QA mode · Tier:PUBLIC(override via ?tier=paid | premium)
← All Vendors
advertising
Blackwoodseven

Blackwoodseven

Blackwood Seven, now a Kantar subsidiary owned by Bain Capital, runs 37 third-party vendors on its site while its cookie policy discloses only 9 — a 4x undercount that undermines the marketing mix modeling company's own data governance claims.

157 IOCs observed2 detections100% pre-consent1 sites
80
Vendor Risk Score
Tier: HOSTILE
Observation Coverage

BLACKOUT observes runtime behavior in the browser. This dossier reflects browser-side execution, which is one of five vendor data-egress classes. Server-to-server transfers, backend integrations, and offline data flows are outside this observation boundary.

BLACKOUT observes runtime behavior and cites the regulations that address that behavior pattern. Legal determinations are the customer's counsel's call.

How This Briefing Works

This dossier opens with key findings, then maps the gap between what Blackwoodseven discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.

Key Findings

At a Glance

Detections
2

across 1 sites

Pre-Consent Rate
100%

vendor fires before consent

Disclosure Gaps
3

2 HIGH

Claims-vs-Reality Classified
BTI-X01BTI-X02BTI-X05BTI-X10
Summary

Briefing

Blackwood Seven (acquired by Kantar in 2022) provides AI-powered marketing mix modeling via its HamiltonAI platform, helping brands optimize media spend. Despite positioning as a sophisticated analytics provider and claiming GDPR/CCPA compliance, the vendor's own website deploys 37 third-party tracking vendors with 8 firing pre-consent (4.3% rate), including undisclosed parties like Bytemine, Leadfeeder, Scoreplex, and Scrapemagic. The cookie policy significantly undercounts actual tracking by approximately 4x, creating a material gap between stated and actual data practices.

Customer Impact

What This Means For You

YOUR marketing attribution data processed through Blackwood Seven's HamiltonAI platform flows through a vendor ecosystem 4x larger than disclosed. YOUR budget optimization recommendations may be influenced by undisclosed data flows to vendors like Leadfeeder, which fires pre-consent and identifies YOUR corporate visitors. As a Kantar subsidiary owned by Bain Capital, YOUR data is processed within a conglomerate with extensive data aggregation capabilities — YOUR marketing performance data could inform Kantar's broader intelligence products. Under GDPR, YOUR records of processing must account for Blackwood Seven's actual 37-vendor chain, not their disclosed 9.

Collapse Engine

Risk Channel Breakdown

Oracle
Truth Collapse
25

As a marketing attribution vendor, Blackwood Seven's core business is measuring and optimizing marketing ROI. The irony of deploying 37+ trackers on their own site while selling measurement solutions creates measurement pollution. Their HamiltonAI platform promises clean attribution but their website behavior suggests tolerance for chaotic tracking ecosystems.

Broker
Control Collapse
100

Leadfeeder (B2B visitor identification) fires pre-consent, potentially exposing corporate visitor data to competitors or third parties. The presence of multiple audience and intent data vendors (Firmable, HG Insights, Versium) suggests demand signal leakage from their own prospect pipeline.

Reaper
Safety Collapse
0

Attack surface includes 37 third-party scripts from diverse vendors including Scrapemagic (web scraping), Scoreplex, and multiple ad networks. As a Kantar subsidiary handling marketing data for enterprise clients, this exposure creates risk propagation to the parent organization.

Counselor
Legitimacy Collapse
100

Material consent divergence: cookie policy lists ~9 vendors but 37 detected. 8 vendors fire pre-consent including HubSpot and YouTube. GDPR/CCPA compliance claims are contradicted by runtime behavior. Cookie retention periods up to 10 years (visitor_id cookies) may exceed reasonable expectations.

BTI Codes

Threat Indicators

Runtime-observed (BTI-C)

BTI-C01
Defeat Device

Evasion infrastructure, auditor bypass

BTI-C06
Behavioral Biometrics

Keystroke/mouse tracking

BTI-C07
Session Recording

Full session replay

BTI-C09
Consent Bypass

Ignoring CMP signals

BTI-C10
Fingerprinting

Device identification

Claims-vs-Reality (BTI-X)

BTI-X01
Undisclosed Party

Not in privacy policy

BTI-X02
Undisclosed Sharing

Hidden data recipients

BTI-X05
Compliance Claim Mismatch

False certification claims

BTI-X10
CMP Disclosure Mismatch

CMP vendor list vs runtime

4
BTI Consequences Identified

Per-code narrative explanations of what each detected behavior means for your organization

Available in VIDB Subscription

Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →

Disclosure Gaps

Claims vs. Reality

3
Gaps Observed
2 HIGH1 MEDIUM

BLACKOUT analyzed Blackwoodseven's public claims against observed runtime behavior and identified 3 contradictions.

BTI-X01BTI-X02BTI-X05BTI-X10
Featured Gap
Consent Bypass
HIGH
They Claim

"GDPR/CCPA compliant with cookie consent mechanism"

BLACKOUT Observed

8 vendors fire pre-consent including Bytemine, Leadfeeder, Scoreplex, HubSpot, YouTube

2 more gaps — with regulatory citations and evidence pointers — available with subscription.

Available in VIDB Subscription

Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →

Recommended Actions

What To Do

Recommended Actions
8

4 for current users · 4 for evaluators

Negotiation Leverage
4

contractual leverage points

Available in VIDB Subscription

Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →

Ecosystem

Supply Chain & Pairings

Subprocessor Disclosure Gap
0undisclosed

Claims 9, observed 9

Available in VIDB Subscription

Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →

Profile: blackwoodsevenFirst Seen: 2026-01-22Last Updated: 2026-02-24