How This Briefing Works
This dossier opens with key findings, then maps the gap between what Hginsights discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
1 HIGH
Briefing
HG Insights is a technology intelligence and data enrichment vendor detected on 26 sites with 28 detections in our observation corpus. The platform provides B2B technology adoption data, but BLACKOUT analysis reveals a client-side footprint that far exceeds data enrichment requirements: defeat device behavior (C01), behavioral biometrics (C06), session recording (C07), consent bypass (C09), device fingerprinting (C10), identity resolution (C14), and tag manager capabilities (C15). With 40 scripts, 2 domains, and 3 cookies, HG Insights operates an extensive behavioral capture infrastructure from what is ostensibly a technographic data platform.
What This Means For You
If you deploy HG Insights, you are not just adding technology detection to your site — you are installing a 40-script behavioral surveillance infrastructure with identity resolution capabilities. Your visitors' keystroke patterns, mouse movements, and complete browsing sessions are captured and fed into HG Insights' commercial intelligence products. The identity resolution capability means your anonymous visitors are deanonymized and their company affiliations added to a database that your competitors can purchase. Your privacy policy likely describes HG Insights as a "technology intelligence" or "analytics" partner — it is functionally a behavioral data harvester with the ability to identify and profile your visitors for commercial resale.
Risk Channel Breakdown
Signal corruption score of 25 reflects HG Insights' identity resolution and fingerprinting capabilities contaminating the boundary between technographic intelligence and behavioral surveillance. When a data enrichment vendor also captures behavioral biometrics and session recordings, the enrichment data itself becomes unreliable — it is unclear where legitimate technology detection ends and behavioral profiling begins.
Maximum CAC subsidization score (100). HG Insights' 40-script infrastructure captures behavioral biometrics, session recordings, and identity data from your site visitors. As a technology intelligence vendor, this data directly enriches HG Insights' commercial datasets — your visitors' behavioral data becomes a product sold to your competitors for competitive intelligence.
Expands attack surface
Maximum legal tail risk (100). Despite a lower 14% pre-consent rate, HG Insights' 7 BTI behavioral codes create significant regulatory exposure. Behavioral biometrics (C06) and session recording (C07) constitute personal data processing under GDPR. Identity resolution (C14) from a data enrichment vendor means your visitors are being deanonymized to enrich a commercial database — processing most sites have not disclosed or obtained consent for.
Threat Indicators
Runtime-observed (BTI-C)
Evasion infrastructure, auditor bypass
Keystroke/mouse tracking
Full session replay
Ignoring CMP signals
Device identification
PII deanonymization
Container/loader (neutral)
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Hginsights's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
4 for current users · 4 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →