How This Briefing Works
This dossier opens with key findings, then maps the gap between what Pulsepoint discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
Briefing
Pulsepoint operates as a healthcare-focused demand-side platform enabling programmatic advertising for pharmaceutical and medical audiences. The platform uses behavioral signals and contextual data to target healthcare professionals and patients across publisher inventory. Deployment reveals behavioral biometrics, cross-domain identity synchronization, and consent bypass mechanisms that create audience profiles for health-related advertising.
What This Means For You
Healthcare advertisers and publishers face three core risks: (1) Audience attribution becomes distorted by health intent misclassification, making pharma campaign effectiveness measurement unreliable. (2) Health-related behavioral data flows through Pulsepoint infrastructure, potentially exposing patient condition research and treatment evaluation patterns. (3) Legal exposure from health data processing creates GDPR/CCPA liability with potential HIPAA considerations if behavioral signals correlate to medical conditions.
Risk Channel Breakdown
Pulsepoint generates healthcare audience classifications and behavioral targeting signals that influence campaign performance (15% signal corruption). These signals can distort attribution by misclassifying health intent or over-crediting programmatic touches in pharma conversions.
The platform observes health-related behavioral data including content consumption, search patterns, and site visits across programmatic inventory (100% CAC subsidization). This intelligence reveals healthcare marketing strategy, audience targeting, and condition-specific campaigns to vendor infrastructure.
Expands attack surface
Cross-domain tracking with identity resolution in healthcare context creates regulatory exposure (55% legal tail risk). The vendor processes health-related behavioral signals across sites, potentially creating HIPAA considerations alongside GDPR/CCPA violations.
Threat Indicators
Runtime-observed (BTI-C)
Keystroke/mouse tracking
Identity stitching
Ignoring CMP signals
PII deanonymization
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Pulsepoint's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
5 for current users · 5 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →