QA mode · Tier:PUBLIC(override via ?tier=paid | premium)
← All Vendors
deanon
Intentsify

Intentsify

80% pre-consent tracking on their own website while claiming SOC2/GDPR/CCPA compliance. Two contradicting privacy policies — website policy says "we do not sell personal information" while consumer policy explicitly admits selling identifiers, personal information, and professional information.

73 IOCs observed11 detections91% pre-consent7 sites
90
Vendor Risk Score
Tier: HOSTILE
Observation Coverage

BLACKOUT observes runtime behavior in the browser. This dossier reflects browser-side execution, which is one of five vendor data-egress classes. Server-to-server transfers, backend integrations, and offline data flows are outside this observation boundary.

BLACKOUT observes runtime behavior and cites the regulations that address that behavior pattern. Legal determinations are the customer's counsel's call.

How This Briefing Works

This dossier opens with key findings, then maps the gap between what Intentsify discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.

Key Findings

At a Glance

Detections
11

across 7 sites

Pre-Consent Rate
91%

vendor fires before consent

Disclosure Gaps
4

1 CRIT · 3 HIGH

Claims-vs-Reality Classified
BTI-X05BTI-X12
Summary

Briefing

Intentsify is a B2B intent data provider operating large-scale identity resolution infrastructure with 382 million contact records, 5 billion MAIDs, and 203 million IP addresses. Despite marketing as an "ethical" data platform with SOC2/GDPR/CCPA compliance claims, runtime scans reveal 80% pre-consent tracking on their own website with 6 surveillance vendors loading before consent. Their consumer privacy policy explicitly states they sell personal information, contradicting their privacy-first positioning. The platform enables person-level tracking disguised as aggregate "intent signals."

Customer Impact

What This Means For You

If Intentsify provides your intent data, you are consuming intelligence built on an identity resolution infrastructure of 382 million contacts, 5 billion MAIDs, and 203 million IP addresses. Under GDPR Art 5(1)(a), you must ensure lawful basis for processing this data — Intentsify's 80% pre-consent rate and conflicting privacy policies make consent chain verification impossible. Their consumer privacy policy explicitly admits selling personal information while their website policy claims the opposite, creating a compliance documentation gap you inherit. Under CCPA §1798.140, intent data derived from person-level surveillance without proper consent exposes you to shared liability. The multi-tenant data model means your research signals may also strengthen competitor campaigns using the same platform.

Collapse Engine

Risk Channel Breakdown

Oracle
Truth Collapse
55

Intentsify corrupts measurement by providing identity-resolved data that appears to be aggregate intent signals. When customers use Intentsify data, they unknowingly benefit from person-level surveillance that may have been collected without proper consent, creating attribution data built on legally questionable foundations.

Broker
Control Collapse
100

As a data broker with 382M contacts and explicit admission of selling personal information, Intentsify enables demand signal leakage. Intent data collected from one customer's target accounts can inform competitor targeting. The multi-tenant data model means your research signals may strengthen competitor campaigns.

Reaper
Safety Collapse
0

Intentsify's Identity Graph creates significant attack surface through its network of 21+ third-party vendors loading on their website, cross-device tracking via MAIDs, and IP-to-company resolution. This infrastructure represents both a privacy liability for customers and a potential breach vector for any organization in their data supply chain.

Counselor
Legitimacy Collapse
100

Critical consent divergence exists: Intentsify claims GDPR/CCPA compliance while operating with 80% pre-consent tracking. Their consumer policy admits selling data while their website policy claims they don't. This creates vicarious liability for customers who rely on Intentsify's compliance representations to justify their own data practices.

BTI Codes

Threat Indicators

Runtime-observed (BTI-C)

BTI-C01
Defeat Device

Evasion infrastructure, auditor bypass

BTI-C06
Behavioral Biometrics

Keystroke/mouse tracking

BTI-C07
Session Recording

Full session replay

BTI-C08
Cross-Domain Sync

Identity stitching

BTI-C09
Consent Bypass

Ignoring CMP signals

BTI-C10
Fingerprinting

Device identification

BTI-C14
Identity Resolution

PII deanonymization

BTI-C15
Tag Manager

Container/loader (neutral)

Claims-vs-Reality (BTI-X)

BTI-X05
Compliance Claim Mismatch

False certification claims

BTI-X12
Assurance Gap

Gated or missing due diligence docs

4
BTI Consequences Identified

Per-code narrative explanations of what each detected behavior means for your organization

Available in VIDB Subscription

Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →

Disclosure Gaps

Claims vs. Reality

4
Gaps Observed
1 CRITICAL3 HIGH

BLACKOUT analyzed Intentsify's public claims against observed runtime behavior and identified 4 contradictions.

BTI-X05BTI-X12
Featured Gap
Consent Divergence
CRITICAL
They Claim

"SOC2 Type II certified, GDPR compliant, CCPA compliant"

BLACKOUT Observed

80% of vendors load before consent obtained on their own website. Six surveillance vendors (Clearbit, CookieYes, Demandbase, HubSpot, IDVisitors, TradeDesk) fire pre-consent.

3 more gaps — with regulatory citations and evidence pointers — available with subscription.

Available in VIDB Subscription

Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →

Recommended Actions

What To Do

Recommended Actions
10

5 for current users · 5 for evaluators

Negotiation Leverage
5

contractual leverage points

Available in VIDB Subscription

Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →

Ecosystem

Supply Chain & Pairings

Subprocessor Disclosure Gap
0undisclosed

Claims 6, observed 6

Available in VIDB Subscription

Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →

Profile: intentsifyFirst Seen: 2025-12-25Last Updated: 2026-02-28