All Vendors
affiliate

TUNE

TUNE (formerly HasOffers) is a foundational affiliate and mobile measurement platform that invented the server-side postback — the industry standard for cross-device conversion tracking. The platform deploys pixel tracking, JavaScript SDKs, mobile attribution SDKs, and server postback infrastructure that collectively enable persistent user identification across app, mobile web, and desktop channels.

37 IOCs
0
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what TUNE discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

3 gaps

pending

UNKNOWN
They Claim

Awaiting scanner verification

Observed Behavior

No scanner data available for TUNE pixel/SDK behavior in the wild

data_use

MEDIUM
They Claim

Data processor only

Observed Behavior

As a white-label platform powering multiple networks, TUNE has aggregate visibility across competing advertisers that exceeds typical processor role

Customer Impact

What This Means For You

Organizations using TUNE face several operational and revenue risks. First, attribution dependency: TUNE controls the measurement logic for your entire partner marketing channel — if attribution is misconfigured or biased, marketing spend allocation across all channels is affected. Second, data exposure through white-label: your conversion data flows through infrastructure shared with other networks and advertisers on the same TUNE instance, creating potential competitive intelligence leakage. Third, mobile SDK liability: the device fingerprinting fallback creates compliance exposure in jurisdictions where fingerprinting requires explicit consent, which most app install flows do not collect. Fourth, Shopify migration risk: TUNE's Shopify integration is transitioning from Additional Scripts to Custom Pixels, and advertisers who don't migrate risk losing conversion tracking. Fifth, the server postback model means conversion data including transaction values permanently leaves your infrastructure and resides on TUNE's servers, creating a data sovereignty consideration for regulated industries.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for TUNE

  • Audit TUNE JavaScript SDK and pixel deployment to confirm consent-first firing order — verify that no TUNE tracking code executes before your consent management platform collects user preferences, especially in GTM and Shopify implementations.\n2. Review the scope of TUNE's ePrivacy certification to determine whether device fingerprinting attribution is covered, and assess your mobile app's consent flow against ePrivacy Directive Article 5(3) requirements.\n3. Evaluate server postback tracking as the primary method over pixel/cookie tracking to minimize client-side data collection, while understanding that server postback still transmits conversion data to TUNE infrastructure.\n4. Request a data segregation audit from TUNE if operating on a shared/white-label instance to understand how your conversion data is isolated from other networks and advertisers on the platform.\n5. Implement conversion data minimization — configure TUNE to receive only the minimum transaction data required for attribution (e.g., conversion event and value) rather than detailed product or customer information.

Negotiation Leverage

  • Key leverage points for TUNE procurement: (1) The affiliate tracking market is highly competitive — Impact, Partnerize, Everflow, and CJ Affiliate all offer comparable functionality, giving strong pricing leverage. (2) Demand clarity on whether device fingerprinting is included in their ePrivacy certification scope, and negotiate indemnification if it is not. (3) If on a white-label/shared instance, negotiate dedicated infrastructure or contractual data segregation guarantees with audit rights. (4) Push for data minimization in the postback configuration — negotiate that TUNE processes only attribution-essential data points rather than full transaction details. (5) Negotiate data portability and export rights for historical attribution data to reduce switching costs. (6) Request contractual prohibition on aggregate/benchmarking use of your conversion data. (7) The Shopify Additional Scripts sunset creates migration urgency — use this as leverage for implementation support and fee concessions during the transition period.
IOC Manifest

IOC Manifest

37 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.tune.com/cdn-cgi/scripts/*/cloudflare-static/rocket-loader.js*
Tracking script
TRACK
*www.tune.com/wp-content/plugins/cornerstone/assets/js/site/flexslider.js*
Tracking script
TRACK
*www.tune.com/wp-content/plugins/cornerstone/assets/js/site/cs-classic.7.7.12.js*
Tracking script
TRACK
www.tune.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Auto-extracted from scan
TRACK
www.tune.com/wp-content/plugins/cornerstone/assets/js/site/flexslider.js
Auto-extracted from scan
TRACK
www.tune.com/wp-content/plugins/cornerstone/assets/js/site/cs-classic.7.7.12.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

TUNE operates at the center of the affiliate and mobile measurement ecosystem with extensive integration points. E-commerce: Shopify (Custom Pixels and GTM integration), with legacy Additional Scripts support being sunset. CRM/Marketing: Salesforce, HubSpot, LinkTrust, Tracking202. Mobile measurement: AppsFlyer (Aggregated Advanced Privacy framework), plus direct SDK integration for Android and iOS. Tag management: Google Tag Manager for web-based conversion tracking deployment. API connectivity: RESTful APIs enabling integration with hundreds of affiliate networks, publisher platforms, and advertiser systems. iPaaS: Tray.ai connector for automated workflows between TUNE and other platforms. TUNE's white-label model means the platform's infrastructure powers branded affiliate networks that may not visibly identify TUNE as the underlying technology, making the full scope of its data processing footprint difficult to assess from the outside.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

37 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details