How This Briefing Works
This dossier opens with key findings, then maps the gap between what Madison Logic discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
2 CRIT · 3 HIGH
Briefing
Madison Logic is a B2B account-based marketing platform founded in 2006 in New York. It provides ABM content syndication, display advertising, connected TV, and audio advertising capabilities. Its Site Attribution pixel deploys on customer websites to track account-level engagement by matching visitor cookies against a proprietary data management platform. Scanner detected the vendor on 24 sites with a 15% pre-consent execution rate.
What This Means For You
Organizations deploying Madison Logic inherit three categories of risk. First, consent-timing liability: the SA pixel fires before consent capture on Madison Logic own website, and the same pixel architecture deploys on customer sites. Every customer running the SA pixel without verifying consent-gate timing may be processing visitor data without valid legal basis under GDPR Article 6 and ePrivacy Directive Article 5(3). Second, identity resolution exposure: Madison Logic claims its tracking does not discern identity, but the SA pixel architecture explicitly matches cookies against a company-level DMP. Customers relying on this non-identification claim in their own DPIAs may have an inaccurate basis for their data protection assessments. Third, supply chain accountability: customers cannot verify Madison Logic subprocessor chain because the trust center is non-functional. Pipeline intelligence derived from Madison Logic intent signals may be built on data collected through consent bypass, creating downstream liability for sales and marketing decisions.
Risk Channel Breakdown
Madison Logic aggregates intent signals from content syndication, display, CTV, and audio channels. The SA pixel tracks account-level site visits by matching cookies against a DMP. This creates a composite behavioral profile that may not reflect genuine buyer intent - it reflects Madison Logic ability to observe and attribute browsing behavior across its network.
Madison Logic operates as an intermediary between content publishers and B2B marketers. Its DMP maintains cookie-to-company mappings, creating a broker position where account intelligence flows through Madison Logic infrastructure. Customers depend on Madison Logic intent signals for pipeline decisions.
SA pixel deploys on every page of customer websites with 12-18 month cookie lifetime. Tag manager injection capability (BTI-C15) enables dynamic expansion. The pixel creates persistent account-level surveillance infrastructure on customer properties.
Pre-consent tracking detected on Madison Logic own site (SCAN-1769099737063). Privacy policy claims OneTrust consent management, but scanner confirms tracking fires before consent capture. This creates GDPR Article 6 and ePrivacy Directive exposure for every customer deploying the SA pixel.
Threat Indicators
Runtime-observed (BTI-C)
Keystroke/mouse tracking
Ignoring CMP signals
Container/loader (neutral)
Claims-vs-Reality (BTI-X)
Hidden data recipients
Exceeds disclosed retention
Tracking continues after opt-out
Security claims vs evidence
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Madison Logic's public claims against observed runtime behavior and identified 6 contradictions.
"Privacy policy: does not use this information to discern your identity"
SA pixel documentation confirms matching cookie/device IDs against DMP database of companies and their respective cookies. Account-level identification via cookie-to-company mapping is identity resolution.
5 more gaps — with regulatory citations and evidence pointers — available with subscription.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
5 for current users · 5 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →