Executive Summary
Bannerflow is a Stockholm-based creative management platform (CMP) founded in 2010 that enables marketing teams to create and publish HTML5 display ads across 100+ networks. While the company claims GDPR compliance and participates in IAB TCF (ID 273), runtime analysis reveals a 17.9% pre-consent tracking rate with undisclosed third-party vendors (Emerse, Gravite) loading before consent is obtained. This creates compliance liability for customers deploying Bannerflow creatives, as the gap between stated compliance posture and observed behavior undermines GDPR consent requirements.
Revenue Threat Profile
4 COLLAPSE VECTORSHow this vendor creates financial exposure. Each score (0-100) reflects observed runtime behavior and documented business practices.
CAC Subsidization
As an ad creative platform, Bannerflow does not directly corrupt measurement. However, undisclosed tracking partners (Emerse, Gravite) may create attribution conflicts for customers by introducing untracked data flows that fragment the measurement chain.
Signal Corruption
Bannerflow publishes ads to 100+ networks including competitors' DSPs. The undisclosed tracking vendors create potential demand signal leakage - customer campaign data may flow to parties not covered by data processing agreements, enabling competitive intelligence gathering.
Legal Tail Risk
Pre-consent tracking creates regulatory attack surface. Customers using Bannerflow creatives inherit the compliance gap, exposing them to GDPR enforcement risk. The 17.9% pre-consent rate represents measurable non-compliance evidence.
GTM Attack Surface
The company claims GDPR compliance and IAB TCF participation but loads tracking scripts before consent. This creates consent divergence - the legal position (compliant) does not match the technical reality (pre-consent tracking). Customers face vicarious liability for Bannerflow's consent violations.