Security Directory

P

ProTrainUp Sp. z o.o.

protrainup.com

0

ProTrainUp Sp. z o.o. operates a comprehensive sports club management system targeting sports academies and clubs across Europe. The platform offers modular services including automated payment processing, exercise database management, and mobile applications for enhanced communication among trainers, players, and parents. The company positions itself as a leading provider in the European sports management technology market, supported by a strong client base including notable sports associations and clubs. Technically, the website leverages modern web technologies such as Bootstrap, jQuery, and integrates with Bitrix24 CRM and live chat services, hosted in a high-standard Polish data center. Security-wise, the site enforces HTTPS and emphasizes GDPR compliance, though it lacks some advanced security headers and explicit cookie consent mechanisms. Overall, the website is professional, trustworthy, and well-structured, with room for improvement in privacy and security transparency.

F

FHU TELVICOM

telvicom.pl

0

FHU TELVICOM is a small Polish technology service provider specializing in web development, e-commerce platforms, CMS solutions, 3D product photography, panoramic imaging, hosting, and domain registration services. The website targets local businesses and individuals in Poland seeking digital presence and hosting solutions. The site uses basic modern web technologies such as HTML5, CSS, JavaScript, and Modernizr but lacks advanced frameworks or CMS detection. The content is minimal and primarily marketing-oriented with no visible privacy, cookie, or terms of service policies, and no contact information or forms are present on the homepage. Security posture is weak with no detected security headers or HTTPS confirmation in the provided data. No analytics or tracking scripts are present, indicating minimal user tracking. Overall, the website demonstrates a basic digital maturity level with room for improvement in security, privacy compliance, and content richness.

R

RifleCX

riflecx.pl

0

RifleCX operates as a specialized e-commerce retailer focused on gun care and firearm maintenance products, targeting hunters, firearm owners, and shooting enthusiasts primarily in Poland. The website offers a range of products including cleaning oils, lubricants, protective sprays, and tactical accessories, with detailed product descriptions and instructional support via QR codes linking to YouTube videos. The business model centers on direct online sales with a clear niche market positioning. Technically, the site is built on the Shoper e-commerce platform, utilizing modern JavaScript libraries, Google Tag Manager, and Facebook Pixel for marketing and analytics. The site is mobile-optimized with good SEO practices and basic accessibility features. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, though additional security headers could enhance protection. Privacy compliance is robust, with comprehensive privacy and cookie policies aligned with GDPR requirements. No critical vulnerabilities or blocking mechanisms were detected, indicating a trustworthy and professional online presence.

C

CX80 Polska

cx80.com

0

CX80 Polska is a well-established Polish manufacturer specializing in multifunctional chemical products, including the world's strongest cold welding adhesive 'AUTO WELD' and specialized lubricants. Founded in 1991, the company serves both industrial sectors such as construction, mining, and transportation, as well as the consumer FMCG market through major retail chains. The website reflects a mature digital presence with multilingual support and e-commerce capabilities via WooCommerce. Technically, the site uses modern WordPress technologies and plugins, ensuring good performance and SEO optimization. Security posture is adequate with HTTPS and no exposed sensitive data, though security headers could be improved. Privacy compliance is partially met with a privacy policy but lacks a cookie consent mechanism. Overall, CX80 Polska presents a credible and professional business with clear contact information and trust indicators.

C

ConSol* Consulting & Solutions Software Poland Sp. z o.o.

consol.pl

0

ConSol* Consulting & Solutions Software Poland Sp. z o.o. is a reputable IT service provider specializing in custom IT solutions, software architecture, web application development, and managed services. The company serves a diverse range of industries with a focus on digital transformation and technological excellence. Their market position is reinforced by notable clients and an ISO 27001 certification, indicating a strong commitment to information security. Technically, the website is built on TYPO3 CMS with modern frameworks and libraries, ensuring good performance, mobile optimization, and accessibility. Security measures include robust HTTP headers, valid SSL certificates, and no detected vulnerabilities, although enabling OCSP stapling and enhancing HSTS settings could improve security further. Privacy compliance is well addressed with comprehensive privacy and cookie policies, consent mechanisms, and moderate user tracking via Matomo analytics. Overall, the website demonstrates high professionalism, trustworthiness, and technical maturity, supporting the company's credibility and business goals.

A

Automationstechnik

automationstechnik.pl

0

Automationstechnik is a well-established Polish company specializing in industrial automation and robotics solutions with over 25 years of experience. The company designs and builds advanced machines and assembly lines, focusing on optimizing production processes, intralogistics, and traceability systems. Their market position is strong within Poland's manufacturing sector, supported by multiple certifications and a portfolio of satisfied clients. Technically, the website is built on WordPress with modern frameworks and includes essential security and privacy features such as HTTPS, cookie consent, and Google reCAPTCHA. Security posture is good, though explicit security headers and published security policies could enhance it further. Overall, the company demonstrates a professional digital presence with strong business credibility and compliance with GDPR.

T

Transsystem Spółka Akcyjna

transsystem.pl

0

Transsystem Spółka Akcyjna is a Polish manufacturing company specializing in the production and general contracting of technological transport systems, primarily serving the tire industry, intralogistics, and e-commerce sectors. With over 31 years of market presence and a portfolio of international projects, the company maintains a solid market position supported by partnerships with major industry players such as Michelin, Goodyear, and Bridgestone. The website reflects a professional business model focused on manufacturing and technological transport solutions. Technically, the site is built on WordPress with common plugins like Yoast SEO and Contact Form 7, and it integrates Google Tag Manager and reCAPTCHA for analytics and security. However, the absence of a valid SSL certificate and HTTPS support is a significant security shortfall, exposing users to potential risks. Privacy and cookie policies are present and appear comprehensive, supporting GDPR compliance. Overall, the site demonstrates moderate digital maturity but requires urgent security improvements to align with best practices.

Security assessment completed with an overall score of 0/100 (unknown risk). 4 critical issues require immediate attention. Total of 23 security findings identified across all modules.

V

VOID.PL

void.pl

0

VOID.PL is a mature and established IT services company founded in 2010, specializing in bespoke IT solutions including systems and network support, software development, and consultancy. The company emphasizes close collaboration with customers, transparency, and proactive support. It operates primarily in Poland with associated companies in the UK and Estonia, supporting products like Smart DNS Proxy. The website reflects a professional business with good content quality and consistent branding, targeting businesses seeking outsourced IT operations and agile support services. Technically, the website uses a standard Apache server on Ubuntu, with front-end technologies including Bootstrap, jQuery, and Google Analytics. However, the site lacks HTTPS, which is a critical security gap. Security posture is weak due to missing SSL/TLS and absence of security headers or policies. Privacy compliance is poor with no visible privacy or cookie policies. WHOIS data confirms domain legitimacy and consistency with business claims. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

IMAS International is a mature Polish market research company established in 1998, specializing in quantitative and qualitative research services including internet-based CAWI studies, CATI telephone surveys, and ethnographic research. The company targets businesses and organizations seeking data-driven insights to support decision-making. Their website reflects a professional presence with consistent branding and good content quality, offering reports, publications, and a panel internetowy service. Technically, the site is built on WordPress with common plugins for forms, slideshows, and marketing integrations such as Mailmunch and Jetpack. However, the site lacks HTTPS support, which is a significant security concern. No privacy or cookie policies are found, and contact information is limited to forms without explicit emails or phone numbers. Security posture is weak due to missing SSL/TLS and security headers, though no active vulnerabilities or malware are detected. Overall, the website is functional but requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

N

Nowy Styl sp. z o.o.

nowystylgroup.com

0

Nowy Styl Group is a well-established manufacturer and supplier of office furniture and seating solutions, operating primarily in the manufacturing sector with a strong emphasis on sustainability and ergonomic design. The company targets businesses and organizations seeking comprehensive workplace furniture solutions, offering a broad product range including chairs, desks, tables, storage, and panels. The website reflects a mature and professional business with consistent branding and high-quality content. Technically, the website uses modern frameworks such as ASP.NET Core and Cloudflare for hosting and CDN services, with advanced UI components like Swiper.js and Google Tag Manager for analytics. However, the absence of a valid SSL certificate and lack of enabled TLS protocols represent critical security vulnerabilities that undermine the site's security posture. Privacy policies are comprehensive and GDPR compliant, and contact information is clearly presented across multiple channels. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

I

Interticket.pl

interticket.pl

0

Interticket.pl is a mature Polish e-commerce platform specializing in online ticket sales for concerts, theater, festivals, museums, and cinemas. Established in 2004, it serves primarily Polish-speaking customers with a broad offering of event tickets. The website integrates multiple marketing and analytics tools such as Google Analytics, Google Tag Manager, and Facebook Pixel, and maintains active social media profiles to engage its audience. However, the technical infrastructure shows signs of aging, with reliance on older JavaScript libraries and a custom CMS. Performance is suboptimal with slow page load times and a large page size. Critically, the site lacks a valid SSL certificate and does not enforce HTTPS, posing significant security risks.

R

Railsware Solutions FZ-LLC

railsware.com

0

Railsware Solutions FZ-LLC operates as a mature and established product studio specializing in software development services and proprietary SaaS products such as Mailtrap.io, Coupler.io, and TitanApps.io. The company targets entrepreneurs and investors seeking technology partners, offering expertise in Ruby on Rails, React, mobile, fintech, and AI/ML consulting. Their market position is solidified by a mature domain age of 18 years and a consistent brand presence across multiple platforms. Technically, the website leverages modern JavaScript frameworks and analytics tools, hosted on AWS infrastructure, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security flaw. Security posture is weak due to missing HTTPS, lack of security headers, and no HSTS implementation, despite good email authentication practices like DMARC with a reject policy. Privacy compliance is partial, with a comprehensive privacy policy but no visible cookie consent mechanism. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

Arvato is a large enterprise specializing in innovative supply chain management, logistics, and e-commerce solutions primarily serving B2B clients. The company operates globally with a strong presence in Poland and multiple related domains indicating a broad international footprint. Their website is built on TYPO3 CMS and integrates modern technologies such as Vite JS and Cookiebot for consent management. Despite a professional design and comprehensive content, the site suffers from an invalid SSL certificate, resulting in a basic security posture. Cookie consent and privacy policies are well implemented, reflecting good GDPR compliance. The site uses Google Analytics and advertising networks for tracking and marketing purposes. Overall, Arvato presents a credible and professional business front but should urgently address SSL and security header issues to improve trust and security.

G

Grupa Pracuj

pracujwgp.pl

0

Grupa Pracuj operates as a leading HR technology platform in Europe, connecting job seekers with employers through a suite of recruitment and HR management products. The company maintains a strong market position with multiple subsidiary brands including Pracuj.pl, eRecruiter, and Softgarden. The website reflects a professional and comprehensive approach to employer branding and recruitment, targeting candidates and HR professionals primarily in Poland. Technically, the site is built on the Softgarden platform, leveraging modern JavaScript libraries and hosted via Cloudflare and Azure infrastructure. While the SSL certificate is valid and security policies such as DMARC are strictly enforced, there is room for improvement in HTTPS security by enabling HSTS and DNSSEC. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates a mature digital presence with good content quality, though performance optimization could be enhanced.

G

Grupa Pracuj S.A.

grupapracuj.pl

0

Grupa Pracuj S.A. is a leading European HR Tech platform headquartered in Poland, specializing in digital recruitment and HR process automation. The company operates multiple subsidiary brands including Pracuj.pl and Robota.ua, serving both job seekers and employers with technology-driven solutions. Their market position is strong within the HR technology sector, supported by a large workforce and a broad client base. Technically, the website leverages modern tracking and analytics tools such as Google Tag Manager and Microsoft Clarity, hosted on Azure and using Cloudflare DNS services. However, performance is somewhat slow with a load time exceeding 7 seconds. Security posture is adequate with valid SSL and SPF/DMARC records, but lacks advanced protections like HSTS, DNSSEC, and CAA records. No explicit security or incident response policies are publicly available. Overall, the website is professional, well-branded, and compliant with GDPR and cookie consent requirements, but could improve in security hardening and performance optimization.

S

Sylius

sylius.com

0

Sylius is a leading open source headless eCommerce platform targeting mid-market and enterprise brands requiring custom solutions. It leverages modern development practices and Symfony framework to provide a highly customizable and scalable platform. The company maintains a strong community with over 650 contributors and 7000+ merchants using its solutions. Technically, the website is built on WordPress with integrations of modern tools like API Platform, Docker, Kubernetes, and various analytics and marketing services. Security posture is good with valid SSL, SPF, and DMARC records, though improvements like enabling HSTS and DNSSEC are recommended. The site demonstrates extensive tracking and marketing activities, balanced with privacy compliance mechanisms. Overall, Sylius presents a professional, trustworthy, and technically mature digital presence.

