Executive Summary
HockeyStack is a B2B revenue intelligence platform marketed as "cookieless" and "privacy-friendly" that provides GTM analytics, attribution, and AI agents. Runtime analysis reveals significant gaps between marketing claims and actual behavior: the platform uses FingerprintJS for device fingerprinting (disclosed in Trust Portal but marketed as privacy-respecting), deploys 41+ third-party vendors on their own website while disclosing only ~20, and has 12 vendors firing pre-consent including identity resolution services like Leadfeeder. The company holds ISO 27001 certification and claims GDPR compliance, creating a material contradiction with observed pre-consent tracking behavior.
Revenue Threat Profile
4 COLLAPSE VECTORSHow this vendor creates financial exposure. Each score (0-100) reflects observed runtime behavior and documented business practices.
CAC Subsidization
HockeyStack corrupts measurement integrity through undisclosed identity resolution. Their Atlas data foundation performs identity matching across sources while marketing as analytics-only. Organizations relying on HockeyStack attribution may be making decisions based on data collected through undisclosed fingerprinting and cross-site identity resolution methods.
Signal Corruption
Demand signals flow to undisclosed third parties including Leadfeeder, RB2B, and 20+ other vendors not listed in subprocessor disclosures. Visitor intent data, behavioral signals, and account intelligence collected via HockeyStack may be accessible to competitors through these undisclosed data relationships.
Legal Tail Risk
FingerprintJS pre-consent deployment creates regulatory attack surface. The platform becomes a supply chain risk vector with 41 vendors loading on customer sites, many undisclosed. Contentsquare and Clarity session replay capture sensitive behavioral data. OpenAI and Gemini as subprocessors mean customer data may flow to AI training pipelines.
GTM Attack Surface
ISO 27001 and GDPR compliance claims conflict with observed pre-consent tracking on their own website. Marketing cookieless as privacy-friendly while using fingerprinting is materially misleading. Dual subprocessor lists (Privacy Policy vs Trust Portal) create consent documentation gaps. Organizations citing HockeyStack compliance certifications inherit undisclosed vendor liability.