Privacy compliance is supported by a privacy policy and cookie consent, but lacks detailed data protection officer or incident response information. Overall, the site is trustworthy and credible, with room for improvement in security best practices and transparency.

F

Forlle'd

forlle-d.com

54

Forlle'd appears to be a skincare brand with a website built on modern JavaScript frameworks such as Nuxt.js and Vue.js. The site includes product showcases and professional/scientific content related to skincare. The technical infrastructure is moderately modern with Google Analytics and Tag Manager integrated for tracking. However, the website lacks critical privacy and cookie policies, contact information, and security headers, which are important for compliance and trust. The domain is well-established, registered since 2004 with a reputable registrar, indicating business stability. Security posture is weak due to missing headers and lack of explicit security policies. Overall, the site is functional and professionally designed but requires improvements in privacy compliance and security best practices to enhance trust and regulatory adherence.

E

Ellex Raidla Advokaadiburoo OU

raidlaellex.ee

58

Ellex is a leading Baltic law firm with over 30 years of experience and a team of 250+ professionals, offering a wide range of legal services across multiple sectors including banking, energy, technology, real estate, and healthcare. The firm operates regionally with offices in Estonia, Latvia, and Lithuania, and holds international recognition and awards. The website is built on WordPress with modern SEO and analytics tools, featuring a comprehensive cookie consent mechanism and multi-language support. Security posture is strong with HTTPS enforcement and domain transfer protection, though some security headers could be improved and no explicit security or incident response policies are published. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.

KV.EE is a leading Estonian real estate portal offering a wide range of property listings including apartments, houses, land, and commercial spaces for sale and rent. The website targets Estonian property buyers, sellers, and renters, positioning itself as the first and foremost real estate portal in Estonia. The business model revolves around providing an online marketplace and listing service for real estate, supported by RSS feeds and categorized property types. Technically, the site employs standard web technologies such as HTML5, CSS3, JavaScript, and uses popular fonts and icon libraries. The design is professional and mobile-optimized, providing a good user experience and clear navigation. However, the site lacks visible advanced frameworks or CMS identification and shows moderate performance.

Metaprofit is an established Estonian training and consulting company specializing in organizational development, personnel training, and psychological services. With over 20 years of experience and a client base exceeding 500 organizations, it offers a wide range of personalized training programs and consulting services targeting both public and private sectors. The website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, it is built on WordPress with modern plugins and integrates analytics tools such as Google Analytics and Yandex Metrika. Security posture is adequate with HTTPS enabled but lacks advanced security headers and published security policies. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the website is trustworthy and functional but would benefit from enhanced privacy and security disclosures.

R

Reiting PR OÜ

reiting.ee

45

Reiting PR OÜ is an established Estonian company specializing in adult education, business training, and accounting services. Founded in 2010, it operates a professional website offering a wide range of practical courses, including entrepreneurship, personal work, logistics, IT, and language training. The company also provides reliable accounting services for businesses and housing associations, alongside psychological and addiction counseling. It holds a reputable market position as a partner of the Estonian Unemployment Insurance Fund (Töötukassa) and collaborates with several recognized local organizations. The website is well-structured, content-rich, and targets adult learners, entrepreneurs, and professionals seeking skill development.

K

Kingivabrik OÜ

kingivabrik.ee

41

Kingivabrik OÜ operates a professional e-commerce website specializing in promotional and corporate gifts, offering a wide range of branded merchandise including writing instruments, souvenirs, gift sets, drinkware, textiles, and sweets. The company targets businesses and organizations looking for customized logo products to enhance brand visibility and employee recognition. With over 13 years of experience and a strong client base exceeding 10,000 companies, Kingivabrik holds a solid position in the Estonian retail market for promotional goods. The website is built on a WordPress platform using WooCommerce, enhanced by the Avia Framework and various plugins for e-commerce functionality, multilingual support, and marketing integrations. The technical infrastructure includes modern tracking and analytics tools such as Google Analytics and Facebook Pixel, alongside a live chat widget for customer support. The site demonstrates good mobile optimization, SEO practices, and user experience design, although some accessibility features could be improved. From a security perspective, the site enforces HTTPS and employs Google reCaptcha on its contact form to mitigate spam. Cookie consent mechanisms are implemented in compliance with GDPR, and privacy policies are clearly accessible. However, the site lacks explicit security headers and published security or incident response policies, which could be enhanced to strengthen its security posture. Overall, Kingivabrik's website reflects a trustworthy and professional business with a good balance of content quality, technical implementation, and privacy compliance. Strategic improvements in security headers and transparency around security policies would further enhance its risk profile and customer trust.

M

monitorTech

monitortech.co.nz

51

monitorTech is a small New Zealand-based company specializing in electronic repair services, computer upgrades, safety testing certifications, and authorized sales and warranty service for ViewSonic monitors and projectors. The company targets both consumers and commercial clients primarily in Christchurch and surrounding areas. The website is built on WordPress and uses common web technologies such as jQuery and Owl Carousel, with moderate performance and good mobile optimization. While the site is professional and well-branded, it lacks key compliance documents such as privacy and cookie policies, and does not implement security headers, which are important for enhancing security posture. The domain is well-established since 2009, indicating a stable business presence. Overall, the website provides clear contact information and relevant content but could improve in privacy compliance and security best practices.

