What Is an Identity Graph?
An identity graph (also called an ID graph) is a database that links multiple identifiers (cookies, device IDs, email addresses, phone numbers, and CRM records) to a single unified customer profile. Marketers use it to recognize the same person across browsers, devices, and channels, enabling consistent targeting, accurate frequency capping, and reliable attribution.
Without an identity graph, a brand sees fragments: a mobile user, a desktop visitor, and an email subscriber that may all be the same person but appear as three separate records. The graph stitches those fragments into one persistent identity.
How an Identity Graph Works
Every identity graph operates on two types of matching: deterministic and probabilistic.
Deterministic Matching
Deterministic matching links identifiers through confirmed, first-party signals. When a user logs into a brand’s site on their phone and later on their laptop, both sessions share the same authenticated email address. The graph records that connection with high confidence. Retailer loyalty programs are a primary source of deterministic data because the sign-in event creates a reliable anchor.
Probabilistic Matching
Probabilistic matching infers connections using statistical signals: shared IP address, similar browsing patterns, location data, and device fingerprints. These links carry lower confidence scores but extend reach beyond logged-in users. A probabilistic match might correctly link two devices to one person 70 to 85 percent of the time, depending on the methodology.
The Core Formula: Match Rate
Advertisers evaluate identity graph quality partly through match rate, the percentage of a brand’s audience records that resolve to a known identity in the graph.
| Metric | Formula | Benchmark |
|---|---|---|
| Match Rate | Matched Records / Total Records × 100 | 40–70% typical; 80%+ strong |
| Identity Resolution Rate | Unified Profiles / Raw Identifiers × 100 | Varies by data richness |
| Cross-Device Accuracy | Correct Links / Total Probabilistic Links × 100 | 70–90% for top providers |
A consumer packaged goods brand uploading 10 million CRM records to a demand-side platform might see a 55% match rate, meaning 5.5 million records resolve to addressable digital profiles. The remaining 45% either lack digital identifiers or fall outside the graph’s coverage.
Why Identity Graphs Matter Now
Third-party cookie pressure accelerated demand for identity graphs. Google’s repeated delays and eventual pivot away from outright cookie deprecation in Chrome created years of planning instability for advertisers. Chrome holds roughly 65% of global browser market share, which meant any shift in its cookie policy affected the majority of web advertising. Rather than remain dependent on an unstable tracking infrastructure, brands accelerated investment in identity graphs built on first-party and authenticated data. [VERIFY: Google’s current cookie policy status as of publication date]
The practical consequence is direct: brands that previously relied on cookie-based retargeting must now either build internal identity infrastructure or license access to an external graph to maintain reach, frequency control, and attribution accuracy.
Major Identity Graph Providers
Several companies operate large-scale identity graphs that brands and agencies license.
- LiveRamp — San Francisco-based data connectivity company whose RampID links over 200 million U.S. consumer profiles. LiveRamp’s graph is widely integrated into DSPs, SSPs, and clean room environments.
- The Trade Desk (Unified ID 2.0) — Programmatic advertising platform that built an open-source identity standard based on hashed, authenticated email addresses. Adopted by over 700 publishers as of 2024.
- Neustar (TransUnion) — Data and analytics company whose TrueAudience graph covers approximately 250 million U.S. adults, used heavily in financial services and telco verticals.
- Acxiom — Little Rock-based data company with a consumer graph spanning over 2.5 billion people globally, primarily used for CRM onboarding and audience enrichment.
Key Use Cases
Cross-Device Frequency Capping
Without a unified identity, a user might see the same ad six times on mobile and four times on desktop, creating ten total exposures against a campaign cap of three. An identity graph ties both devices to one profile, enforcing the cap as intended and reducing wasted spend. For a $10 million programmatic campaign, industry estimates suggest frequency waste without identity resolution can consume 15 to 25% of budget.
Audience Onboarding
Brands upload offline CRM data (hashed email addresses, postal records) to a graph provider, which maps those records to digital identifiers for activation in paid media. A retailer with 8 million loyalty members can onboard that segment to a DSP and suppress it from prospecting campaigns, reducing redundant spend.
Multi-Touch Attribution
Accurate multi-touch attribution requires resolving which touchpoints belong to which customer journey. An identity graph collapses device-level touchpoints into person-level paths, giving attribution models a cleaner input. A user who clicked a display ad on mobile, searched on desktop, and converted via email represents three separate events in a fragmented view. In a resolved view, it is a single conversion path.
Suppression and Lookalike Modeling
Existing customers resolved in an identity graph can be suppressed from acquisition campaigns and used as seeds for lookalike audience modeling. The larger and more accurate the seed match, the higher the signal quality for the modeled expansion.
First-Party vs. Third-Party Identity Graphs
Brands increasingly build proprietary first-party identity graphs rather than depending entirely on licensed external graphs. A first-party graph assembles authenticated data from owned channels: login events, CRM records, loyalty programs, and email engagement. This approach improves data freshness and reduces dependency on third-party providers, but requires investment in customer data platform infrastructure and consent management.
Hybrid approaches are common. A brand maintains a first-party graph for its highest-value segments and extends reach by syndicating into a licensed graph for broader addressability.
Privacy and Consent Considerations
Identity graph operations sit at the intersection of marketing efficiency and consumer privacy regulation. Under GDPR in the European Union and CCPA in California, brands must have a lawful basis for processing personal identifiers used in graph construction. Hashing email addresses reduces exposure but does not eliminate compliance obligations. Consent management platforms must capture and pass opt-out signals to graph providers, or the brand faces regulatory exposure.
Apple’s App Tracking Transparency framework, launched in 2021, restricted device-level tracking on iOS and reduced the supply of mobile identifiers available for probabilistic graph construction. This widened the data gap between iOS and Android users within many identity graphs and pushed providers toward email-based deterministic identifiers as a more durable foundation.
Identity Graph vs. Related Concepts
An identity graph is often confused with adjacent technologies. A data management platform organizes audience segments but typically operates on anonymous cookie-based data without resolving cross-device identity. A customer data platform ingests first-party behavioral and transactional data into unified customer profiles but may not extend matching to third-party digital identifiers. An identity graph specifically focuses on the linkage layer: resolving which identifiers belong to the same person, regardless of where the profile data ultimately lives.
The practical distinction matters for vendor selection. A brand solving for cross-device targeting needs an identity graph with strong match rates against DSP identifiers. A brand solving for customer journey analytics may find a CDP with a built-in identity layer sufficient for its use case.
Frequently Asked Questions
What is an identity graph in marketing?
An identity graph is a database that connects multiple digital identifiers (cookies, device IDs, email addresses, and CRM records) to a single unified customer profile. Marketers use it to recognize the same person across devices and channels, which enables consistent ad targeting, frequency capping, and attribution across fragmented touchpoints.
What is the difference between an identity graph and a CDP?
An identity graph focuses specifically on resolving which identifiers belong to the same person, across first-party and third-party data sources. A customer data platform ingests first-party behavioral and transactional data to build unified profiles but may not extend identity matching to external digital identifiers. The two are complementary: a CDP manages profile data, while an identity graph handles the cross-device linkage layer beneath it.
What is a good match rate for an identity graph?
A match rate of 40 to 70% is typical for most brands uploading CRM data to a third-party graph. A match rate above 80% is considered strong. The rate depends on data richness: brands with large authenticated email lists or loyalty program data tend to match higher than brands with sparse CRM records.
How do identity graphs work without third-party cookies?
Identity graphs built on authenticated, first-party signals, such as hashed email addresses and login events, do not depend on third-party cookies. Deterministic matching through verified login data is the most stable approach. Probabilistic matching using IP addresses, device fingerprints, and location signals provides additional reach, though at lower confidence scores than deterministic links.
Do identity graphs comply with GDPR and CCPA?
Compliance depends on implementation. Under GDPR and CCPA, brands must have a lawful basis for processing personal identifiers used in graph construction. Hashing email addresses reduces direct exposure of personal data but does not eliminate compliance obligations. Consent management platforms must capture and pass opt-out signals to graph providers. Brands that fail to do this face regulatory risk, regardless of which graph provider they use.