D

Dealavo Sp. z o.o.

dealavo.com

0

Dealavo Sp. z o.o. is a Poland-based company specializing in price monitoring and dynamic pricing software for brands and e-commerce stores. The company serves over 30 markets and thousands of online shops, providing tools for price tracking, promotion monitoring, and pricing optimization. Their platform integrates with popular e-commerce and sales platforms such as Amazon, Google Shopping, and eBay, targeting brands and retailers seeking to optimize pricing strategies and increase profitability. The website is well-branded, multilingual, and contains rich content including client testimonials and blog articles, indicating a mature digital presence. Technically, the website is built on WordPress with Yoast SEO and uses various marketing and analytics tools including HubSpot, Google Tag Manager, Microsoft Clarity, and LinkedIn Insight Tag. However, the site suffers from a critical security issue: the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which severely impacts security and user trust. The site has a strict DMARC policy and SPF records configured, indicating good email security practices. Performance is slow with a large page size and long load times, suggesting optimization opportunities. Security posture is moderate with good email security but poor HTTPS implementation and lack of advanced security headers or DNSSEC. No explicit security policy or incident response information is found. Privacy policy is present and GDPR compliant, but no cookie consent mechanism is detected despite tracking scripts. Overall, the site is professional and trustworthy but requires urgent security improvements. Recommendations include immediate SSL certificate installation and configuration, enabling HSTS and DNSSEC, implementing a cookie consent mechanism, and publishing security and vulnerability disclosure policies to enhance trust and compliance.

The website demonstrates a generally strong technical security posture with robust SSL/TLS settings and good network security. However, significant gaps exist in compliance with GDPR and NIS2 regulations, posing substantial legal and operational risks. Critical issues include the complete absence of essential privacy policies and cookie consent mechanisms, which threaten regulatory compliance and customer trust, especially for EU users. The lack of documented information security frameworks, policies, and incident response procedures further exposes the business to heightened cyber risk and potential operational disruption. Email and DNS security configurations require improvement to prevent spoofing and enhance domain integrity. While security headers are mostly adequate, refinements can strengthen defense-in-depth. Immediate focus on regulatory compliance and governance frameworks is imperative to mitigate potential fines, reputational damage, and business continuity risks.

S

Superfund Towarzystwo Funduszy Inwestycyjnych S.A.

superfund.pl

0

The website's overall security posture is currently weak, with critical gaps in privacy compliance, security headers implementation, and incident response readiness. The lack of fundamental security headers such as Strict-Transport-Security and Content-Security-Policy exposes the site to man-in-the-middle attacks and cross-site scripting risks. GDPR compliance is severely lacking, with no privacy policies or cookie consent mechanisms, placing the business at high regulatory and reputational risk, especially as it operates in the EU. The absence of an information security framework and incident response procedures under NIS2 requirements further increases vulnerability to targeted cyberattacks and potential operational disruptions. Email security is moderate but incomplete, increasing the risk of phishing and spoofing. Although SSL/TLS and DNS configurations are relatively stronger, issues like imminent certificate expiration and missing DNSSEC weaken the trust chain. High-risk network exposures, such as an open FTP service, compound the overall risk. Immediate remediation is critical to safeguard customer data, maintain compliance, and protect brand reputation.

S

Sii Polska

sii.pl

0

The website’s overall security posture reveals significant deficiencies in privacy compliance and foundational security policies, particularly relating to GDPR and NIS2 regulations. Critical risks stem from the lack of essential privacy policies and consent mechanisms, exposing the business to regulatory penalties and reputational damage in the EU market. Security headers and SSL/TLS configurations are suboptimal, increasing vulnerability to common web attacks and data interception. The absence of an information security framework, incident response procedures, and business continuity plans indicates immature organizational security governance. While network security and email security are strong, critical gaps in policy documentation and vulnerability management undermine resilience. Immediate remediation is necessary to align with legal requirements and strengthen defense-in-depth strategies. Addressing these areas will reduce compliance risks and protect customer trust. Failure to act promptly could lead to data breaches, legal consequences, and operational disruptions.

The website https://dany-homespa.pl exhibits significant security and compliance gaps, particularly in privacy policy adherence and web security headers, resulting in a high overall risk exposure. Critical deficiencies in GDPR compliance and incident response capabilities pose substantial legal and operational risks for the business. While network and SSL/TLS configurations are relatively strong, urgent remediation is required to protect customer data, meet regulatory requirements, and safeguard the brand reputation.