Security Directory

K

Kiirlaen.ee

kiirlaen.ee

0

Kiirlaen.ee is an Estonian loan comparison platform specializing in quick loans up to €10,000. It provides users with detailed comparisons of loan offers from multiple providers, educational content about loan types, and referral links to loan applications. The platform targets Estonian consumers seeking fast, short-term financing solutions without collateral. Technically, the website is built on WordPress, uses modern web technologies including JavaScript and FontAwesome, and integrates Weglot for multilingual support. It is hosted with eHost OÜ and uses Cloudflare DNS services. Security posture is solid with HTTPS enforced and no exposed sensitive data, though explicit security headers and incident response policies are absent. Privacy compliance is partial, with a comprehensive privacy policy but lacking cookie consent mechanisms. Overall, the site is professional, trustworthy, and well-optimized for SEO and mobile use, serving as a reliable resource for loan seekers in Estonia.

R

Raison FinTechnologies Inc.

raison.app

0

Raison FinTechnologies Inc. operates raison.app as a comprehensive digital family office platform offering investment opportunities across venture deals, public stocks, crypto-assets, structured products, and asset management services. The company targets both individual and institutional investors, providing tiered account plans and a broad range of financial instruments. With over 30,000 users globally and regulatory licenses from multiple jurisdictions, Raison positions itself as a trusted fintech innovator in the investment space. Technically, the website is built on a modern Nuxt.js and Vue.js stack, optimized for performance and mobile responsiveness. It integrates essential third-party services such as Google Tag Manager, reCAPTCHA, and Intercom for analytics, security, and customer engagement. The site demonstrates good SEO and accessibility practices, with comprehensive metadata and structured content. From a security perspective, the platform enforces HTTPS, employs security headers, and uses CAPTCHA to protect forms. It holds multiple financial regulatory licenses, enhancing trust and compliance. No critical vulnerabilities or exposed sensitive data were detected. However, explicit security policies and incident response information are not publicly detailed. Overall, raison.app presents a professional, secure, and user-friendly investment platform with strong regulatory backing and a clear business model. Strategic recommendations include publishing detailed security policies, adding vulnerability disclosure mechanisms, and enhancing transparency around data protection roles to further strengthen trust and compliance.

D

Dream Ventures LLC

dreamventures.com

0

Dream Ventures LLC operates as an investment firm specializing in venture capital and private credit, targeting high-growth and disruptive companies. The website presents a professional image with clear branding and a focus on investment services, although detailed company history and contact information are limited. The technical infrastructure is built on Webflow CMS, leveraging modern web fonts and CDN services, resulting in a moderately performant and mobile-optimized site. Security posture is moderate with HTTPS presumably enabled but lacking visible security headers and advanced security policies. Privacy compliance is partial, with privacy and terms policies present but no cookie consent mechanism or GDPR compliance indicators. Overall, the site is functional and professional but would benefit from enhanced security measures and transparency in contact and registration details.

T

The FinTechers

thefintechers.com

0

The FinTechers is a fintech accelerator focused on supporting Central and Eastern European fintech founders to grow rapidly and build impactful companies. The website presents a clear value proposition emphasizing mentorship, regulatory support, investment opportunities, and access to a collaborative ecosystem. The business is positioned as a specialized accelerator backed by StartupYard and DEPO Ventures, with strong trust signals from industry testimonials. Technically, the site is built on WordPress using the Enfold theme and related plugins, delivering a good user experience with mobile optimization and moderate performance. Security posture is adequate with HTTPS enabled but lacks advanced security headers and cookie consent mechanisms, which are recommended for compliance and protection. WHOIS data indicates a very new domain consistent with the startup's founding year, though the creation date appears to be in the future, likely a data anomaly. Overall, the website is professional, credible, and well-targeted but could improve privacy and security practices.

S

Skaala

skaala.org

0

Skaala is a small Estonian investment company focused on creating meaningful, long-term value through private equity, real assets, and impact-driven projects. The company has roots dating back to 2005 with founders experienced in successful tech ventures and operates with a professional team led by four partners. The website reflects a modern, well-structured digital presence built on WordPress with advanced SVG animations and integration of Google Analytics for user insights. Security posture is adequate with HTTPS and domain transfer protection, but lacks explicit security headers and privacy compliance documentation such as privacy and cookie policies. Contact information is clearly provided, enhancing business credibility. Overall, Skaala presents as a legitimate and professional investment firm with room for improvement in privacy and security transparency.

S

Sinulaen

sinulaen.ee

0

Sinulaen.ee is an Estonian loan comparison portal providing consumers with independent and up-to-date information on various loan products including quick loans, small loans, auto loans, and refinancing options. The website serves as a platform to compare loan offers from multiple providers, facilitating informed financial decisions for its users. The business operates primarily in the Estonian market and targets individuals seeking consumer loans with a user-friendly online experience. Technically, the site is built on WordPress with common plugins for SEO, multilingual support, and loan comparison functionalities. It integrates multiple third-party analytics and advertising services, including Google Analytics, Yandex Metrika, and Google Adsense, and uses affiliate links to monetize loan referrals. Security posture is adequate with HTTPS enforced and cookie consent implemented, though some security headers and explicit security policies are missing. Overall, the site is professional, content-rich, and trustworthy, with room for improvement in security best practices and privacy policy comprehensiveness.

E

EveryPay

every-pay.eu

0

EveryPay operates a multilingual merchant support website providing comprehensive resources and tools for merchants using their payment gateway services. The site offers detailed documentation, integration guides, and customer support contact information, targeting e-commerce businesses primarily in the Baltic region. The business is positioned as a regional payment service provider with a medium-sized operation and a focus on merchant risk management and payment processing solutions. Technically, the website is built on WordPress with common SEO and multilingual plugins, and it integrates tracking tools such as Google Analytics. The site is well-structured, mobile-optimized, and provides a good user experience. Security posture is solid with HTTPS enforced and secure form handling, though it lacks explicit security headers and formal privacy or cookie policies. WHOIS data for the subdomain is unavailable as expected, but the overall domain legitimacy is supported by consistent branding and contact details. Recommendations include adding privacy and cookie policies, implementing security headers, and publishing incident response information to enhance trust and compliance.

