All Vendors
chat

Tidio

Tidio is a live chat and AI chatbot platform that deploys a JavaScript widget on customer websites, providing real-time visitor monitoring with detailed behavioral tracking. The platform captures visitor IP addresses, geographic location, device type, browser information, and browsing behavior in real time. Tidio's Visitors List feature allows operators to see all website visitors and the pages they are browsing as it happens, with the ability to initiate proactive chats based on behavioral triggers. While Tidio stores most widget data in localStorage rather than cookies, the platform's real-time visitor surveillance capabilities and pre-chat data collection create meaningful privacy exposure on customer-facing properties.

259 IOCs
0
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Tidio discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Awaiting scanner verification

Observed Behavior

Scanner validation needed to confirm the full scope of runtime behavior including localStorage usage patterns, network requests to Tidio servers, behavioral trigger execution timing relative to consent, and any cookie deployment despite claims of localStorage-only storage

Customer Impact

What This Means For You

Website visitors on Tidio-equipped sites are subject to real-time behavioral monitoring from page load. The Visitors List feature exposes visitor IP addresses, geographic location, device type, browser, and current page navigation to chat operators. This monitoring occurs regardless of whether the visitor interacts with the chat widget or consents to data collection. Pre-chat surveys can collect personal information (name, email, phone) as a precondition for receiving chat support. For the deploying organization, Tidio's JavaScript widget runs on customer-facing pages with access to the page DOM and visitor behavioral data, creating third-party code execution risk. The localStorage-based persistence means visitor tracking data survives browser sessions without traditional cookie consent mechanisms.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for Tidio

  • - Audit Tidio widget runtime behavior: catalog all network requests, localStorage entries, and DOM interactions triggered by the Tidio JavaScript on your site using browser developer tools. - Review Visitors List data exposure: assess who within the organization can access real-time visitor IP addresses, geolocation, and device data through the Tidio dashboard. - Configure GDPR compliance features: ensure pre-chat consent fields and privacy policy display are active if operating in jurisdictions requiring consent for visitor tracking. - Evaluate behavioral trigger scope: review all active automation triggers and assess whether they require more behavioral data collection than necessary for chat functionality. - Assess localStorage persistence: understand what visitor data Tidio stores in localStorage, how long it persists, and whether it effectively circumvents cookie consent requirements in your jurisdiction.

Negotiation Leverage

  • Tidio's pricing is competitive in the live chat market, but the total cost assessment should include the privacy exposure created by the real-time visitor monitoring system. Push for contractual language limiting the use of visitor behavioral data to chat functionality only -- specifically, ensure that Visitors List data (IP, geolocation, device fingerprinting) is not retained beyond the chat session or used for profiling. If using Lyro AI, demand transparency on whether chat transcripts and visitor behavior data are used for model training across customers. The localStorage-based storage approach should be scrutinized -- while Tidio claims cookies are not used under normal conditions, localStorage persistence may actually create greater tracking exposure since it is not subject to cookie consent mechanisms in most implementations. Competitive alternatives (Intercom, Freshchat, Drift/Salesloft, Zendesk Chat, Crisp) provide negotiation leverage on both pricing and data handling terms.
IOC Manifest

