How This Briefing Works
This report opens with key findings, then maps the gaps between what Showpad discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Analysis pending. Findings will appear here once intelligence collection is complete.
Disclosure Gaps
Claims vs. Observed Behavior
1 gaps
pending
UNKNOWN
They Claim
“Awaiting scanner verification”
Observed Behavior
No runtime scan data available yet for showpad.com tracking endpoints or embedded content analytics scripts
Customer Impact
What This Means For You
Organizations using Showpad are tracking every interaction prospects have with shared sales content. Page-by-page views, time spent on slides, downloads, forwards, and re-visits are all monitored and reported to sellers through analytics dashboards. If you are a Showpad customer, your content engagement data feeds AI-powered recommendations that shape how sellers interact with you. Shared Spaces create persistent tracking environments where all stakeholder activity is visible to the selling organization. Organizations evaluating whether to engage with content shared via Showpad should understand that accepting the consent dialog enables comprehensive behavioral tracking. Cookie-based tracking persists for up to 14 days. Content engagement patterns, including which competitor comparisons or pricing pages you spend time on, are visible to the seller and may influence their follow-up strategy and negotiation positioning.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
Recommended Actions for Showpad
- →Audit consent configuration: Review which of Showpad's three consent options is active and whether prospects are adequately informed about the scope of content engagement tracking. 2. Review Shared Spaces tracking: Understand what buyer-side data is collected in digital sales rooms and how it is surfaced to sellers and sales management. 3. Assess CRM data flows: Map how Showpad engagement data synchronizes with Salesforce or Dynamics and which downstream tools or reports consume this data. 4. Evaluate cookie retention: The default 14-day cookie tracking window should be reviewed against your privacy policy commitments and regional regulations. 5. Review Bigtincan merger implications: Assess whether the expanded platform footprint has changed data processing agreements, sub-processors, or the scope of collected data.
Negotiation Leverage
- →When negotiating with Showpad, request clarity on: (a) the complete scope of content engagement tracking, including exactly what behavioral data is collected at the page, slide, and session level; (b) how the Bigtincan merger has affected data processing agreements, sub-processor lists, and data residency; (c) whether engagement tracking can be granularly configured per content type or Shared Space, rather than as a global setting; (d) data retention policies for prospect engagement data and whether you maintain deletion rights for buyer-side behavioral records; (e) how PitchAI and other AI features use collected engagement data, including whether data is used for model training across customers. Showpad's EU origin and GDPR-first approach is a negotiating strength, but push for specifics on what constitutes adequate consent disclosure for the depth of tracking the platform performs.
IOC Manifest
IOC Manifest
104 INDICATORS
Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*showpad.com/wp-content/themes/showpad/dist/js/libs.js*
Tracking script
TRACK
*showpad.com/wp-content/themes/showpad/dist/js/scripts.js*
Tracking script
TRACK
*showpad.com/metrics/*
Tracking script
TRACK
*learn.showpad.com/js/forms2/js/forms2.js*
Tracking script
TRACK
*showpad.com/wp-content/themes/showpad/dist/js/utm.js*
Tracking script
TRACK
*showpad.com/wp-content/themes/showpad/dist/js/marketo.js*
Tracking script
TRACK
*showpad.com/wp-content/themes/showpad/dist/js/Sandbox.js*
Tracking script
TRACK
*learn.showpad.com/index.php/form/getForm*
Tracking script
TRACK
*showpad.com/wp-content/themes/showpad/dist/js/tiny-slider.js*
Tracking script
TRACK
showpad.com/wp-content/themes/showpad/dist/js/libs.js
Auto-extracted from scan
TRACK
learn.showpad.com/js/forms2/js/forms2.min.js
Auto-extracted from scan
TRACK
showpad.com/wp-content/themes/showpad/dist/js/scripts.js
Auto-extracted from scan
TRACK
showpad.com/metrics/
Auto-extracted from scan
TRACK
showpad.com/wp-content/themes/showpad/dist/js/utm.js
Auto-extracted from scan
TRACK
showpad.com/wp-content/themes/showpad/dist/js/marketo.js
Auto-extracted from scan
TRACK
showpad.com/wp-content/themes/showpad/dist/js/Sandbox.js
Auto-extracted from scan
TRACK
learn.showpad.com/index.php/form/getForm
Auto-extracted from scan
TRACK
showpad.com/wp-content/themes/showpad/dist/js/tiny-slider.js
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
Showpad integrates deeply with Salesforce and Microsoft Dynamics 365, synchronizing all content engagement data including offline interactions directly into CRM records. The 2024 merger with Bigtincan created a combined platform spanning content management (Showpad Content), seller training (Showpad Coach), buyer engagement (Shared Spaces), and AI-powered intelligence. The platform also integrates with marketing automation tools, document management systems, and learning management platforms. Showpad's Shared Spaces function as digital sales rooms where all buyer-side interactions are tracked and attributed. PitchAI and AI-powered search features leverage collected engagement data to optimize content recommendations and seller coaching. The platform supports offline access with deferred data synchronization, meaning engagement tracking continues even without network connectivity.
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
104 detection signatures across scripts, domains, cookies, and network endpoints