All Vendors
personalization

Clevr

Clevr personalization platform deploys behavioral tracking, session recording, tag management, and consent bypass capabilities. The platform demonstrates moderate-to-high-risk surveillance patterns.

235 IOCs26 detections15% pre-consent24 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Clevr discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

26 detections across 24 sites15% pre-consent activity
MEDIUM

Pre-Consent Activity

Clevr was observed loading and executing before user consent was obtained on 15% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

2 gaps

disclosure

HIGH
They Claim

Pending privacy policy review

Observed Behavior

Session recording for personalization observed—requires explicit disclosure verification

Customer Impact

What This Means For You

Customers face GDPR violations and potential wiretapping liability from session recording for personalization. Session recordings may capture form interactions, search queries, or account behavior—creating data breach notification obligations if recordings contain PII. Behavioral biometrics enable profiling without consent. Tag manager functionality creates undisclosed third-party data sharing liability. Customers face reputational risk if session recording of personalization becomes public.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Clevr

  • IMMEDIATE: Audit Clevr deployments to verify session recording is disabled or explicitly disclosed in privacy policy
  • Implement strict consent-gating for ALL Clevr behavioral tracking and personalization
  • Disable session recording features in Clevr settings—use aggregated analytics only
  • Configure tag manager allowlisting to prevent unauthorized script injection
  • Enable data minimization controls to limit behavioral data retention to active personalization campaigns only (30 days)
  • Conduct monthly audits of session recording and tag manager behavior
  • Consider server-side personalization alternatives that do not require client-side behavioral tracking

If You're Evaluating Clevr

  • Request DPA with explicit prohibitions on session recording and cross-customer behavioral benchmarking
  • Require technical documentation on session recording scope and data retention procedures
  • Verify Clevr honors consent signals before initiating behavioral profiling
  • Demand contractual indemnification for GDPR fines and wiretapping liability arising from session recording
  • Assess alternative personalization platforms without session recording capabilities
  • Negotiate right to audit Clevr consent processing and session recording retention compliance

Negotiation Leverage

  • Clevr session recording (BTI-C07) for personalization creates wiretapping liability—require immediate technical verification that recording is disabled or demand contractual indemnification
  • Tag manager (BTI-C15) enables undisclosed script injection—require contractual restrictions on dynamic tag loading
  • Consent bypass (BTI-C09) with behavioral profiling creates regulatory exposure—require technical implementation of consent verification before tracking
  • Behavioral biometrics (BTI-C06) enables fingerprinting—negotiate contractual prohibition on persistent profiling or explicit user disclosure requirement
  • Request documentation on data retention periods and whether personalization behavioral data is used for Clevr's own optimization benchmarks
  • Negotiate maximum 30-day retention for session recordings with automated deletion and cryptographic verification
Runtime Detections

Runtime Detections

4 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Captures mouse movements, scroll patterns, interaction timing, and content engagement to build profiles for dynamic personalization targeting.

BTI-C07Session Recording

Full session replay

Impact: Records user sessions to analyze content preferences and navigation patterns for personalization optimization—potentially capturing sensitive interactions without consent.

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Initializes personalization tracking infrastructure before consent collection, creating automatic legal violations for behavioral profiling.

BTI-C15Tag Manager

Container/loader (neutral)

Impact: Deploys tag management infrastructure that can dynamically inject personalization scripts and analytics trackers beyond declared functionality.

IOC Manifest

IOC Manifest

225 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*clevr.ai/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*clevr.ai/wp-includes/js/jquery/jquery-migrate.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.js*
Tracking script
TRACK
*clevr.ai/wp-content/mu-plugins/vendor/godaddy/mwc-core/assets/js/payments/frontend/poynt.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/perch-post-like-view/js/pplv-js.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/cookie-law-info/lite/frontend/js/script.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/contact-form-7/includes/js/index.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/coblocks/dist/js/vendors/tiny-swiper.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/yith-woocommerce-quick-view/assets/js/frontend.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/coblocks/dist/js/coblocks-tinyswiper-initializer.js*
Tracking script
TRACK
*clevr.ai/wp-content/themes/landpick/js/jquery.easing.js*
Tracking script
TRACK
*clevr.ai/wp-content/themes/landpick/js/jquery.scrollto.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.selectBox.js*
Tracking script
TRACK
*clevr.ai/wp-content/themes/landpick/js/jquery.superslides.js*
Tracking script
TRACK
*clevr.ai/wp-content/themes/landpick/js/selectize.js*
Tracking script
TRACK
*clevr.ai/wp-content/themes/landpick/js/fa-v4-shims.js*
Tracking script
TRACK
*clevr.ai/wp-content/themes/landpick/js/jquery.appear.js*
Tracking script
TRACK
*clevr.ai/wp-includes/js/imagesloaded.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.js*
Tracking script
TRACK
*clevr.ai/wp-content/themes/landpick/js/jquery.magnific-popup.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/contact-form-7/includes/swv/js/index.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/perch_modules/assets/js/vidbg.js*
Tracking script
TRACK
*clevr.ai/wp-content/themes/landpick/js/custom.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/perch_modules/assets/js/scripts.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/coblocks/dist/js/coblocks-animation.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/perch_modules/assets/js/wow.js*
Tracking script
TRACK
*clevr.ai/wp-content/themes/landpick/js/jquery.stellar.js*
Tracking script
TRACK
*clevr.ai/wp-includes/js/underscore.js*
Tracking script
TRACK
*clevr.ai/wp-includes/js/dist/i18n.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.js*
Tracking script
TRACK
*clevr.ai/wp-content/themes/landpick/js/owl.carousel.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/woocommerce/assets/js/frontend/single-product.js*
Tracking script
TRACK
*clevr.ai/wp-includes/js/masonry.js*
Tracking script
TRACK
*clevr.ai/wp-includes/js/wp-util.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/woocommerce/assets/js/frontend/order-attribution.js*
Tracking script
TRACK
*clevr.ai/wp-content/themes/landpick/js/modernizr.custom.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart-variation.js*
Tracking script
TRACK
*clevr.ai/wp-content/themes/landpick/js/bootstrap.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.js*
Tracking script
TRACK
*clevr.ai/wp-includes/js/dist/hooks.js*
Tracking script
TRACK
*clevr.ai/wp-includes/js/jquery/jquery.masonry.js*
Tracking script
TRACK
*clevr.ai/wp-content/themes/landpick/js/jquery.flexslider.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/email-subscribers/lite/public/js/email-subscribers-public.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/woocommerce/assets/js/sourcebuster/sourcebuster.js*
Tracking script
TRACK
*clevr.ai/wp-content/themes/landpick/js/isotope.pkgd.js*
Tracking script
TRACK
*clevr.ai/wp-content/themes/landpick/js/slick.js*
Tracking script
TRACK
*clevr.ai/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.yith-wcwl.js*
Tracking script
TRACK
*clevr.ai/wp-content/themes/landpick/js/fontawesome-all.js*
Tracking script
TRACK
*clevr.ai/wp-includes/js/wp-emoji-release.js*
Tracking script
TRACK
clevr.ai/wp-content/plugins/cookie-law-info/lite/frontend/js/script.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-includes/js/jquery/jquery-migrate.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/perch-post-like-view/js/pplv-js.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/mu-plugins/vendor/godaddy/mwc-core/assets/js/payments/frontend/poynt.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.selectBox.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.yith-wcwl.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/coblocks/dist/js/coblocks-animation.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/coblocks/dist/js/vendors/tiny-swiper.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/coblocks/dist/js/coblocks-tinyswiper-initializer.js
Auto-extracted from scan
TRACK
clevr.ai/wp-includes/js/dist/hooks.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-includes/js/dist/i18n.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/contact-form-7/includes/swv/js/index.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/contact-form-7/includes/js/index.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/email-subscribers/lite/public/js/email-subscribers-public.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/yith-woocommerce-quick-view/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/themes/landpick/js/bootstrap.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/themes/landpick/js/fontawesome-all.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/themes/landpick/js/fa-v4-shims.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/themes/landpick/js/modernizr.custom.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/themes/landpick/js/jquery.easing.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/themes/landpick/js/jquery.stellar.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/themes/landpick/js/jquery.scrollto.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/themes/landpick/js/jquery.appear.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/themes/landpick/js/jquery.superslides.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/perch_modules/assets/js/vidbg.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/themes/landpick/js/isotope.pkgd.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/themes/landpick/js/jquery.flexslider.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/themes/landpick/js/owl.carousel.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/themes/landpick/js/slick.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/themes/landpick/js/selectize.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/perch_modules/assets/js/wow.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/themes/landpick/js/jquery.magnific-popup.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-includes/js/imagesloaded.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-includes/js/masonry.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-includes/js/jquery/jquery.masonry.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/themes/landpick/js/custom.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/woocommerce/assets/js/sourcebuster/sourcebuster.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/woocommerce/assets/js/frontend/order-attribution.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/perch_modules/assets/js/scripts.js
Auto-extracted from scan
TRACK
clevr.ai/wp-includes/js/underscore.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-includes/js/wp-util.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart-variation.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-content/plugins/woocommerce/assets/js/frontend/single-product.min.js
Auto-extracted from scan
TRACK
clevr.ai/wp-includes/js/wp-emoji-release.min.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Clevr integrates with content management systems, marketing automation platforms, and analytics tools to enable dynamic personalization. The platform may share behavioral data with personalization optimization partners and A/B testing platforms. Tag manager functionality enables integration with analytics platforms, heatmapping tools, and conversion tracking.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

235 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details