Done-for-you offer · Fractional CMO with AI Swarm · multi-source-lead-ingestion 4-skill bundle · lead-scoring- routing agent
Multi-source lead ingestion for DTC ecommerce, B2B, and multi- location operators — Ingest + Attribute + Deduplicate + Feedback 4-skill bundle with TrustedForm/Jornaya/LeadID certificate verification + GDPR Article 14 third-party fan-out + CCPA right- to-opt-out-of-sale/sharing under a 5-anchor compliance gate
You buy leads from Quinstreet + LendingTree + All Web Leads + Datalot + Boberdoo + Phonexa lead routing. You run paid Meta + Google + TikTok + LinkedIn + Snap + Pinterest + Reddit + X lead ads alongside. You take affiliate leads through Partnerize + Impact + Refersion + CJ + Rakuten + ShareASale + Awin. You run webinars on Demio + ON24 + Zoom Webinar and events through Eventbrite + Cvent + Bizzabo. You capture inbound chat through Drift + Intercom + HubSpot Chatflow, inbound phone through CallRail + Invoca + Twilio, and inbound email through Postmark + SendGrid + Mailgun. Each source delivers leads with different schema, different consent-attestation methods, different per- state-comprehensive-privacy classification (some lead-aggregator and affiliate-network arrangements classify as data sale under CCPA/CPRA + state privacy patchwork, triggering right-to-opt- out-of-sale obligations), and different GDPR Article 14 obligations (third-party-sourced data triggers Article 14 information-to-be-provided requirements that Article 13 does not cover). TrustedForm (ActiveProspect) and Jornaya/LeadID (Verisk) certificates are the operator counsel-preferred consent-evidence tokens for TCPA discovery survival. The lead- source + lead-consent-certificate + CRM + warehouse + reverse- ETL + consent-management vendors below ship strong primitives. The orchestration above them — per-source Ingest with canonical emission, per-lead Attribute preservation across 13+ marketing- touch dimensions, probabilistic Deduplicate across 10 signal sources with human-in-the-loop merge review, per-source Feedback to firmographic + BANT + behavioral + customer-graph sibling skills — is operator-side architecture. The compliance gate is anchored on five real anchors: TCPA (47 USC 227 + 47 CFR Part 64) + 10DLC + TCR + TrustedForm + Jornaya/LeadID certificate verification; FTC Section 5 + Telemarketing Sales Rule (16 CFR Part 310) + per-state Telemarketing Sales Acts + FTC + state- AG lead-gen enforcement (FTC v Lead Distribution Inc + similar settlements); GDPR Articles 6 + 7 + 14 + 30 + ePrivacy for EU leads (Article 14 specifically applies to third-party-sourced leads from affiliates + aggregators + referrals); CCPA/CPRA right-to-opt-out-of-sale/sharing + state-comprehensive-privacy patchwork; FCRA + GLBA Safeguards Rule + HIPAA when healthcare- vertical leads. You keep the lead source registry, the per- source certificate verification policy, the Article 14 fan-out policy, the per-state opt-out-of-sale classification, the deduplication model, the WORM audit trail, the policy-as-code policies, and the LLM prompts. You keep the ability to in-house at any time.
Published September 24, 2026
The real ecosystem this sits above
Paid-ad lead forms
Google Ads Lead Form, Microsoft Advertising Lead Form, Meta Lead Ads, LinkedIn Lead Gen Forms, TikTok Lead Generation, Snap Conversions Lead Form, Pinterest Lead Gen Form, Reddit Lead Form, X Lead Form. Each ships strong primitives. Per- source canonical-record emission + per-source schema-drift detection above them is operator-side architecture.
Website forms + chat + email + phone inbound
Website forms: Unbounce, Instapage, Webflow, Leadpages, ClickFunnels, Typeform, Jotform, Wufoo, Gravity Forms, Formstack, HubSpot Forms, Marketo Forms, Pardot Forms, Salesforce Web-to-Lead. Chat: Drift, Intercom, Zendesk, Tidio, LiveChat, Olark, HubSpot Chatflow. Email-inbound: Resend, Postmark, SendGrid, Mailgun, AWS SES, Sparkpost. Phone-inbound: CallRail, Invoca, CallTrackingMetrics, DialogTech, Twilio, Bandwidth, Plivo. Each ships strong primitives. The cross-channel canonical Ingest above them is operator-side architecture.
Lead aggregators + affiliate networks
Lead aggregators: Quinstreet, Bankrate Insurance Network, LendingTree, All Web Leads, Datalot, Aged Leads, InsuranceLeads, Underground Elephant, Boberdoo, Phonexa lead routing. Affiliate networks: Partnerize, Impact, CJ, Rakuten, ShareASale, Awin, Refersion, AvantLink, Pepperjam, LinkConnector. Each ships strong primitives. Per-source consent-certificate verification + GDPR Article 14 fan-out + CCPA opt-out-of-sale classification above them is operator-side architecture.
Webinar + event + content-download
Webinar: Zoom Webinar, GoToWebinar, Demio, Webinar.Jam, Crowdcast, ON24, BrightTALK. Event: Eventbrite, Cvent, Bizzabo, Splash, Hopin, Hubilo, Bevy, Slido. Content- download: Unbounce + Instapage gated assets. Each ships strong primitives. Per-source attribution preservation across registration + attendance + download events above them is operator-side architecture.
Lead-consent certificates + consent management
Lead-consent certificates: TrustedForm (ActiveProspect), Jornaya/LeadID (Verisk), Convoso compliance, Contact Center Compliance, Gryphon Networks. Consent management: OneTrust, TrustArc, Ketch, Securiti, BigID. Each ships strong primitives. Per-source certificate verification + operator- counsel-set verification policy + Article 14 fan-out + CCPA opt-out-of-sale enforcement above them is operator-side architecture.
CRM + warehouse + reverse-ETL + policy-as-code + WORM
CRM destination: Salesforce, HubSpot, Pipedrive, Microsoft Dynamics, Zoho, Close, Insightly, Copper, Keap, ActiveCampaign — shared with multi-location CRM record creation sibling skill. Warehouse: Snowflake, Databricks, BigQuery, Redshift, Postgres. Reverse-ETL: Hightouch, Census, Polytomic. Policy- as-code: OPA Rego, AWS Cedar, Casbin, Cerbos, Oso. WORM: AWS S3 Object Lock, GCS retention, Azure Blob immutable, Snowflake Time Travel. Each ships strong primitives. The per- event compliance gate that maps TCPA + TrustedForm + FTC TSR + GDPR Article 14 + CCPA opt-out-of-sale + FCRA + GLBA onto an operator-counsel-approved policy bundle is operator- side architecture.
Frequently asked
What does multi-source lead ingestion actually deliver, and how does it sit upstream of the multi-location CRM record creation skill?
An orchestration layer that sits above the operator paid-ad lead-form + website-form + chat + email-inbound + phone-inbound + lead-aggregator + affiliate-network + webinar + event + content-download + offline-import + lead-consent-certificate + CRM + warehouse + reverse-ETL + consent-management + policy-as-code + WORM-storage stack and produces a single canonical lead-record stream feeding the downstream multi-location CRM record creation sibling skill. The skill is a four-skill ingest pipeline on the lead-scoring-routing agent. Skill 1 — Ingest: pull from every operator-licensed lead source. Paid-ad lead forms (Google Ads Lead Form, Microsoft Advertising Lead Form, Meta Lead Ads, LinkedIn Lead Gen Forms, TikTok Lead Generation, Snap Conversions, Pinterest Lead Gen, Reddit Lead Form, X Lead Form). Website forms (Unbounce, Instapage, Webflow, Leadpages, ClickFunnels, Typeform, Jotform, Wufoo, Gravity Forms, Formstack, HubSpot Forms, Marketo Forms, Pardot Forms, Salesforce Web-to-Lead). Chat (Drift, Intercom, Zendesk, Tidio, LiveChat, Olark, HubSpot Chatflow). Email-inbound (Resend, Postmark, SendGrid, Mailgun, AWS SES, Sparkpost — operator email-parsing on the inbound side). Phone-inbound (CallRail, Invoca, CallTrackingMetrics, DialogTech, Twilio, Bandwidth, Plivo through the call-tracking integration sibling skill on the lost-call-recovery agent). Lead aggregators (Quinstreet, Bankrate Insurance Network, LendingTree, All Web Leads, Datalot, Aged Leads, InsuranceLeads, Underground Elephant, Boberdoo, Phonexa lead routing). Affiliate networks (Partnerize, Impact, CJ, Rakuten, ShareASale, Awin, Refersion, AvantLink, Pepperjam). Webinar + event platforms (Zoom Webinar, GoToWebinar, Demio, Webinar.Jam, Crowdcast, ON24, BrightTALK; Eventbrite, Cvent, Bizzabo, Splash, Hopin, Hubilo). Content-download gated assets. Offline-import (CSV, SFTP, Excel). Per-source canonical-record emission with per-source schema-drift detection, field-rename handling, field-deprecation handling. Skill 2 — Attribute: preserve per-lead UTM parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term, utm_id), per-platform click-IDs (gclid, msclkid, fbclid, ttclid, tag-id, offer-id), and the marketing-touch sequence (first-touch, last-touch, all-touches, per-channel sequence, per-campaign sequence, per-keyword sequence, per-creative sequence, per-content-asset sequence, per-landing-page sequence, per-device sequence, per-geocoordinate sequence, per-timezone sequence, per-session sequence) per the operator-data-science-team-defined attribution model. Skill 3 — Deduplicate: probabilistic matching across timestamp window + email + phone + device-ID + session-ID + UTM-fingerprint + form-fingerprint + behavioral-fingerprint + IP-fingerprint with operator-counsel-set per-match confidence-tier, human-in-the-loop review queue for between-floor matches, merge-decisioning, and attribution preservation across the merge. Skill 4 — Feedback: emit per-source feedback to the firmographic-enrichment sibling skill, the buyer-state-aware BANT-scoring sibling skill, the behavioral-enrichment sibling skill, and the customer-graph agent with per-source-quality signals (which sources produce leads that convert vs do not), per-source conversion-rate signals, per-source revenue-attribution signals, and per-source consent-attestation. Every Ingest, Attribute, Deduplicate, and Feedback decision routes through the 5-anchor compliance gate and writes to the WORM audit trail. Downstream of this skill: the multi-location CRM record creation sibling skill consumes the canonical, deduplicated, attribution-preserved lead stream and runs the Score + Route + Enrich + Persist cycle into the operator-chosen CRM. The lead-form, lead-aggregator, affiliate, webinar, event, and lead-consent-certificate vendors below ship strong primitives. The orchestration above them — per-source canonical emission, attribution preservation, probabilistic deduplication, per-source feedback, compliance gate, audit trail — is operator-side architecture.
Where does single-vendor lead ingestion stop compounding for DTC ecommerce + B2B + multi-location operators?
Single-vendor lead ingestion is solved. HubSpot ships strong native form-to-CRM ingestion for HubSpot-managed forms. Salesforce Web-to-Lead ships strong native form-to-Salesforce ingestion. Marketo and Pardot ship strong native form-to-marketing-automation ingestion. Meta Lead Ads + Google Ads Lead Form ship strong native paid-ad-form-to-CRM integrations through Zapier-style middleware. The compound case the lead-scoring-routing agent has to handle is the one where a DTC operator buys leads from Quinstreet + LendingTree + All Web Leads + Datalot + Boberdoo (each delivering leads with different schema + different consent-attestation methods + different price-per-lead + different per-source quality), runs paid Meta + Google + TikTok lead-ads alongside, has affiliates pushing leads through Partnerize + Impact + Refersion, runs gated webinars on Demio + ON24 + Zoom Webinar, captures inbound chat leads through Drift + Intercom + HubSpot Chatflow, captures inbound phone leads through CallRail + Invoca + Twilio, and uploads offline-imported lead lists from trade-show events. Each source has different attribution metadata, different deduplication signals, different consent-attestation requirements (TCPA prior-express-written-consent must be cryptographically proven for SMS-able leads — TrustedForm and Jornaya/LeadID certificates are the industry-standard consent-evidence tokens), different per-state-comprehensive-privacy classification (some lead-aggregator and affiliate-network arrangements classify as data sale under CCPA/CPRA + state-comprehensive-privacy patchwork, triggering right-to-opt-out-of-sale obligations), different GDPR Article 14 obligations when leads come from third parties not the operator (Article 14 applies when data NOT obtained from data subject — affiliate + aggregator + referral leads fall under Article 14 requiring specific information to the lead about source + processing + rights). Without an orchestration layer above the lead-source vendors + lead-consent-certificate vendors + CDP, the cross-source attribution fragments, the per-source consent-attestation evidence splinters across vendor portals, the deduplication fails when the same lead arrives from multiple sources within the matching window, the per-source feedback to downstream scoring + enrichment fails, and the audit trail of "where this lead came from, what consent attestation we have, what attribution we assigned" cannot be reconstructed for FTC + state-AG + private-right-of-action discovery. The orchestration above the vendors is what holds the cross-source + cross-vendor + cross-jurisdiction invariants.
