Done-for-you offer · Fractional CMO with AI Swarm · lead-scoring-routing 3-skill bundle · lead-scoring-routing agent
Buyer-state-aware BANT scoring + firmographic enrichment for DTC ecommerce, B2B, and multi-location operators — BANT conditioned on 5 buyer states, firmographic enrichment with consent-provenance verification, per-touch Bayesian inference, per-tier routing under a 5-anchor compliance gate
Traditional BANT scoring produces a single composite per lead and routes on the composite. A high-Budget, high-Authority, low-Need, medium-Timing lead routes the same whether the buyer is problem-unaware (no idea the problem exists) or vendor-aware (has evaluated competitors and rejected the category). The right actions are opposite. The orchestration above the firmographic + intent-data + CRM + marketing-automation stack conditions BANT on a five-state taxonomy (problem-unaware, problem-aware, solution- aware, vendor-aware, purchase-ready), runs firmographic enrichment through operator-counsel-maintained DPA + SCC + consent- provenance verification (so the firmographic data is defensible in any privacy-rights-driven discovery), updates the buyer-state classification continuously via Bayesian inference over per-touch behavioral signals, and routes per-tier through downstream outreach channels with per-channel consent enforcement. The firmographic + intent-data + CRM + marketing-automation + CDP + ML + consent vendors below ship strong primitives. The orchestration above them — state-conditioned BANT, consent- provenance verification, Bayesian buyer-state inference, per-tier routing, compliance gate, audit trail — is operator-side architecture. The compliance gate is anchored on five real anchors: FCRA + state consumer-reporting when scoring feeds eligibility-adjacent decisions; GDPR Articles 6 + 9 + 17 + 22 + 30 + ePrivacy for EU-resident leads; CCPA/CPRA + state- comprehensive-privacy patchwork on firmographic vendor purchases; TCPA + 10DLC + CAN-SPAM + CASL multichannel downstream outreach consent; per-data-vendor DPA + SCC + consent-provenance verification with privacy-rights fan-out. You keep the lead data, the firmographic vendor relationships, the scoring code, the per-state weighting matrix, the Bayesian inference model, the consent-provenance attestation library, the WORM audit trail, the policy-as-code policies, and the LLM prompts. You keep the ability to in-house at any time.
Published September 24, 2026
The real ecosystem this sits above
Firmographic + intent data
ZoomInfo, Apollo, Clearbit (HubSpot), Lusha, Cognism, 6sense, Bombora, Demandbase, G2 Buyer Intent, TechTarget, LeadIQ, RocketReach, UpLead, Hunter, LinkedIn Sales Navigator, Dun & Bradstreet, Crunchbase, PitchBook, Owler, Datanyze, InsideView, Seamless.AI. Each ships strong firmographic + intent primitives. The cross-vendor canonical-resolution + DPA/SCC + consent-provenance verification above them is operator-side architecture.
CRM + marketing automation
CRM: Salesforce, HubSpot, Pipedrive, Microsoft Dynamics, Zoho, Close, Insightly, Copper, Keap, ActiveCampaign. Marketing automation: HubSpot Marketing Hub, Marketo, Pardot, Eloqua, ActiveCampaign, Customer.io. Each ships strong primitives. The per-state buyer-state weighting matrix + per-touch Bayesian inference + per-tier routing layer above them is operator-side architecture.
CDP + warehouse + ML
CDP: Segment, mParticle, Rudderstack, Snowplow, Tealium, Treasure Data. Warehouse: Snowflake, Databricks, BigQuery, Redshift, Postgres. ML: XGBoost, LightGBM, CatBoost, sequence + transformer models, Bayesian-network inference, scikit-learn, statsmodels. Each ships strong primitives. The cross-system lead-record canonicalization + buyer-state classifier ensemble above them is operator-side architecture.
