Websites that we host generally comply with European GDPR data protection regulations, American PCI DSS requirements, HIPAA guidance and NIST guidelines, which are standards for protecting credit card details and other confidential information online. In particular, we check that connections to third-party payment processors like PayPal and Stripe are encrypted securely (we never store credit card information ourselves). If you test some commercial sites you will find this is quite rare!
Even if you don’t accept card payments, good encryption is essential if you or your users ever log in to your site, especially if that may be over a public Wifi connection.
Sites that we look after but are hosted elsewhere may not be fully compliant.