How Is Intent Data Collected? The Mechanics Nobody Explains
Every article about intent data collection says the same thing: "first-party, second-party, third-party." Then they define each one and move on. You're left knowing the categories but not the actual mechanics - how data gets from a publisher's website into your CRM as a "surge score." B2B buyers conduct an average of 12 online searches before visiting a vendor's website, which means most research signal lives outside your ecosystem entirely.
Let's fix that gap.
The Quick Version
Intent data flows from three sources: your own analytics (first-party), review sites and partner platforms (second-party), and publisher co-op networks or bidstream ad exchanges (third-party).
Co-op collection is more transparent and higher-context than bidstream. Publishers share anonymized content consumption data that gets classified by NLP into business topics, matched to companies via IP-to-company resolution, and scored against a baseline to detect "surges." Cookie and device-level restrictions are degrading some of these methods right now, and the trend isn't reversing.
Where Does Intent Data Come From?
First-party intent is everything on your own turf - website visits, CRM activity, email opens, content downloads. You own it, it's high-signal, and most teams underuse it.
Second-party intent comes from partner platforms like G2, TrustRadius, or industry publishers who share signals about accounts researching your category. Someone comparing vendors on G2 is closer to a purchase decision than someone reading a category blog post, which is why second-party signals convert at higher rates. This is the source most explainers skip entirely.
Third-party intent is the big one. With 67% of the B2B purchase journey happening digitally and 11+ stakeholders involved in a typical deal, these external signals from publisher co-op networks and ad exchanges reveal research activity you'd otherwise never see.
The Third-Party Collection Pipeline
Here's the pipeline nobody explains clearly - and it's the core of how intent data gets collected at scale.
A business user visits a publisher site in a co-op network (Bombora runs one of the largest) and reads an article about, say, endpoint security. Bombora's NLP scans that content and scores it for relevance across tens of thousands of business topics. The system can identify that an article covers zero-trust architecture even if those exact words never appear. That's the topic-versus-keyword distinction, and it's why co-op data carries more context than bidstream.
Next, the system resolves the visitor's IP address to a company. This is where things get imperfect - VPNs, remote workers on home ISPs, and shared NAT gateways all degrade accuracy. For enterprise traffic hitting publisher sites from corporate networks, it works well enough to be useful.
The classified topic consumption then gets compared against a historical baseline. If Acme Corp normally consumes 5 pieces of cybersecurity content per week and suddenly consumes 40, that's a "surge." The surge score - not the raw consumption - is what gets delivered to your platform. Bombora's Data Co-op covers a publisher network where 86% of sites are exclusive to Bombora.
Beyond co-op, other collection methods include browser fingerprinting, which tracks device characteristics across sessions, and form-fill aggregation, which pools data from gated content downloads across publisher networks. Both are less transparent than co-op models and raise additional privacy questions. If your vendor uses them, ask pointed questions about their consent framework.
Co-op vs. Bidstream
| Attribute | Co-op (Bombora) | Bidstream |
|---|---|---|
| Data collected | Timestamp, IP, URL + richer content consumption and engagement context | Timestamp, IP, URL, location |
| Context depth | High - NLP-scored | Low - page-level only |
| Historical baseline | Yes - surge scoring | No |
| Consent model | Consent-based framework | Flagged by regulators (UK ICO, Belgian APD) as non-compliant in common implementations |
| Scale | Billions of events/mo | Very large (ad auction volume) |
Bidstream is the junk food of intent data. High volume, low nutrition, and serious compliance risk in parts of Europe. The UK ICO and Belgian APD have both flagged bidstream collection as violating GDPR. If your intent vendor can't tell you whether they're using co-op or bidstream data, that's a red flag - skip them.
Intent data tells you who's researching. Prospeo tells you how to reach them. Layer Bombora intent signals across 15,000 topics with 143M+ verified emails at 98% accuracy - so surge scores turn into booked meetings, not bounced emails.
Stop paying $30K for intent signals you can't act on.
