A boutique analytics agency
Do you know your data flows?
We’re focused on data supply audits, digital optimization, and privacy research.
Data Security Audits
Ad-hoc Analytics Support
Mobile App Audits
ML Training Support
Mission & Vision
User data creates value and risk – and auditing helps to define them.
Do your lawyers know what your growth and marketing teams have been building? Are you auditing partners and the legacy systems for new data supply channels outside your control? Are your clients and users being protected by your own systems with deny lists and sandboxing techniques? Are you at risk of Magecart supply chain attacks? These questions and more must be answered by any good data supply audit.
Analytics Builds & Data Flows
We’re experts in tag management, analytics builds and many types of web and app publishing, with a focus on advertising. If we don’t have the experience to support your project, we’ll try to recommend a peer in the industry who can.
Our user data privacy research has been featured in a wide variety of industry publications, official complaints, and prominent newspaper articles. We can help with private audits, and research written to be released publicly – whatever the client prefers.
Optimization Audits & Rebuilds
Analytics rebuilds are crucial for optimizing page load speeds, accurately deploying consent management systems, cleaning up tag management deployments, and a wide variety of business objectives that can impact business revenue and user privacy.
User Data Privacy Research
Data Sharing and Data Supply Chain Portability Creates Risk
Our research on user data supply chains and data breaches has been featured in The New York Times, the Financial Times, and numerous industry publications. We believe that organizations should be aggressively auditing their own practices, creating standards and holding partners to those standards, and participating in industry and political discussions about the direction of user data standards and the technical measures needed to collect consent from people while defaulting to the most privacy-safe options.
If you are sharing data or building even modest data supply chains, you must assume inherent risk and conduct nuanced audits into your practices to ensure your policies align with the reality of your technical systems.
What Can We Do For You?
We've worked on a wide variety of tech and publishing stacks, and have built dozens of websites. If you are looking for a simple Wordpress website like the one you're staring at, and want zero external network requests in the build, we're happy to try and help with that.
Tag Management & Pixel Audits
World Class Research
Are you looking to map a complex data supply chain? Need support to parse a complex technical ecosystem? Our user data privacy research is focused on facts, with clear documentation and actionable details.
Mobile Strategy & Futureproofing
Building mobile apps needs requires an honest discussion about monetization opportunities and the evolving mobile ID landscape. We provide ad-hoc consulting to support mobile app audits and specific strategy discussions and training to help organizations conduct more partner app & SDK audits.
User Data Privacy Audits
Do your lawyers know what your growth and marketing teams have been up to? Do your policies align with your practices? We can help you conduct fine-grained data audits across your websites and apps with an eye towards GDPR & CCPA compliance -- we aren't lawyers, but we'll try to point out exactly where we feel grey areas exist and where we think any data flows could cross ethical or legal lines.
Training & Support
If you aren't flatening your auditing systems, you aren't empowering enough people to take ownership of compliance. We strongly believe that with the right tools, and policy templates discussed through collaboration, more and more people can become data auditors or can support specific types of data auditing projects within an organization.
The Data Blog
Ramblings on User Data, Privacy &
the Global Data Supply Chain
Compromised Godaddy Infrastructure Attacking Numerous U.S. Government Websites to Promote “Canadian Pharmacy” Scam Websites
GoDaddy has responded to this research here, with this statement (lightly redacted, red highlights were added to note ridiculous statements): Zach, [redacted] brought your post to my attention. While this isn't the right forum to dive deep into your article, there's a...
Twitter allowing YouTube fingerprint scraping via ~unknown org, Twitter users including BTS fans are one-click away from a URL redirection data scrape
Today on Twitter, you can't tell which YouTube embeds are actually hiding a dark secret that will share your user data to a totally random organization, which isn't Google or Twitter, and that organization has a business model which appears to include sharing or...
Every advertising network, if you are able to use custom UTM parameters on the link click, you can back-append that social network/ad network's targeting data into your own user database without the consent or knowledge of users -- and it's extremely common for...
President Barack Obama's White House was exceptionally close to Google, but until March 2021, most of the world had no clue the core benefits Google acquired from this relationship until Politico reported on 312 pages of confidential memos proving that antitrust...
A large group of alt-right sites, low quality publishers, and other websites are mislabeling Ads.Txt publisher relationships and potentially committing a form of advertising fraud. Summary: The Interactive Advertising Bureau’s ads.txt standard is being abused by...
This is what many of the compromised subdomain homepages look like — “coming soon” type pages in different languages… Continued from Twitter… please read this thread before engaging… Crowdsourcing research project ahead! Please be extremely careful with the subdomains...
Data Problem? Want a Proposal?
Send us a message and we'll get back to you within 2 business days.