Digital presence checklist for due diligence
The exact set of things a reviewer expects to find on your website during KYB, vendor onboarding or investor due diligence. Print it. Tick it. Move on.

If a reviewer is about to open your website, you want the entire decision to happen in 90 seconds and end with "this is fine". Everything below is what they were trained to check. Tick it once, sleep through the review.
1. Domain and certificate
- Custom domain on your legal name. Not
mycompany.wixsite.com. Notlinktr.ee/mycompany. A domain you own. The name should be a one-second match to your registered legal name; if not, decide which is the public-facing brand and add a footer that disambiguates ("Larrazabal Consulting LLC, doing business as Larrazabal Studio"). - Valid TLS certificate, not expired, matching the exact domain. Let's Encrypt is fine. Browsers must not show any warning.
- HTTP redirects to HTTPS with a 301. No mixed-content warnings in the console.
- Domain age ≥ 7 days, ideally ≥ 30 days, before submitting to a reviewer that flags freshness.
2. Home page
- Company name in the hero, large and exactly as registered.
- One-paragraph activity description, concrete enough that a reviewer can read it to a colleague without inventing details. "We make software" is not enough.
- At least one indication of who the customer is. "Compliance and finance teams at growth-stage B2B SaaS companies in the EU and the UK" beats "businesses".
- No placeholder text, no lorem ipsum, no
[insert here]strings. - No broken images or 404 internal links.
- Mobile-responsive at 375px viewport without horizontal scroll.
3. About / Company page
- Legal entity name spelled out. "Larrazabal Consulting LLC", not "Larra Consult".
- Jurisdiction, e.g. "Registered in Delaware, USA" or "Sociedad Limitada constituida en Madrid, España".
- Registration / tax identifier if your jurisdiction expects it on the site (EIN in US, CIF in Spain, Companies House number in UK, etc.). See §6 below.
- Founding year or "since 2024".
- At least one named person, ideally the founder, with role. A reviewer cross-checks against the company filing.
4. Services / Products
- What you sell, named concretely.
- For whom, named concretely (industry, role, size).
- How the customer engages. Booking call? Buy online? Sales contact? Make this obvious.
- Pricing or price-range indication, even "from X / month" — reviewers infer revenue model from this.
5. Contact
- A corporate email address on your own domain.
hello@yourcompany.com, not@gmail.com. Reviewers test this. - A working contact form OR a clear
mailto:link. Reviewers sometimes test both. - A physical address if applicable in your jurisdiction. A registered agent address is acceptable in US LLC contexts; a business mailing address is acceptable in EU.
- A phone number for higher-trust verticals (financial services, B2B procurement). Optional otherwise.
6. Legal pages (the deal-breaker tier)
The reviewer checks the path explicitly. If a URL 404s, you fail.
-
/privacyor/legal/privacy-policy— GDPR / UK GDPR / CCPA / LGPD as applicable to your customers. -
/cookiesor/legal/cookie-policy— required in EU, UK, BR if you set any non-essential cookie. -
/termsor/legal/terms-of-service— required if you sell anything online. - Impressum at
/impressumif you serve customers from Germany (TMG §5). - Mentions légales if French audience (LCEN Art. 6-III).
- Note legali if Italian audience (D.Lgs. 70/2003).
- Aviso legal if Spanish audience (LSSI-CE Art. 10).
- Refund / cancellation policy if you sell digital services to EU consumers (Real Decreto Legislativo 1/2007 and equivalents).
- Data Processing Addendum download link if you handle B2B customer data — large customers ask.
7. Cookies and consent
- Cookie banner with explicit reject option (EU + UK + BR). "Accept and close" only is rejected by EU regulators since 2021.
- No analytics, ad or marketing cookies set before user consent. Reviewers using browser-extension probes will catch this.
- No fingerprinting scripts loaded pre-consent (Hotjar, Mouseflow, Microsoft Clarity, etc.).
8. Consistency with your application
- The activity declared in the KYB / vendor / procurement form is reflected on the site. If your form says "B2B SaaS for finance teams" and the site sells crypto trading bots, expect a manual review at best and a rejection at worst.
- No unrelated industries on the same site. Don't sell consulting, e-commerce dropshipping and an OnlyFans agency from the same domain.
- Logos and product photos are coherent with the declared activity.
9. Trust signals (optional but cheap)
- Testimonials with real names + companies + photos, only if you have written consent. Fake or anonymous testimonials reduce trust.
- Logos of customers displayed with permission.
- Case studies with quantitative outcome ("reduced onboarding time from 14 to 3 days") rather than empty adjectives.
- Press mentions or awards, linked to the actual source article.
10. What you should not add
- Inflated metrics ("trusted by Fortune 500 across 47 countries" when you have 30 customers).
- Stock-photo-heavy teams pages without real names.
- Claims of being "FDA approved", "GDPR certified", "SOC 2 certified" when you are not.
- Logos of brands you have not actually worked with.
- Disclaimers that contradict the rest of the site.
Run it once
Open your site as if you have never seen it. Walk through this checklist. Fix what breaks. Submit the application. That is the whole game.
If you don't want to build any of this from zero in the next 24 hours, that is exactly what PresenceReady ships. The checklist above is the spec of our default delivery. We do not promise approval; we deliver this layer correctly the first time.
Este artículo es informativo y no constituye asesoramiento legal, fiscal ni de compliance. PresenceReady no garantiza decisiones de aprobación de terceros.