01 · Foundation

Foundation & readiness.

Data footprint, governance, sensitivity, and readiness gates before platform selection.

Most data collaboration projects fail before the platform decision because the data, rights, governance, and outputs are not clear.

Scope this playbook → Run the 5-minute assessment →
FOUNDATION READINESS Data — raw, sourced, and accounted for. Nothing downstream is real until the inputs are. STEP 1 Data raw + sourced Governance — clear owners, access rules, and lineage so the data can be trusted and traced. STEP 2 Governance owners + rules Sensitivity — classify what is sensitive and mask or restrict it before it moves anywhere. STEP 3 Sensitivity classify + mask Canvas — modelled, joined, and shaped into a usable analytical surface. STEP 4 Canvas modelled + joined Gates — quality checks and approvals that decide what is allowed to leave. STEP 5 Gates checks + approvals Ready — every prerequisite below is in place, so the foundation can carry real workloads and governed output. SUMMIT READY From raw data to ready.
First-party data strategy is not one thing

Four strategy lanes.

Each lane has a different operating model. Confusion starts when they're treated as the same problem.

  1. 01

    CRM strategy

    Known customer records, consent, lifecycle, loyalty, retention, and customer value.

  2. 02

    Behavioral data strategy

    Site, app, content, product usage, engagement, and unauthenticated signals.

  3. 03

    Clean room strategy

    Governed matching, analysis, measurement, activation, or enrichment between two or more parties.

  4. 04

    Enterprise data strategy

    The operating model that connects data, governance, cloud, identity, analytics, activation, and decision workflows.

Data footprint

Footprint before platform fit.

The collaboration shape is decided by what data lives where, who owns it, how sensitive it is, and what governance must wrap it. Pick the platform from the decision, not the logo.

"If the use case cannot be tied to a business or customer outcome, it is not ready for a clean room."

Data sensitivity strategy

Sensitivity determines the collaboration pattern.

Read the pyramid from the base up: public, low-risk data sits at the wide bottom; logic and IP that must never leave sit at the narrow apex. The more sensitive the data, the more the product shifts from share to clean room to native app.

  1. Logic / IP must also be protected native app, UDF, model container, code-based restrictions
  2. Both sides cannot expose raw data symmetric clean room, multi-party collaboration, approved workloads
  3. Individual records cannot be shown clean room queries, approved templates, output restrictions
  4. Exact statistics cannot be exposed aggregation policy, thresholds, differential privacy
  5. PII or regulated identifiers hashed IDs, clean room match, masking policies
  6. Recipient-specific data private listing, secure share, row access policy
  7. Public or low-risk data marketplace listing, open sample, public documentation

"The more sensitive the data, the more the product shifts from share to clean room to native app."

Practical artifact

The collaboration canvas.

A clean room or cloud workflow should not start until these twelve questions are answered. Now extended with the semantic, evaluation, and agent-exposure fields the richer stack requires.

01

Ambition

What are we trying to improve?

02

Business benefit

How will this improve revenue, retention, efficiency, growth, risk, or customer value?

03

Customer benefit

Why is this good for the end user or customer experience?

04

Data in

What data is required, what format is it in, and where does it live?

05

Legal basis

What consent, rights, permitted use, and processing basis exist?

06

Match logic

How will the data connect safely? What identifiers, keys, or aggregation rules apply?

07

Data out

What output is allowed: insight, aggregate, model score, audience, export, or activation?

08

KPI

How will success be measured?

09

Production path

What happens after the POC if it works?

10

Semantic context

What definitions, metadata, synonyms, metric logic, or approved questions are needed for business users to trust the output?

11

Evaluation loop

How will accuracy, completeness, business usefulness, and edge cases be tested over time?

12

Agent / API exposure

Will this workflow be exposed to agents, APIs, dashboards, apps, or automated decision systems? If so, what controls apply?

Four readiness gates

Before the platform conversation.

Most vendors skip from data readiness to platform selection. That is why POCs stall. Governance, semantics, and evaluation need to be designed before the workflow scales.

  1. 01

    Data readiness

    • Do we know what data exists?
    • Is it documented?
    • Is ownership clear?
    • Is refresh cadence known?
    • Are sensitive fields tagged?
  2. 02

    Governance readiness

    • Who can access what?
    • What outputs are allowed?
    • What is the consent or legal basis?
    • What is auditable?
    • What needs approval?
  3. 03

    Semantic readiness

    • Are business metrics defined?
    • Are synonyms and value mappings documented?
    • Are example questions available?
    • Are benchmark answers known?
    • Can business users understand the data?
  4. 04

    Agentic readiness

    • Can tools be safely exposed?
    • Are usage limits defined?
    • Are model / agent outputs evaluated?
    • Is tracing available?
    • Is feedback captured?
First-party readiness

First-party marketing analytics readiness.

