Security Directory

Edisoft Group OU operates as a leading Electronic Data Interchange (EDI) operator and software integrator in the Baltic states, providing services to over 1800 clients. Their offerings include electronic document exchange platforms, integration solutions with ERP systems, and mobile order management applications. The company positions itself as a trusted partner for automating commercial document flows and enhancing business process efficiency in Latvia, Lithuania, Estonia, and other countries. The website content is professionally presented in Latvian, with clear navigation and a modern design leveraging Vue.js technology. The site is mobile optimized and includes essential business information and social media links. Security posture is solid with HTTPS enforced and domain transfer protections, though DNSSEC is not enabled and security headers are not visibly configured. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy page, but no terms of service or incident response contacts are found. Overall, the website reflects a mature business with good digital presence and moderate technical sophistication.

H

Hotelschool The Hague

hotelschool.nl

60

Hotelschool The Hague is a well-established hospitality business school based in the Netherlands, offering specialized education and training in the hospitality sector. The website reflects a professional and modern digital presence, leveraging contemporary web technologies such as Nuxt.js and Vue.js to deliver a responsive and accessible user experience. Privacy and cookie consent mechanisms are implemented, indicating compliance with GDPR requirements. The security posture is strong, with HTTPS enforced and appropriate security headers present, although explicit security and incident response policies are not publicly available. Overall, the website demonstrates high business credibility and technical maturity, with room for improvement in publishing comprehensive security and terms of service documentation.

A

LV | Augļu Serviss

augluserviss.lv

63

Augļu Serviss is a Latvian retail business specializing in the daily delivery of fresh fruits to restaurants, stores, offices, and households. The website presents a professional and consistent brand image with a clear focus on fresh fruit distribution. The technical infrastructure leverages modern web technologies including Vue.js and Axios, with integration of Cookiebot for cookie consent management and Google Tag Manager for analytics and marketing tracking. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Security posture is moderate, with HTTPS and CSRF tokens implemented, but lacks visible HTTP security headers and explicit security policies. Privacy compliance is basic, with a cookie consent mechanism but no dedicated privacy policy or terms of service pages found. WHOIS data is unavailable due to query limits, limiting domain trust assessment. Overall, the website is functional and professional but would benefit from enhanced security measures and clearer compliance documentation.

B

BEGA Gantenbrink-Leuchten KG

bega.de

62

BEGA Gantenbrink-Leuchten KG is a specialized company focused on lighting and illumination technology, primarily serving outdoor and architectural sectors. The company presents itself as an established player in the energy-related lighting industry with a professional and well-structured website targeting architects and lighting professionals. The website employs modern web technologies such as Vue.js and Nuxt.js, ensuring a responsive and user-friendly experience. However, the absence of WHOIS data and lack of visible privacy and cookie policies indicate gaps in transparency and compliance. Security posture is moderate but could be improved by implementing standard security headers and clearer data protection measures. Overall, the website is functional and professional but would benefit from enhanced compliance and security disclosures.

U

Uralchem

uralchem.com

62

Uralchem is a large Russian industrial company specializing in the production and sale of mineral fertilisers and chemical substances. The company positions itself as a key player in the mineral fertiliser sector both domestically and globally, with a business history dating back to 2007. Their website reflects a professional and comprehensive digital presence, including detailed ESG and corporate governance information, indicating a commitment to sustainable and ethical business practices. The company targets industrial and agricultural sectors, offering a broad product catalog and procurement information. Technically, the website is built on the Bitrix CMS platform and utilizes modern JavaScript libraries such as jQuery and Vue.js. It features responsive design for mobile devices, SEO-optimized meta tags, and integrates Google reCAPTCHA for form security. Analytics are handled primarily via Yandex.Metrika, with cookie consent mechanisms in place to comply with privacy regulations. From a security perspective, the site uses HTTPS with good SSL configuration and implements basic security best practices like CAPTCHA and cookie consent. However, it lacks visible security headers and explicit security or incident response policies. The absence of WHOIS data for the domain is a notable anomaly that reduces trustworthiness, as it conflicts with the company's claimed long-standing business history. Overall, the website is well-structured and professional but would benefit from enhanced transparency in domain registration and explicit security policies. Strategic recommendations include adding security headers, publishing incident response contacts, and clarifying domain registration details to improve trust and compliance.

C

CINAMON | Kino piletid, Kino bilietai, Kinoteātra biļetes, Билеты в кино, Cinema tickets

cinamon.ee

60

CINAMON is an online cinema ticketing platform serving a multilingual audience primarily in the Baltic region. The website offers cinema ticket sales with a focus on regional languages and markets. The technical infrastructure is modern, leveraging Vue.js and popular video playback and analytics libraries, indicating a mature digital presence. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks advanced security headers and formal policies. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the website is functional and professional but requires improvements in privacy and security transparency to enhance trust and compliance.

Deep White is a communication management and public relations agency based in Latvia, offering services focused on communication and PR. The website is built using modern frontend technologies such as Nuxt.js and Vue.js, indicating a contemporary digital infrastructure. The site is professionally designed with good mobile optimization and user experience, though it lacks comprehensive metadata and structured data for enhanced SEO and social media integration. Security posture is weak due to the absence of security headers and no visible SSL/TLS configuration details. Privacy and cookie policies are not present, which may impact compliance with GDPR and other data protection regulations. Contact information and incident response details are also missing, limiting direct communication and security incident handling capabilities. Overall, the website is functional and professional but requires improvements in security, privacy compliance, and transparency to enhance trust and regulatory adherence.

Orkla Latvija is a prominent Latvian food product company managing several beloved local brands such as Laima, Selga, Staburadze, and Ādažu Čipsi. The company emphasizes quality raw materials, brand heritage, and sustainability, operating both manufacturing and retail outlets including the Laima chocolate museum. The website is professionally designed, mobile-optimized, and SEO-friendly, built on WordPress with modern technologies like Vue.js and Google Tag Manager for analytics. Security posture is good with HTTPS and cookie consent mechanisms, though security headers and explicit incident response information are lacking. WHOIS data was unavailable due to query limits, but the website content and branding strongly indicate a legitimate and established business. Overall, the site reflects a mature digital presence aligned with business goals and compliance requirements.

A

Apifonica

dzinga.com

80

Apifonica is a medium-sized telecommunications and technology company specializing in AI-powered customer communication automation solutions, including voicebots, SMS marketing, phone number masking, and cloud telecom platforms. The company positions itself as an established player with over 10 years in the market, serving a broad client base with scalable and innovative telecom services. Their website demonstrates a mature digital presence with modern technologies and comprehensive content, including client success stories and industry awards. Technically, the site is built on Vue.js and integrates multiple analytics and marketing tools, ensuring good performance and mobile optimization. Security-wise, Apifonica maintains strong practices with HTTPS, ISO 27001 certification, regular penetration testing, and GDPR compliance, though some transparency gaps exist due to missing WHOIS data. Overall, the company presents a professional and trustworthy image with room for improvement in public contact information and domain registration transparency.

C

CoinLoan

coinloan.io

66

CoinLoan is a crypto lending platform established in 2017, offering crypto-backed loans, interest-earning accounts, and crypto exchange services. The company targets cryptocurrency holders seeking to leverage their assets for loans or to earn interest without lock-up periods. The platform is positioned as a medium-sized player in the crypto finance sector with a consistent brand and clear product offerings. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, hosted via Cloudflare, and integrates common marketing and analytics tools like Google Tag Manager and Facebook Pixel. The site demonstrates good mobile optimization and SEO practices. Security-wise, the platform enforces HTTPS, uses security headers, and maintains a clientTransferProhibited domain status, indicating a mature security posture. However, DNSSEC is not enabled, and no explicit vulnerability disclosure or incident response contacts are published, which are areas for improvement. Overall, the domain registration data aligns well with the business claims, supporting legitimacy. The website provides clear contact information and privacy compliance mechanisms, including GDPR-aligned privacy and cookie policies.

A

AS Mintos Marketplace

mintos.com

73

Mintos is a leading European online investment marketplace specializing in passive income investing through diversified loan portfolios. The platform connects individual investors with loan originators, offering secure investment opportunities and attractive returns. Positioned as a major player in the finance sector, Mintos targets individual investors seeking to grow wealth passively. The website demonstrates a mature digital infrastructure with modern technologies such as Vue.js, Google Tag Manager, Braze, and Facebook Pixel, ensuring a fast, mobile-optimized, and accessible user experience. Security posture is strong with HTTPS enforcement, comprehensive security headers, and privacy compliance including GDPR adherence. However, the absence of WHOIS domain registration data raises transparency concerns, slightly impacting business credibility. Overall, Mintos presents a professional, trustworthy platform with room for improvement in explicit security policy disclosures and incident response readiness.

Printful is a leading e-commerce platform specializing in custom print-on-demand and dropshipping services. It enables entrepreneurs and online store owners to design and sell custom products without managing inventory, positioning itself strongly in the print-on-demand market with extensive product offerings and integrations. The website demonstrates a high level of digital maturity, utilizing modern web technologies such as Vue.js, Bootstrap, and advanced analytics tools including Google Analytics, Google Tag Manager, and Sentry for error monitoring. The site is well-optimized for performance, mobile responsiveness, and accessibility, providing an excellent user experience. Security posture is solid with HTTPS enforcement, CSRF protection, and error tracking, though some security headers could be improved. Privacy compliance is robust with clear privacy and cookie policies and consent mechanisms. Overall, the site reflects a professional and trustworthy business with strong branding and customer trust signals.

V

Valsts SIA “Latvijas Sabiedriskais medijs”

ltv.lv

60

Latvijas Sabiedriskais medijs is the national public media organization of Latvia, operating multiple television channels including LTV1 and LTV7, as well as digital platforms such as LSM.lv and REplay.lv. It serves a broad audience including general public, children, and diaspora communities, providing news, cultural, educational, and entertainment content. The organization is state-owned and holds a significant position in the Latvian media landscape, being a member of the European Broadcasting Union (EBU). The website reflects a mature digital presence with modern technologies and comprehensive content offerings. Technically, the website is built using modern JavaScript frameworks (Nuxt.js and Vue.js), employs performance and analytics tools like Chartbeat and Gemius, and uses Cloudflare for hosting and security insights. The site is well-optimized for mobile and accessibility, with good SEO practices and a professional design. Cookie consent and privacy policies are implemented in compliance with GDPR. From a security perspective, the site enforces HTTPS, uses standard security headers, and does not expose sensitive data. However, explicit security policies, incident response information, and vulnerability disclosure mechanisms are not publicly available, which could be improved to enhance transparency and trust. Overall, the website presents a low risk profile with strong business credibility and technical maturity. Strategic recommendations include publishing detailed security policies, incident response contacts, and vulnerability disclosure information to further strengthen security posture and compliance transparency.

S

SIA "Longo Latvia"

longo.lv

61

Longo.lv is a Latvian-based used car dealership operating under SIA "Longo Latvia", part of the international Longo Group. The company specializes in selling used and slightly used cars with verified mileage, service history, and warranty. Their business model includes sourcing vehicles primarily from the Netherlands, performing technical inspections, and offering financing options including leasing. The website is professionally designed, mobile-optimized, and provides comprehensive contact information and customer testimonials, positioning Longo.lv as a trusted player in the Latvian automotive market. Technically, the website leverages modern JavaScript frameworks such as Vue.js and Nuxt.js, integrates multiple analytics and marketing tools including Google Tag Manager and TikTok Analytics, and employs cookie consent management via Cookiebot. Performance is moderate with good SEO and mobile responsiveness. Security posture is strong with HTTPS enforced and standard security headers present, though no explicit security policy or incident response information is published. The absence of WHOIS data due to query limits restricts domain registration verification, but the website's structured data and consistent branding support legitimacy. Privacy and cookie policies are present and GDPR compliance is indicated. Overall, Longo.lv demonstrates a mature digital presence with solid business credibility and security practices. Strategic recommendations include publishing a dedicated security policy, establishing an incident response contact, enhancing accessibility features, and maintaining vigilance on third-party scripts to mitigate potential vulnerabilities.

A

AS TWINO Investments

twino.eu

59

AS TWINO Investments operates the TWINO investment platform, a pioneering European fintech company specializing in peer-to-peer lending with buyback guarantees. The platform offers retail and professional investors access to unsecured consumer loans and real estate securities, boasting over €1 billion in originated loans since 2009. Licensed and supervised by Latvijas Banka, TWINO emphasizes investor protection and regulatory compliance. The website demonstrates a mature digital presence with modern technologies such as Vue.js and Nuxt.js, delivering a user-friendly and mobile-optimized experience. Security practices include HTTPS enforcement and cookie consent mechanisms, though additional security headers and a public security policy could enhance posture. WHOIS data is privacy protected, typical for .eu domains, but the company's transparency through licensing and media coverage supports legitimacy. Overall, TWINO presents a credible, professional, and well-structured investment platform with strong business and technical foundations.

T

Two Daughters Entertainment Ltd

moleyofficialstore.com

67

Moley Store is an e-commerce website operated by Two Daughters Entertainment Ltd, specializing in sustainable children's apparel made from organic cotton. The brand leverages character-driven designs inspired by Moley and related characters, targeting families and children interested in eco-friendly clothing. The business is relatively new, with domain registration in early 2024, aligning with the company's founding year. The website is built on modern technologies including Vue.js and the Teemill platform, providing a clean and user-friendly shopping experience. While the site demonstrates good design and navigation, it lacks some advanced privacy and security features such as cookie consent mechanisms and security headers. The domain registration is consistent and trustworthy, with no privacy protection used, which is appropriate for a retail business. Overall, the website presents a moderate risk profile with room for improvement in privacy compliance and security hardening.

S

Sigma Group

sigmacivil.se

66

Sigma Group is a large, well-established consulting company headquartered in Sweden, specializing in technological consulting services with a strong presence across multiple countries. The company is owned by Danir AB and operates several subsidiaries focused on different industry verticals. The website presents a professional and comprehensive digital presence with clear business descriptions, career opportunities, and news updates. Technically, the site uses modern frameworks such as Vue.js and integrates multiple analytics and marketing tools, reflecting a mature digital infrastructure. Security posture is good with HTTPS enforced and secure form handling, though explicit security headers and incident response policies are not evident. Privacy compliance is well addressed with clear cookie and privacy policies including consent mechanisms. Overall, the website demonstrates a high level of professionalism and trustworthiness, though WHOIS data for the exact www subdomain is missing, which slightly impacts domain trust assessment.

P

ParaVolley EUROPE - Sitting & Standing Volleyball in Europe

paravolley.eu

51

ParaVolley Europe is a regional sports organization dedicated to promoting and organizing sitting and standing volleyball competitions across Europe. The website serves as a hub for news, competitions, and member federations, targeting athletes, sports enthusiasts, and stakeholders in the ParaVolley community. The organization positions itself as a key promoter of inclusive sports within the European region. Technically, the website is built on a modern stack using Vue.js and Nuxt.js frameworks, styled with Tailwind CSS, and incorporates popular libraries such as Swiper.js and Font Awesome. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security-wise, the site uses HTTPS but lacks visible security headers and explicit privacy or cookie policies, which are areas for improvement. No contact emails or phone numbers are explicitly provided, which may impact user trust and compliance. Overall, the website is functional and professional but would benefit from enhanced privacy compliance and security practices.

W

World Rowing

worldrowing.com

69

World Rowing is an established international sports federation responsible for organizing rowing events worldwide, including the upcoming 2025 World Rowing Cup in Lucerne, Switzerland. The website serves as an official platform to provide event information and promote the sport to athletes, fans, and the rowing community. The domain is long-standing, registered since 1999, and hosted on a reliable infrastructure with AWS DNS and CDN services, reflecting a mature digital presence. Technically, the website employs modern JavaScript frameworks such as Vue.js, uses Google Tag Manager for analytics and marketing, and implements HTTPS with appropriate security headers. The site is mobile-optimized and offers a good user experience with clear navigation and professional design. However, some standard compliance elements like a dedicated privacy policy and terms of service pages are not detected on the event page, though a cookie consent mechanism is present. From a security perspective, the site demonstrates good practices including HTTPS enforcement and clientTransferProhibited domain status, but lacks DNSSEC and a published security.txt file for vulnerability disclosure. No critical vulnerabilities or exposed sensitive data were found. The WHOIS data aligns well with the website's claims, supporting legitimacy and trustworthiness. Overall, the website is professional, secure, and credible, serving its purpose effectively. Enhancements in privacy compliance documentation and security disclosures would further strengthen its posture.

