How This Briefing Works
This dossier opens with key findings, then maps the gap between what Intentdata discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
2 HIGH
Briefing
IntentData.io, operated by Consilium Global Business Advisors, LLC, provides "contact-level" B2B intent data that identifies individual prospects by name, email, phone, and company - a form of identity resolution marketed as analytics. Their own website deploys 5+ pre-consent tracking vendors (DoubleClick, Google Ads, GA4, HubSpot, Meta Pixel) while claiming GDPR compliance and honoring Do Not Track signals. The gap between their compliance claims and observed 5.9% pre-consent tracking rate represents a material disclosure deficiency.
What This Means For You
If IntentData.io provides your intent intelligence, you are consuming contact-level data that identifies individual prospects by name, email, phone, and company. Under GDPR Art 14, you must inform data subjects within one month when their personal data is obtained from third parties — IntentData's contact-level identification creates this obligation for every lead received. Their 5.9% pre-consent rate with advertising pixels firing before consent suggests consent chain issues in their data collection. IntentData's privacy policy names zero subprocessors while 5+ vendors are detected at runtime. Using their service means your prospect intent signals may be sold to competitors subscribing to the same topic categories.
Risk Channel Breakdown
As an intent data provider, IntentData corrupts measurement by adding their contact-level data to your CRM/MAP, potentially polluting attribution with questionable consent provenance. Their data sourcing method (mining the open web for contact information) creates uncertain data quality chains.
IntentData explicitly sells demand signals - they identify who is researching topics at the individual contact level. Using their service means your prospect intent signals may be sold to competitors subscribing to the same topics.
Loading 5+ third-party tracking scripts pre-consent on their own site demonstrates poor security hygiene. Their data collection methodology (web mining for contact details) creates potential legal exposure for customers who use the data.
Claims GDPR compliance and DNT honoring while demonstrating 5.9% pre-consent tracking. No subprocessor list despite clear third-party data sharing with Google, Meta, HubSpot. Marketing claims contact-level PII collection while privacy policy frames as analytics.
Threat Indicators
Runtime-observed (BTI-C)
Evasion infrastructure, auditor bypass
Keystroke/mouse tracking
Identity stitching
Ignoring CMP signals
Device identification
PII deanonymization
Container/loader (neutral)
Claims-vs-Reality (BTI-X)
Not in privacy policy
Hidden data recipients
False certification claims
Collection exceeds disclosed scope
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Intentdata's public claims against observed runtime behavior and identified 4 contradictions.
"Privacy policy mentions Contractors but provides no list"
Observed DoubleClick, Google Ads, GA4, HubSpot, Meta Pixel on site
3 more gaps — with regulatory citations and evidence pointers — available with subscription.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
5 for current users · 5 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →
