Why do we need another website scanner? 🤨
Why do we need another website scanner? 🤨 I got asked this at sTARTUp Day event in Tartu, Estonia, and honestly, it’s a fair question. There are already a lot of tools that scan websites for Privacy and GDPR. But while building SecureSpells, I kept running into the same issue: Most scanners show what exists — cookies, scripts, trackers. They don’t show what actually happens. For example: A site...
Hi PH! Estonian engineer building my first startup after years in other startups
Hey everyone, I’m Ott, an engineer from Estonia. For the past years, I’ve been lucky to work at companies like @Pipedrive and @Veriff . Being part of fast-growing startups taught me a lot about how products evolve — and how many invisible problems appear as you scale. At some point, I felt I wanted to try building something of my own. Honestly, it’s a very different experience. When you work at...
Privacy-by-Design sounded perfect… until it wasn't.
When building SecureSpells, I made a very intentional early decision: I didn’t want to store any readable personal data. No names. No plain emails. No passwords. Etc... Everything was built around strict Privacy-by-Design principles. We implemented: OAuth login only (no local password storage) Emails encrypted and hashed Database containing anonymous identifiers only Zero personal profiles...
Unpopular opinion: Most cookie banners are technically fake. 🍪
I've been auditing different websites lately, and I'm finding that most of "compliant" banners still fire scripts before the user clicks Accept. We get the legal requirements ("Prior Consent"), but the implementation seems impossible to maintain without breaking the UX. I'm building a runtime auditor (SecureSpells) to catch this automatically. How do you currently check if your banner is...