How This Briefing Works
This report opens with key findings, then maps the gaps between what Cordial discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Analysis pending. Findings will appear here once intelligence collection is complete.
Disclosure Gaps
Claims vs. Observed Behavior
2 gaps
pending
UNKNOWN
They Claim
“Hyper-personalized messaging based on individual behavior”
Observed Behavior
Awaiting scanner verification of actual tracking footprint and cookie deployment on client websites
pending
MEDIUM
They Claim
“Full transparency of message delivery”
Observed Behavior
Third-party data sharing practices may not be transparently communicated to end customers of Cordial's clients
Customer Impact
What This Means For You
Organizations using Cordial should be aware that the platform's default behavior includes sharing hashed customer list data with third parties for advertising purposes. This opt-out (not opt-in) approach means customer data flows to external ad networks unless actively prevented. The real-time behavioral tracking across email, SMS, push, and web creates a comprehensive engagement profile for each customer that extends beyond the direct messaging relationship. Organizations must ensure their own privacy policies adequately disclose these downstream data flows to their customers.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
Recommended Actions for Cordial
- →- Review Cordial's third-party data sharing provisions and determine whether hashed customer list sharing is acceptable under your data governance policies. - Verify opt-out mechanisms are properly configured to prevent unintended data sharing with external advertising platforms. - Audit pixel tag and cookie deployment across all channels to understand the full tracking footprint on your web properties. - Ensure your privacy policy discloses Cordial's data sharing practices to your end customers, particularly the flow of hashed contact data to third-party ad platforms. - Request a complete list of third-party recipients of shared customer data from Cordial.
Negotiation Leverage
- →Cordial's disclosed third-party data sharing practices provide significant negotiation leverage. Demand contractual prohibition of sharing your customer data with third parties for advertising, or at minimum require explicit opt-in rather than opt-out. Request a complete sub-processor list and data flow map showing where customer data travels. Negotiate audit rights for data sharing practices and require notification before any new third-party recipients are added. The platform's enterprise pricing model should accommodate custom data processing agreements that restrict downstream data usage beyond your direct messaging needs.
IOC Manifest
IOC Manifest
122 INDICATORS
Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*cordial.com/wp-content/plugins/wp-user-avatar/assets/select2/select2.js*
Tracking script
TRACK
*cordial.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.js*
Tracking script
TRACK
*cordial.com/wp-content/themes/Cordial/assets/components/lazyload/lazyload.js*
Tracking script
TRACK
*cordial.com/wp-content/themes/Cordial/assets/components/slick/slick.js*
Tracking script
TRACK
*cordial.com/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*cordial.com/wp-includes/js/jquery/jquery-migrate.js*
Tracking script
TRACK
*cordial.com/wp-content/themes/Cordial/assets/components/micromodal/micromodal.js*
Tracking script
TRACK
*cordial.com/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.js*
Tracking script
TRACK
*cordial.com/wp-content/themes/Cordial/assets/components/prefix-free/prefixfree.js*
Tracking script
TRACK
*cordial.com/wp-content/themes/Cordial/assets/components/lenis/lenis.js*
Tracking script
TRACK
*cordial.com/wp-content/plugins/wp-user-avatar/assets/js/frontend.js*
Tracking script
TRACK
*cordial.com/wp-content/plugins/duracelltomi-google-tag-manager/dist/js/gtm4wp-form-move-tracker.js*
Tracking script
TRACK
*cordial.com/wp-content/themes/Cordial/assets/js/custom.js*
Tracking script
TRACK
*cordial.com/wp-includes/js/imagesloaded.js*
Tracking script
TRACK
*cordial.com/wp-includes/js/masonry.js*
Tracking script
TRACK
*cordial.com/wp-content/themes/Cordial/assets/js/animation.js*
Tracking script
TRACK
*cordial.com/wp-content/themes/Cordial/assets/js/components.js*
Tracking script
TRACK
*cordial.com/wp-content/themes/Cordial/assets/js/app.js*
Tracking script
TRACK
*cordial.com/wp-content/plugins/youtube-embed-plus/scripts/fitvids.js*
Tracking script
TRACK
*cordial.com/wp-includes/js/wp-emoji-release.js*
Tracking script
TRACK
*be.cordial.com/pd.js*
Tracking script
TRACK
*be.cordial.com/analytics*
Tracking script
TRACK
cordial.com/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
cordial.com/wp-includes/js/jquery/jquery-migrate.min.js
Auto-extracted from scan
TRACK
cordial.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js
Auto-extracted from scan
TRACK
cordial.com/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js
Auto-extracted from scan
TRACK
cordial.com/wp-content/themes/Cordial/assets/components/slick/slick.min.js
Auto-extracted from scan
TRACK
cordial.com/wp-content/themes/Cordial/assets/components/micromodal/micromodal.min.js
Auto-extracted from scan
TRACK
cordial.com/wp-content/themes/Cordial/assets/components/lazyload/lazyload.min.js
Auto-extracted from scan
TRACK
cordial.com/wp-content/themes/Cordial/assets/components/prefix-free/prefixfree.min.js
Auto-extracted from scan
TRACK
cordial.com/wp-content/themes/Cordial/assets/components/lenis/lenis.min.js
Auto-extracted from scan
TRACK
cordial.com/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js
Auto-extracted from scan
TRACK
cordial.com/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
cordial.com/wp-content/plugins/duracelltomi-google-tag-manager/dist/js/gtm4wp-form-move-tracker.js
Auto-extracted from scan
TRACK
cordial.com/wp-content/themes/Cordial/assets/js/custom.js
Auto-extracted from scan
TRACK
cordial.com/wp-includes/js/imagesloaded.min.js
Auto-extracted from scan
TRACK
cordial.com/wp-includes/js/masonry.min.js
Auto-extracted from scan
TRACK
cordial.com/wp-content/themes/Cordial/assets/js/animation.js
Auto-extracted from scan
TRACK
cordial.com/wp-content/themes/Cordial/assets/js/components.min.js
Auto-extracted from scan
TRACK
cordial.com/wp-content/themes/Cordial/assets/js/app.min.js
Auto-extracted from scan
TRACK
cordial.com/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js
Auto-extracted from scan
TRACK
cordial.com/wp-includes/js/wp-emoji-release.min.js
Auto-extracted from scan
TRACK
be.cordial.com/pd.js
Auto-extracted from scan
TRACK
be.cordial.com/analytics
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
Cordial integrates with major e-commerce platforms including Shopify (via app store integration) and is available on AWS Marketplace. The platform connects with CRM systems, data warehouses, and business intelligence tools to ingest customer data regardless of schema structure. Cordial serves leading brands across retail, e-commerce, healthcare, and media industries. The platform's architecture is built to handle billions of messages, indicating enterprise-scale data processing. Third-party integrations include Google Analytics for usage evaluation and unnamed advertising partners for hashed data sharing.
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
122 detection signatures across scripts, domains, cookies, and network endpoints