STORYBOOK OÜ operates the website ssb.ee, providing a comprehensive business information database with over 123 million companies and thousands of job listings. The platform offers credit reports, tenders, content marketing, and AI applications targeting businesses and professionals primarily in Estonia but also internationally. The company is positioned as a significant player in the finance and media sectors, leveraging a large dataset and AI technologies to serve its audience. Technically, the website is built on WordPress with modern libraries such as jQuery, Elementor, and Google services integrated for analytics and user interaction. The site is mobile-optimized and SEO-friendly, with structured data enhancing search visibility. Security-wise, the site uses HTTPS and includes reCAPTCHA for form protection, but lacks some advanced security headers and explicit security policies. Privacy compliance is basic, with cookie consent implemented but no visible privacy or terms of service pages. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

K

Kreedix OÜ

kreedix.ee

0

Kreedix OÜ is an established Estonian company specializing in comprehensive credit management and debt collection services, operating since 2004. The company offers a full spectrum of services from sales credit management to cash collection, including credit ratings, debt portfolio analysis, and credit insurance. Kreedix holds a strong market position as a pioneer in the Estonian credit management sector, supported by partnerships with reputable finance and credit insurance companies such as Euler Hermes, Atradius, Coface, and EVUL. The website reflects a professional and consistent brand image targeting business clients requiring credit and debt management solutions. Technically, the website is built on WordPress using Elementor and Yoast SEO plugins, integrating modern web technologies such as Google Analytics and Google reCAPTCHA for security and analytics. The site is mobile-optimized with good SEO practices and moderate performance. Security posture is solid with HTTPS enforced and reCAPTCHA protecting forms, though some security headers could be improved. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism aligned with GDPR requirements. Overall, the security posture is good with no critical vulnerabilities detected, and the domain registration data supports the legitimacy of the business. The site does not show signs of blocking or WAF interference, allowing full content access. Strategic recommendations include enhancing security headers, publishing a security policy, and improving accessibility features to further strengthen compliance and user experience.

K

Kravia

validius.fi

0

Kravia is a cloud-based SaaS provider specializing in automated debt collection software, invoicing services, and portfolio management. The company integrates with popular accounting platforms to streamline financial operations for businesses. Their website demonstrates a modern technical infrastructure leveraging Webflow CMS, Cloudflare CDN, and multiple analytics and marketing tools. Security posture is strong with HTTPS enforcement, use of Auth0 for authentication, and a comprehensive cookie consent mechanism. However, explicit privacy and terms of service pages are not found, which slightly impacts privacy compliance scoring. WHOIS data is unavailable, likely due to privacy protection, which is common for SaaS companies but limits full legitimacy verification. Overall, Kravia presents as a professional and trustworthy service provider in the finance technology sector.

Sysdec is an Estonian software company specializing in financial and economic software solutions, primarily through its SAF product line. The website focuses on providing updates about software versions, regulatory compliance changes, and company achievements such as the 'Edukas Eesti Ettevõte 2025' certification and a Creditinfo AA rating. The target audience is primarily Estonian businesses requiring accounting and tax software solutions. Technically, the website uses standard web technologies including HTML5, CSS3, and JavaScript with jQuery 1.12.4, but the use of an outdated jQuery version presents a security risk. The site is accessible without any WAF or blocking mechanisms, but lacks visible privacy, cookie, or terms of service policies, which impacts compliance and user trust. Security headers are not evident, and no contact information or incident response channels are provided on the analyzed page, limiting transparency and security posture. Overall, the website is functional and professional but would benefit from modernization and enhanced security and privacy practices.

Merit Aktiva operates as a provider of accounting software solutions, targeting companies seeking simplified accounting processes. With over 40,000 companies relying on their software and 25 years of experience, the company holds a solid market position primarily in Estonia and neighboring countries. The business model centers on delivering easy-to-use accounting software combined with customer support, catering to small and medium-sized enterprises in the finance sector. Technically, the website employs legacy technologies such as Bootstrap 3.3.7 and jQuery 1.8.3, indicating a need for modernization to improve security and performance. The site is moderately optimized for mobile and accessibility but lacks advanced SEO and modern frameworks. No CMS or hosting details were identified, and performance is assessed as moderate. From a security perspective, the site lacks visible security headers and privacy-related policies, which are critical for GDPR compliance and user trust. There is no evidence of HTTPS enforcement or incident response mechanisms. The absence of contact information and security disclosures further limits transparency. However, the domain WHOIS data aligns well with the business claims, supporting legitimacy. Overall, the website presents a functional but basic digital presence with room for significant improvements in security posture, privacy compliance, and technical modernization. Strategic enhancements in these areas will strengthen trust, compliance, and user experience.

I

Infopank

infopank.ee

0

Infopank is Estonia's largest business information platform, providing a comprehensive suite of services including competition reports, marketing lists, sales agent tools, certificates, data interfaces, debt registers, and background information. The platform targets Estonian businesses and professionals seeking reliable business data to support growth and decision-making. Technically, the website leverages modern frameworks such as Next.js and React, integrates Google Tag Manager, Facebook Pixel, Hotjar, and a consent management platform (Didomi), indicating a mature digital infrastructure. Security posture is strong with HTTPS enforcement and appropriate security headers, though explicit privacy and security policies are not found in the provided content. Overall, the site is professional, functional, and trustworthy, with room for improvement in privacy compliance documentation and accessibility.

