All Vendors
abm

Madison Logic

Madison Logic claims its tracking "does not discern identity" while its own SA pixel documentation describes matching cookie/device IDs against a DMP database of companies. Pre-consent tracking confirmed on their own website.

162 IOCs26 detections15% pre-consent24 sites
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Madison Logic discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

26 detections across 24 sites15% pre-consent activity2 critical disclosure gaps
CRITICAL

identity_resolution

SA pixel documentation confirms matching cookie/device IDs against DMP database of companies and their respective cookies. Account-level identification via cookie-to-company mapping is identity resolution.

GDPR Art. 4(1)CCPA PI definitionePrivacy Directive Art. 5(3)
CRITICAL

consent_bypass

Scanner confirmed pre_consent=TRUE on madisonlogic.com self-scan (SCAN-1769099737063, HIGH confidence, 142 evidence items). 15% pre-consent rate across all detections. Tracking fires before consent banner is actioned.

GDPR Art. 6ePrivacy Directive Art. 5(3)CCPA opt-out rights
MEDIUM

Pre-Consent Activity

Madison Logic was observed loading and executing before user consent was obtained on 15% of sites where it was detected.

GDPRePrivacy
HIGH

certification_opacity

Trust center page (trust.madisonlogic.com) redirects away from Madison Logic domain to unrelated third-party sites. SOC 2 report not publicly accessible or verifiable.

AICPA TSC
HIGH

supply_chain_opacity

Shares with Marketing/Advertising Partners, Data Analytics Providers, and Social Networks for cross-contextual behavioral advertising. No named subprocessor list accessible. Trust center non-functional.

GDPR Art. 28CCPA disclosure requirements
Disclosure Gaps

Claims vs. Observed Behavior

6 gaps
2 CRIT3 HIGH1 MED
Classified:BTI-X02BTI-X03BTI-X07BTI-X09

identity_resolution

GDPR Art. 4(1) · CCPA PI definition · ePrivacy Directive Art. 5(3)CRITICAL
They Claim

Privacy policy: does not use this information to discern your identity

Observed Behavior

SA pixel documentation confirms matching cookie/device IDs against DMP database of companies and their respective cookies. Account-level identification via cookie-to-company mapping is identity resolution.

certification_opacity

AICPA TSCHIGH
They Claim

SOC 2 Type II certified (per trust center)

Observed Behavior

Trust center page (trust.madisonlogic.com) redirects away from Madison Logic domain to unrelated third-party sites. SOC 2 report not publicly accessible or verifiable.

supply_chain_opacity

GDPR Art. 28 · CCPA disclosure requirementsHIGH
They Claim

Data sharing disclosed in privacy policy with categories of recipients

Observed Behavior

Shares with Marketing/Advertising Partners, Data Analytics Providers, and Social Networks for cross-contextual behavioral advertising. No named subprocessor list accessible. Trust center non-functional.

data_classification

GDPR Art. 4(1) · GDPR Recital 30HIGH
They Claim

SA pixel does not collect PII - only domain and account-level data

Observed Behavior

SA pixel reads cookie/device ID and references against DMP. While technically not individual PII, cookie-to-company mapping enables account-level deanonymization. GDPR definition of personal data includes any information relating to an identifiable natural person.

opt_out_fragility

CCPA opt-out durability · GDPR Art. 21MEDIUM
They Claim

Cookie-based opt-out mechanism available

Observed Behavior

Opt-out relies on a cookie. If cookies cleared, opt-out is lost. Must opt out per device/browser. Privacy policy explicitly warns: this opt-out relies on a cookie and so if you wipe all of your cookies, we will no longer know that you have opted out.

Customer Impact

What This Means For You

Organizations deploying Madison Logic inherit three categories of risk. First, consent-timing liability: the SA pixel fires before consent capture on Madison Logic own website, and the same pixel architecture deploys on customer sites. Every customer running the SA pixel without verifying consent-gate timing may be processing visitor data without valid legal basis under GDPR Article 6 and ePrivacy Directive Article 5(3). Second, identity resolution exposure: Madison Logic claims its tracking does not discern identity, but the SA pixel architecture explicitly matches cookies against a company-level DMP. Customers relying on this non-identification claim in their own DPIAs may have an inaccurate basis for their data protection assessments. Third, supply chain accountability: customers cannot verify Madison Logic subprocessor chain because the trust center is non-functional. Pipeline intelligence derived from Madison Logic intent signals may be built on data collected through consent bypass, creating downstream liability for sales and marketing decisions.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Madison Logic

  • Audit SA pixel consent-gate timing on your properties - verify pixel does not fire before visitor consent is captured
  • Request Madison Logic SOC 2 Type II report directly - trust center is non-functional and report cannot be independently verified
  • Document cookie-to-company DMP matching in your DPIA - Madison Logic claim of non-identification may not hold under GDPR Art. 4(1)
  • Monitor Madison Logic abm.madisonlogic.com form injection scope - Marketo munchkin integration enables dynamic capability deployment
  • Verify cookie-based opt-out persistence - if visitors clear cookies the opt-out is lost requiring re-action per device and browser

If You're Evaluating Madison Logic

  • Request Madison Logic technical architecture documentation for SA pixel data flows before signing
  • Evaluate whether account-level cookie matching constitutes identity resolution under your applicable privacy regulations
  • Assess alternative ABM platforms that operate consent-first without pre-consent tracking architectures
  • Negotiate contractual consent-timing guarantees - require Madison Logic to gate all tracking behind verified consent
  • Request named subprocessor list with data flow documentation - current trust center redirects away from Madison Logic domain

Negotiation Leverage

  • Madison Logic SA pixel fires before consent capture on their own website (SCAN-1769099737063 HIGH confidence) - demand contractual guarantee that pixel will not execute pre-consent on your properties
  • Privacy policy claims tracking does not discern identity but SA pixel documentation explicitly describes cookie-to-company DMP matching - require written clarification of what identity resolution means in their context
  • Trust center (trust.madisonlogic.com) redirects to unrelated third-party sites - demand direct access to SOC 2 Type II report and named subprocessor list before proceeding
  • Cookie-based opt-out architecture means any cookie clearing voids the opt-out - negotiate server-side opt-out mechanism that persists regardless of browser state
  • Data shared with unnamed Marketing and Advertising Partners for cross-contextual behavioral advertising - require complete list of data recipients and contractual right to audit data flows
  • Marketo munchkin integration (759-DDC-106) via abm.madisonlogic.com enables dynamic form injection - negotiate explicit approval requirement before any capability changes on your properties
Runtime Detections

Runtime Detections

3 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C15Tag Manager

Container/loader (neutral)

IOC Manifest

IOC Manifest

156 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*abm.madisonlogic.com/js/forms2/js/forms2.js*
Tracking script
TRACK
*www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/accordions-with-image/accordions-with-image.js*
Tracking script
TRACK
*www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/accordions/accordions.js*
Tracking script
TRACK
*www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/icon-list/icon-list.js*
Tracking script
TRACK
*www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/insights-toggle/insights-toggle.js*
Tracking script
TRACK
*www.madisonlogic.com/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/reviews/reviews.js*
Tracking script
TRACK
*www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/services/services.js*
Tracking script
TRACK
*www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/tabs/tabs.js*
Tracking script
TRACK
*www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/testimonials/testimonials.js*
Tracking script
TRACK
*www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/timeline-carousel/timeline-carousel.js*
Tracking script
TRACK
*www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/vertical-timeline/vertical-timeline.js*
Tracking script
TRACK
*www.madisonlogic.com/wp-content/themes/wp-madison-logic/js/scripts.js*
Tracking script
TRACK
*www.madisonlogic.com/wp-content/themes/wp-madison-logic/js/marketoForms.js*
Tracking script
TRACK
*www.madisonlogic.com/wp-content/themes/wp-madison-logic/js/flickity.pkgd.js*
Tracking script
TRACK
*abm.madisonlogic.com/index.php/form/getForm*
Tracking script
TRACK
abm.madisonlogic.com/js/forms2/js/forms2.min.js
Auto-extracted from scan
TRACK
www.madisonlogic.com/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/accordions/accordions.js
Auto-extracted from scan
TRACK
www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/accordions-with-image/accordions-with-image.js
Auto-extracted from scan
TRACK
www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/icon-list/icon-list.js
Auto-extracted from scan
TRACK
www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/insights-toggle/insights-toggle.js
Auto-extracted from scan
TRACK
www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/reviews/reviews.js
Auto-extracted from scan
TRACK
www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/services/services.js
Auto-extracted from scan
TRACK
www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/tabs/tabs.js
Auto-extracted from scan
TRACK
www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/testimonials/testimonials.js
Auto-extracted from scan
TRACK
www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/timeline-carousel/timeline-carousel.js
Auto-extracted from scan
TRACK
www.madisonlogic.com/wp-content/themes/wp-madison-logic/blocks/vertical-timeline/vertical-timeline.js
Auto-extracted from scan
TRACK
www.madisonlogic.com/wp-content/themes/wp-madison-logic/js/scripts.js
Auto-extracted from scan
TRACK
www.madisonlogic.com/wp-content/themes/wp-madison-logic/js/marketoForms.js
Auto-extracted from scan
TRACK
www.madisonlogic.com/wp-content/themes/wp-madison-logic/js/flickity.pkgd.min.js
Auto-extracted from scan
TRACK
abm.madisonlogic.com/index.php/form/getForm
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Madison Logic operates at the center of B2B account-based marketing infrastructure, connecting content publishers, demand-side platforms, and marketing automation tools. Its SA pixel deploys on customer websites and tracks account-level engagement by matching cookies against a proprietary DMP. The abm.madisonlogic.com subdomain serves dynamic forms via Marketo integration (munchkin ID: 759-DDC-106), creating a bridge between Madison Logic ABM platform and HubSpot/Marketo marketing automation. Scanner detected Madison Logic on 24 distinct sites including major B2B platforms (Snowflake, Segment, Mailchimp, PathFactory, PubMatic), indicating widespread deployment across the B2B martech ecosystem. The vendor commonly loads indirectly through advertising supply chains, appearing on sites that likely use Madison Logic ABM display or content syndication products.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

162 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details