All Vendors
data_enrichment
Intentdata

Intentdata

Sells "contact-level" B2B intent data identifying individual prospects by name, email, phone, and company — identity resolution marketed as analytics. 5.9% pre-consent rate with DoubleClick, Google Ads, and Meta Pixel firing before consent. Privacy policy names zero subprocessors.

101 IOCs69 detections6% pre-consent62 sites
85
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Intentdata discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

69 detections across 62 sites6% pre-consent activity
MEDIUM

Pre-Consent Activity

Intentdata was observed loading and executing before user consent was obtained on 6% of sites where it was detected.

GDPRePrivacy
HIGH

Subprocessor Disclosure

Observed DoubleClick, Google Ads, GA4, HubSpot, Meta Pixel on site

GDPR Art 28CCPA 1798.100
HIGH

Service Scope Mismatch

Marketing promotes contact-level identity resolution with PII (name, email, phone)

GDPR Art 13GDPR Art 14
HIGH

Undisclosed Party

Not in privacy policy

HIGH

Undisclosed Sharing

Hidden data recipients

Disclosure Gaps

Claims vs. Observed Behavior

4 gaps
2 HIGH2 MED
Classified:BTI-X01BTI-X02BTI-X05BTI-X08

Subprocessor Disclosure

GDPR Art 28 · CCPA 1798.100HIGH
They Claim

Privacy policy mentions Contractors but provides no list

Observed Behavior

Observed DoubleClick, Google Ads, GA4, HubSpot, Meta Pixel on site

Runtime scan of intentdata.io

Service Scope Mismatch

GDPR Art 13 · GDPR Art 14HIGH
They Claim

Privacy describes web tracking and analytics

Observed Behavior

Marketing promotes contact-level identity resolution with PII (name, email, phone)

Homepage: Contact-Level Intent Data identifies the actual person

Customer Impact

What This Means For You

If IntentData.io provides your intent intelligence, you are consuming contact-level data that identifies individual prospects by name, email, phone, and company. Under GDPR Art 14, you must inform data subjects within one month when their personal data is obtained from third parties — IntentData's contact-level identification creates this obligation for every lead received. Their 5.9% pre-consent rate with advertising pixels firing before consent suggests consent chain issues in their data collection. IntentData's privacy policy names zero subprocessors while 5+ vendors are detected at runtime. Using their service means your prospect intent signals may be sold to competitors subscribing to the same topic categories.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Intentdata

  • Audit consent flow for contact-level data — ensure prospects consented to identity collection, not just aggregate analytics
  • Review data provenance — ask IntentData for documented consent chain for every contact they provide
  • Update your privacy policy to disclose IntentData as a source of contact-level personal data under GDPR Art 14
  • Consider GDPR Art 14 obligations — you must inform data subjects within one month when personal data is obtained from third parties
  • Assess whether competitors subscribe to the same IntentData topic categories targeting your prospect accounts

If You're Evaluating Intentdata

  • Request documented consent chain for contact-level data — person-level identification requires stronger legal basis than aggregate intent
  • Ask specifically how individual contacts are identified and whether consent is obtained at the contact level
  • Review data exclusivity terms — your prospect intent signals may be sold to competitors on the same platform
  • Compare against aggregate-only intent providers (Bombora) if contact-level identification creates excessive compliance burden
  • Negotiate data isolation ensuring your research signals do not inform competitor targeting through shared topic subscriptions

Negotiation Leverage

  • Consent provenance: IntentData provides contact-level identification. Require documented consent chain for all contacts provided, demonstrating valid legal basis under GDPR Art 6 for person-level tracking.
  • Data exclusivity: IntentData sells intent signals to multiple subscribers. Require contractual right to know if competitors subscribe to the same topic categories targeting your prospect accounts.
  • Subprocessor disclosure: Zero vendors named in privacy policy. Require complete enumeration of all data collection partners and processing infrastructure.
  • GDPR Art 14 compliance: Require IntentData to provide documentation sufficient for your Art 14 notifications to data subjects about third-party data collection.
Runtime Detections

