How This Briefing Works
This dossier opens with key findings, then maps the gap between what Minerva discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
Briefing
Minerva functions as an enterprise identity resolution and customer data platform that systematically deanonymizes website visitors and synchronizes behavioral profiles across organizational touchpoints. While marketed as customer experience optimization, runtime evidence reveals comprehensive surveillance infrastructure including behavioral biometrics (C06), session recording (C07), cross-domain identity synchronization (C08), consent bypass mechanisms (C09), and persistent identity resolution (C14). The platform operates as a shadow CRM that tracks individuals across multiple domains and devices, building unified profiles that persist regardless of user privacy choices. Deployments typically integrate with marketing automation, CRM systems, and analytics platforms to create comprehensive behavioral dossiers.
What This Means For You
Marketing teams operate under false precision illusion where Minerva-resolved identity attribution masks actual customer journey complexity and multi-touch dynamics. Revenue operations teams inherit massive consent liability from behavioral biometrics collection and cross-domain tracking that privacy policies fail to disclose. Security teams face expanded attack surface from identity synchronization infrastructure that creates single points of failure across customer data ecosystem. Legal teams confront regulatory exposure from GDPR/CPRA violations inherent in consent bypass and undisclosed biometric data processing. The platform creates permanent CAC inflation by feeding your first-party behavioral intelligence into competitor demand platforms through identity graph partnerships.
Risk Channel Breakdown
Minerva creates a parallel reality where every visitor interaction is resolved to a persistent identity profile regardless of login state or consent choices. Your analytics show anonymous traffic patterns while Minerva maintains shadow records linking behaviors to specific individuals across sessions and devices. Marketing attribution models built on Minerva data systematically misrepresent customer journeys by collapsing multi-touch paths into single-identity narratives that optimize for Minerva platform engagement rather than actual conversion drivers.
Every identity resolution performed by Minerva creates a tradable asset in the customer data marketplace. The platform maintains bidirectional data feeds with identity graph vendors, marketing clouds, and demand-side platforms. Your first-party behavioral data becomes training data for Minerva competitive intelligence products sold to industry peers and market research firms. CAC inflation is structural: competitors access your audience intent signals through Minerva data cooperative arrangements marketed as industry benchmarking.
Expands attack surface
Minerva comprehensive surveillance capabilities (C06-C09, C14) trigger GDPR Article 35 DPIA requirements and CPRA sensitive personal information protections that most deployments ignore. Behavioral biometrics collection constitutes biometric data processing under multiple state laws requiring explicit opt-in consent. Cross-domain tracking and consent bypass mechanisms create regulatory exposure under FTC deception standards and state consumer protection statutes. The platform identity resolution contracts likely violate customer reasonable privacy expectations established in privacy policies.
Threat Indicators
Runtime-observed (BTI-C)
Keystroke/mouse tracking
Full session replay
Identity stitching
Ignoring CMP signals
PII deanonymization
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Minerva's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
4 for current users · 4 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →