Large enterprises across different industries each hold a partial view of the customer. Retailers see detailed purchase behavior. Banks observe payment flows. Telecom operators contribute stable identity and location data. Social networks and search engines capture intent, interests, and engagement. Marketing platforms see campaign exposure and response. Each party controls a different slice of the customer picture. But their slice is only their own.
Combining these signals would allow all participants to understand customers more accurately and sell more effectively. However, customer data is sensitive, regulated, and commercially protected, and enterprises do not trust one another with raw datasets or identifiers. Any joint analysis of customer behavior requires datasets from different companies to be moved into a shared system or granting external access.
Once customer data leaves an enterprise’s perimeter, control over its use and reuse is effectively lost. This creates regulatory risk, competitive exposure, and erosion of customer trust. Centralized platforms therefore fail by design, and collaboration potential breaks down despite clear commercial incentives.
To enable collaboration without data sharing, we used our technology to build a confidential and decentralized Customer Data Platform that replaced shared datasets with shared execution. Instead of moving customer data into a central system, the platform was designed so that audience logic runs directly against each data owner’s environment. Each enterprise participates in collaboration while keeping its data local.
This required a decentralized architecture. Every data provider deployed its own instance of the platform inside its own infrastructure, connected directly to internal systems. There was no central CDP, no shared database, and no platform operator in the middle. The platform was delivered as software and protocol, not operated as a service.
When an audience definition is submitted, it is executed across multiple enterprise instances. Each instance processes its own aggregated data locally and participates through Trusted Execution Environments (TEE). Matching and combination logic runs inside TEEs, coordinated by a decentralized protocol that enforces permissions, consent, and usage rules. The output of this process is a segment: a set of approved customer identifiers, typically phone numbers, representing an audience such as “women over 40 who buy baby products.”
These segments are then sent directly to marketing platforms or partner channels for activation. No customer profiles, attributes, or raw datasets are exchanged between enterprises, and no participant, including the platform developer, has visibility into another party’s data. This architecture enables enterprises and advertisers to collaborate, activate campaigns, and measure impact while removing trust from the equation by design.
The platform gave enterprises and advertisers a single workspace to design, run, and measure customer engagement across partners.
Users could discover available partner audiences and datasets, define targeting logic, and build matched audiences without handling raw customer data. These audiences could then be activated directly through advertising platforms, telecom channels, mobile apps, or partner media using approved identifiers only.
Other features included:
The platform supported look-alike expansion across partners. Seed audiences from one participant could be used to find similar customers in other datasets, with all processing done inside each data owner’s environment and without exposing underlying profiles.
Teams could design and run loyalty and incentive programs tied to audience behavior: issue rewards, coupons, or digital content; track participation; and coordinate promotions across multiple partners. Loyalty rules, points accrual, and partner settlements were handled automatically, removing manual reconciliation between companies.
The platform allowed users to track campaign performance and loyalty outcomes, including online-to-offline effects such as store visits, calls, or in-branch activity linked to digital campaigns. Impact was calculated at the customer level inside each enterprise perimeter, with only aggregated results or controlled identifier shared.
Users could run targeted surveys to specific segments through partner channels and feed responses back into local analytics. Survey results were used to refine audiences, adjust look-alike logic, and update loyalty and engagement programs.
From the same interface, teams could manage consent and communication limits, define how audiences and rewards were reused or shared across partners, and ensure that only approved identifiers were sent to external online platforms for targeting.
For our client, a major CEE retailer with over 26,000 stores, this model turned loyalty data into a controlled collaboration layer for partners without exposing customer information or relying on a central intermediary. Collaboration stayed at the level of audience logic and approved identifiers, not raw datasets.