How does TrustedForm + Jornaya/LeadID lead-consent-certificate verification work, and why is it critical for purchased/aggregated leads?
TrustedForm (from ActiveProspect) and LeadID (from Jornaya, part of Verisk) are the industry-standard cryptographic lead-consent-evidence tokens. When a lead submits a form on a publisher site that has integrated TrustedForm or LeadID, the platform generates a unique certificate ID that captures the consent moment: the IP, the user-agent, the timestamp, a tamper-evident page snapshot, the consent-disclosure language version, the privacy-policy version, and the publisher’s attestation that the lead consented. The certificate is later retrievable through the TrustedForm or Jornaya API for verification. For operators who purchase leads from aggregators (Quinstreet, LendingTree, All Web Leads, Datalot, Boberdoo) or accept leads from affiliate networks (Partnerize, Impact, Refersion), TCPA case law (FCC declaratory rulings + private-right-of-action litigation) effectively requires operators to maintain consent-evidence for every lead they call or text. TrustedForm and Jornaya/LeadID certificates are the operator counsel-preferred evidence layer because they survive discovery — when a TCPA claim arrives in deposition, the operator can produce the certificate showing the lead consented under the disclosure language the publisher used at the moment of submission. The Ingest skill captures the certificate ID with every lead from aggregator + affiliate sources, verifies certificate validity through the TrustedForm or Jornaya API at ingestion time (operator counsel sets the verification policy — typically: verify at ingestion + re-verify before any outbound contact), and refuses to commit a lead from a source whose consent-evidence the operator counsel has not approved. Without certificate verification, every TCPA-able lead from a third-party source carries litigation exposure on the operator. Convoso compliance and Contact Center Compliance offer additional consent + DNC verification layers that operator counsel may layer on top. The vendors ship strong primitives. The per-source certificate verification + operator-counsel-set verification policy + WORM audit trail of every certificate verification decision is operator-side architecture.
How does GDPR Article 14 apply to leads sourced from affiliate networks, lead aggregators, and partner referrals?
GDPR Article 14 (Information to be provided where personal data have not been obtained from the data subject) is the often-overlooked sibling of Article 13. When a lead arrives from a third party (an affiliate network, a lead aggregator, a partner referral, a co-registration partner), Article 13 does not directly apply because the operator did not collect the data from the data subject. Article 14 applies instead, and it requires the operator (as the new data controller) to provide the data subject — within one month of receiving the data or at the time of first communication, whichever is earlier — with the operator’s identity and contact details, the categories of personal data, the recipients of the data, the retention period, the lawful basis under Article 6, the source the data came from (this is the key Article 14 obligation absent from Article 13), and the data subject rights (Articles 15-22). The Ingest skill records the per-lead source attestation chain (which affiliate, which aggregator, which referral partner the lead came from + per-source-vendor attestation that the affiliate/aggregator/referral partner has the operator’s identity disclosed in their privacy policy), and the Feedback skill triggers the operator marketing-automation surface to send the Article 14 disclosure within the operator-counsel-set window (typically within 7 days of ingestion to provide margin against the Article 14 1-month maximum, and before any operator-initiated outbound communication). When the operator counsel chooses to dispense with Article 14 disclosure under one of the exemptions (data subject already has the information, disclosure is impossible or requires disproportionate effort, processing is legally required, professional secrecy applies), the gate logs the exemption justification with attestor for audit. The vendors below ship strong primitives. The Article 14 fan-out coordination + per-source attestation chain + per-exemption justification logging above them is operator-side architecture.