L

Latvijas Hokeja Federācija

lhf.lv

53

Latvijas Hokeja Federācija (LHF) is the national governing body for ice hockey in Latvia, providing comprehensive information about Latvian ice hockey including news, statistics, tournaments, teams, referees, and organizational details. The website targets ice hockey players, fans, coaches, and officials within Latvia and offers a centralized platform for updates and resources related to the sport. The business model is non-profit and focused on sports federation activities, supported by multiple sponsors and partners. Technically, the website employs modern JavaScript frameworks such as Vue.js and jQuery, integrates social media SDKs, and uses Google Analytics for visitor tracking. The site is mobile-optimized with good navigation and content relevance, though accessibility features are basic. Security posture is solid with HTTPS enforced and cookie consent implemented, but lacks some security headers and explicit privacy and terms policies. WHOIS data is unavailable due to query limits, but website content and contact details indicate legitimacy. Overall, the site is professional and trustworthy with room for improvement in privacy compliance and security best practices.

S

Sigma Group

sigma.se

66

Sigma Group is a large, well-established technology consulting firm headquartered in Sweden, with approximately 4,600 employees across eleven countries. The company focuses on enhancing customer competitiveness through technological expertise and innovative solutions. Owned by Danir AB, Sigma operates multiple subsidiaries specializing in various technology and industry sectors. The website reflects a mature digital presence with professional design, clear navigation, and mobile optimization. The technical infrastructure leverages modern JavaScript frameworks (Vue.js), and integrates multiple analytics and marketing tools, indicating a strong digital marketing strategy. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though security headers could be improved and explicit security policies added. Privacy compliance is well addressed with clear privacy and cookie policies including consent mechanisms. Overall, Sigma Group presents a trustworthy and credible business with a strong online presence.

T

Tartumaa Omavalitsuste Liit

tartumaa.ee

51

Tartumaa Omavalitsuste Liit is a regional governmental association representing municipalities in Tartu County, Estonia. The organization focuses on local governance, regional cooperation, education, welfare, culture, and strategic development. Their website serves as an information hub for residents, officials, and partners, providing news, event updates, and resources relevant to the county's municipalities. The association operates as a non-profit entity with a clear regional focus and a small organizational size. Technically, the website is built on the Voog CMS platform and utilizes modern web technologies including jQuery, Vue.js, Axios, Google Fonts, and Google Maps API. The site is mobile-optimized with a clear navigation structure and moderate performance. Security measures include HTTPS enforcement and Google reCAPTCHA integration on the contact form, though additional security headers and policies could enhance the security posture. From a security perspective, the site shows good baseline practices but lacks comprehensive privacy and cookie policies, as well as vulnerability disclosure mechanisms. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns well with the website's governmental nature, supporting legitimacy and trustworthiness. Overall, the website is professional, trustworthy, and serves its intended audience effectively. However, improvements in privacy compliance and security hardening are recommended to align with best practices and regulatory requirements.

C

Churnkey

churnkey.co

64

Churnkey is a technology company founded in 2020, specializing in SaaS solutions aimed at reducing customer churn and enhancing subscriber retention for subscription-based businesses. The website presents a professional and modern design, leveraging advanced frontend frameworks such as Vue.js and Nuxt.js, and is hosted with Cloudflare for performance and security benefits. The company integrates multiple marketing and analytics tools including HubSpot, Dreamdata, Google Tag Manager, and Facebook Pixel, indicating a mature digital marketing approach. However, the site lacks explicit privacy and cookie policies, as well as visible contact information, which impacts its privacy compliance and user trust. Security posture is generally good with HTTPS enabled and Cloudflare protection, but could be improved by enabling DNSSEC and publishing security policies. Overall, the website is functional and professional but would benefit from enhanced transparency and compliance documentation.

A

Andmik

andmik.ee

45

Andmik is a specialized platform focused on providing data visualization and budget tracking services for Estonian municipalities. The website presents detailed geographic and demographic data for various local governments, targeting municipal officials and stakeholders. The platform leverages modern web technologies including Vue.js and Leaflet for interactive maps, supported by Google Analytics and Tag Manager for user tracking. The domain is registered with a reputable Estonian registrar, Zone Media OÜ, and was created in 2021, aligning with the platform's apparent recent launch. Technically, the website employs a modern JavaScript framework and mapping libraries, ensuring a responsive and interactive user experience. However, there is room for improvement in accessibility and SEO optimization. Security-wise, the site lacks visible security headers and does not enable DNSSEC, which could be enhanced to improve overall security posture. Privacy compliance is weak, with no visible privacy or cookie policies, and no consent mechanisms, which is a significant gap given the use of tracking technologies. Overall, the website is functional and professionally designed but requires improvements in privacy compliance, security best practices, and contact transparency to enhance trust and regulatory adherence. Strategic recommendations include implementing comprehensive privacy and cookie policies, enabling DNSSEC, adding security headers, and providing clear contact and incident response information.

S

Siseministeeriumi infotehnoloogia- ja arenduskeskus

smit.ee

65

Siseministeeriumi infotehnoloogia- ja arenduskeskus (SMIT) is the largest governmental IT institution in Estonia focused on developing and managing critical information systems for internal security and emergency services. It serves key government agencies such as the Police and Border Guard Board, Rescue Board, and Ministry of the Interior, providing vital communication and ICT services nationwide. The website reflects a professional government entity with clear service offerings and a strong market position as a trusted IT service provider for public safety. Technically, the site uses modern frameworks like Vue.js and Nuxt.js, ensuring a responsive and moderately performant user experience. Security posture is solid with HTTPS and no visible vulnerabilities, though security headers and policies could be enhanced. Privacy compliance is basic with cookie policy present but lacking explicit consent mechanisms. Overall, the site is trustworthy and well-aligned with its government mission.

S

Siemens

siemens.ee

56

Siemens Estonia operates as a regional branch of the global Siemens AG, delivering advanced electrification, automation, and digitalization solutions tailored for industrial clients in Estonia and the Baltic region. The website reflects a mature digital presence with a focus on B2B partnerships and technology innovation. The company leverages modern web technologies including Vue.js and Apollo GraphQL, supported by robust analytics and marketing tools such as Matomo and Adobe Launch. Security posture is strong with HTTPS enforcement and comprehensive security headers, although explicit security policies and incident response details are not publicly disclosed on this site. Privacy compliance is well addressed through global Siemens privacy and cookie policies, including consent management. Overall, the website is professional, trustworthy, and well-optimized for performance and accessibility.

P

Perearst24

perearst24.ee

63

Perearst24.ee is a healthcare-focused digital platform serving family doctor centers in Estonia by providing a secure environment for patients to submit electronic health inquiries. The platform enhances health data security and facilitates better patient-doctor communication by allowing 24/7 submission of health concerns, which are processed during the centers' operational hours. The website is professionally designed with a clear focus on its target audience, patients of Estonian family doctor centers. Technically, the site employs modern frontend technologies such as Vue.js and Vuetify, ensuring a responsive and user-friendly experience. Security is well-handled with HTTPS enforced and cookie consent mechanisms in place, although some security headers and explicit security policies are absent. Overall, the site demonstrates a good security posture and compliance with privacy regulations, including GDPR, supported by clear privacy and cookie policies. However, contact information and incident response details are not directly available, which could be improved to enhance trust and transparency.

H

Haridus- ja Teadusministeerium (EENet)

progetiiger.ee

61

ProgeTiigri.ee is an official educational platform managed by the Estonian Ministry of Education and Research, providing a curated collection of over 100 educational tools and materials focused on programming, robotics, 3D design, and multimedia for teachers and educators. The website serves as a resource hub to support teaching activities with filtering capabilities to find suitable materials. The platform targets primarily educators in Estonia and operates as a government-backed educational resource. Technically, the website employs modern web technologies including Vue.js, jQuery, and the Foundation CSS framework, with integration of Google Analytics and Google Tag Manager for user tracking and analytics. The site is mobile optimized and accessible, with a moderate performance profile. Hosting appears to be managed by a government or educational network provider, ensuring stable infrastructure. From a security perspective, the site enforces HTTPS and uses CSRF tokens in forms, alongside a cookie consent mechanism compliant with GDPR principles. However, it lacks several security headers that could enhance protection against common web threats. No privacy policy or terms of service pages were found, which represents a compliance gap. No explicit contact information or incident response channels are provided, limiting user support and security communication. Overall, the website is trustworthy and professionally maintained, with strong legitimacy due to government ownership and consistent domain registration. The main risks relate to missing formal privacy and security documentation and absence of security headers. Strategic improvements in these areas would enhance compliance and security posture.

T

Tallinn City Tourist Office & Convention Bureau

visittallinn.ee

69

Visit Tallinn is the official tourism portal managed by the Tallinn City Tourist Office & Convention Bureau, providing comprehensive information about the city's attractions, events, public transport, and dining options. The website targets tourists and visitors seeking practical and up-to-date travel information about Tallinn, Estonia. It holds a strong market position as the official city guide and tourism authority, supported by consistent branding and good content quality. Technically, the website employs modern web technologies including Vue.js and Bootstrap, with integrations for analytics and tracking such as Google Tag Manager, Microsoft Clarity, and Facebook Pixel. The site demonstrates good mobile optimization and moderate performance, reflecting a mature digital infrastructure. Hosting and domain registration are consistent and stable, managed by Spin TEK AS since 2014. From a security perspective, the website uses HTTPS with good SSL configuration and includes several security-related HTTP headers. However, it lacks visible privacy and cookie policies, consent mechanisms, and incident response contact information, which are critical for GDPR compliance and user trust. No significant vulnerabilities or exposed sensitive data were detected in the analyzed content. Overall, the website is professional and trustworthy but would benefit from enhanced privacy compliance and transparency measures to improve user trust and regulatory adherence.

E

Eliis Tarkvara

eliis.eu

55

ELIIS is a specialized online information system designed for pre-school organizations, including kindergartens, local governments, teachers, and parents. It offers a comprehensive suite of features such as curriculum planning, child development analysis, digital diaries, communication tools, and document management. The platform is positioned as a trusted solution across the EU, with over 15,000 teachers and 1,000 institutions relying on it. The business model is subscription-based, charging local governments per child, while teachers and parents have free access. The website is professionally designed, multilingual, and emphasizes GDPR compliance.

O

Olevalmis.ee

olevalmis.ee

63

Olevalmis.ee is a government-affiliated Estonian crisis preparedness information portal operated under the auspices of the Estonian Rescue Board (Päästeamet). The website provides practical guidance on handling various crises, behavioral instructions, emergency contact information, and news updates relevant to public safety. It targets Estonian residents seeking reliable and official information on crisis readiness. The business model is informational and public service oriented, positioning itself as a trusted government resource in the emergency preparedness sector. Technically, the website is built on modern web technologies including Nuxt.js and Vue.js frameworks, leveraging Cloudinary for media delivery and Matomo for analytics. The site demonstrates good mobile optimization, accessibility at a basic level, and solid SEO practices. Performance is moderate with no critical technical issues detected. The infrastructure reflects a mature digital presence suitable for a government service. From a security perspective, the site enforces HTTPS with strong SSL configuration and includes important security headers. No exposed sensitive data or vulnerable libraries were found. However, the site lacks explicit cookie consent mechanisms and does not publish dedicated security or incident response policies, which are areas for improvement. The WHOIS data confirms the domain's legitimacy and consistency with the website's government affiliation. Overall, Olevalmis.ee presents a trustworthy, professional, and well-maintained platform for crisis information in Estonia. Strategic recommendations include implementing explicit cookie consent, publishing security and incident response policies, enhancing accessibility, and adding vulnerability disclosure information to further strengthen trust and compliance.