IOC Manifest

259 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*homepage-cdn.tidio.com/_next/static/chunks/*.*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/webpack-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/framework-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/main-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/_app-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/*-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/5bf92e4/_ssgManifest.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/5bf92e4/_buildManifest.js*
Tracking script
EXFIL
*www.tidio.com/_next/data/5bf92e4/index.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/features.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/resources.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/watch-demo.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/blog/cove-case-study.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/blog/eye-oo-case-study.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/ai-agent.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/ai-agent/build-and-integrate.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/ai-agent/lyro-actions.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/ai-agent/lyro-guidance.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/ai-agent/playground.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/ai-agent/product-recommendations.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/visitors-list.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/shared-inbox.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/ai-agent/trust-and-quality.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/live-chat.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/analytics.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/vs/live-chat.json*
Data collection endpoint
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/resources-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/features-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/513-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/watch-demo-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/blog/%5Bslug%5D-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/498-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/live-chat-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/107-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/ai-agent/build-and-integrate-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/ai-agent/lyro-actions-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/ai-agent/lyro-guidance-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/ai-agent-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/ai-agent/playground-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/ai-agent/product-recommendations-*.js*
Tracking script
EXFIL
*www.tidio.com/_next/data/5bf92e4/contact-sales.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/pricing.json*
Data collection endpoint
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/visitors-list-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/ai-agent/trust-and-quality-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/shared-inbox-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/analytics-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/vs/live-chat-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/contact-sales-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/pricing-*.js*
Tracking script
EXFIL
*www.tidio.com/_next/data/5bf92e4/help-desk.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/flows.json*
Data collection endpoint
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/help-desk-*.js*
Tracking script
TRACK
*homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/flows-*.js*
Tracking script
EXFIL
*www.tidio.com/_next/data/5bf92e4/blog/bella-sante-case-study.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/blog/gecko-hospitality-case-study.json*
Data collection endpoint
EXFIL
*www.tidio.com/_next/data/5bf92e4/blog/integratec-case-study.json*
Data collection endpoint
TRACK
homepage-cdn.tidio.com/_next/static/chunks/8563.6261cfff103059b3.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/8261.73970f336db008f1.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/2132.a2f575b041940458.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/6646.c5ac72248a43b987.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/webpack-07909848c965f149.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/framework-75738a6c54ac7ad3.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/main-a036d258bd0494c9.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/_app-90f05873378566d2.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/3496-83b956c1aadbea4c.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/7774-2588e0435135b12d.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/2887-4cd60c680c47cbfd.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/2867-992dbd734ca2353d.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/9720-a74ca5e9905d54da.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/2351-429fe15569b75c63.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/4415-de961c7d8b666f38.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/8678-75917ea7474687a0.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/4714-24738b76d987e84f.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/4578-4e424c56db2c4840.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/5803-46cf3db742a86959.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/3217-95873e79e3e443ad.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/1097-0ef08fb4766edf48.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D-f00ccd9ebf403406.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/5bf92e4/_buildManifest.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/5bf92e4/_ssgManifest.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/1554.c6e08459ca6f4465.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/513-fd75a4c05a70781d.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/2314-a2084e6533f891f0.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/7261-79593e225f7eda4b.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/blog/%5Bslug%5D-d096ebcf19ce3def.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/8992-aa5fc78f68f46aa2.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/498-09dee154d2f68ad8.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/9582-14f221738c69e2e6.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/live-chat-1e4189fa5bc84a81.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/5811-f892a972476eca56.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/3987-ea6cf8a9480f05ea.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/3201-5d431b6353c8ce9a.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/resources-95f68e5ebbccb9e0.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/7154-1ed167a7cb00c2d8.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/features-59c2bf86d7fec998.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/watch-demo-237a3ef47cc944d1.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/ai-agent/build-and-integrate-eed1ec9d5d05040e.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/ai-agent/lyro-actions-b72f96252f08ca2b.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/ai-agent/lyro-guidance-82ce86e73d936df3.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/4882-3526ab71ae0b0662.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/107-8466e7cce7ac1185.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/4419-0c84379db6d6a6b3.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/ai-agent-54179b8261db0c0a.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/3045-0ef1cc2fbf8a570c.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/3873-214406c3572f9c09.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/9827-06515517d3c48d18.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/1194-e896a1ff723976b4.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/ai-agent/playground-6cfa8409636dcffb.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/ai-agent/product-recommendations-7f4fba721355097d.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/contact-sales-4ed4206a59f47432.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/8041-af96ac75ad85bed1.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/9041-e6208c5e31105dd3.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/6933-87e2096981c12477.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/visitors-list-dd0ae3ad2dd32d72.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/ai-agent/trust-and-quality-1bb06d9af2260a4e.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/shared-inbox-62c6df8f34125455.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/4157-ecb59836424635fc.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/analytics-92521a747e194c68.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/7273-748d32fad0865a01.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/3390-356be53eb3b28cc2.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/7487-f1ca00046009c5b0.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/vs/live-chat-12bbf78e307d9497.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/3526-d273a69055d6bffa.js
Auto-extracted from scan
TRACK
homepage-cdn.tidio.com/_next/static/chunks/pages/%5Blocale%5D/pricing-52bccd03dd9eee03.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Tidio integrates with major e-commerce and CMS platforms including Shopify, WordPress, Wix, BigCommerce, and Squarespace through native plugins and JavaScript embedding. The platform connects to CRM and email marketing tools including HubSpot, Mailchimp, Klaviyo, and Salesforce. Tidio also integrates with messaging platforms (Facebook Messenger, Instagram, WhatsApp) and automation tools (Zapier, Make). The Lyro AI chatbot component connects to knowledge bases and help center content. Tidio is commonly deployed alongside Google Analytics, Google Tag Manager, and other marketing technology on e-commerce and SaaS websites.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

259 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details