What's Changing in 2026
The cookieless reality isn't theoretical anymore. Safari and Firefox already block third-party cookies entirely, and Apple's ATT opt-in rates sit at roughly 20-30%. Chrome holds ~65% global market share, and Google's Tracking Protection already limits cross-site tracking for 1% of Chrome users - roughly 30 million people.
The bigger regulatory shift: California privacy regulations effective January 1, 2026 tighten consent UX rules and prohibit dark patterns in consent flows. Closing a popup no longer counts as consent, and opt-out must be as easy as opt-in. Any intent collection method depending on third-party cookies is living on borrowed time, and the teams still building strategy around them are going to get burned.
The Accuracy Problem
Here's the thing: we've seen plenty of teams buy intent data and then wonder why it doesn't move pipeline.
One practitioner on r/LeadGeneration tested 6sense, ZoomInfo, and Bombora over 2021-2022 and came away "mostly disappointed" - the intent scores lacked the context needed to tailor outreach. They built their own approach and claim it tripled monthly closed deal value from $200K to $600K. Forrester's intent data mistakes analysis warns against treating all intent sources the same and ignoring data decay. Intent signals are perishable - route alerts within hours, not days.
Most teams don't have an intent data problem. They have a contact data problem. A surge score is worthless if your emails bounce. Pair intent with verified contact data before spending $30k on a signal you can't act on.
What Intent Data Costs
The consensus on r/ABM is that nobody wants to sit through three demos just to learn the starting price is $20k. Here's what you'll actually pay:
| Provider | Typical Annual Cost | Model |
|---|---|---|
| Bombora | $20k-$100k+ | Quote-based |
| 6sense | $30k-$100k+ | Quote-based, enterprise |
| Demandbase | $25k-$100k+ | Bundled with ABM |
| ZoomInfo (intent add-on) | $15k-$40k+ | Add-on to contract |
| G2 Buyer Intent | $10k-$30k | By categories tracked |
| Prospeo | Starts free; ~$0.01/email | Self-serve, intent included |
You now know how intent data is collected - co-op networks, surge scoring, IP resolution. But the practitioners in this article said it themselves: the real problem is contact data. Prospeo delivers 98% email accuracy on a 7-day refresh cycle at $0.01 per email. No stale records. No bounces killing your domain.
Turn every surge alert into a verified contact in seconds.
Using Intent Data Well
Weight your signals. A pricing page visit is worth ten homepage views. Not all intent is equal, and treating it that way is how teams drown in noise.
Blend first-party and third-party data. Third-party intent alone produces too many false positives - confirm with your own engagement data before routing to sales. In our experience, teams that layer both sources cut false-positive rates by at least half compared to those running third-party signals alone.
Set routing SLAs. Set up a Slack alert when a target account surges on your core topic, then have your SDR reach out within 2 hours, not 2 days. Intent decays fast, and a signal that's 72 hours old is barely better than no signal at all.
Never reference intent in outreach. "We noticed you're researching endpoint security" sounds like surveillance. Use the signal to inform your timing and angle, not your opening line. And always pair intent with verified contacts through CRM enrichment - this is the mistake we see most often, and it's the one that costs teams the most pipeline.
FAQ
How is intent data collected from third-party sources?
Publisher co-op networks share anonymized content consumption data, classified by NLP into topics, matched to companies via IP-to-company resolution, and scored against baselines to detect surges. Bombora's co-op, the largest, covers a network where 86% of publisher sites are exclusive to its platform.
How are raw browsing signals turned into intent scores?
Page views, content downloads, and search queries get processed through NLP topic classification, matched to company identities via reverse IP lookup, and compared against historical baselines. The output is a surge score - the delta between normal and elevated consumption - which is what sales and marketing teams actually receive.
Is intent data GDPR compliant?
Co-op data collected within consent-based frameworks is generally compliant. Bidstream data has been flagged by the UK ICO and Belgian APD as violating GDPR in common implementations. Always ask your vendor which collection method they use before signing anything.
Can I get intent data without a $20k+ contract?
Yes. Prospeo includes Bombora-powered intent data across 15,000 topics on a self-serve, credit-based plan starting free - 75 email credits and 100 Chrome extension credits per month, no enterprise contract or sales call required.