Security Directory

S

SmartCredit.io

smartcredit.io

69

SmartCredit.io operates as a decentralized finance (DeFi) lending marketplace that connects borrowers and lenders globally without intermediaries. The platform offers fixed-term, fixed-interest loans and personal fixed income funds, leveraging blockchain technology and AI-driven features to optimize lending and borrowing. It targets cryptocurrency users and investors seeking decentralized financial services, positioning itself as a niche player in the DeFi lending sector with a medium-sized user base and active engagement through social media and blog content. The business was founded in 2017 and operates primarily in the US market. Technically, the website is built on modern frameworks such as Angular and integrates analytics and marketing tools like Mixpanel, Google Tag Manager, and AdRoll. Hosting is provided via AWS infrastructure, ensuring reliable performance and scalability. Security posture is solid with HTTPS enforced and no exposed sensitive data, though the absence of explicit security policies, incident response contacts, and security headers suggests room for improvement. Privacy compliance is well addressed with comprehensive privacy and cookie policies and GDPR adherence. Overall, the platform demonstrates a good balance of technical maturity, business credibility, and user experience, though enhancing security transparency and incident readiness would strengthen trust further.

S

Small Business Association of Michigan

sbam.org

59

The Small Business Association of Michigan (SBAM) is a well-established membership organization dedicated to supporting small business owners in Michigan. With a membership base exceeding 33,000, SBAM offers a comprehensive suite of services including business certifications, insurance products, advocacy, networking opportunities, and compliance resources. The website reflects a professional and consistent brand image, targeting small business owners seeking growth, compliance, and employee retention solutions. The organization positions itself as a premier resource and advocate for Michigan's small business community. Technically, the website is built on WordPress and leverages modern web technologies and plugins such as Yoast SEO Premium, Events Calendar Pro, and various analytics and marketing tools including Google Tag Manager, Facebook Pixel, and LinkedIn Insight Tag. The site is mobile optimized, accessible, and SEO-friendly, indicating a mature digital presence. Performance is moderate with room for optimization. From a security perspective, the site uses HTTPS with a good SSL configuration and employs secure forms. However, there is a lack of explicit security headers and no visible privacy or cookie policies with consent mechanisms, which are areas for improvement. The WHOIS data is unavailable due to a malformed request, but the website's content and social media presence strongly indicate legitimacy and trustworthiness. Overall, SBAM's website demonstrates a strong business and technical foundation with minor gaps in privacy compliance and security best practices. Addressing these gaps will enhance user trust and regulatory compliance.

A

AS Alexela

220energia.ee

55

AS Alexela is a prominent Estonian energy company specializing in electricity, natural gas, and liquid fuels. The recent merger with 220 Energia expands its customer base and enhances its service offerings, including a customer loyalty program and mobile app for service management. The website reflects a mature digital presence with a modern Drupal 10 CMS, integrated analytics, and mobile optimization. Security posture is strong with HTTPS and cookie consent mechanisms, though explicit privacy and security policies are not found on the analyzed page. Overall, the company demonstrates a solid market position in the energy sector with good technical infrastructure and user experience.

L

Lindex Group Oyj

stockmanngroup.com

61

Lindex Group Oyj is a Finnish multinational retail company operating primarily in the fashion and department store sectors through its two main divisions: Lindex and Stockmann. Lindex is a leading Nordic fashion brand with a strong presence in 17 countries and online sales in 34 countries, focusing on women's and children's apparel, lingerie, and cosmetics. Stockmann operates quality department stores and e-commerce platforms in Finland and the Baltic countries. The company targets consumers seeking quality fashion and lifestyle products, leveraging a multichannel retail business model combining physical stores and digital commerce. The website reflects a professional corporate presence with comprehensive investor relations and sustainability information. Technically, the website is built on WordPress 6.8.1 with modern web technologies including jQuery and Google Tag Manager. It employs a cookie consent mechanism compliant with GDPR and integrates analytics tools such as Google Analytics and ContentSquare. The site is mobile-optimized and accessible, with good SEO practices. However, no explicit security headers were detected in the HTML source, which could be improved to enhance security posture. Security-wise, the site enforces HTTPS and uses cookie consent for privacy compliance. There is no visible security policy or incident response contact information published, which are areas for improvement. The absence of WHOIS registration data for the domain is a notable anomaly that raises questions about domain legitimacy, despite the professional appearance and content of the website. Overall, the website is well-designed and functional, supporting the company's business objectives effectively. Strategic recommendations include enhancing security headers, publishing security and incident response policies, and verifying domain registration details to strengthen trust and compliance.

H

Hammerjack

hammerjack.ee

31

Hammerjack is an Estonian-based e-commerce retailer specializing in a wide range of tools, equipment, and fasteners catering to both professional and home users. The website offers an extensive catalog with over 20,000 products, structured into detailed categories for ease of navigation. The business targets professionals and DIY enthusiasts, positioning itself as a reliable supplier in the Estonian market. The platform is built on nopCommerce, leveraging modern web technologies and analytics tools such as Google Analytics 4 and Facebook Pixel for marketing and user behavior tracking. The website is multilingual, supporting Estonian, English, Russian, and Finnish languages, enhancing accessibility for a broader audience. Security posture is adequate with HTTPS enforced and cookie consent mechanisms in place, although there is room for improvement in security headers and explicit security policies. Overall, the site demonstrates good technical maturity and business credibility, with a professional design and clear navigation. However, contact information and detailed legal/security policies are not prominently available, which could be enhanced to improve trust and compliance.

Enefit Group is a leading Estonian energy company focused on transitioning to sustainable and renewable energy sources. Their business spans electricity and heat production from oil shale and alternative raw materials, renewable energy generation through solar and wind parks, and providing smart energy solutions to consumers and industries. The company operates primarily in Estonia but also has presence in Latvia, Lithuania, Poland, and Finland. The website reflects a mature digital presence with a modern React/Next.js tech stack, comprehensive cookie consent mechanisms, and clear corporate branding. Security posture is strong with HTTPS, security headers, and secure cookie practices, though explicit security policies and incident response information are not publicly detailed. Overall, the site is professional, trustworthy, and compliant with GDPR, supporting Enefit's market position as a responsible energy provider in the Baltic region.

I

ICON Agency

iconagency.com.au

51

ICON Agency is a well-established Australian integrated communications agency specializing in PR, creative, behaviour change, and digital services. With multiple offices across Australia and Fiji, the agency serves a broad client base seeking comprehensive communication solutions. The website reflects a professional and consistent brand image, showcasing their award-winning status and diverse service offerings. Technically, the site leverages modern frameworks such as Vue.js and Drupal CMS, integrating analytics and marketing tools like Google Analytics, HubSpot, and Hotjar, indicating a mature digital infrastructure. Security posture is solid with HTTPS enforced and no exposed sensitive data; however, the absence of security headers and published security policies suggests room for improvement. Privacy compliance is partial, with a privacy policy present but lacking a cookie consent mechanism despite active tracking scripts. Overall, the website demonstrates high business credibility and user experience, though enhancements in security transparency and privacy controls are recommended.

I

INTATI TOUR

iati.com

58

IATI is a well-established online travel platform primarily serving the Turkish market and selected international countries. Founded in 2003, it positions itself as Turkey's largest online travel platform, offering travel booking services and technology solutions. The website is professionally designed with consistent branding and clear navigation, targeting travelers and tourism industry stakeholders. The technical infrastructure leverages common web technologies such as jQuery, Bootstrap, and Google Tag Manager, hosted likely on AWS infrastructure. While the website uses HTTPS and has a long-standing domain, it lacks some advanced security features such as DNSSEC and security headers. Privacy compliance is partial, with a privacy policy and terms of service present but no cookie consent mechanism. Contact information is limited on the main page, which may impact user trust. Overall, the site demonstrates moderate digital maturity with room for security and privacy improvements.

S

Strands

strands.com

84

Strands is a well-established fintech company specializing in digital banking software solutions that leverage real-time data and AI to enhance customer engagement and financial management. Their platform targets financial institutions, banks, and SMEs, offering modular solutions such as Personal Financial Management, Business Financial Management, AI-driven insights, and Carbon Footprint analytics. The company demonstrates a strong market position with a global client base and a consistent brand presence. Technically, the website is built on WordPress with modern marketing and analytics integrations, including HubSpot, Google reCAPTCHA Enterprise, Matomo, and LinkedIn Insight. The site is well-optimized for SEO, mobile responsiveness, and user experience. Security posture is solid with HTTPS enforcement and bot protection, though DNSSEC is not enabled and explicit security policies are not published. Overall, the domain registration is consistent with the business claims, showing legitimacy and transparency. The website exhibits extensive user tracking balanced with privacy compliance mechanisms such as cookie consent banners and GDPR-aligned policies.

P

Puratos

puratos.com

76

Puratos is a global enterprise specializing in the manufacturing and supply of bakery, patisserie, and chocolate ingredients. The company targets professional bakers, pastry chefs, and chocolatiers worldwide, offering a broad portfolio of products and innovation support. The website reflects a mature digital presence with multilingual support and a professional design consistent with its market position as a leader in the food ingredient manufacturing sector. Technically, the site uses advanced marketing and analytics tools such as Visual Website Optimizer and Google Tag Manager, hosted on a CMS platform likely Adobe Experience Manager, ensuring a modern and responsive user experience. Security posture is strong with HTTPS enforcement and appropriate security headers, though explicit security policies and incident response information are not publicly detailed. Privacy compliance is well addressed with comprehensive privacy and cookie policies, including GDPR adherence. The absence of WHOIS data for the domain is a notable anomaly that warrants further investigation but does not detract from the overall legitimacy of the business as presented on the site.

A

Astro Baltics

astrobaltics.eu

47

Astro Baltics is a well-established Nordic IT company founded in 1998, specializing in comprehensive and flexible IT solutions for businesses of all sizes. Their offerings include the NOOM economic software suite, the Cloudics cloud platform tailored for fuel stations, car washes, and retail, as well as custom software development and IT hardware sales with maintenance services. The company maintains a strong market position in Estonia and the surrounding region, supported by ISO 27001 certification and a professional online presence. Technically, the website is built on WordPress with modern plugins and SEO optimizations, providing a good user experience and mobile responsiveness. Security practices are solid, with HTTPS, reCAPTCHA, and privacy consent mechanisms in place, although some security headers could be enhanced. Overall, the site reflects a mature digital infrastructure aligned with business goals.

V

Visionest Institute

mi.ee

49

Visionest Institute is an Estonian-based education and training organization formed by the merger of Marketingi Instituut, Invicta, and Director. The company offers a wide range of training courses and development programs targeting both businesses and individual learners, positioning itself as a key player in the Estonian professional education market. The website is well-structured, professionally designed, and optimized for SEO and mobile devices, reflecting a mature digital presence. The technical infrastructure is built on WordPress with integrations including WooCommerce, HubSpot, Google Tag Manager, and Facebook Pixel, indicating a modern marketing and analytics setup. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though DNSSEC is not enabled and some security headers are missing. The WHOIS data aligns well with the business claims, showing a legitimate and consistent registration. Overall, the website demonstrates good compliance with privacy regulations and provides clear business information, supporting a trustworthy online presence.

D

Dashbird Inc.

dashbird.io

68

Dashbird Inc. is a technology company specializing in serverless observability and troubleshooting solutions. Their platform offers agentless monitoring, error detection, and end-to-end visibility across cloud-native infrastructures, primarily targeting developers, DevOps, security teams, and architects working with serverless applications. Recognized as a Gartner Cool Vendor in observability, Dashbird serves thousands of users with a SaaS business model focused on usage-based pricing. The company is headquartered in San Francisco and has been operational since 2017. Technically, the website is built on WordPress and leverages a modern tech stack including Google Analytics, Google Tag Manager, Intercom, HubSpot Forms, Hotjar, and other marketing and analytics tools. Hosting is likely on AWS, supported by DNS records. The site demonstrates good SEO optimization, mobile responsiveness, and a professional design with clear navigation and rich content. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks explicit security headers and does not publish a security policy or incident response contacts. No vulnerability disclosure or security.txt file is present. The domain registration is mature and consistent with the business claims, though the registrant country differs from the business address, likely due to registrar location or privacy. Overall, Dashbird presents a strong business and technical profile with good privacy compliance and trust indicators. Strategic recommendations include enhancing security headers, publishing a security policy, and adding vulnerability disclosure information to improve security posture and trust further.

Z

Zephyr Ventilation

zephyronline.com

51

Zephyr Ventilation is a well-established premium kitchen appliance brand specializing in range hoods, wine coolers, and beverage coolers. The company targets homeowners and kitchen designers seeking stylish and innovative kitchen ventilation and refrigeration solutions. Their website reflects a medium-sized retail business with a strong focus on design and customer support, including a dedicated help center and parts store. Technically, the site is built on WordPress with WooCommerce, leveraging modern JavaScript libraries and marketing tools such as Google Tag Manager, Facebook Pixel, and Hotjar. The site is mobile-optimized and SEO-friendly, providing a good user experience. Security-wise, the site uses HTTPS and reCAPTCHA v3, but lacks DNSSEC and explicit security headers, and does not publish a security policy or incident response contacts. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism despite extensive tracking. Overall, the domain is legitimate, long-standing, and consistent with the business identity.

A

Adovinci

adovinci.com

62

The website 'Adovinci' appears to be a small business or service platform with a focus on campaigns, as indicated by the URL and page title. The domain is registered since 2019 with a reputable registrar and has a long expiry date, indicating stability. The website uses modern frontend technologies such as Bootstrap 5 and Font Awesome 5, and integrates Google Tag Manager for analytics. However, the content is minimal with no visible privacy, cookie, or terms of service policies, and lacks explicit contact or security policy information. The site is accessible without any WAF or security challenge blocking content. The SSL configuration is good, but DNSSEC is not enabled, and no security headers were detected, which could be improved for better security posture.

K

KI

ki.com

78

KI is a company specializing in contract furniture solutions, providing expert advice, design options, and personalized services to its customers. The website positions KI as a trusted expert in the contract furniture industry, targeting businesses and organizations seeking tailored furniture solutions. The site demonstrates a professional and consistent brand presence with good content quality and user experience. Technically, the website employs modern technologies including Font Awesome icons, Microsoft Application Insights for monitoring, Google Tag Manager for analytics, and OneTrust for cookie consent management. The site is accessible, mobile-optimized, and uses HTTPS, indicating a secure baseline. However, the absence of WHOIS data and lack of explicit privacy policies or contact information reduce transparency and trust from a compliance and security perspective. Security best practices such as security headers and vulnerability disclosures are not evident, suggesting room for improvement in the security posture. Overall, KI's website reflects a mature business with a solid digital presence but would benefit from enhanced transparency and security disclosures to improve trust and compliance.

R

RMIT University

rmit.edu.au

61

RMIT University is a large, internationally recognized educational institution specializing in technology, design, and enterprise education. It offers a broad range of undergraduate, postgraduate, vocational, and online courses, serving a diverse audience including students, alumni, staff, and research partners. The website reflects a mature digital presence with consistent branding and comprehensive navigation tailored to its academic and global audience. Technically, the site leverages Adobe Experience Manager CMS and integrates multiple analytics and marketing tools, indicating a sophisticated digital marketing strategy. Security posture is generally strong with HTTPS enforced and no visible sensitive data exposure, though the absence of explicit security headers and privacy policies suggests room for improvement. The WHOIS data is privacy protected, which is typical for Australian domains and does not detract from the domain's legitimacy. Overall, the site is professional and trustworthy but would benefit from enhanced privacy compliance and clearer security communication.

M

Marketex Offshore Constructions

moc.ee

60

Marketex Offshore Constructions is a specialized manufacturer of complex steel structures serving the Offshore Oil & Gas, Renewables, Infrastructure, and Industrial sectors. Founded in 2014 and operating under the parent company BLRT Grupp, the company emphasizes quality and compliance with industry standards such as NORSOK, DNV GL, ABS, and BV. Their modern facilities support large fabrication projects primarily targeting the North Sea region and beyond. The website reflects a professional digital presence with clear business information and a focus on safety and quality through their QHSE policies. Technically, the site is built on WordPress with modern libraries and includes Google Analytics and Tag Manager for tracking, complemented by a cookie consent mechanism.

B

Bitly, Inc.

etoro.tw

75

Bitly, Inc. is a well-established technology company specializing in branded link management services, including URL shortening, branded links, QR codes, and analytics. The company serves a broad business audience, including enterprises seeking to enhance their digital marketing and engagement strategies. Bitly holds a strong market position as a trusted platform used by major global brands and maintains a professional and content-rich website that reflects its enterprise stature. Technically, the website is built on WordPress with a modern tech stack incorporating advanced analytics (Snowplow, Google Analytics), consent management (OneTrust), and performance optimization via AWS Cloudfront CDN. The site is mobile-optimized, accessible, and SEO-friendly, demonstrating a mature digital infrastructure. From a security perspective, Bitly demonstrates a strong posture with enforced HTTPS, SOC 2 compliance, and robust privacy and cookie policies with active consent mechanisms. No critical vulnerabilities or exposed sensitive data were detected. However, DNSSEC is not enabled, and explicit incident response contact information is not publicly available, representing areas for improvement. Overall, Bitly presents a low-risk profile with high business credibility and technical maturity. Strategic recommendations include enabling DNSSEC, publishing a security.txt file, and enhancing incident response transparency to further strengthen trust and security assurance.

N

Nordic Aviation Group

nordica.ee

44

Nordic Aviation Group is a medium-sized airline group based in Estonia, operating subsidiaries Nordica and Xfly. The company provides air transportation services and aircraft leasing. Recently, the group filed for bankruptcy, ceasing daily operations and initiating bankruptcy proceedings. The website serves as a corporate communication channel, providing press releases and company information. The technical infrastructure is based on WordPress with modern web technologies such as Bootstrap and Google Tag Manager, indicating a moderate level of digital maturity. The site is mobile optimized and SEO friendly but lacks some advanced accessibility features. Security posture is adequate with HTTPS enforced and no visible vulnerabilities, though security headers and incident response information are missing. Privacy compliance is basic, with no cookie consent mechanism detected. Overall, the website is professional and trustworthy but could improve in privacy and security transparency.

