Key Takeaways
- Didomi acquired Sourcepoint in July 2025, financed by Marlin Equity Partners' roughly $83 million majority stake in Didomi: the second acquisition in two months after Didomi bought server-side tagging startup Addingwell that April.
- Customer overlap is minimal. Didomi's base of roughly 1,500 clients is concentrated in Europe and Canada, while Sourcepoint's 200+ enterprise customers sit mostly in the U.S., U.K., and Germany, a geographic combination rather than a head-to-head consolidation of the same buyers.
- Both companies say the platforms will run separately, on unchanged pricing and support contacts, while engineering builds toward one unified product over roughly two years.
- A two-year unification window is still a live integration project sitting on top of your production consent infrastructure. That's a planning fact for buyers, not a criticism of the deal.
- If you're currently shopping for a CMP, the practical move is to ask any consolidating vendor directly what "unified platform" will mean for your specific configuration, then weigh that answer against what an independent vendor can commit to today.
Your team is comparing consent management platforms this quarter, and one of the names on the shortlist just changed ownership. If you're currently evaluating CMPs and Didomi or Sourcepoint is in the mix, the acquisition changes what questions you need answered before signing. It doesn't disqualify either platform on its own, but it does mean the usual procurement checklist is missing a handful of questions specific to a mid-consolidation vendor.
What actually happened
On July 8, 2025, Didomi announced it had acquired Sourcepoint, uniting two consent management platforms that had spent the better part of a decade competing for the same enterprise privacy budget. Didomi's own announcement and Sourcepoint's parallel post frame it as two companies "joining forces," but the mechanics are a straightforward acquisition: Didomi bought Sourcepoint, not a merger of equals in the legal sense.
The deal was financed on the back of a roughly $83 million majority investment that private equity firm Marlin Equity Partners had made in Didomi only months earlier, according to AdExchanger's reporting and Marlin's own announcement. That backing matters for how you read the deal: this isn't two founders deciding to combine forces organically. It's a PE-backed roll-up, and Sourcepoint is the second acquisition in as many months. Didomi, with Marlin's support, had already bought Addingwell, a server-side tagging startup, that April.
Sourcepoint itself started in 2015 as an anti-ad-blocking tool for publishers before evolving into a full consent and compliance platform, which is what put it in direct competition with Didomi. Didomi CEO Romain Gauthier described the rationale in terms of scale and AI-era data governance, telling AdExchanger: "We both believe that privacy is fundamental and it's an important problem that the industry needs to solve." Sourcepoint co-founder and COO Brian Kane framed the enterprise gap the deal is meant to close: "When it comes to personal data, there just aren't really solutions out there that solve [enterprise] privacy problems."
Two details matter more than the framing:
Overlap is genuinely low. Didomi serves roughly 1,500 clients concentrated in Europe and Canada. Sourcepoint's 200+ enterprise customers sit mostly in the U.S., U.K., and Germany, with a strong publisher and ad-tech client base built on Sourcepoint's anti-ad-blocking roots. Combined, the two customer bases put the merged company at roughly 1,700+ customers globally, a geographic and vertical combination more than a head-to-head merger of rival customer bases, which is a materially different risk profile than two platforms competing for the exact same accounts and needing to consolidate redundant contracts.
The unification timeline is long by design. Both companies say the plan is to build one platform out of Didomi's and Sourcepoint's technology over roughly two years, specifically to avoid disrupting either customer base. Sourcepoint's post from co-founders Ben Barokas and Brian Kane commits to unchanged pricing, unchanged support contacts, and no required customer action in the near term. That's the right instinct for an acquirer trying to protect retention. But a two-year integration window is also, by definition, two years in which product roadmaps, support structures, and technical architecture are subject to change beneath a platform you may already depend on.
What this means if you're a current Sourcepoint customer
Nothing changes on your invoice or your support ticket queue today. What changes is the planning horizon you should be using.
Roadmap uncertainty during the integration window. Sourcepoint's product roadmap is no longer solely Sourcepoint's to set. Features that were on Sourcepoint's independent 2025 roadmap may get reprioritized, delayed, or folded into a combined architecture that looks different from what you evaluated when you signed. This isn't hypothetical vendor concern-trolling: it's the standard mechanics of post-acquisition product planning, where a combined roadmap has to serve two previously separate customer bases and, eventually, converge on one codebase.
Re-platforming risk, on a timeline you don't control. "Unified platform over two years" is the acquirer's schedule, not yours. If your organization runs Sourcepoint's Dialogue CMP integrated into ad-tech workflows, vendor management systems, or custom consent signal routing, a future migration to a unified Didomi-Sourcepoint stack is a real technical project, one you'll need to scope, test, and budget for whenever it lands, even if "no action required" is true for now.
Support continuity is a commitment, not a structural guarantee. The stated intent, keeping dedicated points of contact and pricing steady, is reasonable for an acquirer to make and likely to hold in the short term. But support org charts, account management structures, and escalation paths are exactly the kind of thing that quietly changes 12-18 months into a two-year integration, after the initial retention-focused messaging has done its job. Ask your account team, in writing, what the escalation path looks like a year from now, not just today.
A practical step: request a written statement from Sourcepoint (now Didomi) about the specific integration milestones that will affect your account, and put a calendar reminder to revisit consent configuration documentation every quarter through the stated two-year window. Not because something will necessarily break, but because "no action required" announcements rarely also announce when that changes.
What this means if you're a current Didomi customer
The risk runs in the other direction: integration distraction, not platform disruption.
Didomi's engineering, product, and support organizations now have two acquisitions to absorb in roughly the same window: Addingwell in April 2025 and Sourcepoint in July 2025, on top of running the platform you already use. Every hour Didomi's product team spends reconciling Sourcepoint's architecture, data models, and customer commitments is an hour not spent on the roadmap items Didomi customers were promised before the acquisitions started. That's not a criticism specific to Didomi; it's what happens inside any company absorbing two acquisitions in one two-month stretch, regardless of how well-resourced the M&A is.
Didomi has publicly framed both moves as accelerating its ambitions: combining consent management with server-side tagging (Addingwell) and expanded enterprise and publisher reach (Sourcepoint) into what Gauthier has described as infrastructure for a more automated, AI-driven privacy landscape, including consent frameworks built for agent-to-agent AI interactions. That's a coherent long-term thesis. It's also a lot of integration surface area for one product organization to absorb in a single fiscal year, which is a fair question to raise with your Didomi account team if platform stability matters more to you than roadmap ambition over the next 18 months.
Where the broader CMP market sits in 2026
This deal isn't happening in isolation. Gartner's Market Guide for Consent and Preference Management has tracked steady consolidation pressure alongside real market growth: the firm put 2024 end-user spend on consent and preference management at roughly $509 million, up 27% year over year, with double-digit growth projected to continue. Growth and consolidation aren't contradictory. A market this size, growing this fast, is exactly the kind of category private equity and strategic acquirers move into once it's proven durable rather than speculative.
That context matters for how you read the Didomi-Sourcepoint deal: it's not a distress acquisition of a failing platform. It's a scale play inside a market analysts expect to keep growing, executed by an investor (Marlin) that has now backed two acquisitions from the same platform inside a few months. Expect more of this, not less, across the CMP category over the next few years, which is precisely why the evaluation habits below are worth building now rather than after your next vendor gets acquired.
Evaluation checklist: buying a CMP mid-consolidation
If you're currently shopping and want to avoid picking a platform that gets acquired out from under you mid-contract, add these questions to whatever comparison matrix you're already building:
- Who owns the company, and what's their acquisition history? A vendor backed by a PE firm actively rolling up the category is a different risk profile than a founder-owned or strategically independent company. This is standard third-party vendor risk management territory, and it applies to your CMP vendor the same way it applies to any other processor: ask directly, and check public statements and funding announcements before the sales call, not during it.
- What does the contract say about a change of control? Look for termination rights, pricing lock-in duration, and data portability commitments specifically tied to an acquisition event, not just standard SLA language.
- Is the product roadmap owned by the team you're buying from, or inherited from a parent company's integration plan? Ask what's shipped in the last two roadmap cycles versus what's planned, and whether any planned features depend on a merger with another codebase completing first.
- What happens to your consent logs and audit trail during a platform migration? If a future re-platforming event happens, you need continuous, exportable consent records for regulatory defense. Ask how that's guaranteed contractually, not just technically.