Before a platform or a clean room, five readiness questions decide whether a marketing-analytics workflow can actually run — identity, data, tech, measurement, and activation.

  1. 01

    Identity readiness

    • Is there a consistent first-party customer ID?
    • When is it assigned — site visit, login, purchase, app session, CRM record, or offline event?
    • What share of users can be connected to that ID?
    • Which systems capture it?
    • Does it connect across online and offline data?
    • Which hashed, pseudonymous, or platform IDs are in use?
    • What consent state is attached?
  2. 02

    Data readiness

    • Where does CRM data live?
    • Where do site / app events live?
    • Where does offline sales or product data live?
    • Which media-exposure and campaign logs are accessible?
    • Are GA4 / BigQuery exports configured?
    • Are schemas documented?
    • Are timestamps, campaign taxonomy, and customer keys consistent?
  3. 03

    Tech readiness

    • What tools execute campaigns today?
    • Which platforms collect, transform, analyze, visualize, and activate data?
    • What is the current path from insight to activation?
    • What sits outside GMP / Google?
    • Which CDP, CRM, email, DSP, attribution, tag-management, and warehouse tools are used?
  4. 04

    Measurement readiness

    • What business questions need answers?
    • What KPIs matter?
    • Which channels need attribution, MMM, lift, or incrementality?
    • What output can leave each environment?
    • What is the production measurement cadence?
  5. 05

    Activation readiness

    • Where can outputs be activated?
    • Which audiences are eligible?
    • What suppression rules exist?
    • What CRM, paid-media, owned, and site / app paths are available?
    • Who owns the activation handoff?

Run the readiness assessment →

Meta signal readiness

Meta signal readiness — where Meta media is material.

Before deeper Meta analytics, the signal pipeline has to hold. These checks decide whether Meta measurement, attribution, and lift can be trusted — see the Meta Advanced Analytics deep dive.

  • Is the Pixel implemented correctly?
  • Is the Conversions API (CAPI) implemented?
  • Are event IDs used for deduplication across Pixel and CAPI?
  • Is Event Match Quality (EMQ) monitored?
  • Are offline / CRM events mapped to the right event taxonomy?
  • Are app events and SKAN constraints understood?
  • Are Aggregated Event Measurement (AEM) priorities documented?
  • Are attribution windows documented?
  • Is consent captured and respected?
  • Are datasets / event sources organized?
  • Is the output policy clear before advanced analytics?
Maturity model

Enterprise collaboration maturity.

Most companies do not jump from media-led to decision-orchestrated. They need a roadmap.

  1. 01

    Media-led

    Campaign execution, platform reports, broad audiences, limited customer-data use, basic reach and frequency.

    • mostly platform reporting
    • limited owned data
    • limited link to business outcomes
    • last-click or channel-only measurement
    • teams work in silos
  2. 02

    Data-explorative

    Some owned data is used for targeting, suppression, exploration, or platform uploads.

    • CRM or web/app data exists
    • direct platform uploads
    • early audience segments
    • single-channel testing
    • limited clean room experimentation
  3. 03

    Collaboration-ready

    Governed data, clear business questions, clean room or cloud path, output policy, and POC criteria exist.

    • use cases are prioritized
    • match keys are defined
    • measurement approach is clear
    • governance owner exists
    • platform fit is based on output
  4. 04

    Decision-orchestrated

    Repeatable workflows connect identity, measurement, activation, insights, and optimization to business KPIs.

    • recurring clean room workflows
    • deduplicated cross-channel measurement
    • predictive or LTV models
    • business KPI optimization
    • in-house analytics or clear partner operating model
    • data collaboration feeds planning and investment decisions
Open vs governed

Open collaboration does not mean open access.

Enterprise buyers want interoperability, but not uncontrolled movement. The commercial promise is open collaboration with governed access — work across tools, engines, clouds, and partners while preserving policy, consent, auditability, and output control.

  1. 01

    Open access

    Anyone with credentials can move, copy, or export data. No policy boundary.

  2. 02

    Secure sharing

    Data is shared with named partners under contract — but downstream use is largely unmonitored.

  3. 03

    Clean room

    Match, query, and aggregation happen inside a governed environment. Raw data does not leave.

  4. 04

    Governed output

    Approved aggregates, scores, or activations can be exported — under output policy.

  5. 05

    Activation rights

    Defined permission to use the output to activate (suppress, target, optimize) — separately scoped.

  6. 06

    Agent / tool permissions

    Specific tools, queries, and APIs are allow-listed for agentic systems with usage controls and tracing.

Foundation looks ready? Pick the right environment next.

Once governance, footprint, semantics, and agentic readiness are mapped, the next decision is which collaboration environment fits the job.

Scope this playbook → Next: Platform Fit → Back to overview →