A

Anju Software, Inc.

anjusoftware.com

61

Anju Software, Inc. is a medium-sized, customer-focused software company specializing in life sciences technology solutions. Their offerings include adaptable software suites for clinical research, medical affairs, and data science, targeting biopharmaceutical companies and CROs globally. The company positions itself as a trusted partner to top pharmaceutical firms, providing tools that accelerate clinical trials and enhance patient outcomes. The website reflects a professional and consistent brand image with comprehensive product and service information. Technically, the website is built on WordPress with modern frameworks like Bootstrap and Elementor, integrating multiple analytics and marketing tools such as Google Analytics, LinkedIn Insight, and VWO. The site is mobile-optimized and demonstrates good SEO and accessibility practices, though some accessibility features could be enhanced. Security measures include HTTPS enforcement and reCAPTCHA on forms, but additional security headers could improve the security posture. The security posture is solid with no visible vulnerabilities or exposed sensitive data. Privacy compliance is supported by clear privacy and cookie policies with consent mechanisms, though no explicit terms of service or vulnerability disclosure policies were found. The absence of WHOIS data reduces domain trustworthiness, suggesting privacy protection or unregistered status, which should be verified. Overall, Anju Software presents a credible and professional online presence with strong business and technical foundations. Strategic improvements in security headers, accessibility, and transparency policies would further enhance trust and compliance.

B

Balti Uuringute Instituut

ibs.ee

45

Balti Uuringute Instituut is an established independent think tank founded in 1996, specializing in political and socio-economic research primarily focused on Estonia, the Baltic Sea region, and Europe. The organization provides high-quality applied research and policy analysis aimed at supporting evidence-based public policymaking. Their target audience includes policymakers, public sector entities, researchers, and international partners. The website reflects a professional and consistent brand image with clear navigation and relevant content showcasing their expertise and projects. Technically, the site is built on WordPress with modern libraries such as Bootstrap and Swiper.js, and integrates Google Analytics and Tag Manager for tracking. The site is mobile-optimized and performs moderately well, though accessibility could be enhanced. Security posture is good with HTTPS enforced and no visible vulnerabilities, but lacks explicit security policies and headers. Privacy compliance is weak due to absence of privacy and cookie policies or consent mechanisms. Overall, the site demonstrates strong business credibility but requires improvements in privacy and security transparency.

A

Ambientia Group Oy

ambientia.fi

65

Ambientia Group Oy is a Finnish technology and design consultancy specializing in digital transformation, application development, and data-driven customer experience solutions. The company serves clients primarily in retail, services, and industrial sectors, positioning itself as a modern and innovative partner for organizations seeking to leverage technology for business success. The website reflects a mature digital presence with comprehensive service descriptions, client case studies, and a strong partner ecosystem including Atlassian, AWS, Azure, Shopify, and Magento. Technically, the site is built on HubSpot CMS with integrations for analytics and marketing automation, demonstrating digital maturity and good performance. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though explicit security headers could be improved. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site projects professionalism, trustworthiness, and a strong market position in the Finnish technology consulting space.

E

Envoice

envoice.eu

63

Envoice is a technology company specializing in AI-driven expense management and bookkeeping automation solutions targeted at businesses and accounting firms. The platform offers key services such as expense reporting, invoice creation, approval workflows, and seamless integration with popular accounting software like Xero and QuickBooks. Positioned as a modern and efficient tool, Envoice emphasizes automation to reduce manual bookkeeping tasks and improve operational efficiency. The website reflects a mature digital presence with professional design, clear navigation, and comprehensive content tailored to its target audience. Technically, the website is built on WordPress with a robust tech stack including jQuery, Google Tag Manager, HubSpot, Segment Analytics, and Intercom for customer engagement and analytics. The site is mobile optimized and SEO friendly, leveraging Rank Math SEO plugin and multilingual support via WPML. Performance is moderate with good mobile responsiveness and accessibility basics in place. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms, but lacks explicit security headers and published security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected in the HTML content. The WHOIS data aligns well with the business claims, showing consistent registration with an Estonian registrar. Overall, the security posture is solid but could be enhanced by adding security policies and vulnerability disclosure mechanisms. The overall risk assessment is low with strong business credibility and technical implementation. Strategic recommendations include implementing security headers, publishing a security policy and incident response contacts, and establishing a vulnerability disclosure program to further strengthen trust and compliance.

M

Meriton

meriton.com.au

54

Meriton is Australia's largest apartment developer with over 60 years of experience in residential and commercial property development, sales, leasing, and management. The company has built and sold more than 79,000 apartments and hotel suites across major Australian cities. Their market position is strong, supported by a 4.5 GOLD STAR iCIRT rating and a 100% construction completion record. The website reflects a mature digital presence with comprehensive service offerings and a professional brand image. Technically, the site uses modern frameworks such as Next.js and integrates multiple third-party analytics and marketing tools, ensuring good performance and SEO optimization. Security posture is robust with HTTPS, security headers, and no visible vulnerabilities, although explicit security policies and incident response contacts are not published. Overall, the website and business demonstrate high credibility and trustworthiness.

D

Devolon

devolon.fi

66

Devolon is a Finnish software development company specializing in future-proof web and mobile software solutions. Their service offerings include IT consulting, UI/UX design, clean code development, QA, maintenance, and support, targeting industries such as FinTech, transportation, healthcare, and museums. The company positions itself as a niche provider of full-stack development services with a focus on innovative and tailored solutions. Technically, the website is built on the Squarespace platform, leveraging modern web technologies including jQuery, HubSpot forms, Weglot for multilingual support, and OneTrust for cookie consent management. The site is mobile responsive and implements HTTPS with HSTS for secure communications. Security posture is solid with no evident vulnerabilities or exposed sensitive data, though the absence of explicit privacy and terms of service policies and incident response contacts indicates room for improvement in compliance and transparency. Overall, the website reflects a professional and trustworthy business presence with moderate tracking and marketing tools in use.

