All Vendors
data_enrichment

Dealroom

Dealroom (startup/VC data platform) exhibits behavioral fingerprinting (C06) and consent bypass (C09). Intelligence gathering begins pre-consent across 25% of observed deployments.

52 IOCs4 detections100% pre-consent3 sites
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Dealroom discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

4 detections across 3 sites100% pre-consent activity
CRITICAL

Pre-Consent Activity

Dealroom was observed loading and executing before user consent was obtained on 100% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Unknown - requires claims extraction via CDT

Observed Behavior

Runtime evidence shows C06/C09 patterns

Customer Impact

What This Means For You

Visitor fingerprinting on your site feeds third-party market intelligence. Competitors and investors gain insights into your traffic patterns without visitor consent or your knowledge of downstream use.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Dealroom

  • Audit what behavioral data Dealroom captures
  • Confirm consent precedes fingerprinting
  • Review data sharing: who receives the intelligence?

If You're Evaluating Dealroom

  • Test with privacy-focused browser: what tracking survives?
  • Request data inventory: what visitor attributes are collected?
  • Verify privacy policy discloses third-party intelligence use

Negotiation Leverage

  • C06 fingerprinting feeds market intelligence. Is this disclosed to visitors?
  • C09 consent bypass observed in 25% of deployments. What ensures consent-first operation?
  • Visitor data becomes investor/competitive intelligence. Does contract restrict downstream use?
Runtime Detections

Runtime Detections

4 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C08Cross-Domain Sync

Identity stitching

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C14Identity Resolution

PII deanonymization

IOC Manifest

IOC Manifest

42 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*dealroom.co/js/mobile-nav.js*
Tracking script
TRACK
*dealroom.co/cdn-cgi/challenge-platform/scripts/jsd/main.js*
Tracking script
TRACK
*dealroom.co/cdn-cgi/challenge-platform/h/b/scripts/jsd/*/main.js*
Tracking script
TRACK
dealroom.co/js/mobile-nav.js
Auto-extracted from scan
TRACK
dealroom.co/cdn-cgi/challenge-platform/scripts/jsd/main.js
Auto-extracted from scan
TRACK
dealroom.co/cdn-cgi/challenge-platform/h/b/scripts/jsd/7f3d2ee44814/main.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

VC/startup intelligence stack. Often paired with PitchBook, Crunchbase, AngelList tracking. Creates investor interest graph and competitive research dataset.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

52 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details