All Vendors
marketing_automation

Comarch

Comarch operates a loyalty marketing platform that builds persistent behavioral profiles through zero-party and first-party data collection across loyalty programs, campaigns, and customer touchpoints.

77 IOCs
0
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Comarch discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

2 gaps

pending

UNKNOWN
They Claim

GDPR-compliant with consent-based profiling

Observed Behavior

Awaiting scanner verification of actual cookie and tracking behavior on client websites

pending

UNKNOWN
They Claim

First-party data only, cookieless approach

Observed Behavior

No runtime evidence yet to confirm absence of third-party tracking on client deployments

Customer Impact

What This Means For You

Organizations using Comarch should evaluate the cumulative behavioral data the platform collects through loyalty program interactions. While the platform's first-party data approach is more transparent than cookie-based tracking, the depth of individual profiling — purchase history, engagement patterns, preference surveys, campaign responses — creates a significant data asset that requires governance. Customers of Comarch's clients may not fully understand the extent to which their loyalty program participation fuels AI-driven behavioral prediction and cross-channel targeting.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for Comarch

  • - Audit what customer data Comarch collects through loyalty program touchpoints and verify alignment with your privacy policy disclosures. - Review Comarch's data processing agreement to understand data controller vs. processor roles and cross-border transfer mechanisms. - Assess whether AI-driven behavioral profiling and predictive personalization are adequately disclosed to end customers. - Evaluate consent mechanisms for cross-channel messaging (email, push, SMS) to ensure opt-in granularity meets regulatory requirements. - Map all data flows between Comarch and integrated systems (CRM, POS, e-commerce) to identify unmonitored data sharing.

Negotiation Leverage

  • Comarch holds ISO, ITIL, PCI DSS, CCAP, and GDPR certifications, which provides a compliance baseline for negotiations. Key leverage points include requiring transparency on AI model training data usage, demanding audit rights for behavioral profiling algorithms, and negotiating data portability and deletion SLAs for loyalty program member data. Request documentation of all third-party sub-processors and cross-border data transfer safeguards. The platform's enterprise positioning means Comarch should be willing to accommodate custom data processing addendums and security review processes.
IOC Manifest

IOC Manifest

77 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.comarch.com/js/cookieInfo-3.0.0.js*
Tracking script
TRACK
*www.comarch.com/dist/js/loading.scripts.js*
Tracking script
TRACK
*www.comarch.com/js/translate_2.json*
Tracking script
TRACK
*www.comarch.com/dist/js/prod.scripts.js*
Tracking script
TRACK
www.comarch.com/js/cookieInfo-3.0.0.min.js
Auto-extracted from scan
TRACK
www.comarch.com/dist/js/loading.scripts.js
Auto-extracted from scan
TRACK
www.comarch.com/dist/js/prod.scripts.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Comarch's Loyalty Marketing Platform typically deploys alongside CRM systems, e-commerce platforms, and payment processors. Common integrations include POS systems, mobile apps, and enterprise data warehouses. The platform serves enterprise clients across retail, telecommunications, banking, and travel verticals including brands like Aer Lingus. As a Polish-headquartered company with global operations, Comarch introduces cross-border data processing considerations for EU and non-EU deployments.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

77 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details