How This Briefing Works
This report opens with key findings, then maps the gaps between what Supermetrics discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Analysis pending. Findings will appear here once intelligence collection is complete.
Disclosure Gaps
Claims vs. Observed Behavior
1 gaps
Pending Analysis
UNKNOWN
They Claim
“Claims extraction pending”
Observed Behavior
Awaiting contextual analysis
Customer Impact
What This Means For You
Organizations using Supermetrics face revenue risk from data aggregation dependency: centralizing marketing intelligence through a single pipeline vendor means any disruption, data quality issue, or access revocation at Supermetrics cascades across all reporting and decision-making. The blended attribution reports risk creating a false sense of measurement accuracy when underlying platform data contains overlapping attribution claims.
Compliance exposure stems from Supermetrics' data controller status and the breadth of marketing data transiting through its systems. Organizations must ensure that sharing marketing analytics data (which may include audience segments, conversion data, and campaign performance metrics that could qualify as personal data under GDPR) with a data controller is supported by appropriate legal basis. The temporary storage of marketing data in Supermetrics systems, even if purged periodically, creates a data processing relationship that must be documented and governed.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
Recommended Actions for Supermetrics
- →- Audit which OAuth tokens and API permissions Supermetrics holds across your marketing platform portfolio, and implement least-privilege access where possible. - Review Supermetrics Data Blending templates for attribution double-counting: verify that cross-platform blended reports deduplicate conversions rather than summing platform-native attribution claims. - Assess the compliance implications of Supermetrics' data controller status and ensure your privacy documentation covers the data sharing arrangement. - Request documentation on Supermetrics' temporary storage purge schedules and data retention practices for each connected data source. - Evaluate whether Supermetrics Storage (BigQuery-based) aligns with your data residency and governance requirements.
Negotiation Leverage
- →Supermetrics' data controller status is the primary leverage point in negotiations. Most marketing data tools operate as data processors, which places the customer in control. Supermetrics' controller arrangement gives them independent rights over the marketing data flowing through their platform. Demand clarification on what Supermetrics does with marketing data beyond customer-directed queries, and negotiate processor status if possible.
- →Key questions: What marketing data does Supermetrics retain after temporary storage purge cycles? How are OAuth tokens secured, and what is the breach notification process if token storage is compromised? Does Supermetrics use aggregated customer data for product improvement, benchmarking, or any purpose beyond direct service delivery? If Supermetrics processes 15% of global ad spend, what data isolation guarantees exist between customers? These questions test the gap between Supermetrics' security marketing and the reality of operating a centralized marketing data hub at massive scale.
IOC Manifest
IOC Manifest
92 INDICATORS
Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*supermetrics.com/_astro/header.astro_astro_type_script_index_2_lang.J0KGZgX2.js*
Tracking script
TRACK
*supermetrics.com/_astro/button.astro_astro_type_script_index_0_lang.B6-_ZrA8.js*
Tracking script
TRACK
*supermetrics.com/_astro/stack-block.astro_astro_type_script_index_0_lang.DdGUqrNx.js*
Tracking script
TRACK
*supermetrics.com/_astro/animated-text.astro_astro_type_script_index_0_lang.UCit0IqL.js*
