Executive Summary
5×5 Data is a Texas-registered data broker operating an identity resolution "cooperative" where members pool and share person-level PII including names, emails, phone numbers, locations, employment history, and even ethnicity data. Runtime observation on their own website shows a 67% pre-consent tracking rate with their CookieYes consent banner itself firing before consent is granted. Their trust center claims they are "working to meet" GDPR requirements—which is not compliance—while simultaneously selling sensitive personal information including ethnicity data, a special category under GDPR. For any company whose data has been contributed to this cooperative, your visitors' PII is being sold to an unknown number of "Members" with zero transparency about who those Members are.
Revenue Threat Profile
4 COLLAPSE VECTORSHow this vendor creates financial exposure. Each score (0-100) reflects observed runtime behavior and documented business practices.
CAC Subsidization
Your attribution data becomes part of a shared pool where competitors can access visitor intelligence you paid to acquire, corrupting your measurement by creating invisible competitive leakage.
Signal Corruption
Your visitor identification data flows into a cooperative where unknown Members receive access to your leads. 5×5 explicitly admits to selling and sharing PI—your demand signals are being redistributed to competitors.
Legal Tail Risk
Embedding 5×5 tracking creates shadow data flows to 40+ undisclosed third parties observed on their own site including IDVisitors, Intentsify, and RB2B. Your security perimeter now extends to every cooperative Member.
GTM Attack Surface
5×5 claims to be working toward GDPR compliance while selling ethnicity data—a GDPR special category requiring explicit consent. Their 67% pre-consent rate and CMP that fires before consent creates direct regulatory exposure for anyone using their pixel.