Drift is a conversational marketing platform that goes beyond chat. It integrates with account intelligence databases to identify anonymous visitors by company and contact and then triggers personalized messaging flows. That account-matching capability depends on visitor identification that begins at page load, before any consent interaction, and draws on data from sources outside your site entirely.
Marketing and Analytics
Drift is a conversational marketing and sales platform, now part of Salesloft, that provides chat, AI-powered messaging, and account-based visitor identification to help sales and marketing teams engage website visitors in real time.
Trademark
Drift is a trademark of Salesloft, Inc.. Lokker is not affiliated with or endorsed by Salesloft, Inc..
Risk and failure modes
Traditional chat tools wait for a visitor to click. Drift's core value proposition is proactive engagement driven by who the visitor is, including their company, role, and intent signals. That intelligence gathering starts immediately, often from data sources that the visitor never knowingly provided to your company.
Drift matches the visitor's IP address and browser attributes against B2B contact databases to identify their employer and infer their role. This processing occurs immediately on page load and does not require the visitor to interact with the chat.
Drift tracks which pages the visitor views, how long they spend on each, and which content they engage with, then feeds that data into intent scoring models. This behavioral profile is built before any consent choice is offered.
Drift connects to CRM systems and enrichment databases to supplement visitor profiles with data your company holds elsewhere. Personal data may flow between systems before a consent state is established.
Drift links anonymous and identified sessions to build a visit history for known contacts. Visitors returning to your site are recognized and targeted even if they cleared cookies, using fingerprinting and account-matching fallbacks.
Consent and configuration
Profiling visitors based on their company, role, and browsing behavior is a recognized processing activity under GDPR and a target of US state privacy laws that restrict behavioral advertising and profiling. A consent configuration that only gates the chat widget may leave the underlying identification and tracking uncovered.
The full Drift SDK, including its visitor identification scripts and account intelligence integrations, must be blocked in no-consent and reject states.
CRM and enrichment integrations that transfer personal data into or out of Drift should be covered by your consent and legitimate-interest assessments.
GPC signals must stop behavioral profiling and intent scoring in US jurisdictions that recognize GPC as an opt-out from sale and sharing of personal data.
Any automated messaging flow triggered by visitor identity or intent data requires a valid legal basis for the processing that feeds the trigger.
Regional compliance
GDPR does not distinguish between consumer and business contact data; employee information is personal data. US state laws increasingly recognize that profiling based on online behavior, including B2B visitor identification, can constitute sale or sharing of personal data. California's CPRA, Colorado's CPA, and related statutes create opt-out rights that apply to the behavioral data Drift's platform relies on.
How Lokker helps
Lokker tests whether the Drift SDK loads, whether visitor identification scripts fire, and whether any data reaches Drift or its enrichment partners in no-consent, reject, and GPC states.
Consent Validator automates browser flows across all consent states and captures the complete network activity generated by Drift, including identification calls, intent scoring requests, and CRM integration payloads.
Explore Consent ValidatorPrivacy Edge detects Drift across your web properties and identifies the pages where account intelligence and behavioral scoring are most active, so remediation effort is prioritized correctly.
Explore Privacy EdgeGuardian blocks the Drift SDK and its downstream integrations at the network layer so visitor identification and behavioral profiling cannot occur in unauthorized consent states.
Explore GuardianExplore Lokker
Each product links to its full details so you can explore features, view a demo, and understand how it applies to your Drift deployment.
Validation
Tests whether Drift identification and tracking fires in pre-consent and reject states.
Explore Consent ValidatorIntelligence
Detects Drift and its enrichment connections across all web properties.
Explore Privacy EdgeEnforcement
Blocks Drift SDK and visitor-matching requests before any data reaches Drift servers.
Explore GuardianMarketing and Analytics
Before you deploy
Marketing teams often evaluate tools on performance and features. These privacy questions are worth settling before the script goes live, because fixing them after a complaint is significantly more expensive.
Have you assessed whether visitor deanonymization using IP and firmographic data requires consent or a legitimate-interest basis in your target markets?
Does your CMP block the Drift SDK in full, or only the chat interface, when consent is not given?
Do your CRM and enrichment integrations that feed Drift have appropriate data-sharing agreements and legal bases?
Have you reviewed whether Drift's behavioral intent scoring qualifies as profiling under GDPR or sale and sharing under CCPA and related state laws?
Next step
Lokker runs automated browser-level consent flows and scans the network layer to confirm whether Drift fires in states where it should not.