Welche Arten von Kundendaten kann WiFi erfassen?

What Types of Customer Data Can WiFi Capture? — A Purple Intelligence Briefing [INTRODUCTION — approx. 1 minute] Welcome to the Purple Intelligence Briefing. I'm your host, and today we're cutting straight to a question that comes up in almost every enterprise WiFi conversation: what types of customer data can a WiFi platform actually capture, and how do you turn that raw signal into something commercially useful? Whether you're running a hotel group, a retail estate, a stadium, or a public-sector estate, the answer to that question shapes your entire data strategy. Get it right, and your guest WiFi becomes one of the most valuable first-party data assets in your business. Get it wrong, and you're either leaving intelligence on the table or — worse — creating a compliance liability. So let's get into it. We'll cover the four core data categories, the technical architecture behind the capture, what good looks like in practice, and the pitfalls that catch organisations out. This is a ten-minute briefing, so we'll move at pace. [TECHNICAL DEEP-DIVE — approx. 5 minutes] Let's start with the fundamentals. When a guest or visitor connects to your WiFi network, the interaction creates multiple data signals across four distinct categories. Understanding these categories is the foundation of any intelligent WiFi deployment. The first category is identity data — sometimes called declared identifier data. This is what the user actively provides at the point of authentication. On a guest WiFi platform like Purple, that happens at the captive portal, or splash page. The user sees a branded login screen and chooses how to authenticate: via email, mobile number, or a social login through Facebook, Google, or Apple. Each method yields a different identifier. Email gives you a verified contact address. Phone number gives you an SMS-capable channel. Social login gives you a richer profile — potentially including age range, location, and interests — depending on the permissions the user grants. The key technical point here is that this is first-party data. The user has actively consented to share it with your organisation, in exchange for network access. That consent event is logged with a timestamp, IP address, and the specific terms presented — which is exactly what GDPR Article 7 requires you to be able to demonstrate. Purple's platform handles that consent audit trail automatically, which removes a significant compliance burden from your IT and legal teams. The second category is behavioural data, and this is where WiFi analytics really differentiates itself from other data sources. Behavioural data is derived from the network interactions of connected devices — it doesn't require the user to do anything beyond staying connected. The most commercially valuable behavioural signals are dwell time, visit frequency, and zone-level movement. Dwell time is the duration a device remains associated with the network. In a retail environment, a dwell time of twelve minutes in a specific department correlates strongly with purchase intent. In a hotel lobby, a spike in dwell time at 11pm might indicate a bar revenue opportunity. Visit frequency tells you whether a guest is a first-timer or a loyal returner — and the delta between those two segments is where your CRM strategy lives. Zone-level movement data comes from triangulating signal strength across multiple access points. This is where the architecture matters. A single access point gives you presence data — you know the device is on the network. Multiple access points, properly positioned and calibrated, give you location data — you know which zone of the venue the device is in. This is the foundation of indoor positioning, and it's what separates a basic guest WiFi deployment from a genuine analytics platform. If you want to go deeper on the positioning architecture, there's a detailed guide on the Purple blog covering UWB, BLE, and WiFi-based indoor positioning systems that's worth reading alongside this. The third category is declared data — information the user explicitly provides beyond their login identifier. This typically comes through post-connection surveys, preference capture forms, or in-session prompts. Examples include dietary preferences in a hospitality setting, product category interests in retail, or accessibility requirements in a public-sector venue. Declared data has the highest signal quality of any category because there's no inference involved — the user has told you directly. The challenge is capture rate. You need to design the data collection touchpoint carefully to maximise completion without creating friction that degrades the connection experience. The fourth category is device and network metadata. This is data generated by the device itself during the association process, and it includes the device's MAC address — or a randomised proxy of it, since iOS 14 and Android 10 introduced MAC randomisation — the device type, operating system version, and signal strength readings from each access point. This data is primarily useful for network operations: understanding device mix, diagnosing coverage gaps, and capacity planning. But it also feeds into behavioural analytics — knowing that 68% of your visitors are on iOS, for example, shapes your push notification strategy and your app development roadmap. Now, a word on MAC randomisation, because it's a topic that trips up a lot of network architects. Since 2020, both Apple and Google have implemented per-network MAC randomisation by default. This means the hardware MAC address a device presents to your network changes on each new connection, which breaks the traditional method of using MAC as a persistent device identifier for repeat visit tracking. The workaround is to anchor your persistent identifier to the authenticated user record — the email or phone number captured at the splash page — rather than the device MAC. This is how Purple's platform handles it, and it's the correct architectural approach. The MAC becomes a session-level identifier; the authenticated credential becomes the persistent one. [IMPLEMENTATION RECOMMENDATIONS AND PITFALLS — approx. 2 minutes] Let me give you three implementation principles that separate deployments that deliver ROI from those that don't. First: design your splash page for data quality, not just data volume. It's tempting to ask for everything — name, email, phone, date of birth, preferences — in a single form. Resist that. Conversion rates drop sharply with each additional field. The better approach is progressive profiling: capture the minimum at first connection, then enrich the profile over subsequent visits through targeted prompts. A hotel guest who connects three times in a week is a far better candidate for a preference survey than a first-time visitor. Second: segment your data collection by venue type from day one. A retail deployment and a hospitality deployment have fundamentally different data priorities. In retail, dwell time and zone movement are the primary value drivers. In hospitality, repeat visit frequency and declared preferences drive the most revenue. Configure your analytics dashboards and your CRM integrations to reflect those priorities rather than using a one-size-fits-all template. Third, and this is the one most organisations get wrong: build your GDPR compliance architecture before you go live, not after. The five non-negotiables are: a documented lawful basis for each data type you collect — which for guest WiFi is almost always consent; a data minimisation policy that defines exactly what you capture and why; a retention schedule with automated deletion; a Subject Access Request workflow that can respond within the statutory 30-day window; and a breach notification protocol that meets the 72-hour ICO reporting requirement. Purple's platform automates the consent logging, SAR workflow, and retention scheduling components — but you still need the internal policies and the DPO sign-off. The most common pitfall I see is organisations deploying guest WiFi as an IT project rather than a data strategy project. The network goes live, users connect, and six months later someone in marketing asks "what data do we have?" and the answer is "not much, because nobody configured the analytics layer." Treat the data architecture as a day-one requirement, not a phase-two nice-to-have. [RAPID-FIRE Q&A — approx. 1 minute] Let me run through three questions that come up regularly. "Can we capture data from devices that don't connect to the network?" — No. Passive probe request monitoring was a common technique before MAC randomisation made it unreliable. For any meaningful data capture, the device needs to authenticate to your network. "Does social login give us access to the user's social media posts?" — No. Social login via OAuth gives you the profile fields the user consents to share — typically name, email, and profile picture. It does not give you access to their timeline, messages, or connections. "How does WiFi data integrate with our existing CRM?" — Most enterprise WiFi platforms, including Purple, support API-based CRM integration with platforms like Salesforce, HubSpot, and Microsoft Dynamics. The authenticated identifier — email or phone — is the join key. You push the behavioural and declared data from the WiFi platform into the CRM record, enriching your existing customer profiles with venue-level intelligence. [SUMMARY AND NEXT STEPS — approx. 1 minute] To wrap up: a well-deployed guest WiFi platform captures four categories of customer data — identity, behavioural, declared, and device metadata. Each category serves a different purpose, and the real value comes from combining them: knowing who your visitor is, how they behave in your venue, what they've told you about their preferences, and what device they're using. The architecture decisions that matter most are: anchoring persistent identity to authenticated credentials rather than MAC addresses; designing for progressive data enrichment rather than one-shot capture; and building your compliance framework before you go live. If you're evaluating a guest WiFi platform or looking to get more from an existing deployment, the Purple platform is built specifically around this data architecture. There are detailed guides on the Purple website covering data protection, analytics configuration, and integration patterns — links in the show notes. Thanks for listening. We'll be back with the next briefing shortly.