Demandbase

Demandbase operates as a core component of B2B measurement infrastructure, providing intent data and account identification. Their undisclosed use of multiple attribution vendors (Bizible, GoogleAnalytics4, HockeyStack) creates measurement blind spots where signal ownership becomes unclear. Companies relying on Demandbase for attribution may not realize their data also flows to competing measurement platforms.

As an ABM platform, Demandbase aggregates demand signals across customer websites. The presence of LiveRamp (disclosed) combined with undisclosed ad networks (Criteo, RubiconProject, Sojern) suggests these intent signals may flow into programmatic advertising ecosystems. This means a company's buying intent could surface to competitors bidding on the same audiences.

The deployment of 30+ third-party scripts on Demandbase's own website expands their attack surface significantly. With RB2B, identity resolution vendors, and multiple ad pixels loading pre-consent, any compromise of these vendors could propagate malicious code through Demandbase's customer base. The Cheq bot detection paradoxically runs alongside the very tracking it claims to protect against.

The 92.2% pre-consent tracking rate directly contradicts GDPR consent-before-processing requirements. SOC2 and ISO certifications focus on security controls, not privacy compliance, creating false assurance. The explicit statement that Demandbase does not honor DNT signals, combined with undisclosed ad tech vendors, creates material regulatory exposure for customers deploying their tag.