Runtime Detections

7 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C08Cross-Domain Sync

Identity stitching

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C10Fingerprinting

Device identification

BTI-C14Identity Resolution

PII deanonymization

BTI-C15Tag Manager

Container/loader (neutral)

IOC Manifest

IOC Manifest

72 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

EXFIL
*www.intentdata.io/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js*
Data collection endpoint
EXFIL
*www.intentdata.io/hs/hsstatic/HubspotToolsMenu/static-1.432/js/index.js*
Data collection endpoint
EXFIL
*www.intentdata.io/hs/hsstatic/content-cwv-embed/static-1.*/embed.js*
Data collection endpoint
EXFIL
*www.intentdata.io/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js*
Data collection endpoint
EXFIL
*www.intentdata.io/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js*
Data collection endpoint
EXFIL
*www.intentdata.io/_hcms/forms/v2.js*
Data collection endpoint
EXFIL
*www.intentdata.io/hs/hsstatic/cms-free-branding-lib/static-1.*/js/index.js*
Data collection endpoint
EXFIL
*www.intentdata.io/hs/scriptloader/*.js*
Data collection endpoint
EXFIL
*www.intentdata.io/hubfs/hub_generated/template_assets/1/*/*/template_IntentData_Scripts.js*
Data collection endpoint
EXFIL
*www.intentdata.io/hubfs/hub_generated/module_assets/1/*/*/module_Home_-_Testimonial.js*
Data collection endpoint
EXFIL
*www.intentdata.io/hubfs/hub_generated/module_assets/1/*/*/module_IntentData_-_Search_Input.js*
Data collection endpoint
EXFIL
*www.intentdata.io/hubfs/hub_generated/module_assets/1/*/*/module_Home_-_Hero_Slider.js*
Data collection endpoint
EXFIL
www.intentdata.io/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Auto-extracted from scan
EXFIL
www.intentdata.io/hs/hsstatic/cms-free-branding-lib/static-1.2918/js/index.js
Auto-extracted from scan
EXFIL
www.intentdata.io/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js
Auto-extracted from scan
EXFIL
www.intentdata.io/hubfs/hub_generated/template_assets/1/9396948639/1743248349615/template_IntentData_Scripts.min.js
Auto-extracted from scan
EXFIL
www.intentdata.io/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Auto-extracted from scan
EXFIL
www.intentdata.io/hubfs/hub_generated/module_assets/1/10107837746/1743249363825/module_IntentData_-_Search_Input.min.js
Auto-extracted from scan
EXFIL
www.intentdata.io/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js
Auto-extracted from scan
EXFIL
www.intentdata.io/hubfs/hub_generated/module_assets/1/10066248661/1743249362754/module_Home_-_Hero_Slider.min.js
Auto-extracted from scan
EXFIL
www.intentdata.io/hubfs/hub_generated/module_assets/1/10065653691/1743249361662/module_Home_-_Testimonial.min.js
Auto-extracted from scan
EXFIL
www.intentdata.io/_hcms/forms/v2.js
Auto-extracted from scan
EXFIL
www.intentdata.io/hs/scriptloader/5707239.js
Auto-extracted from scan
EXFIL
www.intentdata.io/hs/hsstatic/HubspotToolsMenu/static-1.432/js/index.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

IntentData operates as a B2B intent data provider that collects contact-level information (name, email, phone, company) from web behavior. They integrate with Salesforce, Marketo, Terminus, HubSpot, and Looker. Their own site is HubSpot-hosted and loads HubSpot tracking. They are loaded indirectly (68 detections across 61 sites) - typically through marketing automation platforms or GTM. They load HubSpot as an outbound vendor. Parent company Consilium Global Business Advisors is a HubSpot Gold Partner.
Loads (1)
Hubspot
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

101 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details