How This Briefing Works
This dossier opens with key findings, then maps the gap between what ChiliPiper discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 24 sites
vendor fires before consent
Briefing
ChiliPiper provides meeting scheduling and lead routing automation. Detection indicates deployment of behavioral fingerprinting, cross-domain tracking, tag manager functionality, and consent bypass mechanisms—creating regulatory exposure for scheduling workflows.
What This Means For You
Customers face GDPR violations from pre-consent tracking during scheduling workflows. Cross-domain synchronization enables ChiliPiper to track users from marketing site through meeting booking, creating profiling without consent. Tag manager functionality creates undisclosed third-party data sharing liability. Behavioral tracking of scheduling patterns may expose deal urgency and competitive evaluation timelines. B2B customers face reputational risk if surveillance of meeting booking behavior becomes public.
Risk Channel Breakdown
ChiliPiper behavioral tracking during meeting booking may capture scheduling patterns and availability preferences, potentially distorting user behavior under surveillance.
Platform captures scheduling behavior, meeting preferences, and form interaction patterns to build profiles of buyer intent and urgency, creating deal-level intelligence leakage through booking patterns.
Expands attack surface
Platform initializes cross-domain tracking and tag manager infrastructure before consent collection, creating GDPR Article 5/6 violations for scheduling interactions.
Threat Indicators
Runtime-observed (BTI-C)
Keystroke/mouse tracking
Identity stitching
Ignoring CMP signals
Container/loader (neutral)
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed ChiliPiper's public claims against observed runtime behavior and identified 2 contradictions.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
6 for current users · 6 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
metapixel, cookieyes, rb2b…
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →