All Vendors
marketing_automation

Sailthru

Sailthru is a Marigold-owned cross-channel personalization engine that builds persistent behavioral profiles through JavaScript tracking cookies, email beacons, and anonymous-to-known identity stitching, creating comprehensive individual dossiers that follow users from first anonymous visit through lifetime engagement.

4 IOCs
0
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Sailthru discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

2 gaps

pending

UNKNOWN
They Claim

Awaiting scanner verification

Observed Behavior

Sailthru deploys JavaScript from sail-horizon.com and drops multiple tracking cookies that require runtime analysis to determine pre-consent firing behavior, actual data transmission scope, and third-party data sharing patterns.

data_flow

MEDIUM
They Claim

Marigold data sharing boundaries unverified

Observed Behavior

Sailthru operates under Marigold (formerly CM Group, formerly Zeta Global acquisition target). The data boundaries between Sailthru, Campaign Monitor, Emma, Cheetah Digital, and other Marigold properties have not been independently verified.

Customer Impact

What This Means For You

Organizations deploying Sailthru should understand three key exposure areas. First, behavioral data permanence: the anonymous-to-known identity stitching means all pre-identification browsing behavior becomes permanently attached to customer profiles, expanding the scope of data subject access requests and deletion obligations under GDPR and CCPA. Second, measurement circularity: Sailthru's self-referential optimization loop — where it measures behavior, modifies experiences, then measures the modified behavior — makes independent ROI validation difficult and creates dependency on Sailthru's own performance narratives. Third, corporate consolidation risk: Marigold's acquisition-driven growth means Sailthru's data governance is subject to corporate restructuring, parent company policy changes, and potential cross-brand data sharing that customers may not have anticipated when they selected Sailthru as a standalone product.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for Sailthru

  • - Audit Sailthru JavaScript cookie deployment timing to verify whether sailthru_content and sailthru_hid cookies fire before or after consent collection on your properties - Review Marigold's data processing agreement for cross-brand data sharing provisions between Sailthru, Campaign Monitor, Cheetah Digital, and other Marigold entities - Implement the GDPR Do Not Track option Sailthru provides to ensure anonymous tracking respects user opt-out preferences before identification - Document the full scope of anonymous behavioral data that gets retroactively stitched to identified profiles and assess GDPR data minimization compliance - Establish independent engagement measurement alongside Sailthru's reported metrics to validate personalization effectiveness claims

Negotiation Leverage

  • Sailthru's position within the Marigold conglomerate creates negotiation leverage around data governance boundaries. Marigold has assembled multiple marketing platforms through acquisition (CM Group acquired Sailthru, then rebranded to Marigold after further consolidation). Negotiators should demand: (1) explicit contractual prohibitions on cross-brand data sharing within the Marigold portfolio, (2) data isolation guarantees that survive future corporate restructuring or acquisition, (3) transparency into what anonymous behavioral data is collected before user identification and how long it persists, and (4) audit rights covering both Sailthru's direct data handling and any Marigold parent-level data processing. The anonymous-to-known stitching capability is the key risk to pin down contractually — demand explicit consent requirements before retroactive profile merging occurs.
IOC Manifest

IOC Manifest

4 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

No indicators in this category

Ecosystem

Ecosystem & Supply Chain

Sailthru operates within the Marigold family (formerly CM Group), which includes Campaign Monitor, Emma, Cheetah Digital, and Vuture. This conglomerate structure means customer data flows through a multi-brand corporate entity with shared infrastructure. Sailthru integrates with major e-commerce platforms (Shopify, Magento, BigCommerce), deploys through tag managers (Google Tag Manager, Tealium), and connects to data warehouses and analytics platforms. The platform's JavaScript loads from sail-horizon.com, creating an external dependency on Marigold-controlled infrastructure for personalization delivery. Common co-deployments include Google Analytics, Segment, and various A/B testing tools, creating layered behavioral observation across the customer journey.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

4 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details