Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
MTEC is an independent security research and privacy engineering consultancy based in Kraków, Poland, positioned as a provider of “Privacy Engineering & Digital Risk Advisory.” Its focus is not traditional perimeter defense or host security, but the privacy and security risks that can occur the moment a user visits a website in a regulated industry: failures in consent management platforms, third-party scripts running before consent, insufficient HTTP security headers, and the resulting GDPR/ePrivacy compliance issues.
Services include consent mechanism audits, third-party script analysis, security response header assessment, and remediation consulting. Its audits examine issues such as CMP race conditions, preload bypasses, misconfigured domain groups, and tag managers lacking consent gating. Script analysis covers the inventory of scripts executed on a page, outbound data flows, cross-origin configurations, and cookie syncing. Security header reviews cover CSP, SRI, Referrer-Policy, and X-Frame-Options, with explanations of XSS and formjacking exposure vectors.
MTEC’s methodology emphasizes “passive analysis”: it uses only publicly accessible page content, HTML source code, HTTP response headers, browser consoles, network requests, and standard developer tools. It does not authenticate, scan, or probe customer infrastructure. This reduces disruption to production systems, but also means it is not a full penetration test or continuous monitoring platform.
The site explicitly references GDPR Art. 9 and ePrivacy Directive Art. 5(3), and states that its own website uses zero cookies, has no third-party scripts, and anonymizes server logs with a 7-day retention period. Its responsible disclosure process is based on the UK NCSC Vulnerability Disclosure Toolkit. Deliverables include an executive briefing, technical appendices for engineering teams, and a prioritized remediation roadmap. Each finding is expected to be tied to reproducible evidence, such as response headers, cookie values, script execution order, or console errors.
Pricing is not publicly disclosed; the site only states that there are “no sales materials” and “no redundant long-term consultants,” with specific terms defined by the client. Its strengths are a clearly defined scope, fine-grained technical depth, and suitability for targeted privacy risk assessments in sensitive industries. Its limitations include a lack of public customer cases, team credentials, SLAs, third-party certifications, and continuous alerting capabilities. The service scope also does not cover general-purpose security products such as WAF, EDR, or vulnerability scanning.
MTEC is best suited to organizations in sectors where the act of visiting a website may itself reveal sensitive intent, such as healthcare, private banking, legal services, insurance, mental health, pharmaceuticals, and reproductive health. Access from China and supported payment methods are not disclosed and need to be verified in practice. If local compliance support, Chinese-language deliverables, or domestic payment options are required, Chinese security consulting and compliance assessment providers may be more practical alternatives.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on mtecsoft.com official site.
mtecsoft.com is an Poland Legal & Tax provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach mtecsoft.com directly.