← Back to browse

Poly

Hi! My name is Polly and I am your financial assistant.

Finance
Brazil Estimated origin: Brazil

Added May 3, 2026 · Last analysed May 3, 2026 · via · 75% unique tagline

StackScope is a free public catalogue of indie launches. We find launches on Product Hunt, Hacker News and similar feeds, then crawl each site to detect its tech stack and score it for launch readiness: DNS, security headers, SEO basics. This page is what we saw on 3 May 2026; the live site may have changed since.

Poly still has work before launch. What needs work: missing several security headers, incomplete legal pages, and no robots.txt or sitemap.

Launched on Product Hunt on May 3, 2026. The site is hosted on DigitalOcean App Platform and served through Cloudflare, with a domain registered in 2023. The crawl picked up 16 technologies on this site, covering payments, security, analytics, and CDN. The stack includes Tailwind CSS, Amazon Web Services, and Apple Pay.

For context, it's one of 41 launches on this exact stack.

If you own this site, refresh the snapshot and see the full fix list any time →

1.7
StackScope Score
Poor
41/100 Launch Readiness
Partially ready
0/3 Legal
Missing
0/2 Crawl files
Missing
Vibe Score 0 · No AI signals
How much the site looks AI-generated. Informational pattern-match signal, not a verdict. Does not feed the StackScope Score. See which fingerprints fired →

Tech Stack (16) · Scale-up stack

Infrastructure
CDN Cloudflare (4)
Cloud Amazon Web Services (2)
Hosting DigitalOcean App Platform (2)
Protocol HTTP/3 (2)
Security Cloudflare Bot Management
HSTS (2)
Storage Ceph (2)
Build & Framework
CSS framework Tailwind CSS
Developer tools Vite
Package CDN jsDelivr
Analytics & Marketing
Analytics PostHog (4)
Commerce & Payments
Payments Apple Pay
Cakto
Google Pay (2)
MercadoPago (3)
Business Tools
Error tracking Sentry

Infrastructure

Network
AS13335 · US
DNSSEC
Not enabled
DNS responses unsigned. Cache-poisoning vulnerable.
SSL Certificate
Google Trust Services
Valid 19 Mar 2026 to 17 Jun 2026
Certificate as captured in this snapshot, not a live check.
Domain Age
3.1 years
Registered Jun 2023

Email Security

SPF ~all (via apex cakto.com.br) Soft-fail (~all). Common and accepted.
DKIM (via apex cakto.com.br) Detected on apex cakto.com.br
DMARC p=reject (via apex cakto.com.br) Reject (strict). Strong.
?
MTA-STS Not deployed. Mail to your domain can be downgraded to plaintext en route.
?
TLS-RPT Not configured. You won't hear about silent SMTP TLS handshake failures.

Storage (22)

Cookies (10)
NameLifetimeDetected as
cf_clearance 1y Cloudflare
dsid 1y MercadoPago
edsid 1y MercadoPago
jzAt7mM5bLjGfsXv 1y -
ph_phc_JiJLD5rycxykuDgtBfeSTlXZUoa1nTuMN32XEyJMSbK_posthog 1y PostHog
p_dsid 1y MercadoPago
p_edsid 1y MercadoPago
_csrf session -
_d2id 1y -
__cf_bm < 1h Cloudflare
Local storage (4)
KeySizeDetected as
@cakto-checkout:checkout-form 100 B Cakto
bl7VlQwN_ccookie 72 B -
collection_index 244 B -
ph_phc_JiJLD5rycxykuDgtBfeSTlXZUoa1nTuMN32XEyJMSbK_posthog 1.2 KB PostHog
Session storage (6)
KeySizeDetected as
bl7VlQwN_ccookie 72 B -
ph_phc_JiJLD5rycxykuDgtBfeSTlXZUoa1nTuMN32XEyJMSbK_posthog 2 B PostHog
ph_phc_JiJLD5rycxykuDgtBfeSTlXZUoa1nTuMN32XEyJMSbK_primary_window_exists 4 B PostHog
ph_phc_JiJLD5rycxykuDgtBfeSTlXZUoa1nTuMN32XEyJMSbK_window_id 38 B PostHog
r3FDEX1N_tab_id 13 B -
sentryReplaySession 127 B Sentry
IndexedDB (2)
DatabaseVersionDetected as
test 1 -
uSFY3Nto_db 1 -

Readiness Breakdown How?

Custom title and meta description (partial) missing meta description
Responsive viewport meta tag
Favicon present
- Open Graph tags (title, image, description)
- Canonical URL declared
- Twitter card meta tags
- Semantic HTML (nav, main, article)

AI Stance

No AI stance declared
llms.txt published
No AI bots blocked in robots.txt
? No directive declared
? None advertised

Well-Known Files

robots.txt
sitemap.xml
security.txt
llms.txt
ads.txt
humans.txt
? Privacy Policy not detected
? Terms of Service not detected
? Consent manager not detected
Analytics set tracking cookies on our visit, with no opt-in step.
Detection works best on English language sites.

Security Headers (1/6)

Permissions-Policy experimental (check browser support)
X-XSS-Protection deprecated (use Content-Security-Policy)

Performance

408ms response time
Faster than 44% of sites
9 third-party domains loaded

Build

Code splitting
11 JS files
1 CSS files
9 Third-party domains
Something not look right? If a technology shown here is wrong or out of date, email [email protected] and we'll review it.