- How many acquisitions has this vendor completed or been part of in the last 24 months? One is a growth story. Two in two months, as with Didomi, is a data point worth weighing against your organization's tolerance for platform change during your contract term.
- Reference-check a customer who joined before the most recent acquisition. Ask them directly what changed for them post-deal: pricing, support responsiveness, feature delivery speed, rather than relying on the acquirer's retention messaging alone.
None of these questions should disqualify Didomi or Sourcepoint automatically. Plenty of enterprise buyers will reasonably decide that a well-capitalized, consolidating platform is a safer long-term bet than a smaller independent one. The point of the checklist is to make that a documented decision, not a default one.
Where an independent vendor fits into the risk calculus
An independent, non-consolidating CMP isn't automatically the safer choice. Smaller vendors carry their own risks around long-term viability and feature velocity. But independence does remove one specific variable from your evaluation: you're not trying to forecast what a two-year platform unification will do to your configuration, your support contact, or your consent architecture, because there isn't one happening.
Secure Privacy's Cookie & Consent solution is built and operated as a single platform rather than a roadmap-in-progress across two merging codebases, with a compliance scanner that re-crawls a site's cookies, trackers, TLS, and data locations monthly and updates itself automatically as it detects changes, not a scan performed once and left stale through an acquisition cycle. Consent records are logged automatically for every accept, decline, and partial response, exportable on demand from the dashboard, which matters directly to the audit-continuity question in the checklist above: if you're worried about consent-log continuity through a vendor's platform transition, ask whether the vendor you're evaluating can show you that same export today, not after a future migration completes.
For organizations weighing whether Didomi's or Sourcepoint's post-acquisition roadmap will still fit their compliance footprint in two years, it's also worth comparing breadth today rather than breadth promised: Secure Privacy currently covers 55+ privacy laws and ships pre-translated banners in 70+ languages out of the box, with a visitor preference center built to the specific requirements of GDPR, CCPA, LGPD, and UAE PDPL rather than retrofitted after the fact. None of that is a knock on either merging platform's underlying technology. It's simply a data point for buyers who've decided that avoiding a mid-contract platform transition is worth more to them than the scale a consolidating vendor is betting on.
If your organization is currently mid-evaluation and the consolidation timeline above changes your calculus, a demo of Secure Privacy's consent platform is a reasonable next step for seeing what an unconsolidated roadmap looks like in practice before you sign anything.
FAQ
Did Didomi acquire Sourcepoint, or did they merge as equals?
Didomi acquired Sourcepoint in a deal announced July 8, 2025, financed with backing from Marlin Equity Partners. Both companies use "joining forces" language publicly, but the transaction structure is an acquisition, with Didomi as the acquiring, PE-backed entity.
Will Sourcepoint customers be forced onto Didomi's platform?
Not immediately. Both companies have stated that existing Sourcepoint customers keep their current platform access, pricing, and support contacts, with no near-term action required. The stated plan is to build a unified platform over roughly two years, which means a future migration is likely but not scheduled or detailed yet in public statements.
How much customer overlap exists between Didomi and Sourcepoint?
Very little by geography and vertical. Didomi's roughly 1,500 customers are concentrated in Europe and Canada; Sourcepoint's 200+ enterprise customers sit mostly in the U.S., U.K., and Germany with a strong publisher and ad-tech base. The combination is largely additive rather than a consolidation of rival accounts.
Is this Didomi's first acquisition?
No. Sourcepoint is Didomi's second acquisition within about two months, following its April 2025 acquisition of Addingwell, a server-side tagging startup — both backed by Marlin Equity Partners' investment in Didomi.
Should a CMP acquisition disqualify a vendor from consideration?
Not automatically. It's a factor to weigh, not a disqualifier. A well-funded, consolidating vendor can offer more roadmap investment and scale than a smaller independent one — the tradeoff is roadmap and support continuity risk during the integration window, which buyers should evaluate explicitly rather than assume away.
What should I ask a CMP vendor that's currently part of an active acquisition?
Ask what changes to contract terms, support structure, or product roadmap are tied to the acquisition; request written commitments on data portability and consent-log continuity; and reference-check a customer who was with the company before the deal closed to hear what's actually changed for them.