P

Pactum AI, Inc.

pactum.com

73

Pactum AI, Inc. operates a leading agentic AI platform focused on enterprise procurement automation. Their AI agents autonomously negotiate non-strategic supplier contracts at scale, unlocking significant savings and operational efficiencies for Fortune 500 companies and large enterprises. The company positions itself as a market leader with over half a decade of experience and a strong portfolio of negotiation agents tailored to various procurement needs. Technically, the website is built on WordPress, leveraging modern analytics and consent management tools, hosted via Cloudflare with secure HTTPS enforcement. Security posture is strong with appropriate headers and secure domain registration, though DNSSEC is not enabled. Privacy compliance is robust with clear policies and consent mechanisms. Overall, the website reflects a mature, professional enterprise SaaS business with high trust and credibility.

G

Geo S.T.

geo.ee

48

Geo S.T. is an established Estonian company specializing in geodetic measurements, 3D laser scanning, construction geodesy, and cadastral services. Founded in 2010, it serves clients in energy, transportation, and real estate sectors, offering precise surveying and modeling solutions. The company maintains a professional web presence with clear service descriptions and partner affiliations, targeting construction and industrial clients. Technically, the website is built on WordPress with common libraries like jQuery and Bootstrap, integrating Google Analytics and Google Tag Manager for user tracking. The site is mobile-optimized and moderately performant, though accessibility and SEO could be improved. Security posture is solid with HTTPS and secure forms, but lacks advanced security headers and explicit security policies. Privacy compliance is basic with a cookie policy but no consent mechanism or detailed privacy policy. Overall, the domain registration is consistent and trustworthy, supporting the company's legitimacy.

T

Tallinn Dolls

tallinndolls.com

50

Tallinn Dolls operates as a specialized e-commerce retailer focusing on fashion apparel and accessories for women, men, and children. The website offers a variety of collections including pre-order and immediate purchase options, targeting consumers interested in curated fashion products. The company has a stable market presence with a domain registered since 2008, indicating longevity and business continuity. The site supports multilingual content in English and Estonian, enhancing accessibility for its target audience. Technically, the website leverages modern marketing and analytics tools such as Google Analytics, Facebook Pixel, Klaviyo, and Weglot for translations. It is built on the Sylius e-commerce platform, which is a modern and flexible solution. The site is mobile optimized and provides a good user experience with clear navigation and professional design. Performance is moderate, with room for improvement in accessibility and SEO. From a security perspective, the site uses HTTPS and has domain transfer protections in place. However, it lacks DNSSEC and does not publish security policies or incident response contacts. No privacy or cookie policies were detected, which is a compliance gap especially under GDPR. Tracking technologies are extensively used, but without visible consent mechanisms, raising privacy concerns. Overall, Tallinn Dolls presents a credible and professional e-commerce presence with solid technical foundations but requires improvements in privacy compliance and security transparency to enhance trust and regulatory adherence.

M

Meta Advisory Group OÜ

metaadvisory.ee

43

Meta Advisory Group OÜ is a professional PR and government relations agency based in Estonia, operating as part of the Rud Pedersen Group. The company offers a broad range of communication services including government relations, reputation management, crisis communication, marketing communication, and digital strategies. The website reflects a mature business with a strong market position, evidenced by its recognition as the Aasta Kommunikatsiooniagentuur 2025 and its presence in multiple European cities. The target audience includes clients seeking expert communication and PR services with a strategic approach. Technically, the website is built on WordPress with modern tools such as Google Tag Manager and Facebook Pixel for analytics and marketing. Performance and mobile optimization are good, with SEO best practices implemented via Yoast SEO. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though there is room for improvement in publishing explicit security policies and incident response information. Overall, the website is professional, trustworthy, and compliant with GDPR requirements, supporting the company's credibility and business goals.

S

SinuLab

sinulab.ee

53

SinuLab is a technology company specializing in software solutions for strategic performance management and people development, primarily targeting small and medium-sized enterprises. Their SaaS offerings include modules for people data management, performance tracking, employee development, and talent management, complemented by e-learning courses. The company has a consistent brand presence and a professional website that clearly communicates its services and target audience. Technically, the website is built on WordPress with modern plugins and integrates marketing and analytics tools such as HubSpot and Google Tag Manager. Security posture is good with HTTPS enforced and domain transfer protections in place, though improvements like enabling DNSSEC and adding security headers are recommended. Privacy compliance is basic but includes a cookie consent mechanism and a privacy policy page. Overall, the website and business present a trustworthy and professional image with room for enhanced security and compliance maturity.

SDF Group is a globally recognized manufacturer and distributor of tractors, diesel engines, and agricultural machinery, operating under multiple well-known brands. The company targets farmers and contractors seeking advanced farming technology and precision agriculture solutions. The website demonstrates a mature digital presence with a modern tech stack based on Nuxt.js and Vue.js, incorporating analytics and cookie consent mechanisms. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though some security best practices like security headers and explicit incident response policies could be improved. The absence of WHOIS data reduces domain registration trust but is offset by professional branding and comprehensive content. Overall, the site is well-structured, mobile-optimized, and compliant with privacy regulations, supporting a strong business credibility profile.

C

Change Ventures

changeventures.com

55

Change Ventures is a seed stage venture capital fund focused on backing ambitious Baltic founders globally. The company provides pre-seed investments ranging from €100k to €500k, along with hands-on support to help startups reach product-market fit and access to a network of later stage investors and partners. Their portfolio includes innovative technology companies across sectors such as energy, fintech, and software. The website presents a professional and consistent brand image with detailed team profiles and portfolio highlights, targeting founders and investors interested in the Baltic startup ecosystem. Technically, the website is built on Webflow and uses modern web technologies including Google Analytics and Tag Manager for tracking, with content delivered via a CDN. The site is mobile optimized and features good SEO practices. However, some accessibility features could be improved. Security posture is generally good with HTTPS enforced and secure form handling, but lacks explicit security headers and published security policies. The WHOIS data for the domain is missing or unavailable, which raises concerns about domain registration transparency. Despite this, the website content and business information appear legitimate and professional. There are no privacy or cookie policies found, indicating compliance gaps with GDPR and other privacy regulations. Contact information includes a verified company email and physical address in Estonia, but no phone numbers are explicitly provided. Overall, the website is well designed and informative, supporting a credible business presence. However, improvements in privacy compliance, security policy transparency, and domain registration clarity are recommended to enhance trust and reduce risk.

D

Destia

destia.fi

64

Destia is a Finnish infrastructure company specializing in the planning, construction, and maintenance of critical infrastructure throughout its lifecycle. As a part of the Colas Group, Destia holds a strong market position in the transportation and energy sectors within Finland. The website reflects a mature digital presence with professional design, clear branding, and comprehensive cookie consent mechanisms, indicating a commitment to privacy compliance. Technically, the site is built on WordPress with modern technologies such as Google Tag Manager and Cookiebot, ensuring good SEO and mobile optimization. Security posture is solid with HTTPS enforced and no exposed sensitive data, though the absence of explicit security headers and incident response information suggests room for improvement. Overall, Destia's website demonstrates a high level of professionalism and trustworthiness, supporting its business credibility in the infrastructure sector.

P

Powerfleet (formerly Fleet Complete)

fleetcomplete.com

66

Powerfleet (formerly Fleet Complete) is a leading provider of connected fleet management and asset tracking solutions, targeting businesses ranging from small-medium enterprises to large Fortune 500 companies. The company offers a comprehensive suite of products including fleet management software, AI dash cameras, asset trackers, and telematics integrations, positioning itself as a key player in the transportation and logistics sector. The website reflects a mature digital presence with consistent branding and a focus on data intelligence to optimize fleet operations. Technically, the website is built on WordPress with Elementor, leveraging modern analytics and marketing tools such as Google Analytics, Google Tag Manager, LinkedIn Insight, and 6sense. The site is mobile-optimized, SEO-friendly, and includes privacy and cookie consent mechanisms, indicating a good level of digital maturity and compliance with privacy regulations like GDPR. From a security perspective, the site enforces HTTPS and includes basic security headers, but lacks some advanced headers and a public security or incident response policy. No critical vulnerabilities or exposed sensitive data were detected. The absence of WHOIS data transparency slightly reduces trust but does not outweigh the professional and active nature of the website. Overall, the risk profile is moderate to low with recommendations to enhance security headers, publish explicit security policies, and consider vulnerability disclosure mechanisms to further strengthen trust and compliance.

L

Leibur

leibur.ee

60

Leibur is a well-established Estonian bakery company with a rich history dating back to 1762. The company operates primarily in the retail sector, offering a variety of bread and bakery products. The website reflects a medium-sized business with a consistent brand presence and a focus on product promotion, company history, and sustainability. The parent company is Lantmännen, indicating a solid corporate backing. Technically, the website uses modern frameworks such as Bootstrap and integrates multiple marketing and analytics tools including Google Tag Manager, Matomo, HubSpot, and Microsoft Application Insights. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. Security-wise, the site enforces HTTPS and uses cookie consent mechanisms but lacks some recommended security headers and explicit security policies. Privacy compliance is basic, with a cookie banner present but no clear privacy policy or terms of service pages detected. WHOIS data confirms the legitimacy and consistency of the domain registration with the business claims. Overall, the website is functional and professional but could improve in privacy transparency and security best practices.

T

TJO Konsultatsioonid

tjo.ee

52

TJO Konsultatsioonid is a leading Estonian consulting firm specializing in management systems development, strategic management, and production efficiency enhancement. The company offers a range of consulting services and training programs targeted at businesses seeking to improve operational effectiveness and comply with international standards. Their market position is strong within Estonia, supported by multiple ISO certifications and a robust client base. The website infrastructure is built on WordPress, utilizing modern plugins such as Yoast SEO and Ninja Forms, integrated with Google Analytics and Google Tag Manager for performance and user behavior tracking. The site is mobile-optimized and demonstrates good SEO practices, contributing to a positive digital maturity profile. Security posture is solid with HTTPS enforced, use of Google reCAPTCHA on forms, and indications of security plugins like Wordfence. However, some security headers are not explicitly confirmed and could be improved. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism aligned with GDPR requirements. Overall, the website and business present a trustworthy and professional image with no critical security issues detected. Strategic recommendations include enhancing security headers, maintaining up-to-date software, and considering a formal incident response policy to further strengthen security and compliance.

B

Barrington Group

smartek.com

74

Smartek, operated by Barrington Group, is a mature Australian-based technology company specializing in workforce compliance and contractor management solutions. Their SaaS platform offers modules for compliance management, inductions, visitor management, asset management, and permit to work, supported by a team of compliance experts. The company serves a broad range of industries including healthcare, government, and construction, with a strong market presence evidenced by a large user base and notable clients such as Qantas and City of Melbourne. The website reflects a professional and consistent brand with comprehensive service descriptions and client testimonials. Technically, the website is built on WordPress with modern plugins and tracking technologies including Google Analytics, Facebook Pixel, LinkedIn Insight, and HubSpot. Hosting is managed via Azure DNS, and the site uses HTTPS with a good SSL configuration. However, DNSSEC is not enabled, and some recommended security headers are not explicitly detected. The site lacks a cookie consent mechanism, which may impact GDPR compliance. Forms use reCAPTCHA v3 to mitigate spam. From a security perspective, the domain is well-established with a long registration history and protective domain status flags. No WAF or blocking mechanisms were detected, and no critical vulnerabilities were found in the visible content. The absence of a published security policy or incident response contact is a gap. Overall, the site demonstrates a solid security posture with room for improvement in DNS security and privacy compliance. Strategically, Smartek is positioned as a reliable compliance management solution with strong business credibility and digital maturity. Recommendations include enabling DNSSEC, implementing security headers, publishing security and incident response policies, and adding a cookie consent mechanism to enhance privacy compliance and user trust.

S

Spliethoff

spliethoff.com

76

Spliethoff is a well-established Dutch shipping company specializing in worldwide dry cargo ocean transport. With a fleet of over 50 modern vessels and a history dating back to 1921, the company positions itself as a reliable and high-quality partner in the maritime transport sector. Their website reflects a professional and comprehensive digital presence, targeting businesses requiring specialized cargo shipping services across various market segments including bulk cargo, containers, metals, and project cargo. Technically, the website employs modern frontend technologies such as Tailwind CSS, Alpine.js, and Swiper JS, alongside Google Tag Manager and Google Analytics for marketing and analytics purposes. The site is mobile responsive, well-structured, and optimized for SEO, providing a good user experience. Privacy compliance is evident through a cookie consent banner and a detailed privacy policy, indicating adherence to GDPR standards. From a security perspective, the site uses HTTPS and implements secure forms with anti-forgery tokens. However, it lacks explicit security headers like Content-Security-Policy and X-Frame-Options, which could enhance protection. The absence of WHOIS data transparency reduces domain trust slightly, though the website content and business information strongly support legitimacy. Overall, the website presents a low-risk profile with strong business credibility and good technical implementation. Strategic improvements in security headers and WHOIS transparency would further enhance trust and security posture.

