How This Briefing Works
This dossier opens with key findings, then maps the gap between what Getsales discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
Briefing
Sales engagement platform that records visitor sessions with behavioral analysis before consent. Captures mouse movements, scroll patterns, form interactions, and page sequences to score buyer intent. Primary risk: session replay of potentially sensitive user behavior without consent creates GDPR special category + privacy violation exposure.
What This Means For You
Sales teams gain buyer intent signals but inherit session recording liability - potential capture of sensitive personal data without consent. Legal teams face triple violation: consent bypass + special category biometrics + privacy invasion through replay. Compliance teams must defend recording of user behavior (including competitor research) to privacy regulators.
Risk Channel Breakdown
Distorts attribution data
Session replay with behavioral biometrics enables detailed buyer intent analysis. Records full user journey including competitor research patterns, pricing sensitivity (repeat visits to pricing), and decision-maker identification through form interactions.
Expands attack surface
Loads session recording infrastructure before consent, then captures behavioral biometrics throughout session. Creates dual violation: consent bypass under Article 7 + special category data processing under Article 9 without legal basis.
Threat Indicators
Runtime-observed (BTI-C)
Keystroke/mouse tracking
Full session replay
Ignoring CMP signals
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Getsales's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
3 for current users · 3 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →