Most identity-graph purchases fail for one predictable reason: the buyer buys a lookup table, expects a resolution engine, and then blames the channel when performance lift doesn’t appear. In 2026, identity graphs are also under tighter procurement scrutiny because they touch sensitive categories when joined to location, health, or financial outcomes. This guide is the buyer-safe diligence checklist for MAID/HEM identity graphs — how to measure coverage and match rates, how to reason about refresh cadence and decay, and what compliance artifacts to request before you operationalize the feed. If you’re evaluating GSDSI’s identity layer, start at the Identity Graph overview and the underlying MAID feed.
Key Takeaways
Coverage claims are meaningless without a seed match. Run a hashed match against your own CRM to measure usable resolution — not “total IDs in the graph.”
Identity graphs decay. Refresh cadence is a core spec, not a commercial detail — and the right cadence depends on the activation surface (CTV vs email vs mobile).
Ask for confidence scoring and deterministic vs probabilistic breakdown. A graph that cannot expose this is not a serious measurement tool.
Compliance diligence is procurement diligence: exclusions, consent posture, opt-out handling, and contract terms matter as much as match rate post-FTC enforcement.
What to Measure: Usable Resolution, Not Headline IDs
The single best diligence step is a clean-room-style seed match. Provide a hashed list of 10K–100K first-party records (emails, phone where allowed, and stable customer IDs). Ask the vendor to return match counts across the IDs you actually activate: MAID, HEM, household/CTV IDs where applicable, and confidence tiers. A vendor’s headline ‘graph size’ is often inflated by low-confidence probabilistic links or stale IDs; your seed match exposes the real usable resolution for your audience. This is the same pattern recommended in buyer-side procurement for B2B databases — measure what you will actually use.
Refresh Cadence and Decay: The Math That Breaks Campaigns
Identity graphs are not static assets. MAIDs churn (especially on iOS post-App Tracking Transparency), emails go dormant, and households change composition. A graph that is refreshed monthly may be fine for coarse research; it is often insufficient for performance activation. Buyers should ask two direct questions: (1) how often do you refresh linkages (daily/weekly/monthly) and (2) what is the observed decay curve by identifier type? The operational response is simple: align refresh cadence to your activation and measurement windows. If you run weekly CTV flights, you should not run a quarterly identity refresh.
Confidence Tiers and Activation Surfaces
Identity resolution is a confidence game. Deterministic links (shared logins, explicit linkages) support high-confidence measurement and attribution. Probabilistic links support upper-funnel targeting and reach. Buyers should require that vendors expose deterministic vs probabilistic proportions and a confidence score that can be thresholded by use case. If the vendor cannot describe how their graph maps to the market’s identity vocabulary (see IAB Tech Lab standards), you are likely buying an opaque lookup table that will be hard to govern. For buyers measuring across channels, pair the identity graph with cross-channel measurement design up front.
Compliance Diligence: Exclusions, Opt-Out, and Contract Terms
In 2026, compliance posture is part of the performance spec because it determines what you’re allowed to do downstream. Ask for: (1) the consent and sourcing posture for the identifiers, (2) sensitive-category exclusion handling, (3) opt-out and deletion workflows, and (4) contract terms that govern retention and downstream sharing. Federal and enterprise procurement teams increasingly model their diligence on the enforcement record — see the buyer guide on data brokers post-FTC consent orders and the overview of FTC location data enforcement. For the broader posture, review the sourcing methodology and the privacy policy.
Frequently Asked Questions
What’s the best way to test an identity graph before you buy?
Run a hashed seed match against your first-party CRM. Measure match counts by identifier type (MAID, HEM, household/CTV ID) and by confidence tier. Then validate lift in a small pilot on the exact activation surface you intend to use (CTV, DSP, email, or clean room).
What refresh cadence should we require for a MAID/HEM graph?
Weekly is the practical baseline for activation and ongoing measurement. Monthly may work for research-only use. If your marketing cadence is weekly or shorter, quarterly refresh will almost always underperform because churn/decay becomes the dominant factor.
What match rate is “good” for MAID-to-HEM resolution?
There is no universal number. The right benchmark is your own seed match against your customer base. For many US consumer brands, 60–85% resolution into additional IDs is realistic when using strong first-party seeds; international and niche audiences are lower.
What compliance artifacts should we ask for?
At minimum: sourcing posture, opt-out/deletion process, exclusion controls for sensitive categories, retention terms, and downstream-sharing limits. Procurement should treat these as mandatory alongside match-rate results, especially for any workflow that could touch sensitive location or health-adjacent joins.