Executive Summary
LeadRocket is a MISATTRIBUTED vendor entry - the cdn.lgrckt-in.com domain actually belongs to LogRocket, a session replay and product analytics platform founded in 2016 in Boston. LogRocket captures DOM mutations, console logs, network requests, and user interactions for debugging and UX analysis. Despite SOC2 Type II and GDPR compliance claims, runtime detection shows 71.4% pre-consent loading across monitored sites. The vendor gates SOC2 reports behind sales contact, preventing independent verification. This entry should be merged with the existing LogRocket vendor record.
Revenue Threat Profile
4 COLLAPSE VECTORSHow this vendor creates financial exposure. Each score (0-100) reflects observed runtime behavior and documented business practices.
CAC Subsidization
Session replay captures complete user journeys, DOM state, and interactions. This data flows to LogRocket servers where it is processed for analytics. If attribution models rely on clean first-party data, LogRocket session data creates parallel measurement that may diverge from official analytics.
Signal Corruption
LogRocket captures behavioral signals, error patterns, and feature usage data. While primarily used for debugging, this intelligence about user friction points and feature adoption could inform competitive product decisions if data were accessed by unauthorized parties.
Legal Tail Risk
Session replay technology captures sensitive user interactions including form inputs (though passwords claimed excluded). The extensive network of CDN domains (11+ domains) creates a broad attack surface. Pre-consent loading (71.4%) means recording begins before users can object.
GTM Attack Surface
Claims SOC2 Type II and GDPR compliance while demonstrating 71.4% pre-consent tracking rate. Privacy policy explicitly states they do NOT honor Do Not Track signals. SOC2 report is gated behind sales contact, preventing independent compliance verification. Creates consent liability for customers deploying LogRocket.