L

Luthor, Inc.

luthor.ai

0

Luthor, Inc. is a fintech company providing AI-powered fractional Chief Compliance Officer (CCO) services tailored for Registered Investment Advisors (RIAs) and broker-dealers. Their platform combines human expertise with automated workflows to help financial firms meet SEC and FINRA compliance obligations efficiently. Positioned as a modern RegTech solution, Luthor is backed by Y Combinator and trusted by firms managing over $6.8 billion in assets under management. Key services include compliance calendar management, automated filings, marketing compliance monitoring, and mock SEC exam preparation. Technically, the website is built on the Webflow CMS platform, leveraging modern web technologies such as Google Fonts, jQuery, and multiple third-party integrations for analytics and scheduling (Google Analytics, Apollo.io, SavvyCal, Cal.com, Koala). The site is well-optimized for performance, mobile responsiveness, and accessibility, with fast loading times and clear navigation. From a security perspective, the site enforces HTTPS with excellent SSL configuration and integrates several security best practices. However, some security headers like Content-Security-Policy and X-Frame-Options are missing, and there is no visible cookie consent mechanism, which impacts privacy compliance. The company is undergoing SOC 2 Type II certification, indicating a commitment to security and data protection. Overall, Luthor presents a professional, trustworthy online presence with strong business credibility and technical maturity. The lack of public WHOIS data is mitigated by other trust signals. Recommendations include enhancing security headers, implementing cookie consent for GDPR compliance, and publishing incident response contact information to further strengthen security posture and regulatory compliance.

Cleva is a fintech startup founded in 2023 that provides US-based dollar accounts and virtual USD cards to global users, including non-US residents. The company positions itself as a solution for cross-border USD banking, enabling users to receive payments from platforms like Upwork, Deel, and Amazon, convert currencies, and make transfers with low fees. Supported by Y Combinator and featured in reputable media outlets, Cleva demonstrates a growing market presence in the fintech space. The website is built on modern technologies such as React and Next.js, hosted on AWS infrastructure, and optimized for mobile devices with good performance and SEO practices. Security posture is solid with HTTPS and domain protections, though improvements are needed in DNSSEC and security headers. Privacy compliance is weak due to the absence of privacy and cookie policies and lack of consent mechanisms. Overall, the site is professional and trustworthy but should enhance transparency and security policies to improve compliance and user trust.

P

Propine

propine.com

0

Propine is a Singapore-based enterprise-grade digital asset custodian specializing in custody, tokenization, trading, and DeFi solutions for institutional clients. The company holds a Capital Markets Services (CMS) license from the Monetary Authority of Singapore (MAS), positioning it as a trusted and regulated player in the digital asset custody market in Asia. Their platform targets banks, family offices, asset managers, corporates, exchanges, and protocol foundations, offering services such as Digital Custody ProTect™, Tokenization DASH™, and white label custody solutions. The website reflects a professional and consistent brand image with clear service offerings and a focus on institutional clientele. Technically, the website is built on WordPress using Elementor and several modern plugins like Yoast SEO and WP Rocket, hosted on AWS infrastructure. The site demonstrates good mobile optimization, SEO practices, and moderate performance. However, there is room for improvement in accessibility and security headers. The domain is mature, registered since 2001, and shows consistency with the business claims, enhancing trustworthiness. Security posture is solid with HTTPS enabled and domain transfer protections, but lacks DNSSEC and explicit security policies or incident response information. Privacy compliance is weak due to the absence of visible privacy and cookie policies or consent mechanisms. Contact information is primarily via forms, with no direct emails or phone numbers publicly listed. Overall, Propine presents as a credible and professional digital asset custody provider with a strong market position in Asia. Enhancing privacy compliance, security transparency, and adding direct contact channels would further strengthen trust and regulatory adherence.

J

JustPaid

justpaid.ai

0

JustPaid is a technology-driven SaaS company specializing in AI-powered revenue operations and billing automation. Their platform streamlines invoicing, payment collections, and customer communications, targeting financial experts, entrepreneurs, and accountants. The company is positioned as an innovative player in the finance technology sector, supported by Y Combinator backing, which enhances its market credibility. The website demonstrates a high level of professionalism, with comprehensive content and clear navigation, reflecting a mature digital presence. Technically, JustPaid leverages modern web technologies including Webflow CMS, Google Tag Manager, HubSpot, Hotjar, and various tracking and marketing tools. The site is mobile-optimized and performs moderately well, with good SEO and accessibility features. Hosting is provided by Webflow, a reputable platform for SaaS startups. From a security perspective, the site enforces HTTPS and employs standard marketing and analytics scripts. However, explicit security headers are not detected, and there is no public incident response or vulnerability disclosure information. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. The lack of exposed sensitive data and professional content supports a positive security posture. Overall, the risk assessment indicates a legitimate and trustworthy business with minor recommendations to enhance security headers and incident response transparency. The domain WHOIS data is privacy protected, which is typical for startups and does not raise immediate concerns. Strategic recommendations include improving security policy visibility, adding vulnerability disclosure, and enhancing trust signals through certifications or security frameworks.

Q

Qupital

qupital.com

0

Qupital is a fintech company founded in 2016, specializing in providing data-driven funding solutions for e-commerce businesses, particularly in the cross-border market. The platform offers financing services to e-commerce sellers and an investment platform for investors seeking alternative investment opportunities. The website is multilingual, targeting primarily Hong Kong and broader Chinese-speaking markets, with English support. The business model leverages big data to optimize financing and investment decisions, positioning Qupital as a niche player in fintech for e-commerce.

S

SPRX

sprx.tax

0

SPRX is a technology-driven company specializing in AI-powered software solutions for corporate tax incentives, specifically R&D tax credits, 179D deductions, and cost segregation. Their platform integrates with popular enterprise software to streamline data collection and uses AI to accelerate and improve the accuracy of tax credit claims. The company positions itself as a modern alternative to traditional tax firms by offering faster turnaround times and audit-ready reports, targeting medium-sized corporate clients primarily in the finance and technology sectors. Technically, the website is built on the Webflow CMS platform, leveraging modern web technologies including jQuery, Google Fonts, and Amazon Cloudfront CDN for performance optimization. The site is mobile responsive and well-structured with good SEO practices, though accessibility features are basic. No major technical issues or vulnerabilities were detected in the front-end code. From a security perspective, the site uses HTTPS with excellent SSL configuration but lacks visible security headers and published security policies. There is no evidence of privacy or cookie policies, which is a compliance gap especially for GDPR. The absence of WHOIS data limits domain trust verification, though the professional presentation and client testimonials provide positive trust signals. Overall, SPRX demonstrates a solid business and technical foundation with room for improvement in privacy compliance and security transparency. Strategic enhancements in these areas would strengthen trust and regulatory adherence.

Nasdaq Baltic operates as the regional stock exchange platform for the Baltic countries of Estonia, Latvia, and Lithuania, providing trading services for shares, bonds, and funds. The website serves investors, companies, brokers, and advisers by offering real-time market data, news, and capital raising facilitation. It is part of the larger Nasdaq Inc. corporate group, reflecting a strong market position in the finance sector. The site is professionally designed with consistent branding and clear navigation, targeting financial market participants and stakeholders in the Baltic region. Technically, the website is built on WordPress with modern front-end technologies including Bootstrap, jQuery, Swiper.js, and Highstock for data visualization. It integrates Google Analytics and Tag Manager for user tracking and marketing insights. The site is mobile optimized and SEO friendly, with structured data enhancing search engine understanding. Hosting and domain registration are managed by reputable providers, ensuring stable infrastructure. From a security perspective, the site enforces HTTPS and employs domain status locks to prevent unauthorized changes. However, DNSSEC is not enabled, and no explicit security headers or incident response policies are published. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. No critical vulnerabilities or exposed sensitive data were detected. Overall, Nasdaq Baltic's website demonstrates a mature digital presence with strong business credibility and good security hygiene. Strategic improvements could focus on enhancing DNS security, publishing formal security policies, and expanding incident response transparency to further strengthen trust and compliance.

C

Citadele pank

citadeleleasing.ee

0

Citadele pank is a well-established financial institution in Estonia offering leasing services primarily focused on vehicle financing. The website provides detailed leasing options, including a calculator and a dedicated leasing portal for customers to manage their contracts and applications. The business targets private individuals seeking flexible leasing solutions with personalized interest rates and competitive terms. The company is part of the larger Citadele Group, indicating a strong market position in the Baltic financial sector. Technically, the website employs modern web technologies such as jQuery, Bootstrap, and Google Tag Manager, with a CMS likely being October CMS. The site is mobile-optimized, accessible, and SEO-friendly, providing a good user experience. Security-wise, the site enforces HTTPS, uses security headers, and implements cookie consent mechanisms, though explicit security and incident response policies are not publicly available. WHOIS data confirms the domain's legitimacy and consistency with the business identity. Overall, the website reflects a professional and trustworthy financial service provider with room for improvement in transparency around security policies and incident response.

C

Citadele

xrewards.ee

0

The website www.xrewards.ee represents the C REWARDS loyalty and discount program affiliated with Citadele bank, targeting C card holders primarily in Estonia and the Baltic region. The platform offers users the ability to earn points on purchases and redeem them for discounts and prizes, integrating banking services with retail loyalty. The website is built on Magento CMS with modern frontend technologies including RequireJS and jQuery, and is monitored using New Relic and Google Tag Manager. The site is well-optimized for mobile devices and provides a good user experience with clear navigation and professional design. Security posture is strong with HTTPS enforced and appropriate security headers, though explicit security policies and incident response contacts are not published. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Overall, the site demonstrates a mature digital infrastructure aligned with the business goals of Citadele bank's loyalty program.

R

RSJ

rsj.com

0

RSJ is a financial group operating primarily in the Czech Republic with a strong presence in global derivative markets including London, Chicago, New York, Frankfurt, and Tokyo. The company manages a diversified portfolio of investments spanning financial derivatives trading, real estate development, private equity, and emerging sectors such as biotechnology and healthy food production. The website clearly communicates its business scope and warns investors about fraudulent schemes misusing its brand. Technically, the site employs modern web technologies including Google Analytics and Tag Manager, with a cookie consent mechanism supporting GDPR compliance. Security posture is solid with HTTPS enforced, but lacks published security policies or incident response contacts. WHOIS data is missing, which raises concerns about domain registration legitimacy despite the professional website presence. Overall, RSJ presents as a credible financial entity with room for improvement in transparency and security disclosures.

Credy operates as a financial affiliate network specializing in consumer loans, connecting publishers and advertisers with lenders across multiple countries. The company positions itself as a leader in the consumer credit advertising market with a focus on short-term loans and related financial products. The website content is professionally presented, targeting publishers and advertisers seeking monetization and lead generation opportunities. The business is registered as Traffic Control OÜ in Estonia, with a physical address and contact email provided, supporting its legitimacy from a business perspective. Technically, the website uses modern frontend technologies including Bootstrap, jQuery, and Slick Carousel, delivering a responsive and user-friendly experience. However, the absence of visible privacy and cookie policies, as well as missing WHOIS registration data, raises concerns about compliance and domain legitimacy. Security posture is moderate with no visible vulnerabilities but lacks security headers and formal policies. Overall, the site is functional and professional but requires improvements in compliance and domain registration transparency to enhance trust.

