How This Briefing Works
This dossier opens with key findings, then maps the gap between what Audiencex discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
2 CRIT · 2 HIGH
Briefing
AUDIENCEX (d/b/a Socialcom, Inc.) is a Marina del Rey-based programmatic advertising platform marketing "privacy-safe data" and AI-driven targeting. Critical analysis of their own website reveals 66 third-party vendors with 12 firing before consent, including identity resolution services (Apollo.io, Clearbit) and session replay (Clarity). This creates a significant credibility gap: a vendor claiming privacy compliance while demonstrating hostile pre-consent tracking behavior on their own properties. Their privacy policy discloses only Google Analytics, AdWords, and Facebook, leaving 63+ vendors undisclosed. The 15.4% pre-consent rate across detections, combined with explicit rejection of DNT/GPC signals, positions AUDIENCEX as a high-risk vendor for enterprise GTM stacks.
What This Means For You
YOUR programmatic campaigns through AUDIENCEX route through a vendor ecosystem 22x larger than disclosed. YOUR audience data flows through a platform that runs Apollo.io and Clearbit identity resolution pre-consent — meaning YOUR campaign visitors are identified before consent. YOUR "privacy-safe data" claim to stakeholders is undermined if your programmatic partner runs 12 vendors pre-consent including identity resolution tools. With Ketch CMP deployed but failing to block 12 pre-consent vendors, YOUR consent architecture inherits AUDIENCEX's demonstrated inability to enforce its own consent tool.
Risk Channel Breakdown
AUDIENCEX corrupts measurement through undisclosed identity resolution (Apollo.io, Clearbit) on client properties. When multiple identity graphs operate without disclosure, attribution becomes unreliable and cross-platform measurement is compromised. The 66 third-party vendors detected create measurement noise that obscures true campaign performance.
Identity resolution vendors like Apollo.io and Clearbit operating pre-consent on AUDIENCEX properties suggests demand signal leakage. Visitor intent data transmitted to undisclosed third parties before consent creates competitive intelligence exposure for any advertiser using their platform.
The 66 third-party vendor surface area creates significant attack exposure. Session replay (Clarity) without consent notification captures sensitive interaction data. Each undisclosed JavaScript injection represents an uncontrolled code execution context on client properties.
AUDIENCEX explicitly rejects DNT/GPC signals in their privacy policy. Combined with 12 pre-consent vendors and GDPR/CCPA compliance claims, this creates direct regulatory liability. The gap between disclosed vendors (3) and detected vendors (66) represents material misrepresentation in their data processing disclosures.
Threat Indicators
Runtime-observed (BTI-C)
Evasion infrastructure, auditor bypass
Keystroke/mouse tracking
Full session replay
Ignoring CMP signals
Device identification
Claims-vs-Reality (BTI-X)
Not in privacy policy
Hidden data recipients
Behavior contradicts marketing
False certification claims
Collection exceeds disclosed scope
CMP vendor list vs runtime
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Audiencex's public claims against observed runtime behavior and identified 4 contradictions.
"Privacy policy lists 3 vendors (Google Analytics, AdWords, Facebook)"
66 third-party vendors detected on audiencex.com, 12 firing pre-consent
3 more gaps — with regulatory citations and evidence pointers — available with subscription.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
4 for current users · 4 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Claims 3, observed 3
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →