I think you need a certificate
base.garant.ru/10103678/95ef042b11da42ac166eeedeb9...
received on a voluntary basis
base.garant.ru/12129354/b5dae26bebf2908c0e8dd3b8a6...
well, a bunch of offices like sevtest.com/sertifikaciya-informacionnyx-sistem
that issue certificates, here it is necessary to study the market in detail.

There are no such certificates. There is a program and methodology for certifying the compliance of an information system with CERTAIN REQUIREMENTS. In Russia, such certificates can be issued by the FSTEC (in relation to information security measures) and the FSB (in relation to cryptographic information protection tools). The certification procedure according to the requirements of the FSB / FSTEC is long, complicated and expensive. In reality, it is required only if you work with government agencies.
If you plan to work with commercial enterprises... Well, you can order an audit from some organization that audits information security, and then show their conclusion to clients. But judging by your question, I give a 100% guarantee that your information system will not pass such an audit. Especially considering that you don't even have HTTPS - this clearly shows the level of development.
But in any case, the certificate only confirms the compliance of your system and its operation/development procedures with certain information security standards. There are several standards - at least there are Russian requirements, such as21 the FSTEC order and documents supplementing it, 152-FZ (law on the protection of personal data). There are European ISO 27000 standards, there are American NIST 800 series or FIPS 140-2.