M

Modera

modera.com

50

Modera is a medium-sized B2B software company specializing in automotive retail solutions, including CRM, e-commerce, and digital showroom tools. Established in 2003, it serves manufacturers, importers, and dealers across multiple countries with a strong market presence and reputable client base. The website is professionally designed using WordPress and Elementor, with modern web technologies and SEO optimizations. Security posture is good with HTTPS and transfer protection on the domain, but could be improved by enabling DNSSEC and adding security headers. Privacy compliance is basic with a cookie consent mechanism but lacks explicit privacy and terms policies. Overall, the site is trustworthy and business credible but should enhance privacy and security transparency.

R

RangeForce

rangeforce.com

72

RangeForce is a cybersecurity training platform specializing in cloud-based cyber ranges and solo labs designed to empower security operations centers (SOCs) and threat hunters. The company positions itself as a provider of realistic, team-focused training environments that use real tools and networks to close technical and soft skills gaps. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content targeting enterprise security teams. Technically, the site leverages HubSpot CMS, Google Analytics, and modern JavaScript libraries to deliver a responsive and engaging user experience. Security posture is solid with HTTPS enforced and privacy compliance evident through cookie consent mechanisms and detailed privacy policies. However, the absence of WHOIS data and explicit security headers slightly reduces trustworthiness. Overall, RangeForce presents as a credible and professional cybersecurity training provider with room for improvement in transparency and security best practices.

P

Puidukoda OÜ

puidukoda.eu

49

Puidukoda OÜ is a medium-sized Estonian manufacturing company specializing in high-quality planed softwood timber products, founded in 1997 and part of the French Groupe Rose. The company operates modern automated production lines with a capacity exceeding 225,000 m³ annually and offers additional finishing services such as painting and impregnation. Their market position is strong in Europe, supported by a professional website with multilingual support and e-commerce capabilities. Technically, the website is built on WordPress with WooCommerce and employs modern SEO and privacy compliance tools, including GDPR cookie consent mechanisms. Security posture is good with HTTPS enforced and no visible vulnerabilities, though some security headers could be improved. Overall, the company demonstrates a professional digital presence aligned with its business operations and compliance requirements.

V

Vanalinna Ehitus

vanalinnaehitus.ee

44

Vanalinna Ehitus is an established Estonian construction company specializing in building construction under main contracting agreements. Founded in 2010, the company emphasizes flexibility, client-centric approaches, and quality workmanship. Their website reflects a professional and modern digital presence with multilingual support for Estonian, Finnish, and Swedish audiences. The company showcases a portfolio of projects and maintains active social media channels, reinforcing their market position. Technically, the site is built on WordPress with modern libraries and optimizations, delivering good performance and mobile responsiveness. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though some security headers could be improved. Privacy compliance is addressed with a privacy policy and cookie consent mechanism. Overall, the website supports the company's credibility and business goals effectively.

C

ChangeGroup

changegroup.com

74

ChangeGroup is a well-established global leader in currency exchange and related financial services, operating over 100 bureaus across multiple continents. Owned by Prosegur, a publicly listed company, ChangeGroup offers a broad portfolio including currency exchange, money transfers, tax free refunds, and ATM networks, targeting international travelers and business clients. The website reflects a mature digital presence with a focus on user experience and accessibility. Technically, the site uses modern web technologies and appears to be built on a robust CMS platform, likely Adobe Experience Manager. Security posture is strong with HTTPS enforced and cookie consent implemented, though explicit security headers and policies could be improved. WHOIS data for the subdomain is unavailable, which is expected and not suspicious. Overall, the site demonstrates professionalism, trustworthiness, and compliance with privacy regulations.

M

MAS Holdings

masholdings.com

67

MAS Holdings is a leading innovative clothing manufacturer specializing in high-quality garments including sportswear, lingerie, sleepwear, swimwear, and medical apparel. Established in 2000, the company operates at an enterprise scale and targets businesses and brands seeking garment manufacturing solutions. The website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the site is built on WordPress with modern technologies such as Bootstrap, jQuery, and Google reCAPTCHA, and employs SEO best practices via Yoast SEO Premium. Security posture is solid with HTTPS enabled and reCAPTCHA protecting forms, though DNSSEC is not enabled and security headers are not explicitly detected. Privacy compliance is basic with a cookie consent mechanism but no visible privacy policy or terms of service on the main site. Overall, the website is trustworthy and professionally maintained, with room for improvement in security headers and privacy documentation.

A

As Balsnack International Holding

balsnack.ee

43

Balsnack is an established Estonian snack food company founded in 2010, specializing in unique snack products such as potato waffles, popcorn, and breakfast cereals. The company operates an e-commerce platform built on WordPress and WooCommerce, targeting both local consumers and export markets. The website reflects a professional and consistent brand image with good content quality and user experience. Technically, the site uses modern web technologies including jQuery and Google APIs, hosted by Elkdata OÜ, a local Estonian registrar and hosting provider. Security posture is adequate with HTTPS enabled and cookie consent implemented, but lacks advanced security headers and explicit privacy or security policies. No critical vulnerabilities or WAF blocks were detected, indicating a stable and accessible site. Overall, the website demonstrates a medium-sized retail business with a solid online presence but could improve privacy compliance and security transparency.

N

Nyenburgh Holding B.V.

nyenburgh.com

50

Nyenburgh Holding B.V. is a Dutch licensed proprietary trading firm specializing in providing liquidity to global financial markets through proprietary and arbitrage trading strategies. The company operates with a robust infrastructure co-located in major financial hubs including New York, Frankfurt, Milan Bergamo, and London, ensuring low-latency access and data for professional traders. Regulated by the Netherlands Authority for Financial Markets (AFM) and the Dutch Central Bank (DNB), Nyenburgh emphasizes risk management and operates solely with its own capital, not involving client funds. Technically, the website is built on WordPress using the Enfold theme, incorporating modern web technologies such as jQuery and YouTube iframe API. The site is mobile-optimized with good SEO practices and includes a comprehensive cookie consent mechanism compliant with GDPR. However, no explicit security headers were detected, and no direct contact emails or phone numbers are publicly listed, with contact primarily via a web form. From a security perspective, the site enforces HTTPS and implements cookie consent, but lacks visible advanced security policies or incident response information. The WHOIS data is unavailable, which limits domain trust verification, though the website content and regulatory references support legitimacy. Overall, the site presents a professional and trustworthy front with room for improvement in security transparency and contact information availability. Strategically, Nyenburgh should enhance its security posture by implementing recommended HTTP security headers, publishing incident response contacts, and considering a security.txt file. Improving accessibility and providing clearer direct contact details would also strengthen user trust and compliance. These steps will help maintain its market position as a reputable and secure proprietary trading firm.

X

xChange AS

changeinvest.com

72

Change Invest operates as a fintech investment platform offering a unified app for investing in cryptocurrencies, trading stocks, indices, commodities, and CFDs with leverage. The company targets retail investors primarily within the European Economic Area, emphasizing low fees, fast deposits, and regulatory compliance under Estonian and Dutch authorities. The platform boasts over 125,000 verified users and a broad asset offering, positioning itself as a competitive player in the EU fintech market. Technically, the website is built on Webflow CMS and integrates modern analytics and marketing tools such as Google Tag Manager, Facebook Pixel, Segment Analytics, and Adjust SDK. The site is mobile-optimized, fast-loading, and well-structured, providing an excellent user experience. However, some security best practices like explicit security headers are missing, and no incident response or vulnerability disclosure information is publicly available. From a security perspective, the platform enforces HTTPS, uses cold wallets for crypto custody, and provides public proof of reserves, indicating a mature security posture. Cookie consent mechanisms are implemented with opt-in features, supporting GDPR compliance. The absence of WHOIS registration data is a notable concern, potentially indicating privacy protection or data unavailability, which slightly reduces trustworthiness. Overall, Change Invest presents a professional, secure, and compliant fintech service with strong market positioning in the EU. Strategic improvements in transparency around security policies and WHOIS data would enhance trust and compliance further.

I

Islamic Azad University | Dubai Branch

iau.ae

49

Islamic Azad University Dubai Branch is an educational institution offering fourteen quality and cost-effective degree programs with English as the medium of instruction. The university aligns its curricula with nationally approved standards, targeting students in Dubai and the UAE region. The website is built on a WordPress platform using Elementor, indicating a modern and maintainable technical infrastructure. SEO practices are implemented, and the site is mobile optimized with good user experience. Security posture is adequate with HTTPS enabled, but lacks explicit security headers and incident response information. Privacy and cookie policies are not found, indicating compliance gaps. Overall, the site is professional and credible but would benefit from enhanced privacy and security disclosures.

G

GDPR Register

gdprregister.eu

53

GDPR Register is a specialized technology company providing GDPR compliance software tools designed to streamline privacy management for organizations. The company offers a SaaS platform that supports data mapping, records of processing activities, data breach registers, contract lifecycle management, and reporting tools. Their market position is that of an established GDPR compliance software provider with a focus on privacy teams and Data Protection Officers, primarily serving clients in the EU and UK regions. The website demonstrates a mature digital presence with multilingual support and integration of modern marketing and analytics technologies. Technically, the website is built on WordPress using Elementor, with a modern tech stack including jQuery, FontAwesome, and Klaviyo for marketing automation. The site is well-optimized for SEO and mobile responsiveness, with good performance and accessibility features. Security posture is strong, with HTTPS enforced and multiple security headers present. No critical vulnerabilities or exposed sensitive data were detected. However, the site lacks a publicly visible vulnerability disclosure policy and explicit incident response contact details. Overall, GDPR Register presents a professional, trustworthy, and secure online presence consistent with its business focus on data privacy compliance. The domain WHOIS data is privacy protected, which aligns with the nature of the business. The site integrates trusted client logos and provides comprehensive privacy and cookie policies, reinforcing its compliance credentials. Strategic recommendations include publishing a vulnerability disclosure policy, enhancing incident response transparency, and improving accessibility compliance to further strengthen trust and security posture.

O

olgatessari

olgatessari.com

47

Olga Tessari is a small Brazilian business focused on personal development, psychology, and behavioral consulting. The website provides guidance and information aimed at helping individuals improve themselves and achieve happiness across various life areas. The business operates primarily through content dissemination and consulting services, targeting individuals interested in self-improvement. The site is built on WordPress using common plugins and themes, indicating a moderate level of digital maturity. The technical infrastructure supports good mobile optimization and SEO practices, though performance is moderate. Security posture is adequate with HTTPS enabled but lacks advanced security headers and published security policies. The absence of privacy and cookie policies indicates compliance gaps. WHOIS data is unavailable, which raises some trust concerns, but the website content and social media presence support legitimacy. Strategic recommendations include enhancing security headers, publishing privacy and cookie policies, and improving incident response transparency.

The website bkry.org is a personal or small-scale blog site operated by an individual named Adam Saynuk. The site primarily serves as a platform for philosophical blog content with minimal additional business or commercial services. The domain is registered since 2011 under the organization 'studio_saynuk' in the US, consistent with the website owner’s identity. The site uses WordPress CMS with standard plugins and minimal customization. Technical infrastructure is basic but functional, with HTTPS enabled and moderate performance. However, the site lacks advanced security measures such as DNSSEC and security headers, and no privacy or cookie policies are present, indicating limited compliance with privacy regulations. Contact information is not explicitly provided, reducing business credibility and user trust.

T

The University of Alabama

ua.edu

66

The University of Alabama is a prominent public educational institution offering a broad spectrum of undergraduate and graduate programs. The website reflects a strong brand identity consistent with a major university, targeting prospective students, current students, faculty, staff, and alumni. The site provides comprehensive academic information, campus life resources, and news updates, supporting its role as a leading university in the region. Technically, the website is built on WordPress and leverages modern web technologies including Google Tag Manager, New Relic for performance monitoring, and various font and icon libraries. The site demonstrates excellent performance, mobile optimization, and accessibility features, contributing to a positive user experience. From a security perspective, the site enforces HTTPS and employs monitoring tools, with no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. However, explicit security policies and incident response information are not publicly available, representing an area for improvement. Overall, the website is professional, trustworthy, and well-maintained, with minor gaps in security transparency. The domain WHOIS data is unavailable due to .edu domain restrictions but the site’s content and external references strongly affirm its legitimacy.

Stimscape OÜ is a small specialized service provider operating primarily in Estonia and Finland, offering digital imaging technician (DIT) services and technical solutions for film and TV production sets and studios. Their key offerings include on-set data management, LTO archiving, and IT solutions tailored to the media production industry. The website presents a professional image with clear navigation, client logos, and references to notable film and TV projects, positioning the company as a niche technical partner in the media sector. Technically, the website uses a basic but functional technology stack including jQuery, Google Fonts, Font Awesome, and Google Analytics for user tracking. The site is moderately optimized for performance and mobile use but lacks advanced accessibility features. No CMS or hosting provider details are evident. SEO is basic with meta keywords and description present but no advanced structured data or Open Graph tags. From a security perspective, the site lacks critical security headers and does not provide privacy or cookie policies, which impacts GDPR compliance. No forms or user input fields reduce attack surface, but the absence of incident response contacts and security policies indicates a low maturity in security governance. The WHOIS data aligns well with the business claims, showing a consistent registrant in Estonia, supporting domain legitimacy. Overall, the website is functional and professional but would benefit from enhanced privacy compliance, improved security posture, and more comprehensive contact and policy disclosures to increase trust and reduce risk.

E

Elkdata OÜ

remedyway.ee

45

Wiru Mill operates an e-commerce website specializing in organic and specialty food products such as specialty breads, organic olive oil, and buckwheat products. The business is relatively new, established in 2023, and targets consumers interested in healthy and organic food options. The website is built on WordPress with WooCommerce, leveraging common plugins and Google services for analytics and advertising. The technical infrastructure is standard for small to medium e-commerce sites, hosted by Elkdata OÜ, which is also the domain registrar, indicating consistency and legitimacy. Security measures include HTTPS and Google reCAPTCHA, but lack advanced security headers and explicit privacy or cookie policies. The absence of contact information and compliance documents reduces trust and privacy compliance scores.

C

Casa de Baile

tantsukeskus.ee

40

Casa de Baile is Estonia's largest and most recognized salsa school based in Tallinn, offering salsa, bachata, kizomba, and other Latin American social dance courses primarily targeting beginners and dance enthusiasts. The website reflects a well-established business with a domain age since 2010, consistent with its market presence. The technical infrastructure uses modern web technologies including jQuery, Vue.js, Bootstrap, and integrates Google Analytics and Facebook Pixel for marketing and analytics purposes. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Security posture is adequate with HTTPS enforced and cookie consent implemented, though some security headers and incident response information are missing. Overall, the website demonstrates a solid business credibility and compliance with GDPR through privacy and cookie policies. Strategic improvements in security headers and incident response readiness would enhance the security maturity further.

A

Atom

cyberland.io

75

Atom operates a professional domain marketplace platform offering premium domain names such as CyberLand.io. The website is well designed, mobile optimized, and provides multiple contact channels including phone, email, and chat support. The platform targets startups and technology companies seeking brandable domain names. Technically, the site uses modern monitoring tools like New Relic and Google Tag Manager, and enforces HTTPS for secure communications. However, the absence of privacy and cookie policies, as well as missing WHOIS data for the domain, present gaps in compliance and trust verification. Security posture is generally good with no visible vulnerabilities, but could be improved with additional security headers and explicit policies. Overall, the site is functional and professional but would benefit from enhanced transparency and compliance documentation.

O

OÜ KINO MAASTIKUARHITEKTID

kinoline.ee

53

OÜ KINO MAASTIKUARHITEKTID is a small Estonian landscape architecture firm specializing in the design of public spaces, parks, and urban landscapes that blend modern design with sustainable thinking. The company presents a professional online portfolio showcasing recent projects and maintains active social media channels to engage with clients and the public. The website is built on a modern WordPress platform using Elementor and Jet plugins, optimized for mobile devices and SEO. Security posture is solid with HTTPS enabled and a comprehensive cookie consent mechanism in place, though additional security headers could enhance protection. The domain registration is transparent and consistent with the business's Estonian location and timeline. Overall, the website reflects a credible, professional business with good digital maturity and compliance with privacy regulations.

C

ClanBeat

clanbeat.com

65

ClanBeat operates the website clanbeat.com, offering an app focused on supporting well-being and nurturing social and emotional learning through co-creation. The company targets educators, students, international schools, fitness communities, and lifelong learning communities. The business model centers on providing digital tools for well-being tracking, quality reflections, meaningful connections, and co-creation, positioning itself as a niche player in the education technology sector. The website is professionally designed with clear navigation and good content quality, supporting its market position as a specialized educational app provider. Technically, the site is built on WordPress, leveraging modern technologies such as NitroPack for performance optimization, Google Tag Manager for analytics, and Cloudflare for DNS services. The site demonstrates good mobile optimization and SEO practices but lacks some accessibility features. Security posture is adequate with HTTPS enabled and domain registration protections in place; however, the absence of DNSSEC and security headers indicates room for improvement. Privacy compliance is weak due to missing privacy and cookie policies and lack of consent mechanisms. Business credibility is supported by consistent branding and structured data but is limited by the absence of direct contact information and security policies. Overall, the site scores moderately well but should address privacy and security policy gaps to enhance trust and compliance.

D

DeltaHeroes OÜ

deltaheroes.com

42

DeltaHeroes OÜ is a small Estonian consulting firm specializing in strategic partnership consulting, focusing on connecting Asia-Pacific with Estonian technology companies. Their core business involves investment scouting, matchmaking between startups and enterprises, organizing business delegations, and conducting seminars on corporate innovation and strategic investment. The company positions itself as a bridge between the Baltic and Asian regions, targeting entrepreneurs, investors, and enterprises interested in cross-regional collaboration. Technically, the website employs modern web technologies including Google reCAPTCHA for form security, Google Tag Manager for analytics, and lazy loading for images to optimize performance. The site is mobile-optimized with good navigation and SEO practices. Hosting appears to be managed via NameCheap, consistent with the domain registrar information. From a security perspective, the website enforces HTTPS and uses CAPTCHA on its contact form, which are positive indicators. However, it lacks explicit security headers and does not provide privacy or cookie policies, which are important for GDPR compliance and user trust. No incident response or vulnerability disclosure information is available, representing an area for improvement. Overall, the website is professional and credible with consistent WHOIS data and clear business information. The main risks relate to privacy compliance and security hardening. Strategic recommendations include publishing privacy and cookie policies, implementing security headers, and establishing vulnerability disclosure mechanisms to enhance trust and compliance.

T

TESRON EHITUS OÜ

tesron.ee

43

Tesron Ehitus OÜ is an Estonian construction company specializing in general contracting, project management, and design services. Founded in 2018, the company employs experienced construction professionals and emphasizes systematic, innovative, and thoughtful work. The website reflects a focused business model targeting local Estonian clients in the construction and real estate sectors, showcasing ongoing projects and company credentials. The digital presence is built on WordPress with common plugins, providing a functional and moderately optimized user experience. Security posture is solid with HTTPS and no exposed sensitive data, though improvements in security headers and incident response transparency are recommended. Privacy compliance is partially met with a privacy policy but lacks cookie consent mechanisms. Overall, the website is professional and trustworthy, supporting the company's market position as a reliable construction service provider in Estonia.

C

Colombo Stock Exchange

cse.lk

72

The Colombo Stock Exchange (CSE) is the primary stock exchange in Sri Lanka, serving as a critical financial market infrastructure provider. The website offers comprehensive information on equity and debt trading, market disclosures, financial reports, and investor education. It targets investors, listed companies, and financial professionals within Sri Lanka and the broader financial community interested in Sri Lankan markets. The CSE holds a significant market position as the national stock exchange, facilitating capital market activities and supporting economic growth.

G

GoSwift

goswift.eu

63

GoSwift is a technology company specializing in digital transportation management solutions aimed at optimizing logistics and freight operations. The company offers services such as scheduling arrivals, queue management, automated access, and yard management, targeting logistics operators and industrial clients. The website demonstrates a professional digital presence with multilingual support and trusted client logos, indicating a credible market position in the transportation sector. Technically, the site is built on WordPress with Elementor and Yoast SEO, leveraging modern web technologies and Google Tag Manager for analytics. Security posture is good with HTTPS enforced, though security headers and explicit privacy policies are lacking. Overall, the site is well-structured and user-friendly but could improve transparency and compliance documentation. Strategic recommendations include adding privacy and terms policies, enhancing security headers, and providing clear contact and incident response information.

D

Digimatch OÜ

digimatch.eu

46

Digimatch OÜ is a specialized international business consultancy founded in 2020, focused on facilitating Estonian digital companies' growth in the German market. Leveraging a vetted network of partners and a mission to accelerate growth through partnerships, Digimatch offers matchmaking, warm lead connections, market research, entry strategy, and funding assistance. The company operates primarily in the technology sector with a small-sized business profile based in Estonia. The website is professionally designed using WordPress and Elementor, with good mobile optimization and clear navigation. Security posture is strong with HTTPS and security headers, though explicit security policies and cookie consent mechanisms are absent. Privacy policies are comprehensive and GDPR compliant. Contact information is clearly provided, including email, phone, and physical address, alongside social media presence on LinkedIn and Facebook.

R

Royal Vopak

vopak.com

63

Royal Vopak operates as a global independent infrastructure provider specializing in tank storage solutions, positioning itself as the world’s leading company in this sector. The website reflects a large enterprise with a focus on energy transition, sustainability, and terminal operations, targeting industrial and commercial clients worldwide. The digital presence is professional, with a modern design and good mobile optimization, supported by a Drupal CMS platform and integration of analytics and marketing tools such as Google Analytics, Hotjar, and Cookiebot for consent management. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers and incident response information are absent. The lack of publicly available WHOIS data raises some concerns about domain registration transparency, but the website content and branding suggest legitimacy. Privacy compliance is partially met with cookie consent but lacks a clear privacy policy page. Overall, the site is functional and professional but could improve transparency and security documentation.

S

SPARK Social

sparksocial.ee

43

SPARK Social operates an Estonian-based online social media training platform branded as SPARK PRO koolitus. The website offers a comprehensive social media course targeting individuals ranging from beginners to professionals, including social media specialists, marketers, and small business owners. The business model is centered on paid online education with scheduled live sessions via Google Meet, supplemented by Q&A with industry experts and access to recorded materials. The company leverages known social media strategists and creative professionals as instructors, enhancing credibility and market positioning within the education sector in Estonia. Technically, the website is built on WordPress with WooCommerce for e-commerce functionality, WPBakery Page Builder for layout, and Slider Revolution for visual content. It uses modern web technologies including jQuery, Google Fonts, and Font Awesome icons. Hosting and domain registration are managed by Zone Media OÜ, a reputable Estonian registrar. The site demonstrates good mobile optimization and moderate performance, though accessibility and SEO optimizations are basic. From a security perspective, the site enforces HTTPS and uses secure forms via Contact Form 7. However, it lacks visible security headers such as Content-Security-Policy and X-Frame-Options, which are recommended best practices. No vulnerabilities or exposed sensitive data were detected in the HTML content. Privacy compliance is weak due to the absence of a privacy policy and cookie consent mechanism, which poses a compliance risk under GDPR. Analytics usage includes Google Analytics, indicating moderate user tracking. Overall, the website is professionally designed and credible, with a clear business focus and consistent branding. The main risks relate to privacy compliance and security header implementation. Strategic improvements in these areas would enhance trust and regulatory adherence.

A

Avitus

avitus.ee

41

Avitus is a small Estonian health portal providing information and practical advice on mental and physical health, nutrition, exercise, vitamins, and supplements. The website targets Estonian-speaking users interested in improving their health and wellbeing through informed lifestyle choices. The business operates primarily as an informational platform without visible e-commerce or direct service offerings. Technically, the site is built on WordPress using the GeneratePress theme, with modern web technologies and good mobile optimization. The hosting and domain registration are consistent with the business location and age. Security posture is adequate with HTTPS enabled but lacks advanced security headers and DNSSEC. Privacy compliance is minimal, with only a basic privacy policy present and no cookie consent mechanism. Contact information is limited to a single company email address, with no phone or physical address provided. Overall, the site is professionally designed and trustworthy but could improve in privacy and security practices.