A

Agrello

agrello.io

67

Agrello is a technology company specializing in secure e-signature and contract management solutions tailored primarily for small and medium-sized enterprises (SMEs). The platform offers a comprehensive suite of services including document automation, bulk contract creation, and legally binding electronic signatures compliant with EU and UK regulations. Positioned as a time-saving and efficient alternative to manual contract workflows, Agrello emphasizes ease of use, security, and compliance. The company operates from Estonia and provides multilingual support, reflecting a focus on European markets. Technically, the website is built on modern web technologies including Webflow CMS, Google Fonts, and integrates analytics and marketing tools such as Microsoft Clarity and Google Tag Manager. The platform supports integrations via Zapier and offers API access, indicating a mature digital infrastructure. The site is well-optimized for performance, mobile responsiveness, and SEO, with clear navigation and professional design. From a security perspective, Agrello enforces HTTPS, uses reCAPTCHA for form protection, and implements cookie consent mechanisms. While explicit security headers are not fully documented in the HTML, the overall posture is strong with no visible vulnerabilities or exposed sensitive data. The WHOIS data is privacy protected, which is typical for SaaS providers, and the domain appears actively maintained. Overall, Agrello presents a trustworthy, professional, and technically sound online presence suitable for its target market. Strategic recommendations include enhancing transparency around security policies and incident response, and publishing vulnerability disclosure information to further build trust.

T

TTK - Leak Detection System

ttkuk.com

70

TTK Leak Detection is a specialized manufacturer of liquid leak detection systems, focusing on water, acids, and oil leak detection for commercial and industrial applications. The company positions itself as a global leader with a strong presence in multiple international markets, offering products made in France with a notable 10-year warranty. Their target audience includes data centers, industrial facilities, airports, and other critical infrastructure sectors requiring reliable leak detection solutions. The website reflects a mature digital presence with comprehensive product information, case studies, and certifications that reinforce their market credibility. Technically, the website is built on WordPress with a modern tech stack including Google Analytics, Matomo, and Google Tag Manager for analytics and marketing. The site is well-optimized for SEO and mobile devices, with good performance and accessibility standards. Security measures include HTTPS, reCAPTCHA on forms, and cookie consent mechanisms, although some advanced security headers are not detected. From a security perspective, the site demonstrates good practices but lacks explicit security policies or incident response information. The absence of WHOIS data for the domain is a notable anomaly that reduces trustworthiness from a domain registration standpoint. Despite this, the professional website, certifications, and client references suggest a legitimate and established business. Overall, the risk assessment is moderate with recommendations to enhance domain registration transparency, implement additional security headers, and publish vulnerability disclosure policies to improve trust and compliance.

D

Diivaniparadiis

paradiis.ee

41

Diivaniparadiis is a well-established Estonian furniture retailer operating since 1998, offering a wide range of home and office furniture through both online and physical stores. The website reflects a mature e-commerce platform with clear navigation, product listings, and customer account management features. The business targets Estonian consumers seeking quality furniture and home decor products. The domain age and WHOIS data align with the company's market presence, reinforcing its legitimacy. Technically, the website employs modern JavaScript libraries such as Swiper.js for sliders, Fancybox for image galleries, and integrates marketing tools like Google Tag Manager and Facebook Pixel for analytics and advertising. The presence of CSRF tokens and HTTPS indicates a reasonable security posture, although some security headers could be improved. Mobile optimization and SEO practices are adequately implemented, providing a good user experience across devices. Security-wise, the site uses HTTPS with a good SSL configuration and includes CSRF protection in forms. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of a published security policy, incident response contacts, and vulnerability disclosure mechanisms suggests room for improvement in security transparency and compliance. Privacy compliance is basic but includes a cookie consent banner and a privacy policy page in Estonian. Overall, Diivaniparadiis presents a trustworthy and professional online presence with solid business credibility and technical implementation. Strategic enhancements in security policies, accessibility, and legal documentation would further strengthen its compliance and user trust.

A

Agrello

agrello.id

67

Agrello is a technology company based in Estonia specializing in secure e-signature and contract management solutions tailored primarily for small and medium-sized enterprises. Their platform enables users to create, sign, and manage legally binding agreements efficiently, reducing contract signing time by up to 60%. The company offers a SaaS subscription model with tiered plans, including a free trial and custom enterprise options, positioning itself as a niche player in the legaltech space with compliance to EU and UK regulations such as eIDAS. Technically, Agrello's website is built on modern web technologies including Webflow CMS, Google Tag Manager, Microsoft Clarity, and integrates with popular tools like Zapier and Microsoft Word templates. The site is well-optimized for performance, mobile responsiveness, and SEO, reflecting a mature digital infrastructure. Security measures include HTTPS enforcement, use of reCAPTCHA, and cookie consent mechanisms, although explicit security headers and a dedicated security policy page are not publicly evident. From a security posture perspective, the platform demonstrates strong adherence to best practices with no visible vulnerabilities or exposed sensitive data. Privacy compliance is robust, with clear privacy and cookie policies aligned with GDPR requirements. However, the absence of a public incident response or vulnerability disclosure page suggests room for improvement in transparency and security readiness. Overall, Agrello presents a trustworthy and professional online presence with a clear value proposition for SMEs seeking to streamline contract workflows. The domain WHOIS data is privacy protected, which is typical for SaaS providers, and does not raise immediate concerns. Strategic recommendations include enhancing security header implementation, publishing a security policy and incident response information, and providing DPO contact details to further strengthen compliance and trust.

R

ROI

roi.ee

53

ROI is an established Estonian company specializing in corporate gifts, promotional items, and branded apparel, serving businesses seeking quality branded products since 1992. The website is built on a modern Angular framework, incorporating standard web fonts and styles, and integrates Google Tag Manager and CookieHub for analytics and cookie consent management. The technical infrastructure is solid with HTTPS enforced and a cookie consent mechanism that supports GDPR compliance. However, explicit contact information and detailed security policies are not present on the site, which could be improved to enhance trust and compliance. The domain registration data is consistent and indicates a legitimate and stable business presence. Overall, the website demonstrates good digital maturity and a moderate security posture, with room for enhancements in security headers and incident response transparency.