H

Häirekeskus

112.ee

65

Häirekeskus is the official Estonian Emergency Response Center responsible for managing emergency calls and coordinating emergency services such as ambulance, police, and rescue. The website serves as a public information portal providing emergency contact numbers, career opportunities, and safety guidance. It targets Estonian residents and visitors requiring emergency assistance, positioning itself as a critical government agency in public safety. The site is well-branded and consistent with government standards, offering content primarily in Estonian with English and Russian alternatives. Technically, the website is built on modern web technologies including Nuxt.js and Vue.js, ensuring good mobile optimization, accessibility, and SEO. The site loads with moderate performance and includes security best practices such as HTTPS enforcement and security headers. No major vulnerabilities or exposed sensitive data were detected. However, explicit cookie consent mechanisms and security policy disclosures could be improved. The security posture is strong with excellent SSL configuration and standard security headers. The absence of a published incident response or vulnerability disclosure policy is noted but not critical. WHOIS data confirms the domain's legitimacy and consistency with the Estonian government entity. Overall, the website demonstrates a mature digital presence with a high level of trustworthiness and professionalism. Strategic recommendations include implementing explicit cookie consent, publishing security and incident response policies, and adding a vulnerability disclosure mechanism to enhance transparency and compliance. These improvements will further strengthen the site's security posture and user trust.

MEMX is a U.S.-based financial technology company operating regulated securities exchanges for equities and options. The company also offers a customizable exchange technology platform delivered as a SaaS solution, enabling other market operators to launch exchanges quickly. Positioned as an innovative alternative exchange operator, MEMX emphasizes efficiency, transparency, and cost reduction in capital markets trading. The website reflects a professional and consistent brand with clear messaging targeted at market participants and exchange members. Technically, the website leverages modern JavaScript frameworks such as Vue.js, integrates analytics and marketing tools like Google Tag Manager and Mailchimp, and is hosted on infrastructure associated with GoDaddy. The site is mobile-optimized, accessible, and SEO-friendly, with good performance metrics. Security is well implemented with HTTPS and no exposed sensitive data, though some security headers are missing and DNSSEC is not enabled. From a security posture perspective, MEMX demonstrates strong fundamentals but lacks explicit public security policies, incident response contacts, and cookie consent mechanisms, which may impact privacy compliance, especially under GDPR. The WHOIS data confirms a long-established domain with consistent registration details, supporting the legitimacy of the business. Overall, MEMX presents a credible and professional online presence with solid technical infrastructure and a good security baseline. Enhancements in privacy compliance and security transparency would further strengthen trust and regulatory alignment.

R

RE/MAX Gold Coast

williamreed.com

62

RE/MAX Gold Coast operates as a real estate brokerage focused on the Ventura, California market, offering property listings, home valuation, and mortgage services. The website is professionally designed with clear navigation and integrates modern technologies such as Vue.js, Bootstrap, and various analytics and advertising tools. Despite the lack of WHOIS data, the site presents a consistent brand image aligned with the RE/MAX network. Security posture is solid with HTTPS and monitoring tools, but lacks explicit security headers and privacy compliance disclosures. Overall, the site is functional and credible but would benefit from enhanced privacy and security transparency.

R

Raison FinTechnologies Inc.

raison.app

68

Raison FinTechnologies Inc. operates raison.app as a comprehensive digital family office platform offering investment opportunities across venture deals, public stocks, crypto-assets, structured products, and asset management services. The company targets both individual and institutional investors, providing tiered account plans and a broad range of financial instruments. With over 30,000 users globally and regulatory licenses from multiple jurisdictions, Raison positions itself as a trusted fintech innovator in the investment space. Technically, the website is built on a modern Nuxt.js and Vue.js stack, optimized for performance and mobile responsiveness. It integrates essential third-party services such as Google Tag Manager, reCAPTCHA, and Intercom for analytics, security, and customer engagement. The site demonstrates good SEO and accessibility practices, with comprehensive metadata and structured content. From a security perspective, the platform enforces HTTPS, employs security headers, and uses CAPTCHA to protect forms. It holds multiple financial regulatory licenses, enhancing trust and compliance. No critical vulnerabilities or exposed sensitive data were detected. However, explicit security policies and incident response information are not publicly detailed. Overall, raison.app presents a professional, secure, and user-friendly investment platform with strong regulatory backing and a clear business model. Strategic recommendations include publishing detailed security policies, adding vulnerability disclosure mechanisms, and enhancing transparency around data protection roles to further strengthen trust and compliance.

W

WebSecured AS

websecured.io

77

WebSecured AS is a Norwegian cybersecurity service provider specializing in penetration testing, security audits, code review, and physical security testing. The company serves a diverse clientele including major organizations such as Microsoft, Vipps, and the Norwegian Tax Administration, positioning itself as a trusted small business in the cybersecurity sector. Their website reflects a professional and modern digital presence built on Vue.js and Nuxt.js frameworks, with good mobile optimization and SEO practices. The use of Cloudflare for DNS and CDN enhances their hosting reliability and security. Security posture is solid with HTTPS enforced and domain transfer protection, though improvements are recommended in security headers and explicit security policies. Privacy and cookie policies are present with consent mechanisms, supporting GDPR compliance. Contact information is clearly provided, including email, phone, and physical address. Overall, WebSecured demonstrates a credible and trustworthy business with a good balance of technical maturity and client trust.

S

Sadamaregister

sadamaregister.ee

60

Sadamaregister.ee is an Estonian website dedicated to providing a comprehensive register of ports and harbors within Estonia. The platform offers a searchable database of port names and locations, targeting maritime professionals, boat owners, and the general public interested in port information. The website integrates with the Estonian state authentication service for user login, indicating an official or government-related service. The site uses modern web technologies including Vue.js and Font Awesome, and employs Google Tag Manager for analytics. While the site is mobile optimized and offers a good user experience, it lacks explicit privacy and cookie policies, which impacts its privacy compliance score. Security-wise, the site uses HTTPS and integrates secure login mechanisms but lacks security headers and DNSSEC, which are recommended for enhanced security. Overall, the domain registration is consistent and legitimate, supporting the website's credibility as an official maritime information resource.

Arkadia.me is a small-scale website leveraging modern web technologies such as Vue.js, Axios, and TinyMCE for dynamic content and social login integration via Facebook and Google APIs. The site appears to be a personal or small business platform with minimal publicly available business information and limited content depth. The technical infrastructure is modern but lacks advanced SEO and accessibility features. Security posture is basic with HTTPS enabled but missing important security headers and policies. No privacy, cookie, or terms of service policies are present, and no contact information is provided, which limits user trust and compliance with data protection regulations. The WHOIS data is unavailable or privacy protected, reducing transparency and trustworthiness assessment. Overall, the site is functional but requires improvements in security, privacy compliance, and business transparency to enhance credibility and user confidence.

K

Kompas.id

kompas.id

63

Kompas.id is a prominent Indonesian digital news platform offering comprehensive coverage across various domains including politics, economy, sports, and international news. The platform operates on a subscription-based model providing premium content to its audience. It targets Indonesian readers seeking quality journalism and up-to-date news. The website demonstrates a professional design with consistent branding and clear navigation, supporting a good user experience. Technically, Kompas.id leverages modern web frameworks such as Nuxt.js and Vue.js, and integrates multiple analytics and advertising technologies to optimize performance and marketing efforts. Security-wise, the site enforces HTTPS and employs several security best practices, though there is room for improvement in implementing comprehensive security headers and explicit security policies. Privacy compliance is partially addressed through a cookie consent mechanism, but lacks visible privacy and terms of service documentation in the provided content. Overall, the domain registration data aligns well with the business profile, indicating a legitimate and established media entity.

C

CostPocket

costpocket.com

70

CostPocket is a Finnish technology company specializing in AI-powered expense management and document digitization solutions for businesses and accounting firms. The company offers a SaaS platform that automates receipt and invoice processing, integrates with numerous accounting software, and provides mobile applications for ease of use. With over 13,000 companies using their service and more than 40 integrations, CostPocket holds a strong market position in the Nordic and Baltic regions. The website demonstrates a modern technical infrastructure leveraging Vue.js, cloud hosting, and multiple analytics and marketing tools. Security posture is solid with HTTPS enforcement and access controls, though improvements such as DNSSEC and published security policies could enhance trust. Privacy compliance is basic, with cookie consent implemented but no visible privacy or terms of service pages. Overall, CostPocket presents a professional and trustworthy digital presence aligned with its business goals.

N

Neway

neway.ee

49

Neway is an award-winning brand and experience design agency based in Estonia, with a domain age consistent with its claimed business history since 2007. The company specializes in creating brands and experiences from strategy through execution, targeting businesses seeking high-quality creative services. The website showcases a professional portfolio with multimedia content and highlights multiple industry awards, positioning Neway as a reputable player in the creative agency market. Technically, the website uses modern JavaScript frameworks such as Vue.js, integrates multiple analytics and marketing tools, and is hosted by Zone Media OÜ. Security posture is strong with HTTPS enforced, reCAPTCHA on forms, and cookie consent implemented, though explicit security policies and incident response information are absent. Privacy compliance is partial due to missing privacy and terms of service pages. Overall, the website is professional, trustworthy, and technically sound, with room for improvement in privacy and security transparency.

O

ooogo LLC.

ad110.com

26

AD110 is a non-profit project operated by ooogo LLC., focusing on art, design, creativity, and lifestyle content primarily targeted at design professionals and enthusiasts. The website offers curated articles, design resources, event coverage, and job listings within the creative industry. The platform positions itself as a niche media outlet with a long-standing presence since 2004, emphasizing open content sharing under Creative Commons licensing. Technically, the site is built using modern JavaScript frameworks such as Vue.js, with a custom CMS or proprietary platform, and includes advertising via Google Adsense. While the design and user experience are good, the site lacks HTTPS, security headers, and formal privacy or cookie policies, which impacts its security posture and privacy compliance. The domain is registered with GoDaddy and shows no suspicious WHOIS patterns, supporting its legitimacy. Overall, the site is functional and professional but requires significant improvements in security and privacy to meet modern standards.

Connect.ge is a Georgian digital agency specializing in comprehensive web services including website development, UX/UI design, hosting, SEO, and digital marketing. Established in 2011, the company targets businesses seeking to enhance their online presence with professional and innovative digital solutions. Their market position is that of a trusted local provider with a strong portfolio and active social media presence. Technically, the website leverages modern frameworks such as Nuxt.js and Vue.js, ensuring fast performance and excellent mobile optimization. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers could be improved. Privacy compliance is well addressed with detailed policies and GDPR alignment. Overall, Connect.ge presents a professional, trustworthy, and technically mature digital presence.

O

OBRAZ – Obránci zvířat, z. s.

albertovakrutost.cz

54

The website albertovakrutost.cz is a campaign platform run by the non-profit organization OBRAZ – Obránci zvířat, z. s., focused on raising awareness and advocating against animal cruelty in supermarket Albert's chicken supply chain in the Czech Republic. The site provides detailed information about the campaign, including calls to action such as signing petitions. The organization positions itself as an animal welfare advocate with a clear mission and target audience of concerned consumers and animal rights supporters. Technically, the site uses modern frontend technologies including Vue.js, Alpine.js, and SwiperJS, supported by analytics and tracking tools like Google Analytics, Microsoft Clarity, and Ecomail. Hosting and DNS are managed via Cloudflare, ensuring good performance and security. The security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though explicit security headers could be improved. Privacy compliance is strong, with comprehensive GDPR-aligned privacy and cookie policies presented in Czech language. Contact information is transparent, including emails, phone number, and physical address. No terms of service or vulnerability disclosure policies were found. The domain is newly registered but consistent with the campaign's recent launch. Overall, the website is professional, trustworthy, and well-structured for its advocacy purpose.

L

Lappset Group

lappset.com

65

Lappset Group is a global manufacturer and supplier specializing in playground equipment, outdoor exercise equipment, park furniture, and interactive sports equipment. The company targets diverse markets including schools, public spaces, private yards, sports facilities, healthcare, and leisure sectors. Their business model includes manufacturing, custom solutions, and lifecycle services such as installation, maintenance, and recycling. The website reflects a well-established brand with comprehensive product and service offerings, supported by certifications like Environmental Product Declarations (EPDs). Technically, the website is built on modern frameworks such as Vue.js and Tailwind CSS, with good mobile optimization and SEO practices. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though some security headers and explicit policies could be improved. The absence of WHOIS data is a notable anomaly but does not detract significantly from the overall legitimacy given the professional web presence. Strategic recommendations include enhancing security headers, publishing a security policy, and adding vulnerability disclosure information to strengthen trust and compliance.

M

Mandatum

mandatumlife.fi

61

Mandatum is a prominent Finnish financial services group specializing in investment management, insurance, pension solutions, and employee reward services. The company positions itself as a unique combination of financial expertise and human-centric service, targeting individual customers, businesses, and entrepreneurs. Their market position is strong within Finland, supported by a comprehensive portfolio of services and a large professional workforce. The website reflects a mature digital presence with multilingual support and rich content tailored to diverse customer segments. Technically, the website employs modern frameworks such as Vue.js and Tailwind CSS, integrated with advanced analytics and marketing tools including Adobe Analytics, Microsoft Application Insights, and OneTrust for cookie consent management. The platform appears to be built on Episerver CMS, ensuring robust content management and search capabilities. Mobile optimization and accessibility are well addressed, providing a seamless user experience across devices. From a security perspective, the site enforces HTTPS and incorporates cookie consent mechanisms aligned with GDPR requirements. While explicit security headers are not visible in the provided data, the presence of security policy pages and incident reporting channels indicates a proactive security posture. No critical vulnerabilities or suspicious activities were detected. However, improvements such as publishing a security.txt file and providing direct incident response contact emails could enhance transparency and readiness. Overall, Mandatum's website demonstrates high professionalism, trustworthiness, and compliance with privacy regulations. The digital infrastructure supports business goals effectively, though minor enhancements in security transparency and incident response communication are recommended to further strengthen their security posture.

C

CostPocket

tsekk.ee

62

CostPocket is a medium-sized Estonian SaaS company specializing in digital expense management solutions for businesses and accounting professionals. Their platform offers AI-powered tools to digitize receipts, automate expense reporting, and integrate seamlessly with popular accounting software, positioning them as a key player in the Baltic financial technology sector. The website demonstrates a modern technical infrastructure using Vue.js and integrates multiple analytics and marketing tools, reflecting a mature digital presence. Security posture is strong with HTTPS, security headers, and Cloudflare DNS, though some improvements in DNSSEC and explicit security policies are recommended. Privacy compliance is basic, with cookie consent implemented but lacking explicit privacy and terms of service pages. Overall, the site is professional, trustworthy, and well-optimized, supporting a strong market position.

P

Perfectline

perfectline.co

55

Perfectline is a small technology service provider specializing in full stack software development services targeted primarily at startup founders. Their expertise includes Ruby on Rails, blockchain, e-commerce, and modern frontend frameworks. The website presents a professional and consistent brand image with relevant content including portfolio projects and blog articles. Technically, the site is built on WordPress with modern JavaScript libraries and frameworks, delivering moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced but lacks important security headers and published security policies. Privacy compliance is weak due to absence of privacy and cookie policies. WHOIS data is fully redacted, which limits transparency but is likely justified for this business type. Overall, the site is functional and credible but could improve in compliance and security best practices.

S

Speakly

speakly.me

53

Speakly is a modern language learning platform offering online courses in multiple languages such as Spanish, French, and German. The website targets a global audience of language learners and positions itself as a fast and effective learning solution with over a million users. The business model is subscription-based, focusing on delivering educational content through a web and mobile app interface. The company was founded in 2016 and maintains a medium-sized presence in the education sector. Technically, the website uses modern JavaScript frameworks like Vue.js and integrates Google Tag Manager for analytics, indicating a moderate level of digital maturity. The site is mobile optimized and provides a good user experience with professional design and clear navigation. Security-wise, the website uses HTTPS and implements cookie consent mechanisms but lacks visible security headers and explicit privacy policies, which are areas for improvement. Overall, the site is legitimate and professionally maintained but would benefit from enhanced transparency and security practices.

A

Apifonica

apifonica.com

80

Apifonica is a medium-sized telecommunications technology company specializing in AI-powered customer communication solutions including voicebots, SMS marketing, phone number masking, and cloud telecom platforms. The company positions itself as an established player with over 10 years in the market, serving over 200 clients with thousands of integrations. Their technical infrastructure leverages modern web technologies such as Vue.js and integrates with major analytics and marketing tools like Google Analytics and HubSpot. Security posture is strong, evidenced by ISO 27001 certification, regular penetration testing, and GDPR compliance. The website is professionally designed, mobile-optimized, and provides comprehensive legal and security documentation. However, the absence of WHOIS registration data for the domain introduces some uncertainty about domain legitimacy, though the overall business credibility remains high based on content and certifications. Strategic recommendations include improving transparency on domain registration and publishing additional security headers and a security.txt file.