Executive Summary
Qualified is an AI-powered SDR and pipeline generation platform, recently acquired by Salesforce (December 2025). The platform identifies anonymous website visitors through Clearbit integration and enables real-time engagement through chatbots, live chat, and automated meeting scheduling. Despite SOC2 Type II certification and GDPR/CCPA compliance claims, runtime analysis reveals a 75% pre-consent tracking rate and 12 undisclosed third-party vendors loading on their own website. The Salesforce acquisition significantly expands Qualified's data ecosystem reach, making disclosure gaps more consequential.
Revenue Threat Profile
4 COLLAPSE VECTORSHow this vendor creates financial exposure. Each score (0-100) reflects observed runtime behavior and documented business practices.
CAC Subsidization
Qualified corrupts measurement by identifying visitors before consent, attributing engagement to their AI SDR while obscuring the tracking infrastructure. Pipeline metrics may reflect surveillance-assisted conversion rather than genuine buyer intent, distorting ROI calculations.
Signal Corruption
As a Salesforce-owned platform with Clearbit integration, Qualified feeds visitor identification data into the broader Salesforce ecosystem. Undisclosed ad network pixels (Criteo, Meta, DoubleClick) on their own site demonstrate demand signal leakage to competitors and ad platforms.
Legal Tail Risk
The platform creates significant attack surface through extensive third-party integrations (13+ subprocessors including multiple AI providers). Pre-consent tracking cookies and visitor identification expand data exposure beyond what users consent to.
GTM Attack Surface
75% pre-consent tracking rate directly contradicts GDPR compliance claims. The explicit statement that Qualified does not honor browser DNT signals, combined with undisclosed vendor relationships, creates material consent liability for customers deploying this platform.