All Vendors
marketing_automation

Netcore

Netcore Cloud is an Indian martech platform deploying a comprehensive behavioral surveillance infrastructure across email, SMS, WhatsApp, web push, in-app messaging, and web personalization channels. Its JavaScript SDK begins tracking anonymous visitors immediately on page load, building shadow profiles that persist and merge with identified user data once any personal identifier is captured — a progressive de-anonymization architecture that operates before users voluntarily provide information.

88 IOCs
0
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Netcore discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

4 gaps

pending

UNKNOWN
They Claim

Awaiting scanner verification

Observed Behavior

No scanner data available for Netcore CE SDK runtime behavior

data_collection

HIGH
They Claim

Data points around users are stored on the client side with none flowing to Netcore servers

Observed Behavior

This claim applies only to client-side nudges — the core SDK, CDP, and campaign systems necessarily transmit behavioral data to Netcore infrastructure for processing

data_collection

MEDIUM
They Claim

Users voluntarily submit personal data

Observed Behavior

The Addressable Anonymous feature collects partial PII from interactions before full voluntary registration, blurring the line between voluntary submission and passive collection

Customer Impact

What This Means For You

Organizations deploying Netcore Cloud face several revenue and operational risks. First, the progressive de-anonymization architecture means your website visitors are being behaviorally profiled from their first page view, which creates GDPR/ePrivacy compliance exposure if your site serves EU visitors and consent is not collected before the SDK initializes. Second, the CDP's cross-channel data aggregation creates a comprehensive behavioral dossier of your customers that resides on Netcore infrastructure — a significant data sovereignty concern given Netcore is headquartered in India and the DPDPA 2023 has different requirements than GDPR. Third, web push notification service workers persist on user devices beyond active sessions, creating an ongoing communication channel that may trigger regulatory scrutiny. Fourth, the Unbxd acquisition means product search and recommendation behavior also feeds into Netcore's behavioral graph, expanding data collection beyond marketing into commerce interactions. Fifth, dependency on Netcore for multi-channel campaign execution creates substantial vendor lock-in — email lists, SMS databases, WhatsApp templates, behavioral segments, and automation workflows are all trapped within the platform.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for Netcore

  • Audit Netcore CE JavaScript SDK initialization to ensure it does NOT begin tracking before your consent management platform collects valid consent — the SDK's default behavior of immediately tracking anonymous visitors likely violates GDPR Article 5(3) requirements for EU-facing websites.\n2. Review the Addressable Anonymous feature configuration and determine whether partial PII collection (email/phone capture before full registration) aligns with your privacy policy's description of data collection practices.\n3. Assess data residency and sovereignty implications — confirm where Netcore stores and processes your customer behavioral data, particularly if you have EU customers, and whether Standard Contractual Clauses or adequacy decisions cover India-to-EU data transfers.\n4. Evaluate web push notification service worker scope to ensure it is limited to notification delivery and does not enable additional background data collection or tracking beyond what users explicitly consented to.\n5. Negotiate data portability rights covering all channels — ensure you can export email lists, behavioral segments, automation workflows, WhatsApp templates, and CDP profiles in standard formats to reduce switching costs and avoid vendor lock-in.

Negotiation Leverage

  • Key leverage points for Netcore Cloud procurement: (1) The Indian martech market is competitive — Clevertap, MoEngage, and WebEngage offer comparable omnichannel engagement capabilities, providing strong alternatives leverage. (2) The Addressable Anonymous feature creates GDPR compliance exposure — negotiate enhanced indemnification and demand that anonymous tracking is disabled by default for EU-facing deployments. (3) Push for contractual clarity on data residency, requiring that EU customer data remains within EU/EEA infrastructure if applicable. (4) Request a complete subprocessor list with data flow documentation, particularly given the Unbxd acquisition expanded Netcore's data processing scope into product discovery. (5) Negotiate data portability guarantees covering all channels (email, SMS, WhatsApp, push, CDP profiles, behavioral segments) in machine-readable formats. (6) Demand audit rights to verify data segregation between clients on the shared platform. (7) The DPDPA 2023 attestation is a positive signal but may not satisfy EU DPA expectations — use this gap as leverage for GDPR-specific contractual commitments and processing restrictions.
IOC Manifest

IOC Manifest

88 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*netcorecloud.com/cdn-cgi/scripts/*/cloudflare-static/email-decode.js*
Tracking script
TRACK
*netcorecloud.com/wp-content/themes/netcoretheme/net-head/js/public.js*
Tracking script
TRACK
*netcorecloud.com/wp-content/themes/netcoretheme/js/mobile.js*
Tracking script
TRACK
*netcorecloud.com/wp-content/themes/netcoretheme/js/header.js*
Tracking script
TRACK
*netcorecloud.com/wp-includes/js/wp-emoji-release.js*
Tracking script
TRACK
netcorecloud.com/wp-content/themes/netcoretheme/net-head/js/public.js
Auto-extracted from scan
TRACK
netcorecloud.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Auto-extracted from scan
TRACK
netcorecloud.com/wp-content/themes/netcoretheme/js/header.js
Auto-extracted from scan
TRACK
netcorecloud.com/wp-content/themes/netcoretheme/js/mobile.js
Auto-extracted from scan
TRACK
netcorecloud.com/wp-includes/js/wp-emoji-release.min.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Netcore Cloud integrates across a broad martech and e-commerce ecosystem. E-commerce: Certified Shopify plugin (launched 2025) for code-free personalization, cart recovery, and lifecycle automation. Mobile measurement: Integrations with MMP platforms for mobile attribution. Messaging: WhatsApp Business API, SMS gateways, email infrastructure (Netcore operates one of the largest email delivery networks globally). Data integration: APIs for connecting CRM systems, data warehouses, and offline data sources into the CDP. iPaaS: Pipedream connectors for workflow automation. AI: Built-in AI engine (Raman AI) for send-time optimization, content recommendations, and predictive analytics. The platform operates primarily in India, Southeast Asia, and the Middle East, with growing presence in Western markets. Netcore also acquired Unbxd (now Netcore Unbxd), adding AI-powered product discovery, search, and recommendation capabilities that further extend behavioral data collection into product interaction and purchase intent signals.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

88 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details