E

EuPlătesc

euplatesc.ro

0

EuPlătesc.ro is a Romanian online payment processor with nearly two decades of experience providing secure and innovative payment solutions to businesses. The company offers a variety of payment methods including card payments, recurring payments, installment payments, QR code payments, and SMS payments, positioning itself as a comprehensive payment service provider in the Romanian market. The website is professionally designed using WordPress and Elementor, featuring modern SEO practices and mobile optimization. Security is emphasized through the use of HTTPS and 3DSecure authentication technology, although explicit security policies and incident response contacts are not publicly available. Privacy compliance is partially addressed with a cookie consent mechanism, but a dedicated privacy policy page is not clearly found. Overall, the website presents a credible and trustworthy business presence with room for improvement in transparency and security documentation.

X

xMoney

utrust.com

0

xMoney is a financial technology company offering a comprehensive payment ecosystem that empowers businesses to accept global payments, manage finances, and issue branded cards. The platform targets merchants and enterprises across Europe and beyond, providing services such as payments, recurring billing, marketplaces, invoicing, and crypto payment acceptance. The company positions itself as a licensed and compliant entity with certifications including PCI DSS Level 1 and MiCA compliance, regulated by the Bank of Romania. The website reflects a mature digital presence with professional design, clear navigation, and extensive product information. Technically, xMoney leverages modern web technologies including Webflow CMS, Google Tag Manager, Microsoft Clarity, and Bing Ads for analytics and marketing. The site is well-optimized for performance, mobile responsiveness, and accessibility. Security practices are strong, with HTTPS enforced, advanced fraud prevention powered by AI, and compliance with payment security standards. However, explicit security headers and incident response disclosures could be improved. The security posture is robust but slightly diminished by the absence of WHOIS registration data, which raises questions about domain legitimacy. No WAF or blocking mechanisms were detected, and the site is fully accessible. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. Overall, xMoney presents a trustworthy and professional payment platform with strong technical and security foundations. Strategic recommendations include enhancing visible security headers, publishing vulnerability disclosure and incident response information, and clarifying domain registration details to improve trust and compliance transparency.

L

Luminor Bank AS

luminor.lv

0

Luminor Bank AS operates a comprehensive banking website targeting private individuals and businesses in Latvia, offering a wide range of financial services including loans, savings, insurance, and internet banking. The website is professionally designed with consistent branding and clear navigation, supporting multiple languages. The technical infrastructure is based on Drupal CMS with modern JavaScript libraries and Google analytics tools integrated, alongside a robust cookie consent mechanism powered by OneTrust. Security posture is strong with HTTPS enforced, appropriate security headers, and no visible vulnerabilities or exposed sensitive data. Privacy compliance is well addressed with clear privacy and cookie policies, and GDPR adherence is evident. However, explicit incident response contact details and vulnerability disclosure mechanisms are not found, representing an area for improvement. Overall, the website reflects a mature digital presence suitable for a large financial institution with high trustworthiness and good user experience.

O

Oreon OÜ

bestcredit.ee

0

BestCredit.ee is an established Estonian financial services company operating since 2011 under Oreon OÜ. The company offers a variety of loan products including small consumer loans, business loans, mortgage loans, guarantee loans, and construction loans. Their business model focuses on online lending with self-service features and loan calculators to facilitate customer engagement. The website targets both private individuals and businesses within Estonia, positioning itself as a reliable and professional lender with a clear regulatory license from the Estonian Financial Supervision Authority.

B

Birdeye Capital

birdeyecapital.com

0

Birdeye Capital is a specialized alternative investment fund manager focusing on sustainable forestland investments. Established in 2013 and regulated by the Estonian Financial Supervision Authority, the company offers non-public, closed-ended funds tailored for institutional investors such as pension funds and family offices. Their business model emphasizes long-term sustainable growth and ESG compliance, positioning them as a trusted player in the Baltic investment market. Technically, the website is built on WordPress with modern plugins and libraries, providing a good user experience and mobile optimization. Security posture is solid with HTTPS and domain transfer protections, though lacking advanced security headers and explicit security policies. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the website is professional and trustworthy but would benefit from enhanced privacy and security disclosures.

C

Citadele

citadele.ee

0

Citadele is a well-established banking institution operating in Estonia, providing a broad range of retail banking services including loans, deposits, insurance, and payment solutions tailored to individual customers. The website reflects a mature digital presence with comprehensive content, including loan calculators and detailed product offerings, targeting private banking customers. The company maintains a consistent brand image and integrates social media and partner links effectively. Technically, the site uses modern JavaScript libraries such as jQuery and Bootstrap, and is likely powered by OctoberCMS, ensuring a responsive and user-friendly experience. Security is robust with HTTPS enforced, secure cookie consent mechanisms, and standard security headers, although explicit security policies and incident response information are not publicly available. Overall, the site demonstrates good compliance with privacy regulations and provides clear contact information, supporting a trustworthy user experience.

S

Savantor Ltd

savantor.com

0

Savantor Ltd is a specialized consulting and resourcing firm focused on the payments, cards, mobile, banking, and transactions sectors. With over 25 years of experience, the company offers expert services including specialist resourcing, payments strategy, platform selection and transition, and operational efficiency. Their client base includes major financial institutions and payment networks, positioning them as a trusted advisor in the European and UK markets. The website reflects a professional and well-structured digital presence, leveraging WordPress and Elementor technologies, with good mobile optimization and SEO practices. Privacy and cookie policies are comprehensive and GDPR compliant, supported by a consent mechanism. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though security headers could be improved. The absence of WHOIS registration data is a notable anomaly that requires further investigation to confirm domain legitimacy. Overall, the website and business present a credible and professional image with minor technical and security enhancements recommended.

M

Mandatum

mandatumlife.fi

0

Mandatum is a prominent Finnish financial services group specializing in investment management, insurance, pension solutions, and employee reward services. The company positions itself as a unique combination of financial expertise and human-centric service, targeting individual customers, businesses, and entrepreneurs. Their market position is strong within Finland, supported by a comprehensive portfolio of services and a large professional workforce. The website reflects a mature digital presence with multilingual support and rich content tailored to diverse customer segments. Technically, the website employs modern frameworks such as Vue.js and Tailwind CSS, integrated with advanced analytics and marketing tools including Adobe Analytics, Microsoft Application Insights, and OneTrust for cookie consent management. The platform appears to be built on Episerver CMS, ensuring robust content management and search capabilities. Mobile optimization and accessibility are well addressed, providing a seamless user experience across devices. From a security perspective, the site enforces HTTPS and incorporates cookie consent mechanisms aligned with GDPR requirements. While explicit security headers are not visible in the provided data, the presence of security policy pages and incident reporting channels indicates a proactive security posture. No critical vulnerabilities or suspicious activities were detected. However, improvements such as publishing a security.txt file and providing direct incident response contact emails could enhance transparency and readiness. Overall, Mandatum's website demonstrates high professionalism, trustworthiness, and compliance with privacy regulations. The digital infrastructure supports business goals effectively, though minor enhancements in security transparency and incident response communication are recommended to further strengthen their security posture.

J

Just another WordPress site

efa.biz

0

EFA Platform is a specialized financial research database management and publication platform targeting equity, fixed income, and multi-asset analyst teams. The website presents a professional and modern design built on WordPress with the Divi theme, incorporating essential SEO metadata and client trust indicators such as logos and demo requests. Technically, the platform uses standard web technologies including Google reCAPTCHA for form protection, but lacks visible advanced security headers and privacy compliance mechanisms. The absence of WHOIS registration data raises concerns about domain legitimacy, although the site content and structure suggest an operational business. Overall, the security posture is moderate with room for improvement in privacy and transparency. Strategic recommendations include adding privacy and cookie policies, improving security headers, and clarifying domain registration details to enhance trust.

C

CostPocket

tsekk.ee

0

CostPocket is a medium-sized Estonian SaaS company specializing in digital expense management solutions for businesses and accounting professionals. Their platform offers AI-powered tools to digitize receipts, automate expense reporting, and integrate seamlessly with popular accounting software, positioning them as a key player in the Baltic financial technology sector. The website demonstrates a modern technical infrastructure using Vue.js and integrates multiple analytics and marketing tools, reflecting a mature digital presence. Security posture is strong with HTTPS, security headers, and Cloudflare DNS, though some improvements in DNSSEC and explicit security policies are recommended. Privacy compliance is basic, with cookie consent implemented but lacking explicit privacy and terms of service pages. Overall, the site is professional, trustworthy, and well-optimized, supporting a strong market position.

M

Moneyzen

moneyzen.eu

0

Moneyzen is an Estonian-based online lending and investment platform that offers a variety of personal loans and investment opportunities. The company positions itself as a transparent and empathetic financial intermediary connecting borrowers and investors. The website is professionally designed using WordPress and Elementor, featuring loan and investment calculators, clear navigation, and multilingual support. The business targets individuals seeking flexible loans and investors looking for peer-to-peer lending options. The platform has a clear market niche in Estonia's finance sector with a small company size and a consistent brand presence. Technically, the website employs modern web technologies including WordPress 6.8.1, Elementor 3.29.2, Yoast SEO, Google Tag Manager, Facebook Pixel, Hotjar, and reCAPTCHA for security and analytics. The site is mobile-optimized and SEO-friendly, though some security headers could be enhanced. Cookie consent mechanisms and privacy policies indicate good GDPR compliance. From a security perspective, the site uses HTTPS with good SSL configuration and implements standard best practices such as reCAPTCHA and cookie consent. However, explicit security policies and incident response information are not found, and security headers like CSP and X-Frame-Options are not explicitly detected. No vulnerabilities or exposed sensitive data were identified in the HTML content. Overall, Moneyzen presents a trustworthy and professional online financial service with solid technical infrastructure and privacy compliance. Strategic improvements in security headers and incident response transparency would further strengthen its security posture and user trust.

D

Domains By Proxy, LLC

operose.io

0

Operose is a newly founded blockchain company (2024) focused on creating a peer-to-peer marketplace for commodity-backed tokens aimed at transforming commerce and fostering financial inclusivity. The website presents a professional and consistent brand image targeting investors interested in blockchain financial products. Technically, the site uses modern web technologies including React, Font Awesome, Google Analytics, OpenReplay, and LiveChat, hosted behind Cloudflare DNS. Security posture is moderate with HTTPS enabled and domain status protections, but lacks DNSSEC and security headers. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism. Overall, the site is accessible and functional with room for improvement in security and compliance.

E

Estonian Private Equity And Venture Capital Association

estvca.ee

0

EstVCA (Estonian Private Equity And Venture Capital Association) is a professional association representing the private equity and venture capital industry in Estonia and the Baltic region. The website serves as an information hub providing news, reports, events, and educational resources targeted at investors, fund managers, startups, and other stakeholders in the PE/VC ecosystem. The association is well-established since 2010 and maintains a consistent brand presence online. Technically, the website is built on the Voog CMS platform, utilizing JavaScript libraries such as jQuery and Modernizr, and is hosted on servers managed by Edicy OÜ. The site is mobile-optimized with responsive images and basic accessibility features. Performance is moderate, with no major technical issues detected. SEO is basic but present through meta tags and Open Graph data. From a security perspective, the site enforces HTTPS and does not expose sensitive data. However, it lacks important security headers and uses an outdated jQuery version, which could pose risks. There are no visible privacy or cookie policies, nor contact information for security incidents or data protection officers, indicating gaps in compliance and transparency. Overall, the website is functional and professional but would benefit from enhanced privacy compliance, improved security headers, updated libraries, and clearer contact information to strengthen trust and security posture.

F

FB Asset Management

fbassets.eu

0

FB Asset Management is a small Estonian investment fund management company established in 2013. The company manages investment funds licensed by the Estonian Financial Supervision Authority and targets professional and experienced investors with funds such as FB Opportunity Fund and FB Corporate Bond Fund. The website is built on WordPress using Elementor and Yoast SEO, indicating a modern and maintainable technical infrastructure. Google Analytics is used for visitor tracking, but no cookie consent mechanism or privacy policy is present, representing a compliance gap. Security posture is good with HTTPS enabled and no visible vulnerabilities, but lacks security headers and incident response information. Overall, the website is professional and trustworthy but should improve privacy compliance and security transparency.

O

OÜ MyFinancier

myf.ee

0

MyFinancier is a small Estonian company providing an intelligent personal finance assistant service that helps users analyze cash flows and gain detailed insights into asset distribution. The website is professionally designed using WordPress with Elementor and optimized for SEO and mobile devices. It targets Estonian individuals seeking financial management tools. The company maintains a consistent brand presence with active social media profiles on Facebook, LinkedIn, and YouTube. The domain is registered with Elkdata OÜ since 2018, aligning with the business age and location. Technically, the site uses modern web technologies, including Google Analytics and Facebook Pixel for analytics and marketing, with a compliant cookie consent mechanism.

E

Estateguru OÜ

estateguru.eu

0

Estateguru OÜ operates a leading European online marketplace platform specializing in short-term, property-backed business loans. The platform targets investors seeking secure investment opportunities backed by real estate mortgages across Europe. The company has an established market presence since 2013 and offers a digital investment service that connects businesses needing loans with investors. Technically, the website is built on WordPress using Elementor and Yoast SEO, hosted likely on SiteGround, and employs modern tracking and marketing tools such as Google Tag Manager and Intercom. The site is HTTPS secured with Cloudflare DNS but lacks DNSSEC and some security headers, indicating room for security enhancements. Privacy compliance is weak due to the absence of explicit privacy and cookie policies, and no direct contact information or incident response details are provided. Overall, the website is professional and trustworthy but would benefit from improved privacy and security disclosures to enhance compliance and user trust.

C

ChangeGroup

changegroup.com

0

ChangeGroup is a well-established global leader in currency exchange and related financial services, operating over 100 bureaus across multiple continents. Owned by Prosegur, a publicly listed company, ChangeGroup offers a broad portfolio including currency exchange, money transfers, tax free refunds, and ATM networks, targeting international travelers and business clients. The website reflects a mature digital presence with a focus on user experience and accessibility. Technically, the site uses modern web technologies and appears to be built on a robust CMS platform, likely Adobe Experience Manager. Security posture is strong with HTTPS enforced and cookie consent implemented, though explicit security headers and policies could be improved. WHOIS data for the subdomain is unavailable, which is expected and not suspicious. Overall, the site demonstrates professionalism, trustworthiness, and compliance with privacy regulations.

B

Bilendo

bilendo.de

0

Bilendo is a German-based SaaS company specializing in Accounts Receivable (AR) Automation and Credit Management software. Their platform integrates cloud-based tools to automate debtor management and order-to-cash processes, targeting finance executives, credit managers, accountants, sales, and IT professionals. The company positions itself as a modern, efficient solution provider with a strong client base including notable enterprises and industry references from BCG, PWC, and EOS. Their business model revolves around subscription-based cloud software with modular products such as Cloud Platform, Receivables, Risk, and Add-Ons. Technically, Bilendo leverages a modern tech stack including Ruby on Rails, Bootstrap 5, Font Awesome, and is hosted on AWS with Cloudflare providing firewall and CDN services. The website is well-optimized for performance, mobile responsiveness, and accessibility, reflecting a high level of digital maturity.

N

Nyenburgh Holding B.V.

nyenburgh.com

0

Nyenburgh Holding B.V. is a Dutch licensed proprietary trading firm specializing in providing liquidity to global financial markets through proprietary and arbitrage trading strategies. The company operates with a robust infrastructure co-located in major financial hubs including New York, Frankfurt, Milan Bergamo, and London, ensuring low-latency access and data for professional traders. Regulated by the Netherlands Authority for Financial Markets (AFM) and the Dutch Central Bank (DNB), Nyenburgh emphasizes risk management and operates solely with its own capital, not involving client funds. Technically, the website is built on WordPress using the Enfold theme, incorporating modern web technologies such as jQuery and YouTube iframe API. The site is mobile-optimized with good SEO practices and includes a comprehensive cookie consent mechanism compliant with GDPR. However, no explicit security headers were detected, and no direct contact emails or phone numbers are publicly listed, with contact primarily via a web form. From a security perspective, the site enforces HTTPS and implements cookie consent, but lacks visible advanced security policies or incident response information. The WHOIS data is unavailable, which limits domain trust verification, though the website content and regulatory references support legitimacy. Overall, the site presents a professional and trustworthy front with room for improvement in security transparency and contact information availability. Strategically, Nyenburgh should enhance its security posture by implementing recommended HTTP security headers, publishing incident response contacts, and considering a security.txt file. Improving accessibility and providing clearer direct contact details would also strengthen user trust and compliance. These steps will help maintain its market position as a reputable and secure proprietary trading firm.

X

xChange AS

changeinvest.com

0

Change Invest operates as a fintech investment platform offering a unified app for investing in cryptocurrencies, trading stocks, indices, commodities, and CFDs with leverage. The company targets retail investors primarily within the European Economic Area, emphasizing low fees, fast deposits, and regulatory compliance under Estonian and Dutch authorities. The platform boasts over 125,000 verified users and a broad asset offering, positioning itself as a competitive player in the EU fintech market. Technically, the website is built on Webflow CMS and integrates modern analytics and marketing tools such as Google Tag Manager, Facebook Pixel, Segment Analytics, and Adjust SDK. The site is mobile-optimized, fast-loading, and well-structured, providing an excellent user experience. However, some security best practices like explicit security headers are missing, and no incident response or vulnerability disclosure information is publicly available. From a security perspective, the platform enforces HTTPS, uses cold wallets for crypto custody, and provides public proof of reserves, indicating a mature security posture. Cookie consent mechanisms are implemented with opt-in features, supporting GDPR compliance. The absence of WHOIS registration data is a notable concern, potentially indicating privacy protection or data unavailability, which slightly reduces trustworthiness. Overall, Change Invest presents a professional, secure, and compliant fintech service with strong market positioning in the EU. Strategic improvements in transparency around security policies and WHOIS data would enhance trust and compliance further.

R

Rephop

rephop.com

0

Rephop is a specialized SaaS provider offering web-based group consolidation, reporting, and planning software tailored for CFOs and finance professionals. Established in 2013, it has positioned itself as a trusted solution for simplifying complex financial consolidation processes across multiple subsidiaries and currencies. The platform emphasizes ease of use, powerful features such as intergroup transaction reconciliation, non-controlling interest calculations, and compliance with IFRS and US GAAP standards. Its market presence is supported by customer testimonials and a clear pricing model targeting small to medium-sized businesses and enterprises. Technically, Rephop leverages modern web technologies including Next.js and React, hosted on Vercel with Cloudflare DNS services. The website is well-optimized for performance, mobile responsiveness, and accessibility, reflecting a mature digital infrastructure. Analytics tools such as Vercel Analytics and Google Tag Manager are used for user behavior tracking, though privacy compliance could be enhanced with explicit cookie consent mechanisms. From a security perspective, the site enforces HTTPS and uses domain transfer protection, but lacks DNSSEC and explicit security or incident response policies. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data confirms a consistent and legitimate domain registration history aligned with the company's operational timeline. Overall, Rephop demonstrates a strong business and technical foundation with room for improvement in privacy compliance and security transparency. Strategic recommendations include implementing cookie consent, publishing security policies, and enabling DNSSEC to bolster trust and regulatory adherence.

P

PZU Kindlustus

pzu.ee

0

PZU Kindlustus operates as an established insurance provider in Estonia, offering a range of personal insurance products including vehicle, travel, home, and accident insurance. The website reflects a professional presence with consistent branding and a focus on serving private individuals. The business is supported by a domain registered since 2012 under ALMIC OÜ, an Estonian registrar, indicating a stable and legitimate operation. Technically, the site is built on WordPress, leveraging modern tools such as Google Tag Manager, Cookiebot for cookie consent, and Cloudflare for DNS and security, demonstrating a mature digital infrastructure. Security measures include HTTPS enforcement and reCAPTCHA integration, though explicit security policies and headers could be enhanced. Privacy compliance is partially addressed via cookie consent, but the absence of a clear privacy policy and terms of service pages represents a compliance gap. Overall, the site is functional and trustworthy but would benefit from improved transparency and security documentation.

R

Register OÜ

ir.ee

0

Register OÜ operates the Inforegister website, a platform providing credit ratings, beneficial ownership information, financial forecasts, and business risk assessments primarily targeting Estonian businesses and individuals. The company positions itself as a trusted local provider of business and financial data services, leveraging a subscription-based model to deliver valuable insights. The website supports multiple languages and offers a user-friendly search interface to access company and individual data. Technically, the site is built on WordPress with modern integrations such as Google Site Kit for analytics and OAuth for authentication, indicating a moderate level of digital maturity. The site is mobile-optimized and employs HTTPS with a valid SSL certificate, ensuring secure communications. Security posture is solid with cookie consent mechanisms and no visible vulnerabilities, although there is room for improvement in publishing explicit security policies and incident response contacts. Overall, the website demonstrates a professional and trustworthy online presence with good compliance to privacy regulations and a clear business focus.

L

LandCredit AS

landcredit.ee

0

LandCredit AS is an Estonian financial services company specializing in loans secured by agricultural and forestry land. Their website targets farmers, forestry businesses, and renewable energy project developers, offering flexible loan products with faster processing times than traditional banks. The company positions itself as a niche lender contributing to rural development in Estonia. Technically, the website is built on WordPress with Elementor, leveraging modern analytics and marketing tools such as Google Analytics, Hotjar, and CookieYes for GDPR compliance. The site is well-structured, mobile-optimized, and provides clear contact channels and customer testimonials, enhancing trust and user experience. Security posture is solid with HTTPS and secure form handling, though improvements are recommended in publishing explicit security policies and incident response contacts. Overall, the website demonstrates a mature digital presence with good compliance and business credibility.

T

TaxScouts

taxscouts.com

0

TaxScouts is an established UK-based online tax return service founded in 2017, specializing in simplifying Self Assessment tax returns by pairing customers with accredited accountants. The company positions itself as a fast, affordable, and fully online solution targeting UK taxpayers who require assistance with personal and company tax filings. The website demonstrates a professional and consistent brand presence with clear service offerings and trust signals such as embedded Trustpilot reviews. Technically, the site is built on WordPress, leveraging modern analytics and marketing tools including PostHog, Google Tag Manager, and Microsoft Clarity, with Cloudflare DNS and NameCheap as registrar. The site is mobile optimized and SEO friendly, though accessibility features are basic. Security posture is good with HTTPS enabled and domain transfer protection, but could be improved by enabling DNSSEC and publishing explicit security policies or vulnerability disclosures. Privacy compliance is well addressed with a comprehensive cookie consent mechanism and GDPR-aligned cookie policy. However, explicit privacy policy and terms of service pages are not clearly found in the provided content. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

C

Colombo Stock Exchange

cse.lk

0

The Colombo Stock Exchange (CSE) is the primary stock exchange in Sri Lanka, serving as a critical financial market infrastructure provider. The website offers comprehensive information on equity and debt trading, market disclosures, financial reports, and investor education. It targets investors, listed companies, and financial professionals within Sri Lanka and the broader financial community interested in Sri Lankan markets. The CSE holds a significant market position as the national stock exchange, facilitating capital market activities and supporting economic growth.