What compliance does the per-event gate enforce, and how does it map to TCPA + 10DLC + TrustedForm/Jornaya/LeadID, FTC Section 5 + Lead Generator Rule + TSR, GDPR Articles 6/7/14/30, CCPA right-to-opt-out-of-sale/sharing + state-comprehensive-privacy, and FCRA + GLBA?
Five anchors. Anchor 1: TCPA (47 USC 227 + 47 CFR Part 64) + 10DLC + The Campaign Registry + CTIA Messaging Principles + Federal DNC + per-state DNC + TrustedForm + Jornaya/LeadID certificate verification. For every lead the operator may text or call for marketing purposes, the gate verifies TCPA prior-express-written-consent evidence. For first-party leads (operator forms), the consent evidence is the operator’s own consent capture from the multi-location CRM record creation sibling skill. For third-party leads (aggregators, affiliates, referrals), the consent evidence is the per-source lead-consent certificate (TrustedForm certificate ID + Jornaya/LeadID certificate ID + ActiveProspect verification). The gate refuses to surface a TCPA-able lead to outbound-contact downstream skills without valid certificate verification. 10DLC + TCR rules govern downstream SMS routing. Anchor 2: FTC Section 5 + FTC Telemarketing Sales Rule (TSR, 16 CFR Part 310) + per-state Telemarketing Sales Acts + FTC + state-AG lead-gen enforcement actions (FTC v Lead Distribution Inc + FTC v Sun Path Capital + similar settlements establish operator-side compliance expectations). For outbound telemarketing originating from ingested leads, the gate composes with the per-state telemarketing rules (per-state registration + bonding + script-disclosure requirements) before the lead can be routed to outbound-dial skills. The FTC TSR abandoned-call rate caps (under 3% per 30-day campaign) + safe-harbor predictive-dialer rules + per-call disclosure of seller identity + purpose apply to telemarketing-routed leads. Anchor 3: GDPR Articles 6 lawful basis + 7 conditions for consent + 14 information where data NOT obtained from data subject + 30 records of processing + ePrivacy Directive 2002/58/EC. The gate enforces per-lead lawful-basis attestation at ingestion + per-third-party-source Article 14 fan-out coordination + Article 30 records of processing maintenance + ePrivacy compliance for cookie-derived signals. Anchor 4: CCPA/CPRA + state-comprehensive-privacy patchwork right-to-opt-out-of-sale/sharing. When leads come from affiliate networks or lead aggregators that involve data sale/sharing classification (operator counsel determines the classification per the state-specific definitions — California, Connecticut, Texas, Virginia, Colorado, Utah, Oregon, Tennessee, Montana, Indiana, Iowa, Florida, Delaware all define sale/sharing differently), the gate enforces right-to-opt-out checks before the lead is routed to any sale/sharing-classified downstream operation. CCPA Section 1798.120 right-to-opt-out + Section 1798.121 sensitive-PI opt-out apply. Anchor 5: FCRA (15 USC 1681) + state consumer-reporting laws (California ICRAA + New York FCRA + Washington Fair Credit Reporting Act + state-specific equivalents) + GLBA Safeguards Rule (16 CFR Part 314) + HIPAA when healthcare-vertical leads. When ingested leads feed into eligibility-adjacent decisions (insurance underwriting, BNPL eligibility, business-credit qualification, employment-eligibility screening), FCRA permissible-purpose verification + adverse-action notice + accuracy + correction + dispute procedures apply downstream. GLBA Safeguards Rule applies when operator is financial institution. HIPAA applies when healthcare leads + operator is HIPAA-covered or HIPAA-business-associate. Broader gate also enforced: COPPA + California AADC + Connecticut SB 3 + DSA Article 28 + ADA Title III + WCAG 2.2 AA + NIST AI RMF + ISO 42001 + ISO 27001 + SOC 2 Type II via policy-as-code (OPA Rego + AWS Cedar + Casbin + Cerbos + Oso). WORM audit trail (AWS S3 Object Lock + GCS retention + Azure Blob immutable + Snowflake Time Travel) with per-statute retention (TCPA 4yr + CAN-SPAM 5yr + FTC 7yr + FCRA 5yr + GDPR 6yr + CCPA 3yr + GLBA 6yr + IRS 7yr + per-state telemarketing variable + state variable) per operator counsel policy.
What does the engagement look like across Tier 1 → Tier 2 → Tier 3, and what does the Tier 3 reporting cycle commit to?
Tier 1 AI Readiness Assessment ($10k, 2-3 weeks, diagnostic): audits the operator current multi-source lead ingestion posture against the 4-skill bundle + 5-anchor compliance gate + per-source TrustedForm/Jornaya/LeadID certificate-verification status; deliverable is a gap-pack report identifying which lead sources lack consent-certificate verification, which third-party sources lack GDPR Article 14 fan-out coordination, which jurisdictions have unenforced opt-out-of-sale/sharing checks, which FTC TSR + per-state telemarketing registration gaps exist, which per-vertical lead-gen compliance gaps exist, and a recommended remediation sequence for Tier 2. Tier 2 AI Swarm Setup Sprint ($25-50k, 4-8 weeks): builds the 4-skill bundle on the lead-scoring-routing agent, wires paid-ad lead-form vendors (operator-chosen Google Ads Lead Form + Microsoft Advertising Lead Form + Meta Lead Ads + LinkedIn Lead Gen + TikTok Lead Generation + Snap + Pinterest + Reddit + X), website form vendors, chat vendors, email-inbound parsing, phone-inbound vendors (CallRail + Invoca + CallTrackingMetrics + DialogTech + Twilio + Bandwidth + Plivo), lead-aggregator vendors (operator-chosen subset), affiliate-network vendors, webinar + event vendors, lead-consent-certificate vendors (TrustedForm + Jornaya/LeadID + ActiveProspect + Convoso compliance + Contact Center Compliance — operator chooses), CRM destination (Salesforce + HubSpot + Pipedrive + Microsoft Dynamics + Zoho — operator chooses, shared with multi-location CRM record creation sibling skill), warehouse + reverse-ETL, consent management, policy-as-code, WORM-storage, runs 30-day shadow + canary period before flipping to enforce-mode. Tier 3 Fractional CMO with AI Swarm ($15-25k/month, 6-month minimum, 1-2 days/wk embedded): continues operating with daily per-source data-feed health checks, weekly per-source certificate-verification audits, monthly per-source attribution-preservation calibration, quarterly per-state telemarketing registration renewals, quarterly Article 14 fan-out audit, quarterly FTC TSR compliance evidence packages, quarterly per-vertical lead-gen compliance updates. Tier 3 reporting is a 6-workstream pre-engagement-baseline reporting cycle (per-source canonical ingestion completeness trend + per-lead attribution preservation accuracy trend + per-lead deduplication accuracy trend + per-source feedback to downstream agents completeness + per-source TrustedForm/Jornaya/LeadID certificate-verification freshness + WORM audit-trail completeness) measured against the operator’s pre-engagement baseline. Each workstream surfaces trend direction and the gap to operator-defined targets. Reporting carries explicit caveats: lead-source vendor SLA + per-source schema/API change cycles + per-state-comprehensive-privacy statute amendments + EU AI Act implementing-regulation updates + FCRA + state consumer-reporting-law amendments + TCPA + 10DLC + TCR use-case taxonomy + CAN-SPAM + CASL amendments + FTC Telemarketing Sales Rule amendments + per-state telemarketing act amendments + FTC lead-gen enforcement settlements + Lead Generator Rule rulemaking developments + ActiveProspect + Jornaya methodology changes sit outside Completions control. Attorney-client privilege preservation across operator per-source DPA library + per-source TrustedForm/Jornaya/LeadID certificate verification policy + Article 14 fan-out policy + per-state-comprehensive-privacy opt-out-of-sale/sharing policy + per-state telemarketing registration records + FTC TSR compliance evidence records is maintained per operator counsel policy.