S

Saaremaa Golf & Country Club

saaregolf.ee

50

Saaremaa Golf & Country Club is a small hospitality business based in Estonia, specializing in golf tourism and resort services. The company offers a world-class golfing experience with well-maintained courses and resort amenities targeting golf enthusiasts and families. The website is professionally designed using WordPress with the Divi theme and incorporates modern SEO and analytics tools, indicating a moderate level of digital maturity. Security posture is generally good with HTTPS enforced and no visible vulnerabilities, but lacks some advanced security headers and explicit incident response information. Privacy compliance is weak due to missing privacy and cookie policies, which should be addressed to meet GDPR requirements. Overall, the website is trustworthy and functional, supporting the business's market position as a regional golf resort.

N

Norma

norma.ee

41

Norma is a well-established manufacturing company specializing in automotive safety system components, operating as a subsidiary of the global Autoliv group. The company serves major automotive manufacturers worldwide, leveraging over 135 years of experience. The website reflects a professional and consistent brand image, targeting automotive industry stakeholders and potential employees. The technical infrastructure is based on WordPress with modern web technologies such as Bootstrap and jQuery, providing a good user experience and mobile optimization. Security posture is solid with HTTPS enforced and sandboxed embedded content, but lacks advanced security headers and formal security policies. Privacy compliance is weak due to the absence of privacy and cookie policies. Contact information is clearly presented, enhancing business credibility. Overall, the website is functional and trustworthy but would benefit from improved privacy and security disclosures.

M

Mobalytics

mobalytics.gg

69

Mobalytics is a technology company specializing in gaming performance analytics and companion software, targeting competitive gamers across multiple popular titles such as League of Legends, TFT, Diablo 4, and others. The platform boasts over 10 million users and maintains partnerships with esports organizations, positioning itself as a leading player in the gaming analytics market. Their business model revolves around providing personalized game insights, in-game overlays, and esports data services, primarily delivered via a WordPress-based website and a Windows desktop application integrated through Overwolf. Technically, the website leverages a modern tech stack including WordPress CMS, Google Fonts, multiple analytics and marketing tools (Google Analytics, Mixpanel, Hotjar, Ahrefs, Comscore), and integrates Riot Games APIs for game data. The site is well-optimized for performance, mobile responsiveness, and SEO, with fast loading times and clear navigation. Hosting appears to be cloud-based with CDN usage for static assets. From a security perspective, the site uses HTTPS with good SSL configuration and employs asynchronous loading of scripts to minimize performance impact. However, explicit security headers are not evident, and there is no visible security policy or incident response contact information. Privacy compliance is basic, with a cookie consent mechanism present but no explicit privacy policy or terms of service found in the provided content. No direct company contact emails or phone numbers are visible, which may impact user trust and support accessibility. Overall, Mobalytics presents a professional and trustworthy online presence with strong business credibility and technical maturity. To enhance security posture and compliance, the company should publish clear privacy and security policies, implement security headers, and provide direct contact information. These improvements would further solidify user trust and regulatory adherence.

M

M-Partner

mpartner.ee

41

M-Partner is an established Estonian recruitment company specializing in the effective hiring of managers and specialists, with over 20 years of experience and more than 1000 successful recruitments. Their business model focuses on full search and headhunting services, targeting Estonian companies seeking qualified personnel. The website reflects a professional and consistent brand image, supported by client logos and clear service descriptions. Technically, the site is built on WordPress with modern frameworks like Bootstrap and integrates essential tools such as Google Tag Manager and reCAPTCHA, indicating a mature digital infrastructure. Security posture is solid with HTTPS enforcement, email obfuscation, and cookie consent mechanisms, though additional security headers and formal policies could enhance protection. Overall, the site is accessible, well-structured, and compliant with GDPR, presenting a trustworthy and credible online presence.

L

Lindab

lindab.si

40

Lindab.si is a Slovenian content and blogging website established in 2022, offering articles on a variety of topics including home, health, sports, services, and technology. The site targets a general Slovenian-speaking audience interested in diverse lifestyle and technology content. The business model is primarily content publishing with no direct e-commerce or transactional services evident. The website is built on WordPress CMS, utilizing Yoast SEO for search optimization and Google reCAPTCHA for form security. The technical infrastructure is modern and moderately performant with good mobile optimization and basic accessibility features. Security posture is adequate with HTTPS enforced and form protection via reCAPTCHA, but lacks advanced security headers and published security policies. Privacy compliance is partial, with a privacy policy page present but no cookie consent mechanism detected. Contact information is limited to a contact form without direct emails or phone numbers. Overall, the website is legitimate, consistent with its domain registration data, and presents a moderate trust level. Strategic improvements in privacy compliance, security policy transparency, and contact information availability would enhance credibility and user trust.

R

Roadplan

roadplan.ee

48

Roadplan is an Estonian company specializing in road project design, outdoor space projects, and consulting services. Founded in 2013, it positions itself as a leading road project designer in Estonia, targeting clients who require sustainable and innovative solutions for their outdoor environments. The website content is primarily in Estonian and focuses on communicating the company's expertise and service offerings. Technically, the website is built on WordPress and uses modern web technologies including Google Fonts, Google Analytics, Google Tag Manager, and reCAPTCHA for form security. The site is hosted by Zone Media OÜ, a known Estonian hosting provider. Performance and mobile optimization are good, though accessibility features are basic. SEO practices are adequately implemented with proper meta tags and Open Graph data. From a security perspective, the website uses HTTPS with a valid SSL certificate and employs reCAPTCHA to protect forms. However, it lacks important security headers and does not provide explicit security policies or incident response information. No vulnerabilities or exposed sensitive data were detected in the provided content. Overall, the website is professional and functional but lacks comprehensive privacy and cookie policies, explicit contact information, and detailed security disclosures. These gaps reduce its privacy compliance and slightly impact trustworthiness. Strategic improvements in these areas would enhance the site's security posture and user trust.

N

Nex OÜ

nex.ee

40

Nex OÜ operates as a small Estonian IT service provider specializing in computer repair, network consulting, remote support, and IT infrastructure management. The company positions itself as a reliable local partner with authorized partnerships from recognized brands such as Lenovo and Epson. Their website clearly communicates their service offerings and contact information, targeting businesses and individuals requiring IT support and hardware sales. Technically, the website is built on WordPress and utilizes modern web technologies including jQuery, LiteSpeed Cache, and Google Tag Manager. The site is mobile-optimized and performs moderately well, with good SEO and accessibility basics. However, some security best practices such as security headers are missing. From a security perspective, the site enforces HTTPS and does not expose sensitive data. However, it lacks published privacy and cookie policies, incident response contacts, and vulnerability disclosure mechanisms, which are important for compliance and trust. The WHOIS data is consistent with the business claims, enhancing legitimacy. Overall, the website is professional and functional but would benefit from improved privacy compliance and enhanced security headers to strengthen trust and regulatory adherence.

I

ITM Trade

itm.ee

67

ITM Trade is an established IT services company based in Estonia, providing a broad range of services including programming, SEO, server and workstation administration, marketing, and e-commerce solutions. With over 15 years of experience and a portfolio of more than 300 projects across 35 countries, ITM Trade holds a strong market position as a leader in its industry. The website reflects a professional and consistent brand image targeting businesses seeking comprehensive IT solutions. The technical infrastructure of the website is modern and functional, utilizing Google Fonts, Google reCAPTCHA for form security, and slick sliders for UI elements. The site is mobile optimized and SEO friendly, though there is room for improvement in accessibility and performance optimization. Hosting and domain registration are managed by Zone Media OÜ, a reputable Estonian registrar. From a security perspective, the website employs HTTPS and reCAPTCHA, and implements a cookie consent mechanism compliant with GDPR. However, it lacks advanced security headers and a published security policy or incident response contacts. No vulnerability disclosure or security.txt file is present, which are recommended for enhanced transparency and security posture. Overall, the website is trustworthy and professionally maintained, with a good balance of content quality, technical implementation, and privacy compliance. Strategic improvements in security policies and DNS security would further strengthen its risk profile.

E

European Film Agency Directors association

europeanfilmagencies.eu

68

The European Film Agency Directors association (EFAD) is a non-profit organization representing national film and audiovisual agencies across European countries. It serves as a collective voice for these agencies, which are government or government-associated bodies responsible for funding and regulating audiovisual policies. EFAD's market position is that of a recognized umbrella organization facilitating cooperation, joint initiatives, and advocacy in the European audiovisual sector. The website reflects a professional and well-structured digital presence, supporting EFAD's mission and providing resources such as news, projects, and member information. Technically, the website employs modern web technologies including JavaScript ES modules, Google Fonts, and the Vite build tool. It uses Plausible Analytics for privacy-conscious visitor tracking. The site is mobile-optimized, accessible, and SEO-friendly, with a moderate performance profile. Hosting details are not explicitly identified, but the site uses HTTPS with strong SSL configuration. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers such as Content-Security-Policy or X-Frame-Options, and does not publish a security policy or vulnerability disclosure. The WHOIS data is privacy protected by EURid, which is typical for .eu domains, and no suspicious patterns are detected. Contact information and privacy compliance measures are clearly presented, supporting trustworthiness. Overall, EFAD's website demonstrates a mature digital presence aligned with its organizational goals. Security posture is good but could be improved with additional headers and published policies. The domain and business information align well, supporting legitimacy. Strategic recommendations include enhancing security headers, publishing incident response and vulnerability disclosure policies, and continuing to maintain transparency and privacy compliance.