Demandbase is positioned as account intelligence: it tells B2B marketing teams which companies are visiting their site and helps target those accounts with advertising. The underlying mechanism collects individual visitor IP addresses, behavioral data, and session signals, then enriches them with firmographic data. IP addresses are personal data under GDPR. The account-level framing that makes Demandbase attractive to B2B marketers does not create an exemption from individual privacy obligations, and most Demandbase deployments are added by marketing teams without a consent review.
Marketing and Analytics
Demandbase is an account-based marketing platform that uses IP address resolution, behavioral tracking, and firmographic enrichment to identify company visitors on B2B websites and enable targeted advertising and personalization toward those accounts.
Trademark
Demandbase is a trademark of Demandbase, Inc.. Lokker is not affiliated with or endorsed by Demandbase, Inc..
Risk and failure modes
Demandbase is consistently described in sales and marketing contexts as company-level intelligence, not individual tracking. That framing leads privacy and legal teams to deprioritize or skip consent review. The data collection is individual-level, and the regulatory obligations follow from that reality.
Demandbase resolves visitor IP addresses to infer company affiliation. GDPR explicitly classifies IP addresses as personal data. Collecting and processing IP addresses for company identification requires a valid legal basis, regardless of whether the output is described as account-level data.
Demandbase collects individual page views, session signals, and engagement data to build account-level intent scores. The underlying data is personal before it is aggregated. That collection requires consent or another valid legal basis at the individual level.
When Demandbase uses collected data to serve or target advertising toward identified accounts, that data sharing with the Demandbase advertising network is a processing activity subject to opt-out rights under the CPRA and GDPR consent requirements.
Consent and configuration
The professional context of B2B site visitors does not reduce their individual privacy rights. A procurement manager visiting a vendor site retains GDPR rights over their IP address and behavioral data. Demandbase deployments need consent category assignments and blocking conditions in the same way consumer advertising trackers do.
Demandbase tags should be assigned to an Analytics or Advertising consent category and blocked in the reject state through the active CMP or tag manager.
GPC signal handling needs a blocking condition at the tag or CMP level. Demandbase does not independently process GPC signals in the browser.
If Demandbase is used for advertising targeting (Demandbase Advertising), that product needs its own consent condition separate from any analytics or intent data collection configuration.
Regional compliance
GDPR does not distinguish between B2B and B2C data subjects. A professional visiting a website in their work capacity retains individual rights over their personal data, including their IP address. European deployments of Demandbase require a valid legal basis for IP address collection and behavioral tracking. In California, Demandbase's use of individual behavioral data to build audience segments and enable advertising targeting falls within the scope of opt-out of sale and sharing rights under the CPRA (which amended and strengthened the CCPA).
How Lokker helps
Lokker detects Demandbase across your properties, validates whether it fires in pre-consent and opt-out states, and surfaces the network-layer evidence that confirms whether B2B visitor data collection is operating within the consent framework.
Consent Validator tests whether Demandbase fires before opt-in, after rejection, and in GPC states, providing the evidence needed to confirm or remediate consent configuration on B2B properties.
Explore Consent ValidatorPrivacy Edge detects Demandbase across all your properties, scores it in the tracker risk category, and flags B2B sites where account intelligence tooling is deployed without consent conditions.
Explore Privacy EdgeExplore Lokker
Each product links to its full details so you can explore features, view a demo, and understand how it applies to your Demandbase deployment.
Validation
Validates whether Demandbase fires in pre-consent, reject, and GPC states on B2B properties.
Explore Consent ValidatorIntelligence
Detects Demandbase across all properties and flags account intelligence tools deployed without consent conditions.
Explore Privacy EdgeMarketing and Analytics
Next step
Lokker runs automated browser-level consent flows and scans the network layer to confirm whether Demandbase fires in states where it should not.