Company vs. Person: The Right Approach to Website Visitor Identification

You walk into a bookstore (or vape shop, whatever) to pick up a book (or a... Lost Mary?) for a friend. You pause in front of a shelf on cybersecurity. Before you can even touch a book, the clerk appears out of nowhere:

“Hi, it’s Sarah from IBM, we noticed you lingered there for a touch over 18 seconds.

I’ve let the sales rep know you are definitely interested in buying something, so they’ll be following you around for a few weeks. Oh, and we know where you live.

Yes, you definitely agreed to share all this data with us.

Have fun!”

That’s what “person-level website deanonymization” feels like.

Not only are you now going to actively avoid this store, you definitely aren’t going to buy anything, as you weren’t even the targeted customer they thought you were!

And yet, a growing number of vendors are pitching it as the next frontier of B2B marketing. They promise they can identify not just which company is visiting your site, but exactly who that person is. Supposedly, you’ll know that Jane Doe from Acme Corp, in IT procurement, is on your pricing page right now.

It sounds powerful. Imagine the deals you’ll close, the revenue targets you’ll hit, all the outbound you can automate.

In reality?

It’s creepy, misleading, and reckless.

And it will close more doors than it will open.

What Website Deanonymization Actually Is

For the uninitiated: website deanonymization or visitor identification is the practice of figuring out who’s visiting your site without them filling out a form.

Traditionally, this happens at the company level. You map an IP address or digital fingerprint to a business network, and you can say with confidence: “Acme Corp is browsing your developer docs.”

Usually it even comes with a referrer tag that you can use to pinpoint the visit to a successful campaign or that your AI suggestion content rework is finally getting ChatGPT to recommend you to prospective buyers.

That’s genuinely useful. It tells marketing whether their campaigns are drawing in the right types of accounts. It tells sales when target accounts are showing early intent. Done right, it’s respectful, efficient, and a proven way to turn anonymous traffic into qualified pipeline. We built CustomerOS to specifically focus on this level — surfacing ICP-fit accounts, their buying stage, and which assets they’re engaging with.

But now, in the quest for more granular, atomic data to drive yet another marketing automation flow, there’s a new flavor: person-level deanonymization. Instead of saying “Acme Corp visited,” it claims: “Jane Doe in procurement at Acme Corp visited your site at 10:04 a.m. from her iPhone.”

That leap—from company to person—is where I honestly believe things cross from helpful insight into surveillance theater.

Why Person-Level is Creepy

1. It’s a Privacy Violation

Nobody consents to being unmasked just by visiting a website. If a stranger stood behind you in a supermarket, quietly taking notes on everything you touched, you’d call security. Online, somehow, some marketers call it “innovation.”

There’s a line between useful signal and stalking. Person-level deanonymization crosses it.

Just from a legal standpoint one could interpret both UK and European GDPR to not consider a website visit a legal inquiry resulting in no trigger of any of the Article 6 provisions to justify personal data handling. This means without a user opting in to say: “Yes, I give you permission to know my identity” you cannot identify the individual.

This goes even further on data harvesting - I can almost guarantee noone actually opts into sharing their data to one of the data-sharing networks. The grey market data peddlers of this personal info will pull the wool over your eyes thinking they have explicit permission to reveal people’s identities across the web until their IP rotates or refreshes.

2. The Data Isn’t As Accurate As You Are Being Sold

Here’s the dirty secret: these tools are rarely accurate. They’re probabilistic guesses dressed up as deterministic truth. A residential IP? Could belong to five different people. A corporate network? Hundreds, maybe thousands.

Yet the pitch decks imply certainty: “It was Jane Doe.” In reality, your SDRs end up chasing ghosts, sending awkward emails to people who never actually visited. It doesn’t just erode trust externally, it destroys credibility internally with your sales team… I’ll let you find an SDR who will say that their 6sense visitor dashboard is made of 100% truths, I’m waiting.

3. It’s a Legal Minefield

GDPR, CCPA, and every other privacy regime is circling this practice like hawks. Capturing and processing personal identifiers without consent isn’t a gray area that most vendors will try to let you draw your own conclusions about—it’s a flashing red light. The ICO’s own guidance makes it clear: “merely visiting a site” is not a lawful basis for processing personal data.

Sure, you might get away with it for a while. But building pipeline on top of unconsented personal data is like constructing a tower on quicksand. It will collapse—sometimes with lawsuits attached. And don’t think that customer lists of illegal tooling companies will not be shared in these investigations.

4. It Destroys Buyer Trust

Buyers aren’t naive. They can tell when your outreach is based on creepy surveillance rather than real engagement. Nothing chills a sales conversation faster than the thought:

“Funny, I was just on your site looking at your pricing… and now here you are…”

Because the buyer’s first thought isn’t wow, what a coincidence! It’s wait, how the hell do you know that?

Trust, once lost, is almost impossible to regain.

And yet, companies like ZoomInfo and 6sense continue to pitch person-level ID as a growth hack. In practice, it risks creeping out the very buyers you’re trying to win over.

If you’re going to use this info, at least try to be helpful rather than immediately trying to drag them onto a sales call.

5. Utopia isn’t yet another automation

The number one thought that marketers I’ve spoken to when they hear that person-level website visitor identification is possible is:

“Wow, think how easily I can start an outbound drip sequence with that data”.

Stop. Right now.

You do not need another <1% automation to feed luke warm, non ICP-fit leads into your sales funnel.

You are not going to hit your MQL target with more spammy emails.

What you need is a plan to work out which visits actually matter to your top-line, and where they are in your buying funnel. Which leads me nicely into…

The Better Alternative: Company-Level Signals

The real magic is at the company level.

Knowing that Acme Corp is visiting your site is enough. You don’t need to know it was Jane, Jim, or Jack.

If Acme is researching your case studies, diving into technical docs, and hitting the pricing page, that’s the signal. That’s what lets you score fit, determine buying stage, and route the account to the right rep.

It’s actionable. It’s respectful. And it works.

That’s why we built CustomerOS to double down on company-level deanonymization. Instead of selling the fantasy of individual-level surveillance, they provide accurate account-level intelligence: which companies are in-market, what content matters to them, and when they’re ready for a sales touch rather than helping them with the problem that they are actually on your site researching.

This is the difference between being smart and being creepy. Company-level deanonymization gives you clarity without surveillance. It empowers your team without crossing the line.

Closing Punch

Marketers: if your growth strategy starts with surveillance, don’t be surprised when your customers ghost you.

Deanonymization should be about signal, not stalking. It should give you clarity, not creepiness.

If you really believe in your product and your funnel, you don’t need to peek through the keyhole at individual visitors. You need to understand which companies are leaning in—and meet them there with value.

Because in a world where trust is the currency, being the brand that doesn’t feel like spyware is the real competitive advantage.

———

Photo by Yuan Thirdy on Unsplash