Executive Summary
LiveRamp is a publicly-traded identity resolution and data connectivity platform (NYSE: RAMP), formerly Acxiom, headquartered in San Francisco. As a core infrastructure provider enabling cross-device identity matching and audience targeting across 92% of the advertising ecosystem, LiveRamp occupies a central position in the ad-tech supply chain. Critical finding: LiveRamp deploys Clearbit (a competitor identity resolution vendor) and Criteo (retargeting) on their own website, with 10 vendors firing pre-consent. This represents a significant gap between their stated "consumer privacy is a priority" position and observable runtime behavior. An identity resolution company using rival identity resolution on their own visitors raises serious questions about data practices.
Revenue Threat Profile
4 COLLAPSE VECTORSHow this vendor creates financial exposure. Each score (0-100) reflects observed runtime behavior and documented business practices.
CAC Subsidization
LiveRamp sits at the heart of marketing measurement infrastructure - their identity graph connects first-party data to advertising platforms. When their own measurement practices include undisclosed vendors, it raises questions about data leakage to competitors and corrupted attribution chains. Using Clearbit on their own site means visitor intelligence potentially flows to a competing identity vendor.
Signal Corruption
As a data connectivity platform that enables audience sharing across 600+ advertisers, LiveRamp has extensive visibility into demand signals. Their use of Clearbit (owned by HubSpot) on their own site potentially exposes intent data about prospective customers to a competitor ecosystem. Marketers evaluating LiveRamp are being identified and potentially retargeted by competing platforms.
Legal Tail Risk
LiveRamp processes identity data at massive scale. The disconnect between their compliance certifications (SOC2, GDPR, CCPA) and pre-consent tracking behavior on their own properties creates regulatory exposure for customers who rely on LiveRamps stated compliance posture. If LiveRamp cannot maintain compliant behavior on properties they control, questions arise about their data handling for customer data.
GTM Attack Surface
LiveRamp claims SOC2 Type II, GDPR, and CCPA compliance while operating a website that fires 10 vendors pre-consent including identity resolution and retargeting. This creates consent divergence - users who reject tracking via their Ketch CMP may still have data captured by pre-consent vendors. The subprocessor list discloses only 5 infrastructure vendors while runtime shows 21+ third parties receiving data.