A

AS Eesti Loto

eestiloto.ee

51

AS Eesti Loto operates as the official national lottery provider in Estonia, offering a variety of lottery games such as Eurojackpot, Vikinglotto, Bingo loto, Keno, Jokker, and e-kiirloterii. The website serves as a platform for ticket sales, results checking, and account management, targeting Estonian residents interested in legal lottery gaming. The company holds a strong market position as a government-licensed entity with a medium-sized operational scale. The website's content is well-structured, professionally designed, and provides comprehensive information about games, responsible gaming, and user support.

E

eHost OÜ

aksohaus.ee

40

Investor.ee is a small Estonian educational website focused on providing practical advice and information about investing, portfolio management, risk management, and financial knowledge. The site targets individuals and organizations interested in growing their capital through various investment strategies. The business operates primarily as a content and informational platform, with a niche focus on the Estonian-speaking investment community. The domain is registered to eHost OÜ since 2019, consistent with the website's scope and scale. Technically, the website is built on WordPress using a modern theme and standard libraries such as Bootstrap, jQuery, and FontAwesome. It integrates Google Tag Manager for analytics and Google reCAPTCHA v3 for spam protection on forms. The site is hosted behind Cloudflare DNS and uses HTTPS, ensuring secure communication. Mobile optimization and SEO practices are good, though accessibility features are basic. From a security perspective, the site enforces HTTPS and uses reCAPTCHA to protect forms. However, it lacks explicit security headers like Content-Security-Policy and X-Frame-Options, and does not publish privacy or cookie policies, which are critical for GDPR compliance. No incident response or security policy information is available. External links are configured to open in new windows with noopener for security. Overall, the website is functional, professionally designed, and provides relevant content for its audience. The main risks relate to privacy compliance gaps and missing security headers. Strategic improvements in these areas would enhance trust and regulatory adherence.

M

Morek Group

morek.eu

45

Morek Group is a medium-sized Estonian company specializing in manufacturing and distributing high-quality electrical components and electric vehicle charging solutions. With 20 years of industry experience, Morek positions itself as a trusted partner in the energy and transportation sectors, focusing on infrastructure development for electricity and electric cars. The company targets electrical industry professionals and infrastructure developers across Europe, supported by multilingual website content and a clear product catalog. Technically, the website is built on WordPress with modern JavaScript integrations, including Google Tag Manager and Facebook Pixel for analytics and marketing. The site demonstrates good performance, mobile optimization, and SEO practices, with a consent management system for cookies ensuring privacy compliance. The technical infrastructure reflects a mature digital presence suitable for a medium-sized enterprise. From a security perspective, the site enforces HTTPS and uses consent mechanisms but lacks explicit security policies, incident response contacts, and vulnerability disclosure information. No critical vulnerabilities or exposed sensitive data were detected. Security headers could be improved to enhance protection. Overall, the security posture is solid but could benefit from formalized policies and additional headers. The domain WHOIS data is consistent with the business claims, showing no privacy protection and a domain age appropriate for the company's 20-year history. Contact information is clearly presented, including emails, phone numbers, and physical address, enhancing business credibility. Social media presence on LinkedIn and Facebook supports trust and engagement. Recommendations include publishing security and incident response policies, adding security headers, and considering a vulnerability disclosure program to strengthen security culture and compliance.

S

Softwerk

softwerk.ee

43

Softwerk OÜ is an Estonian technology company specializing in custom business software solutions including business intelligence (BI), ERP implementations (notably Microsoft Dynamics 365), and web development using modern frameworks such as .NET and React. Established in 2012, Softwerk has positioned itself as a trusted partner for businesses in Estonia and Europe, offering tailored solutions that improve operational efficiency and data-driven decision making. The company emphasizes long-term client relationships and quality service delivery, supported by positive client testimonials and recognized partnerships such as Microsoft. Technically, the website is built on WordPress with WPBakery Page Builder, leveraging common web technologies like jQuery and FontAwesome, and integrates Google Analytics and Tag Manager for user tracking. The site is mobile optimized and presents a professional design with clear navigation. Security posture is solid with HTTPS enforced and secure form handling, but lacks advanced security headers and explicit security or incident response policies. Privacy compliance is weak due to absence of privacy and cookie policies or consent mechanisms. Overall, Softwerk demonstrates a mature digital presence with room for improvement in privacy and security transparency.

B

Boomerang

boomerang.ee

47

Boomerang is a well-established third-party logistics provider specializing in eCommerce fulfillment and returns management, primarily serving the Nordic region and global markets. The company positions itself as the largest return handling operator in the Nordics, offering tailored and flexible logistics solutions to online webshops. The website reflects a professional and consistent brand image with good content quality and clear business focus. Technically, the site is built on WordPress with Elementor, leveraging modern technologies such as Usercentrics for cookie consent and Google Tag Manager for analytics, indicating a moderate level of digital maturity. Security-wise, the website enforces HTTPS and employs cookie consent mechanisms, but lacks explicit security headers and published security policies, which are areas for improvement. Overall, the site is trustworthy and professional but would benefit from enhanced privacy and security disclosures to improve compliance and user trust.

O

Oy Lunden Ab Jalostaja

jalostaja.fi

64

Oy Lunden Ab Jalostaja is a well-established Finnish food manufacturing and retail company specializing in ready meals, soups, salads, and vegan products. The company emphasizes convenience for everyday consumers and sustainability in packaging. Their website reflects a strong brand presence with consistent messaging and active engagement in para-sports sponsorship, enhancing their community involvement and brand image. Technically, the website is built on WordPress with modern SEO and tracking tools such as Yoast SEO and Google Tag Manager, ensuring good digital maturity and performance. Security posture is solid with HTTPS enforced and cookie consent mechanisms implemented, although there is room for improvement in publishing explicit security policies and incident response contacts. Overall, the site is professional, user-friendly, and compliant with GDPR requirements, supporting a high trust level for visitors and customers.