A boutique analytics agency
Do you know your data flows?
We’re focused on data supply audits, digital optimization, and privacy research.
Data Mapping
Data Security Audits
Ad-hoc Analytics Support
Analytics Rebuilds
Website Audits
Automation Support
DMP Support
Mobile App Audits
Partner Audits
Privacy Research
Sandbox Strategy
ML Training Support
Mission & Vision
User data creates value and risk – and auditing helps to define them.
Do your lawyers know what your growth and marketing teams have been building? Are you auditing partners and the legacy systems for new data supply channels outside your control? Are your clients and users being protected by your own systems with deny lists and sandboxing techniques? Are you at risk of Magecart supply chain attacks? These questions and more must be answered by any good data supply audit.
Analytics Builds & Data Flows
We’re experts in tag management, analytics builds and many types of web and app publishing, with a focus on advertising. If we don’t have the experience to support your project, we’ll try to recommend a peer in the industry who can.
Privacy Research
Our user data privacy research has been featured in a wide variety of industry publications, official complaints, and prominent newspaper articles. We can help with private audits, and research written to be released publicly – whatever the client prefers.
Optimization Audits & Rebuilds
Analytics rebuilds are crucial for optimizing page load speeds, accurately deploying consent management systems, cleaning up tag management deployments, and a wide variety of business objectives that can impact business revenue and user privacy.
User Data Privacy Research
Data Sharing and Data Supply Chain Portability Creates Risk
Our research on user data supply chains and data breaches has been featured in The New York Times, the Financial Times, and numerous industry publications. We believe that organizations should be aggressively auditing their own practices, creating standards and holding partners to those standards, and participating in industry and political discussions about the direction of user data standards and the technical measures needed to collect consent from people while defaulting to the most privacy-safe options.
If you are sharing data or building even modest data supply chains, you must assume inherent risk and conduct nuanced audits into your practices to ensure your policies align with the reality of your technical systems.
Services
What Can We Do For You?
Development Support
We've worked on a wide variety of tech and publishing stacks, and have built dozens of websites. If you are looking for a simple Wordpress website like the one you're staring at, and want zero external network requests in the build, we're happy to try and help with that.
Tag Management & Pixel Audits
We know that most websites have a mixture of page templates and subdomains, and over time, it's common to see a wide variety of javascript data collections across an enterprise. We can help you audit your current collections, organize best practices, and help to ensure that you control all the pixels across your websites.
World Class Research
Are you looking to map a complex data supply chain? Need support to parse a complex technical ecosystem? Our user data privacy research is focused on facts, with clear documentation and actionable details.
Mobile Strategy & Futureproofing
Building mobile apps needs requires an honest discussion about monetization opportunities and the evolving mobile ID landscape. We provide ad-hoc consulting to support mobile app audits and specific strategy discussions and training to help organizations conduct more partner app & SDK audits.
User Data Privacy Audits
Do your lawyers know what your growth and marketing teams have been up to? Do your policies align with your practices? We can help you conduct fine-grained data audits across your websites and apps with an eye towards GDPR & CCPA compliance -- we aren't lawyers, but we'll try to point out exactly where we feel grey areas exist and where we think any data flows could cross ethical or legal lines.
Training & Support
If you aren't flatening your auditing systems, you aren't empowering enough people to take ownership of compliance. We strongly believe that with the right tools, and policy templates discussed through collaboration, more and more people can become data auditors or can support specific types of data auditing projects within an organization.
The Data Blog
Ramblings on User Data, Privacy &
the Global Data Supply Chain
ICYMI 2019 SEC NOTICE: Restructuring the Corporate Governance of the Yandex Group with a new Putin-aligned “Public Interest Foundation”
The contents below were directly copied/pasted from this SEC report submitted by Yandex @ https://www.sec.gov/Archives/edgar/data/1513845/000110465919064935/a19-23249_1ex99d2.htm The only change is to highlight several sections in green, yellow and red that should be...
SafeGraph Claimed to Not Deanonymize Individuals, Partnered with Former Yandex Data Scraper with a Shell Company Who Openly Scraped U.S. Government Datasets to Build SafeGraph Integration for Ad Targeting
For a significant period of time, and until relatively recently, registered California data broker SafeGraph was providing an “Ad Targeting” user data appending service that openly used a 100+ million person-to-home-ownership database in the United States, openly...
Compromised Godaddy Infrastructure Attacking Numerous U.S. Government Websites to Promote “Canadian Pharmacy” Scam Websites
GoDaddy has responded to this research here, with this statement (lightly redacted, red highlights were added to note ridiculous statements): Zach, [redacted] brought your post to my attention. While this isn't the right forum to dive deep into your article, there's a...
Twitter allowing YouTube fingerprint scraping via ~unknown org, Twitter users including BTS fans are one-click away from a URL redirection data scrape
Today on Twitter, you can't tell which YouTube embeds are actually hiding a dark secret that will share your user data to a totally random organization, which isn't Google or Twitter, and that organization has a business model which appears to include sharing or...
Scraping an ad network and back appending their targeting data into new leads – a common tactic
Every advertising network, if you are able to use custom UTM parameters on the link click, you can back-append that social network/ad network's targeting data into your own user database without the consent or knowledge of users -- and it's extremely common for...
Is President Biden giving Google a White House Handout on FloC?
President Barack Obama's White House was exceptionally close to Google, but until March 2021, most of the world had no clue the core benefits Google acquired from this relationship until Politico reported on 312 pages of confidential memos proving that antitrust...
Data Problem? Want a Proposal?
Send us a message and we'll get back to you within 2 business days.