All Vendors
data_enrichment

Openmart

Data enrichment platform with session recording, pre-consent tracking, and persistent visitor profiling.

7 IOCs27 detections7% pre-consent25 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Openmart discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

27 detections across 25 sites7% pre-consent activity
MEDIUM

Pre-Consent Activity

Openmart was observed loading and executing before user consent was obtained on 7% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

disclosure

MEDIUM
They Claim

Pending claims extraction

Observed Behavior

Broker score (25) and Counselor score (55) indicate data sharing and consent violations. Privacy policy likely lacks disclosure of session recording and persistent identifier usage.

Customer Impact

What This Means For You

Marketing loses visitor enrichment data for audience segmentation and campaign personalization. Sales intelligence degrades without firmographic and demographic context. However, retention creates exposure: regulatory complaints for unlawful tracking, session recording potentially capturing PII before consent, potential data breach if enrichment databases are compromised.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Openmart

  • Implement consent gate before Openmart scripts activate
  • Audit session recording scope to confirm PII handling compliance
  • Review Data Processing Agreement for enrichment data sharing and retention terms
  • Confirm privacy policy discloses visitor profiling and session recording practices

If You're Evaluating Openmart

  • Defer Openmart scripts until post-consent confirmation
  • Require vendor documentation on data source transparency and lawful collection basis
  • Assess first-party enrichment alternatives using consented customer data only
  • Demand technical controls for persistent identifier lifespan limits

Negotiation Leverage

  • Openmart contract may permit enrichment data resale or cross-customer benchmarking - demand opt-out and data isolation
  • Session recordings and persistent profiles may be retained indefinitely - negotiate strict retention limits
  • Confirm enrichment data is not sold to third-party data brokers or shared with competitors
  • Request evidence of GDPR Article 6 lawful basis for session recording and persistent tracking
Runtime Detections

Runtime Detections

3 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C07Session Recording

Full session replay

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C15Tag Manager

Container/loader (neutral)

IOC Manifest

IOC Manifest

4 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

No indicators in this category

Ecosystem

Ecosystem & Supply Chain

Openmart integrates with CRM systems, marketing automation platforms, and data management tools. Enrichment data may flow to industry databases for cross-customer benchmarking. Often deployed with complementary tracking vendors that benefit from shared visitor profiles.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

7 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details