Consent management + multichannel delivery
Consent: OneTrust, TrustArc, Ketch, Securiti, BigID. Multichannel: Klaviyo, Iterable, Braze, Customer.io, Twilio, Bandwidth, Plivo, aircall, Dialpad. Each ships strong primitives. Privacy-rights fan-out + per-channel consent verification + statutory-window enforcement above them is operator-side architecture.
Policy-as-code + WORM storage + GRC
Policy-as-code: OPA Rego, AWS Cedar, Casbin, Cerbos, Oso. WORM: AWS S3 Object Lock, GCS retention, Azure Blob immutable, Snowflake Time Travel. GRC: Hyperproof, Drata, Vanta, Thoropass, AuditBoard. Each ships strong primitives. The per- event compliance gate that maps FCRA + GDPR + CCPA + TCPA/ 10DLC/CAN-SPAM + per-data-vendor DPA onto an operator-counsel- approved policy bundle is operator-side architecture.
Legal-research + counsel-policy maintenance
Westlaw, Lexis+, Bloomberg Law, Practical Law, Compliance.ai, LawGeex. Each ships strong legal-research primitives. The per-vendor DPA + SCC version-tracking + consent-provenance attestation library + per-state-comprehensive-privacy opt-out register maintenance above them is operator-counsel-side architecture.
Frequently asked
What does buyer-state-aware BANT scoring + firmographic enrichment actually deliver, and where does it sit in the lead pipeline?
An orchestration layer that sits above the operator firmographic + intent-data + CRM + marketing-automation + CDP + warehouse + ML + consent-management + policy-as-code + WORM-storage stack and turns an incoming lead into a routed and explainable downstream action. The skill is a three-skill bundle on the lead-scoring-routing agent. Skill 1 — buyer-state-aware BANT scoring: score every lead across the four BANT axes (Budget, Authority, Need, Timing) conditioned on a five-state buyer-journey taxonomy (problem-unaware, problem-aware, solution-aware, vendor-aware, purchase-ready). The buyer state matters because a "low Need" score on a problem-unaware lead is a different signal from "low Need" on a vendor-aware lead — the first is a nurture candidate, the second is a disqualification candidate. The per-state weighting matrix is operator-counsel-and-sales-team-approved and lives in the operator code repo. Each scored lead carries per-axis confidence-tier + per-axis explainability + per-state attribution. Skill 2 — firmographic enrichment: enrich every lead against the operator-chosen firmographic + intent-data vendor stack (ZoomInfo, Apollo, Clearbit, Lusha, Cognism, 6sense, Bombora, Demandbase, G2 Buyer Intent, TechTarget, LeadIQ, RocketReach, UpLead, Hunter, LinkedIn Sales Navigator, Dun & Bradstreet, Crunchbase, PitchBook) with per-vendor canonical resolution, per-vendor conflict resolution, per-vendor freshness validation, and per-vendor consent-provenance verification (operator counsel maintains the per-vendor DPA + standard contractual clauses + consent-provenance attestation library). Per-firm features include industry taxonomy (NAICS, SIC, GICS, ISIC), sub-industry, vertical, employee count, revenue band, growth rate, location count, headquarters, parent + subsidiary mapping, funding stage, last round, total raised, investor list, tech stack, intent signals, news events, hiring velocity, departmental budget indicators, and decision-maker mapping. Skill 3 — per-touch buyer-state inference + per-tier routing: continuously update the buyer-state classification via Bayesian inference over per-touch behavioral signals (page view, content download, email open, email click, form submit, demo request, pricing-page view, case-study view, comparison-page view, checkout abandonment, trial signup, trial usage, account creation, account activation, account engagement) with operator-data-science-team-set per-touch weighting, per-touch decay function, and per-state transition probability. Per-tier routing emits one of {auto-respond, nurture-track-1, nurture-track-2, nurture-track-3, AE-assigned, SDR-assigned, BDR-assigned, closed-lost, closed-won, reject} based on per-lead BANT × buyer-state × firmographic-fit composite. Every scoring, enrichment, inference, and routing decision passes through the 5-anchor compliance gate and writes to the WORM audit trail. The firmographic + intent + CRM + marketing-automation vendors below ship strong primitives. The orchestration above them — state-conditioned BANT, consent-provenance verification, Bayesian buyer-state inference, per-tier routing, compliance gate, audit trail — is operator-side architecture.
