How This Briefing Works
This report opens with key findings, then maps the gaps between what Dotdigital discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Analysis pending. Findings will appear here once intelligence collection is complete.
Disclosure Gaps
Claims vs. Observed Behavior
2 gaps
pending
UNKNOWN
They Claim
“GDPR-compliant data processor with consent storage”
Observed Behavior
Awaiting scanner verification of actual cookie deployment and third-party beacon behavior on client websites
pending
MEDIUM
They Claim
“Privacy-first approach with consent management tools”
Observed Behavior
Third-party partners deploy cookies and beacons for targeted advertising alongside Dotdigital tracking — full partner list not publicly disclosed
Customer Impact
What This Means For You
Organizations deploying Dotdigital should understand that the platform builds comprehensive individual profiles far beyond email marketing. The single customer view aggregates e-commerce purchase data, CRM records, loyalty program activity, and engagement behavior across every messaging channel into one profile per customer. Email recipients may not realize that opening a message triggers IP-based geolocation capture. Third-party partners receiving behavioral data through cookies and web beacons extend the data footprint beyond what customers might expect from a marketing email subscription. Organizations must ensure their privacy policies adequately disclose this full scope of data collection and sharing.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
Recommended Actions for Dotdigital
- →- Audit the full scope of data Dotdigital's single customer view collects from your integrated systems (e-commerce, CRM, loyalty) and verify privacy policy alignment. - Review Dotdigital's data processing addendum and confirm your organization's data controller obligations for cross-channel tracking. - Assess whether email recipients are adequately informed about tracking pixel behavior including IP-based geolocation capture. - Request a complete list of third-party partners who receive behavioral data through cookies and web beacons deployed by Dotdigital. - Evaluate whether consent mechanisms cover the full breadth of data collection across all channels (email, SMS, WhatsApp, push, web, social).
Negotiation Leverage
- →Dotdigital's GDPR compliance infrastructure and ICO oversight provide a compliance baseline. Key leverage points include demanding full disclosure of all third-party partners receiving behavioral data through cookies and beacons, negotiating restrictions on data use beyond direct marketing purposes, and requiring consent mechanism audit rights. Request documentation of data retention policies for single customer view profiles and email tracking pixel data. Dotdigital's UK Government Digital Marketplace listing indicates they can meet stringent procurement requirements — hold them to the same standard in commercial negotiations. Negotiate data portability and deletion SLAs for customer profile data across all integrated channels.
IOC Manifest
IOC Manifest
92 INDICATORS
Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*dotdigital.com/wp-includes/js/dist/dom-ready.js*
Tracking script
TRACK
*dotdigital.com/wp-includes/js/dist/hooks.js*
Tracking script
TRACK
*dotdigital.com/wp-includes/js/dist/a11y.js*
Tracking script
TRACK
*dotdigital.com/wp-includes/js/dist/i18n.js*
Tracking script
TRACK
*dotdigital.com/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*dotdigital.com/wp-includes/js/jquery/jquery-migrate.js*
Tracking script
TRACK
*dotdigital.com/wp-content/themes/dotdigital/scripts/dotdigital-*.js*
Tracking script
TRACK
*dotdigital.com/wp-content/plugins/gravityformsrecaptcha/js/frontend.js*
Tracking script
TRACK
*dotdigital.com/wp-content/plugins/gravityforms/js/jquery.json.js*
Tracking script
TRACK
*dotdigital.com/wp-content/plugins/gravityforms/js/gravityforms.js*
Tracking script
TRACK
*dotdigital.com/wp-content/plugins/gravityforms/assets/js/dist/utils.js*
Tracking script
TRACK
*dotdigital.com/wp-content/plugins/gravityforms/assets/js/dist/vendor-theme.js*
Tracking script
TRACK
*dotdigital.com/wp-content/plugins/gravityforms/assets/js/dist/scripts-theme.js*
Tracking script
TRACK
dotdigital.com/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
dotdigital.com/wp-includes/js/jquery/jquery-migrate.min.js
Auto-extracted from scan
TRACK
dotdigital.com/wp-content/themes/dotdigital/scripts/dotdigital-48884c37b5.js
Auto-extracted from scan
TRACK
dotdigital.com/wp-content/plugins/gravityformsrecaptcha/js/frontend.min.js
Auto-extracted from scan
TRACK
dotdigital.com/wp-includes/js/dist/dom-ready.min.js
Auto-extracted from scan
TRACK
dotdigital.com/wp-includes/js/dist/hooks.min.js
Auto-extracted from scan
TRACK
dotdigital.com/wp-includes/js/dist/i18n.min.js
Auto-extracted from scan
TRACK
dotdigital.com/wp-includes/js/dist/a11y.min.js
Auto-extracted from scan
TRACK
dotdigital.com/wp-content/plugins/gravityforms/js/jquery.json.min.js
Auto-extracted from scan
TRACK
dotdigital.com/wp-content/plugins/gravityforms/js/gravityforms.min.js
Auto-extracted from scan
TRACK
dotdigital.com/wp-content/plugins/gravityforms/assets/js/dist/utils.min.js
Auto-extracted from scan
TRACK
dotdigital.com/wp-content/plugins/gravityforms/assets/js/dist/vendor-theme.min.js
Auto-extracted from scan
TRACK
dotdigital.com/wp-content/plugins/gravityforms/assets/js/dist/scripts-theme.min.js
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
Dotdigital integrates natively with major e-commerce platforms including Shopify, Adobe Commerce (Magento), and BigCommerce, as well as CRM systems and data warehouses. The platform is listed on the UK Government Digital Marketplace, indicating public sector usage. Dotdigital operates globally with offices in New York, London, Europe, and APAC. The platform connects with unnamed third-party advertising partners for targeted ad delivery via shared behavioral data. As a UK-headquartered company (Dotdigital Group PLC), it operates under ICO oversight with specific GDPR data processing obligations.
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
92 detection signatures across scripts, domains, cookies, and network endpoints