Who owns the lead source registry, the certificate verification policy, the deduplication model, and the audit trail?
Operator owns every artifact. The lead source registry lives in operator data infrastructure (Snowflake + Databricks + BigQuery + Redshift + Postgres — operator chooses). The per-source vendor credentials (Google Ads Lead Form + Microsoft Advertising Lead Form + Meta Lead Ads + LinkedIn Lead Gen + TikTok Lead Generation + Snap + Pinterest + Reddit + X + 40+ website form + chat + email + phone + lead-aggregator + affiliate + webinar + event vendor accounts) all run under operator billing on operator-controlled accounts. The TrustedForm + Jornaya/LeadID + ActiveProspect + Convoso compliance + Contact Center Compliance subscriptions run under operator account. The per-source DPA + SCC library lives in operator counsel repo. The per-source TrustedForm/Jornaya/LeadID certificate verification policy lives in operator code repo, counsel-aligned. The Article 14 fan-out policy + per-state-comprehensive-privacy opt-out-of-sale/sharing classification + per-state telemarketing registration records + FTC TSR compliance evidence + per-vertical lead-gen compliance records live in operator counsel repo. The Ingest code, Attribute code, Deduplicate model code, and Feedback wiring all live in operator code repo. The per-vertical compliance overlay rule library lives in operator code repo, attorney-approved. The consent-management vendor (OneTrust, TrustArc, Ketch, Securiti, BigID — operator chooses, shared with the multi-location CRM record creation + customer-change-event-emission sibling skills) runs under operator account. The WORM audit trail lives on operator-controlled cloud storage (AWS S3 Object Lock, GCS retention, Azure Blob immutable, Snowflake Time Travel). The policy-as-code policies (OPA Rego, AWS Cedar, Casbin, Cerbos, Oso) live in operator code repo, counsel-aligned. Completions owns the orchestration knowledge — how to design the per-source Ingest contract for the operator’s actual source mix, how to compose TrustedForm + Jornaya/LeadID certificate verification with operator counsel policy, how to wire Article 14 fan-out coordination, how to tune Deduplicate against the operator’s actual cross-source overlap patterns, how to design Feedback signals that improve downstream firmographic + BANT + behavioral enrichment quality, how to compose per-state telemarketing registration + FTC TSR + per-vertical lead-gen compliance into a single coherent gate — and that knowledge transfers under the Tier 3 transition path (30-60 days at engagement end with full hand-off of the Ingest contract, the Attribute pipeline, the Deduplicate model, the Feedback wiring, the certificate verification policy, and the compliance evidence-package generation playbook). Completions credentials revoke on engagement-end.
Engage Completions
Start with the AI Readiness Assessment (Tier 1, 2-3 weeks, $10k): audit of current multi-source lead ingestion posture against the 4-skill bundle + 5-anchor compliance gate + per- source TrustedForm/Jornaya/LeadID certificate verification status. Hand off to Tier 2 AI Swarm Setup Sprint ($25-50k, 4-8 weeks): build the 4-skill bundle on the lead-scoring-routing agent, wire paid-ad lead forms + website forms + chat + email + phone-inbound + lead aggregators + affiliate networks + webinar + event + lead-consent certificates + CRM destination + warehouse + reverse-ETL + consent management + policy-as- code + WORM-storage, run 30-day shadow + canary before flipping to enforce-mode. Continue under Tier 3 Fractional CMO with AI Swarm ($15-25k/mo, 6-month minimum, 1-2 days/wk embedded).
Related reading
- Done-for-you multi-location CRM record creation (downstream sibling — consumes the canonical lead stream this skill emits and runs Capture + Score + Route + Enrich + Persist into the operator CRM)
- Done-for-you buyer-state-aware BANT scoring + firmographic enrichment (sibling — receives per-source Feedback signals from this skill)
- Fractional CMO with AI Swarm (Tier 3 engagement that operates the lead-ingestion cycle)