Where does single-vendor lead scoring stop compounding for DTC ecommerce + B2B + multi-location operators?
Single-vendor lead scoring is solved. HubSpot ships strong predictive lead scoring inside the marketing automation. Salesforce Einstein ships strong opportunity-scoring inside the CRM. ZoomInfo ships strong firmographic enrichment. The compound case the lead-scoring-routing agent has to handle is the one where an operator runs HubSpot + Marketo + Pardot mixed across business units, pulls firmographic data from ZoomInfo + Apollo + Clearbit + Cognism (different sources for different segments), pulls intent signals from 6sense + Bombora + Demandbase + G2 + TechTarget, has EU resident leads that fall under GDPR Article 22 automated-decisionmaking obligations, has California resident leads that fall under CCPA sensitive-PI opt-out and CPRA right-to-correct, has leads from regulated verticals where vertical-specific consent regimes apply, and has a downstream outreach surface (SMS + email + outbound calls) where TCPA + 10DLC + CAN-SPAM + CASL all govern the routing-driven communications. Without an orchestration layer above the vendor stack, the BANT score is internally inconsistent across business units, the firmographic data has unverified consent provenance (which becomes a discovery problem in any privacy-rights-driven litigation), the buyer-state inference fragments across marketing-automation platforms, the per-tier routing fires across different downstream channels with inconsistent consent verification, and the audit trail of "what scoring rule applied to this lead, what data sources informed it, and what downstream action resulted" splinters across vendor consoles. The orchestration above the vendors is what holds the cross-vendor + cross-jurisdiction + cross-business-unit invariants.
How does buyer-state-conditioned BANT scoring change the routing decision, and why does the buyer state matter?
Traditional BANT scoring produces a single composite score per lead and routes on the composite. The problem with that approach: a lead with high Budget + high Authority + low Need + medium Timing routes the same whether the buyer is problem-unaware (they have no idea they have the problem your product solves) or vendor-aware (they have actively evaluated competitors and decided your category is not for them). The same composite produces opposite optimal routes — the problem-unaware lead is a nurture-track-1 candidate (educational content that builds problem awareness), the vendor-aware lead is a reject or closed-lost candidate. The buyer-state taxonomy explicitly conditions the scoring. Problem-unaware: low Need is expected and not disqualifying; the right action is awareness content. Problem-aware: Need is forming; the right action is solution-category education. Solution-aware: Need is established; the right action is differentiation content. Vendor-aware: lead has evaluated; Authority + Timing matter more than Need; the right action is direct-sales engagement or fast-reject if not differentiated. Purchase-ready: Budget + Authority + Timing dominate; the right action is AE or SDR fast-assignment. The per-state weighting matrix encodes this. Operator sales-team plus operator counsel maintain the matrix. The Bayesian inference over per-touch behavioral signals updates the buyer-state classification continuously — a lead that arrives problem-unaware but visits the comparison page three times in a week transitions to vendor-aware and the routing logic recomputes against the new state. The transition probabilities are operator-data-science-team-set and recalibrated quarterly against realized closed-won outcomes via a counterfactual-validation loop.
How does per-vendor consent-provenance verification work for firmographic + intent data?
Firmographic and intent-data vendors aggregate contact information from many sources — purchased lists, scraped public profiles, opt-in form submissions, partner data exchanges, intent-signal cookie networks, and IP-address-based reverse-resolution. Some of those sources have clear consent provenance; some do not. Operator counsel maintains a per-vendor consent-provenance attestation library that records, for each vendor, the data-source-provenance categories the operator is willing to consume (and the categories the operator refuses). Before any per-vendor enrichment is committed to the operator master record, the orchestration layer verifies the per-record provenance metadata against the operator-counsel-approved category list, refuses records with provenance that fails the check, and logs the refusal to the WORM audit trail. Each vendor relationship is governed by a data-processing agreement (DPA) + standard contractual clauses (SCCs) for EU transfers under GDPR + ePrivacy + per-state-comprehensive-privacy obligations. The orchestration layer reads the per-vendor DPA-version + SCC-version from the operator counsel repo and refuses to call vendor APIs whose DPA-version or SCC-version has lapsed. Privacy-rights fan-out (GDPR Article 17 erasure, CCPA right to delete, state-comprehensive-privacy right to delete) propagates from the operator master record back to every linked firmographic vendor as a per-vendor deletion request with operator-counsel-approved-timeline (typically: 30 days under GDPR, 45 days under CCPA, per-state variable). The customer-change-event-emission sibling skill (sibling on the customer-graph agent) handles the cross-vendor fan-out. The vendor consent-provenance audit + DPA/SCC version-tracking + privacy-rights-deletion fan-out is the operator-side architecture that makes firmographic enrichment defensible.
What compliance does the per-event gate enforce, and how does it map to FCRA, GDPR Article 22, CCPA/CPRA sensitive PI, TCPA/10DLC/CAN-SPAM, and per-data-vendor DPA?
Five anchors. Anchor 1: FCRA (15 USC 1681) + state consumer-reporting laws (California ICRAA, New York FCRA, Washington Fair Credit Reporting Act, etc). When BANT scoring outputs feed into eligibility-adjacent decisions (premium-tier access, financing eligibility, BNPL underwriting, business-credit qualification), FCRA permissible-purpose verification + adverse-action notice + accuracy + correction + dispute procedures apply. The gate refuses to surface scoring outputs to FCRA-adjacent downstream skills until permissible-purpose attestation has been logged. Anchor 2: GDPR (Regulation 2016/679) Articles 6 (lawful basis) + 9 (special categories) + 17 (right to erasure) + 22 (automated decisionmaking) + 30 (records of processing) + ePrivacy Directive 2002/58/EC. For EU-resident leads, lawful basis must be established before any per-vendor enrichment is performed; Article 9 special-category restrictions apply when firmographic data touches health/biometric/political/religious indicators (rare but possible through intent-signal data); Article 22 right-not-to-be-subject-to-solely-automated-decisionmaking applies when BANT scoring drives material lead-treatment decisions; Article 30 records of processing requires per-vendor + per-purpose + per-recipient processing-operation records. ePrivacy Directive governs cookie-derived intent signals. Anchor 3: CCPA/CPRA + state-comprehensive-privacy patchwork (Connecticut CTDPA + Texas DPSA + Virginia CDPA + Colorado CPA + Utah CPA + Oregon + Tennessee + Montana + Indiana + Iowa + Florida + Delaware + additional states in effect). Firmographic-vendor purchases bring CCPA-defined personal information into operator data; CPRA Section 1798.121 sensitive-PI opt-out applies when firmographic data includes sensitive PI; CCPA Section 1798.106 right-to-correct applies to firmographic data; right-to-know about firmographic data sources is enforceable. The gate enforces per-state opt-out before any per-vendor enrichment proceeds. Anchor 4: TCPA (47 USC 227 + 47 CFR Part 64) + 10DLC + The Campaign Registry + CTIA Messaging Principles + CAN-SPAM (15 USC 7701) + CASL (S.C. 2010 c.23) + UK PECR + EU ePrivacy multichannel downstream outreach consent. When per-tier routing surfaces a lead to a downstream outreach channel (SMS via Twilio + Bandwidth + Plivo, email via Klaviyo + Iterable + Braze, outbound call via aircall + Dialpad), the channel-specific consent regime applies — TCPA prior express written consent for marketing SMS to wireless numbers, 8am-9pm time-zone restriction, 10DLC per-campaign registration + per-carrier throughput allocation, CAN-SPAM unsubscribe + physical-address + accurate-header requirements for email, CASL + UK PECR + EU ePrivacy for international leads. Per-state UDAP applies when scoring-driven solicitation crosses state lines. Anchor 5: Per-data-vendor compliance contracts + consent-provenance verification. Every firmographic + intent-data vendor relationship is governed by an operator-counsel-maintained DPA + SCCs for EU transfers + processor-obligation contract. The operator-counsel-approved consent-provenance attestation library defines which data-source categories the operator accepts (opt-in form, partner data exchange with valid consent flow, scraped-public-profile with operator-counsel risk acceptance, etc) and which it refuses. The gate verifies per-record provenance metadata + per-vendor DPA-version + per-vendor SCC-version before any enrichment is committed. Privacy-rights fan-out propagates erasure + correction + opt-out requests back to every linked firmographic vendor through the customer-change-event-emission sibling skill. Broader gate also enforced: FTC Section 5 + FTC Endorsement Guides + state UDAP + ADA Title III + WCAG 2.2 AA + NIST AI RMF + ISO 42001 + ISO 27001 + SOC 2 Type II via policy-as-code (OPA Rego + AWS Cedar + Casbin + Cerbos + Oso). WORM audit trail (AWS S3 Object Lock + GCS retention + Azure Blob immutable + Snowflake Time Travel) with per-statute retention (FCRA 5yr + GDPR 6yr + CCPA 3yr + GLBA 6yr + TCPA 4yr + CAN-SPAM 5yr + FTC 7yr + IRS 7yr + state variable) per operator counsel policy.
What does the engagement look like across Tier 1 → Tier 2 → Tier 3, and what does the Tier 3 reporting cycle commit to?
Tier 1 AI Readiness Assessment ($10k, 2-3 weeks, diagnostic): audits the operator current lead-scoring posture against the 3-skill bundle + 5-anchor gate + consent-provenance policy; deliverable is a gap-pack report identifying which firmographic vendors lack DPA/SCC current versions, which buyer-state transitions are mismodeled against realized outcomes, which per-state-comprehensive-privacy opt-outs are unenforced, which FCRA-adjacent uses lack permissible-purpose attestation, which downstream channels have inconsistent TCPA/10DLC/CAN-SPAM enforcement, and a recommended remediation sequence for Tier 2. Tier 2 AI Swarm Setup Sprint ($25-50k, 4-8 weeks): builds the 3-skill bundle on the lead-scoring-routing agent, wires firmographic + intent vendors with operator-counsel-maintained DPA + SCC + consent-provenance verification, wires CRM (operator-chosen Salesforce or HubSpot or Pipedrive or Microsoft Dynamics or Zoho or Close or Insightly or Copper or Keap) + marketing automation (operator-chosen HubSpot Marketing Hub or Marketo or Pardot or Eloqua or ActiveCampaign or Customer.io), configures per-state buyer-state weighting matrix, wires Bayesian inference over per-touch behavioral signals, configures consent-management vendor (OneTrust, TrustArc, Ketch, Securiti, BigID) for privacy-rights fan-out, wires policy-as-code + WORM-storage, runs 30-day shadow + canary period before flipping to enforce-mode. Tier 3 Fractional CMO with AI Swarm ($15-25k/month, 6-month minimum, 1-2 days/wk embedded): continues operating with weekly per-state weighting reviews, monthly firmographic-vendor freshness audits, quarterly buyer-state transition-probability recalibration, per-event DPA/SCC version monitoring, per-event privacy-rights fan-out verification, and quarterly compliance evidence packages. Tier 3 reporting is a 6-workstream pre-engagement-baseline reporting cycle (per-state BANT-scoring coverage trend + per-vendor firmographic-enrichment freshness trend + per-touch buyer-state classifier calibration trend + per-tier routing accuracy trend + consent-provenance verification completeness + WORM audit-trail completeness) measured against the operator’s pre-engagement baseline. Each workstream surfaces trend direction and the gap to operator-defined targets. Reporting carries explicit caveats: firmographic + intent vendor API SLA + per-vendor DPA renewal cycles + per-vendor data-source-provenance policy changes + per-state-comprehensive-privacy statute amendments + EU AI Act implementing-regulation updates + FCRA + state consumer-reporting-law amendments + TCPA + 10DLC + CAN-SPAM + CASL amendments sit outside Completions control. Attorney-client privilege preservation across per-vendor DPA library + per-state buyer-state weighting matrix + per-state-comprehensive-privacy opt-out register + FCRA permissible-purpose attestation records is maintained per operator counsel policy.
Who owns the lead data, the firmographic vendor relationships, the scoring code, and the audit trail?
Operator owns every artifact. Lead data lives in operator data infrastructure (Snowflake + Databricks + BigQuery + Redshift + Postgres + operator CRM — operator chooses). Firmographic + intent vendor subscriptions (ZoomInfo, Apollo, Clearbit, Lusha, Cognism, 6sense, Bombora, Demandbase, G2 Buyer Intent, TechTarget, LeadIQ, RocketReach, UpLead, Hunter, LinkedIn Sales Navigator, Dun & Bradstreet, Crunchbase, PitchBook — operator chooses) run under operator billing on operator-controlled accounts. The per-vendor DPA + SCC + consent-provenance attestation library lives in operator counsel repo. The per-state buyer-state weighting matrix lives in operator code repo, sales-team-and-counsel-maintained. The Bayesian inference model code, the per-touch decay function, the per-state transition-probability code, the per-tier routing code, and the privacy-rights fan-out code all live in operator code repo. The consent-management vendor (OneTrust, TrustArc, Ketch, Securiti, BigID) runs under operator account. The WORM audit trail lives on operator-controlled cloud storage. The policy-as-code policies (OPA Rego, AWS Cedar, Casbin, Cerbos, Oso) live in operator code repo, counsel-aligned. The FCRA permissible-purpose attestation records, the GDPR Article 30 records of processing, the per-state-comprehensive-privacy opt-out register, and the per-vendor DPA + SCC version-tracking records are all operator-counsel-maintained. Completions owns the orchestration knowledge — how to design the per-state buyer-state weighting matrix for the operator’s actual sales motion, how to tune Bayesian inference against the operator’s realized closed-won outcomes, how to compose per-vendor consent-provenance verification with the operator’s actual vendor mix, how to coordinate privacy-rights fan-out across firmographic vendors, how to wire downstream-outreach channels with per-channel consent regime compliance — and that knowledge transfers under the Tier 3 transition path (30-60 days at engagement end with full hand-off of the weighting matrix, the inference model, the routing code, the consent-provenance verification, and the compliance evidence-package generation playbook). Completions credentials revoke on engagement-end.
Engage Completions
Start with the AI Readiness Assessment (Tier 1, 2-3 weeks, $10k): audit of current lead-scoring posture against the 3-skill bundle + 5-anchor compliance gate + consent-provenance policy. Hand off to Tier 2 AI Swarm Setup Sprint ($25-50k, 4-8 weeks): build the 3-skill bundle on the lead-scoring-routing agent, wire firmographic + intent vendors with DPA + SCC + consent- provenance verification, configure per-state buyer-state weighting matrix, wire CRM + marketing-automation + CDP + consent-management + multichannel + policy-as-code + WORM- storage, run 30-day shadow + canary before flipping to enforce-mode. Continue under Tier 3 Fractional CMO with AI Swarm ($15-25k/mo, 6-month minimum, 1-2 days/wk embedded).
Related reading
- Done-for-you deterministic + probabilistic identity resolution (sibling architecture — feeds the canonical lead identity the BANT scoring runs against)
- Done-for-you customer change event emission (sibling architecture — propagates privacy-rights fan-out across firmographic vendors)
- Fractional CMO with AI Swarm (Tier 3 engagement that operates the lead-scoring cycle)