Executive Summary
AdRoll, a NextRoll Inc. brand, is a retargeting and cross-channel advertising platform claiming to serve 110,000+ brands. Despite prominent messaging about a "privacy-forward future" and displaying SOC2 Type 2, GDPR, and CCPA compliance badges, BLACKOUT runtime analysis reveals an 85.4% pre-consent tracking rate across 41 detections—meaning their technology fires tracking before consent is obtained in 85% of observed implementations. More critically, their privacy policy explicitly states: "we have sold personal information in the form of business emails." Their own website (adroll.com) loads 64 third-party vendors with 34 firing pre-consent, including BrightData (data scraping), Clearbit and ZoomInfo (de-anonymization), and Clarity/Contentsquare (session recording). For any company using AdRoll, you are partnering with a vendor that claims privacy compliance while explicitly selling personal data and operating with one of the highest pre-consent rates we have observed.
Revenue Threat Profile
4 COLLAPSE VECTORSHow this vendor creates financial exposure. Each score (0-100) reflects observed runtime behavior and documented business practices.
CAC Subsidization
AdRoll's 85.4% pre-consent rate means attribution models are systematically corrupted—conversions attributed to AdRoll may never have received valid consent, making your ROI calculations legally tainted.
Signal Corruption
Your audience data flows to Experian (credit bureau), Bombora (intent data), Eyeota, and LiveRamp. AdRoll explicitly SELLS business emails. Your customer signals become competitor intelligence.
Legal Tail Risk
64 vendors on AdRoll's own site including BrightData (web scraping), Scrapemagic, and TrafficJunky create massive undocumented attack surface. Session recording (Clarity, Contentsquare) captures user behavior.
GTM Attack Surface
85.4% pre-consent rate + explicit data sales = direct GDPR Article 7 and CCPA Section 1798.100 violations. SOC2 Privacy audit claim contradicted by admitted data sales.