How This Briefing Works
This dossier opens with key findings, then maps the gap between what Adplexity discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
1 CRIT · 2 HIGH
Briefing
AdPlexity is a competitive intelligence ("ad spy") tool operated by AdIntelligence Limited (Hong Kong), serving affiliate marketers and media buyers since 2008. Runtime analysis reveals significant disclosure gaps: their own website deploys 8 third-party vendors (including Microsoft Clarity, Google Analytics, Meta Pixel, LinkedIn) pre-consent with zero named subprocessors in their privacy policy. Despite referencing GDPR compliance and EEA data safeguards, the site fires tracking pixels before any consent mechanism. The 2017-dated privacy policy discloses only Hong Kong as a data jurisdiction while actual data flows reach US-based vendors. This pattern of generic disclosure with specific non-compliance represents material misrepresentation risk.
What This Means For You
If you use AdPlexity for competitive intelligence, your research patterns flow through 8 pre-consent vendors including Microsoft Clarity (session recording), Meta Pixel, LinkedIn, and Google Ads. Under GDPR Art 28, AdPlexity's privacy policy names zero subprocessors while 8 are detected at runtime. The 2017-dated policy predates GDPR entirely, containing no modern privacy framework references. As a Hong Kong entity, enforcement mechanisms are limited. Your competitive research activity — which pages you analyze, which advertisers you monitor — becomes demand signal inventory for the same ad networks you're researching.
Risk Channel Breakdown
AdPlexity's own measurement stack (GA4, Clarity, Meta Pixel) creates attribution distortion. As an ad intelligence vendor, they monitor competitor campaigns while their tracking creates the same data pollution they help clients analyze. Their customers cannot trust measurement recommendations from a vendor with undisclosed tracking dependencies.
Pre-consent deployment of LinkedIn, Meta Pixel, and Google Ads means visitor intent signals leak to ad platforms before consent. Competitors using the same platforms gain visibility into AdPlexity customer research patterns. The ad spy tool itself becomes a demand signal source for the networks it monitors.
8 pre-consent third-party scripts expand attack surface significantly. Intercom chat widget, Mapbox maps, and ad tracking pixels each introduce supply chain risk. No security certifications (SOC2, ISO 27001) are claimed. Privacy policy from 2017 suggests security practices may be equally outdated.
GDPR mentioned but violated via pre-consent tracking. No CCPA disclosure despite US operations (Houston HQ). Zero named subprocessors despite using 8+ data processors. Hong Kong legal entity creates enforcement complexity. 2017 privacy policy predates GDPR enforcement (May 2018) and has not been updated. Material gap between compliance claims and runtime behavior.
Threat Indicators
Runtime-observed (BTI-C)
Evasion infrastructure, auditor bypass
Keystroke/mouse tracking
Ignoring CMP signals
Device identification
PII deanonymization
Claims-vs-Reality (BTI-X)
Not in privacy policy
Hidden data recipients
False certification claims
Data to undisclosed regions
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Adplexity's public claims against observed runtime behavior and identified 4 contradictions.
"Privacy policy Section 4 mentions disclosure to 'third party service providers' generically"
8 specific vendors (Clarity, DoubleClick, GA4, Google Ads, Intercom, LinkedIn, Mapbox, MetaPixel) load pre-consent with zero named
3 more gaps — with regulatory citations and evidence pointers — available with subscription.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
5 for current users · 5 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →