A boutique analytics agency
Do you know your data flows?
We’re focused on data supply audits, digital optimization, and privacy research.



Data Mapping

Data Security Audits

Ad-hoc Analytics Support

Analytics Rebuilds

Website Audits

Automation Support

DMP Support

Mobile App Audits

Partner Audits

Privacy Research

Sandbox Strategy

ML Training Support
Mission & Vision
User data creates value and risk – and auditing helps to define them.
Do your lawyers know what your growth and marketing teams have been building? Are you auditing partners and the legacy systems for new data supply channels outside your control? Are your clients and users being protected by your own systems with deny lists and sandboxing techniques? Are you at risk of Magecart supply chain attacks? These questions and more must be answered by any good data supply audit.


Analytics Builds & Data Flows
We’re experts in tag management, analytics builds and many types of web and app publishing, with a focus on advertising. If we don’t have the experience to support your project, we’ll try to recommend a peer in the industry who can.

Privacy Research
Our user data privacy research has been featured in a wide variety of industry publications, official complaints, and prominent newspaper articles. We can help with private audits, and research written to be released publicly – whatever the client prefers.

Optimization Audits & Rebuilds
Analytics rebuilds are crucial for optimizing page load speeds, accurately deploying consent management systems, cleaning up tag management deployments, and a wide variety of business objectives that can impact business revenue and user privacy.

User Data Privacy Research
Data Sharing and Data Supply Chain Portability Creates Risk
Our research on user data supply chains and data breaches has been featured in The New York Times, the Financial Times, and numerous industry publications. We believe that organizations should be aggressively auditing their own practices, creating standards and holding partners to those standards, and participating in industry and political discussions about the direction of user data standards and the technical measures needed to collect consent from people while defaulting to the most privacy-safe options.
If you are sharing data or building even modest data supply chains, you must assume inherent risk and conduct nuanced audits into your practices to ensure your policies align with the reality of your technical systems.

Services
What Can We Do For You?

Development Support
We've worked on a wide variety of tech and publishing stacks, and have built dozens of websites. If you are looking for a simple Wordpress website like the one you're staring at, and want zero external network requests in the build, we're happy to try and help with that.

Tag Management & Pixel Audits
We know that most websites have a mixture of page templates and subdomains, and over time, it's common to see a wide variety of javascript data collections across an enterprise. We can help you audit your current collections, organize best practices, and help to ensure that you control all the pixels across your websites.

World Class Research
Are you looking to map a complex data supply chain? Need support to parse a complex technical ecosystem? Our user data privacy research is focused on facts, with clear documentation and actionable details.

Mobile Strategy & Futureproofing
Building mobile apps needs requires an honest discussion about monetization opportunities and the evolving mobile ID landscape. We provide ad-hoc consulting to support mobile app audits and specific strategy discussions and training to help organizations conduct more partner app & SDK audits.

User Data Privacy Audits
Do your lawyers know what your growth and marketing teams have been up to? Do your policies align with your practices? We can help you conduct fine-grained data audits across your websites and apps with an eye towards GDPR & CCPA compliance -- we aren't lawyers, but we'll try to point out exactly where we feel grey areas exist and where we think any data flows could cross ethical or legal lines.

Training & Support
If you aren't flatening your auditing systems, you aren't empowering enough people to take ownership of compliance. We strongly believe that with the right tools, and policy templates discussed through collaboration, more and more people can become data auditors or can support specific types of data auditing projects within an organization.
The Data Blog
Ramblings on User Data, Privacy &
the Global Data Supply Chain
Breitbart.com is Partnering with RT.com & Other Sites via Mislabeled Advertising Inventory
A large group of alt-right sites, low quality publishers, and other websites are mislabeling Ads.Txt publisher relationships and potentially committing a form of advertising fraud. Summary: The Interactive Advertising Bureau’s ads.txt standard is being abused by...
July 2020 Compromised PaF Subdomains (mostly via Microsoft Azure)
This is what many of the compromised subdomain homepages look like — “coming soon” type pages in different languages… Continued from Twitter… please read this thread before engaging… Crowdsourcing research project ahead! Please be extremely careful with the subdomains...
Final Statement of Reasons from The California Attorney General for CCPA Raises Important Questions
Big Data Organizations & Service Providers have weeks to get ready The California Consumer Privacy Act (CCPA)is going to be enforced starting on July 1, 2020 having gone into effect at the start of 2020 — and new guidance from the California Attorney General...
Epic Games Ignored Epic Subdomain Takeover on their Authentication Domain, Promoted $1 Million…
A global hacking group took over Epic Games subdomains, then the problem was swept under the rug by Epic Games. At the end of March, 2020, Epic Games posted on their Twitter account a $1 million bounty for anyone to provide information of any corporate...
The 2020 URL Querystring Data Leaks — Millions of User Emails Leaking from Popular Websites to…
Breaches have been found on websites including Wish.com, JetBlue.com, Quibi.com, WashingtonPost.com, NGPVan.com and numerous other organizations… Most popular websites on the internet are using 3rd party analytics and advertising Javascript code — and depending on how...
What your lawyers say you’re doing VS What your growth team and developers are actually doing ….
CCPA and GDPR force companies to “put pen to paper” about their global user data policies and partner data sharing, but as with any system of accountability in a marketplace, the mere existence of regulatory frameworks that force transparency, don’t ensure that the...
Data Problem? Want a Proposal?
Send us a message and we'll get back to you within 2 business days.