QA mode · Tier:PUBLIC(override via ?tier=paid | premium)
← All Vendors
marketing_automation
TrenDemon

TrenDemon

Privacy policy claims they "do not collect, retain or share any data regarding a particular user or device on sites not owned by TrenDemon" — while the product explicitly performs Account Deanonymization and persona-level tracking across 261 customer sites. 15.9% pre-consent rate with advertising networks loading before consent.

138 IOCs observed6 detections67% pre-consent5 sites
90
Vendor Risk Score
Tier: HOSTILE
Observation Coverage

BLACKOUT observes runtime behavior in the browser. This dossier reflects browser-side execution, which is one of five vendor data-egress classes. Server-to-server transfers, backend integrations, and offline data flows are outside this observation boundary.

BLACKOUT observes runtime behavior and cites the regulations that address that behavior pattern. Legal determinations are the customer's counsel's call.

How This Briefing Works

This dossier opens with key findings, then maps the gap between what TrenDemon discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.

Key Findings

At a Glance

Detections
6

across 5 sites

Pre-Consent Rate
67%

vendor fires before consent

Disclosure Gaps
4

2 CRIT · 2 HIGH

Claims-vs-Reality Classified
BTI-X01BTI-X02BTI-X04BTI-X05BTI-X08BTI-X09
Summary

Briefing

TrenDemon is an Israeli B2B marketing personalization platform that provides "Account Deanonymization" and attribution services. Despite privacy policy claims that they "do not collect, retain or share any data regarding a particular user or device on sites not owned by TrenDemon," the product explicitly performs visitor identification at scale. Runtime scans reveal 15.9% pre-consent tracking across 261 customer sites, with 8 third-party vendors loading pre-consent on TrenDemon's own website including advertising networks (Sojern, DoubleClick) and identity resolution services (Crunchbase). The gap between stated scope ("attribution software") and actual functionality (deanonymization, persona-level tracking) represents a critical disclosure failure.

Customer Impact

What This Means For You

If TrenDemon performs attribution and personalization on your site, their platform identifies anonymous visitors through Account Deanonymization — directly contradicting their privacy policy claim of not collecting data on non-owned sites. Under GDPR Art 5(1)(a) and Art 13, you must transparently disclose this identification to your visitors. The 15.9% pre-consent rate means roughly 1 in 6 TrenDemon interactions fire before consent, including advertising networks Sojern and DoubleClick that are not disclosed. Persona-level tracking distinguishes specific buyer roles within accounts, creating detailed profiles that go far beyond the "attribution software" positioning. TrenDemon holds no visible security certifications (no SOC2, no ISO), leaving you without independent assurance for a vendor processing person-level identification data.

Collapse Engine

Risk Channel Breakdown

Oracle
Truth Collapse
40

TrenDemon corrupts measurement by operating as undisclosed visitor identification infrastructure. Marketing teams believe they are using attribution software while actually deploying identity resolution that tracks individuals across sessions. The 15.9% pre-consent rate means measurement data includes unconsented tracking, poisoning attribution accuracy from the foundation.

Broker
Control Collapse
100

TrenDemon's integration with Crunchbase, Sojern, and other undisclosed third parties creates demand signal leakage. Account-level visitor data flows to advertising networks and data brokers, enabling competitors to target the same high-intent accounts. The persona-level tracking capability means specific buyer roles within accounts are exposed.

Reaper
Safety Collapse
0

The JavaScript deploys with elevated access to customer sites, collecting browsing behavior, engagement patterns, and account information. Pre-consent tracking creates unaudited attack surface. The 8 undisclosed vendors on their own site demonstrate supply chain opacity - customers cannot assess the full data flow.

Counselor
Legitimacy Collapse
100

GDPR Article 6 requires lawful basis before processing. 15.9% pre-consent tracking rate is direct violation. The privacy policy scope statement (no user/device data collection on third-party sites) directly contradicts the product's core deanonymization functionality, creating material misrepresentation liability. Customers deploying TrenDemon inherit these consent violations.

BTI Codes

Threat Indicators

Runtime-observed (BTI-C)

BTI-C01
Defeat Device

Evasion infrastructure, auditor bypass

BTI-C06
Behavioral Biometrics

Keystroke/mouse tracking

BTI-C07
Session Recording

Full session replay

BTI-C08
Cross-Domain Sync

Identity stitching

BTI-C09
Consent Bypass

Ignoring CMP signals

BTI-C10
Fingerprinting

Device identification

BTI-C14
Identity Resolution

PII deanonymization

BTI-C15
Tag Manager

Container/loader (neutral)

Claims-vs-Reality (BTI-X)

BTI-X01
Undisclosed Party

Not in privacy policy

BTI-X02
Undisclosed Sharing

Hidden data recipients

BTI-X04
Marketing Mismatch

Behavior contradicts marketing

BTI-X05
Compliance Claim Mismatch

False certification claims

BTI-X08
Scope Creep

Collection exceeds disclosed scope

BTI-X09
Data Security Discrepancy

Security claims vs evidence

5
BTI Consequences Identified

Per-code narrative explanations of what each detected behavior means for your organization

Available in VIDB Subscription

Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →

Disclosure Gaps

Claims vs. Reality

4
Gaps Observed
2 CRITICAL2 HIGH

BLACKOUT analyzed TrenDemon's public claims against observed runtime behavior and identified 4 contradictions.

BTI-X01BTI-X02BTI-X04BTI-X05BTI-X08BTI-X09
Featured Gap
Scope Misrepresentation
CRITICAL
They Claim

"Does not collect, retain or share any data regarding a particular user or device on sites not owned by TrenDemon"

BLACKOUT Observed

Product explicitly performs Account Deanonymization, persona-level tracking, and distinguishes individuals within companies over extended periods

3 more gaps — with regulatory citations and evidence pointers — available with subscription.

Available in VIDB Subscription

Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →

Recommended Actions

What To Do

Recommended Actions
10

5 for current users · 5 for evaluators

Negotiation Leverage
5

contractual leverage points

Available in VIDB Subscription

Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →

Ecosystem

Supply Chain & Pairings

Subprocessor Disclosure Gap
0undisclosed

Claims 2, observed 2

Commonly Paired With
10

twitter-pixel, adobelaunch, ensighten

Available in VIDB Subscription

Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →

Profile: trendemonFirst Seen: 2025-12-28Last Updated: 2026-01-22