Tracking script
TRACK
*supermetrics.com/_astro/parallax-hero-block.astro_astro_type_script_index_0_lang.DwIsI3hz.js*
Tracking script
TRACK
*supermetrics.com/_astro/avo.astro_astro_type_script_index_0_lang.ClxpTY_L.js*
Tracking script
TRACK
*supermetrics.com/_astro/amend-start-trial-links.astro_astro_type_script_index_0_lang.CVsjWjPS.js*
Tracking script
TRACK
*supermetrics.com/_astro/ClientRouter.astro_astro_type_script_index_0_lang.DcSP9LZ1.js*
Tracking script
TRACK
*supermetrics.com/_astro/content-modal.astro_astro_type_script_index_0_lang.f578ktYt.js*
Tracking script
TRACK
*supermetrics.com/_astro/scroll-lock.BZ7Q4ozb.js*
Tracking script
TRACK
*supermetrics.com/_astro/Avo.DnzqrsTG.js*
Tracking script
TRACK
*supermetrics.com/_astro/_commonjsHelpers.D6-XlEtG.js*
Tracking script
TRACK
*supermetrics.com/_astro/tslib.es6.DUffjO8F.js*
Tracking script
TRACK
*supermetrics.com/_astro/router.2W7FzLmj.js*
Tracking script
TRACK
*supermetrics.com/_astro/index.CB87Sc6I.js*
Tracking script
TRACK
*supermetrics.com/_astro/ScrollTrigger.Cv03IO65.js*
Tracking script
TRACK
supermetrics.com/_astro/avo.astro_astro_type_script_index_0_lang.ClxpTY_L.js
Auto-extracted from scan
TRACK
supermetrics.com/_astro/button.astro_astro_type_script_index_0_lang.B6-_ZrA8.js
Auto-extracted from scan
TRACK
supermetrics.com/_astro/header.astro_astro_type_script_index_2_lang.J0KGZgX2.js
Auto-extracted from scan
TRACK
supermetrics.com/_astro/animated-text.astro_astro_type_script_index_0_lang.UCit0IqL.js
Auto-extracted from scan
TRACK
supermetrics.com/_astro/parallax-hero-block.astro_astro_type_script_index_0_lang.DwIsI3hz.js
Auto-extracted from scan
TRACK
supermetrics.com/_astro/stack-block.astro_astro_type_script_index_0_lang.DdGUqrNx.js
Auto-extracted from scan
TRACK
supermetrics.com/_astro/content-modal.astro_astro_type_script_index_0_lang.f578ktYt.js
Auto-extracted from scan
TRACK
supermetrics.com/_astro/ClientRouter.astro_astro_type_script_index_0_lang.DcSP9LZ1.js
Auto-extracted from scan
TRACK
supermetrics.com/_astro/amend-start-trial-links.astro_astro_type_script_index_0_lang.CVsjWjPS.js
Auto-extracted from scan
TRACK
supermetrics.com/_astro/scroll-lock.BZ7Q4ozb.js
Auto-extracted from scan
TRACK
supermetrics.com/_astro/Avo.DnzqrsTG.js
Auto-extracted from scan
TRACK
supermetrics.com/_astro/index.CB87Sc6I.js
Auto-extracted from scan
TRACK
supermetrics.com/_astro/ScrollTrigger.Cv03IO65.js
Auto-extracted from scan
TRACK
supermetrics.com/_astro/tslib.es6.DUffjO8F.js
Auto-extracted from scan
TRACK
supermetrics.com/_astro/_commonjsHelpers.D6-XlEtG.js
Auto-extracted from scan
TRACK
supermetrics.com/_astro/router.2W7FzLmj.js
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
Supermetrics sits at the center of the marketing data supply chain as a universal connector. It integrates with virtually every major advertising platform (Google, Meta, LinkedIn, TikTok, Snapchat, Pinterest, Microsoft Ads, Amazon Ads), analytics platforms (Google Analytics, Adobe Analytics), social media platforms, SEO tools, CRM systems, and email marketing platforms. Destination integrations include Google BigQuery, Snowflake, Azure, Google Sheets, Excel, Looker Studio, Power BI, and Tableau.
The platform's position as a data intermediary processing 15% of global ad spend makes it a significant node in the marketing data ecosystem. Supermetrics Storage, built on BigQuery, positions the vendor as not just a pipeline but a data warehousing provider, increasing the duration and depth of data under Supermetrics' control. The Connector Builder feature allows customers to create custom integrations, further expanding the data surface area flowing through Supermetrics infrastructure.
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
92 detection signatures across scripts, domains, cookies, and network endpoints