How to leverage SMS marketing solutions to increase return visits
This guide details how to architect and deploy SMS marketing solutions using the Purple Engage platform to drive return visits at hotels, retail venues, stadiums, and public-sector sites. It covers captive portal configuration, verified phone number capture via SMS OTP, GDPR-compliant consent architecture, and trigger-based campaign automation using existing wireless infrastructure from Cisco Meraki, HPE Aruba, and other supported vendors.
Listen to this guide
View podcast transcript
Executive summary
Venue operators and IT teams face a persistent challenge: converting first-time visitors into loyal, returning customers. While email campaigns remain a staple, SMS marketing solutions deliver superior engagement metrics that are hard to ignore. According to 2025 industry data from Sakari, SMS achieves a 98% open rate and a 45% response rate - far outpacing email's 22% open rate and 6% response rate. This guide details how to build and deploy an SMS marketing architecture using Purple Engage , covering the technical implementation of captive portal data capture, identity provider integration, and automated campaign execution. By integrating your existing wireless infrastructure - such as Cisco Meraki or HPE Aruba - with Purple's cloud overlay, you can automate SMS campaigns that drive measurable return visits without deploying new hardware. We operate across 80,000+ live venues and processed 440 million logins in 2024, giving us the data to know what works at scale.
Technical deep-dive
Deploying an SMS marketing architecture requires three layers: data capture, identity verification, and campaign automation. Each layer has specific technical requirements that your network and marketing teams must align on before deployment.
The captive portal as a data capture layer
The captive portal is the entry point for all first-party data collection. When a guest connects to the Guest WiFi SSID, the wireless controller places the device onto an isolated VLAN. A RADIUS (Remote Authentication Dial-In User Service) accounting message is sent to Purple's cloud platform, which triggers a redirect of the user's HTTP or HTTPS request to the Purple captive portal. The portal is served from Purple's cloud infrastructure, so no on-premises server is required.
At the portal, the user is presented with a login form. For SMS marketing, the form must capture the mobile phone number. Critically, it must also present a conscious-choice opt-in checkbox for marketing communications. Under GDPR, this checkbox must be unchecked by default. Under CCPA, the user must have a clear right to opt out. Purple's portal builder enforces these compliance requirements by design. For a deeper look at authentication methods, see the Guest WiFi product page.
SMS OTP verification
Capturing a phone number is only useful if that number is real and active. Purple Verify addresses this directly. When the user submits their phone number, the portal triggers an API call to an SMS gateway. The gateway dispatches a One-Time Password (OTP) to the number provided. The user must enter this OTP into the portal to complete authentication and gain internet access. This process eliminates fake data at the source. A verified phone number database is the foundation of any effective SMS marketing programme.
Purple operates as a cloud overlay on top of your existing hardware. We integrate directly with Cisco Meraki, HPE Aruba, Ruckus, Juniper Mist, Ubiquiti UniFi, Cambium, Extreme, and Fortinet. Your controller sends RADIUS Access-Request messages to Purple's RADIUS servers. Purple responds with Access-Accept or Access-Reject based on the authentication outcome. No hardware replacement is required.
Session tracking and return visit detection
Once authenticated, Purple logs the device's MAC address and associates it with the verified user profile. When the device reconnects to the Guest WiFi at a future date, the controller sends a new RADIUS Access-Request. Purple recognises the MAC address, authenticates the device silently, and logs the return visit event in the analytics dashboard. This return visit data is the trigger for automated re-engagement campaigns.
It is worth noting that modern smartphones use MAC address randomisation to protect user privacy. iOS 14 and Android 10 onwards randomise the MAC address per network. Purple's matching logic handles this by prompting re-authentication when a new MAC address is detected, then linking the new MAC to the existing user profile via the verified phone number or email address.
Implementation guide
Deploying Purple Engage for SMS marketing involves four configuration stages: network setup, portal design, consent architecture, and campaign automation.
Stage 1: Network configuration
Configure a dedicated Guest WiFi SSID, separate from Staff WiFi and IoT networks. For detailed network design guidance, see Three SSIDs to rule them all: guest, Passpoint, and IoT WiFi . Point your wireless controller's authentication and accounting servers to Purple's RADIUS endpoints. Add Purple's domains to the walled garden list on your controller. The walled garden allows the device to load the captive portal page before full internet access is granted - without this, the portal will not load and the user cannot authenticate.
Stage 2: Portal design
Design the captive portal to prioritise phone number capture. Keep the form to three fields maximum: name, phone number, and the marketing consent checkbox. Every additional field reduces completion rates. Use Purple's portal builder to apply your venue's branding. The portal must display a clear link to your privacy policy and explain precisely how the phone number will be used.
Stage 3: Consent architecture
Store the consent record with a timestamp, the IP address of the device, and the exact wording of the consent statement shown to the user. Purple logs this automatically. This audit trail is essential for demonstrating GDPR compliance to a supervisory authority. For hospitality venues operating across multiple countries, ensure the consent wording meets the requirements of each jurisdiction.
Stage 4: Campaign automation in Purple Engage
Purple Engage provides a visual workflow builder for trigger-based SMS campaigns. The most effective campaigns for driving return visits are:
Lapsed visitor campaign: Trigger fires when a user's MAC address has not been seen for a defined period (typically 30 days). The campaign dispatches a personalised SMS with an incentive to return. For retail venues, this might be a discount code. For a hotel, it might be a loyalty points reminder.
Post-visit follow-up: Trigger fires on session end (RADIUS Accounting-Stop message received). A delay of two to four hours is applied, then an SMS is dispatched thanking the guest and inviting a return visit. This is particularly effective in hospitality and transport environments.
Milestone campaign: Trigger fires when a user reaches a defined visit count (e.g., fifth visit). An SMS rewards the loyalty with an exclusive offer. This drives frequency and builds habit.
Best practices
Segmentation before sending
Do not send broadcast messages to your entire database. Segment your audience based on recency, frequency, and monetary value (RFV). A retail shopper on their second visit should receive a different message from a shopper who has not returned in 90 days. Purple's WiFi Analytics platform provides the visit data needed to build these segments automatically.
Timing and frequency
Send messages during normal waking hours, localised to the venue's timezone. Limit promotional SMS to a maximum of two per month. Sakari's 2025 data shows that 53% of SMS opt-outs are caused by excessive message frequency. Frequency discipline is the single most important factor in maintaining a healthy, engaged database.
Integrate with identity providers
For enterprise environments with multiple venues, integrate Purple with your identity providers. We support Microsoft Entra ID, Okta, and Google Workspace. This ensures consistent identity management and simplifies user provisioning and deprovisioning across your estate. See the WiFi Analytics platform for cross-venue reporting.
Use SMS as part of an omnichannel strategy
SMS and email are complementary channels. Dotdigital's 2026 benchmarks show that integrating SMS alongside email campaigns produces a 47.7% increase in customer engagement and 56% higher ROI than email alone. Use email for longer-form content and SMS for time-sensitive, high-urgency messages. Purple Engage supports both channels from a single platform.
Troubleshooting and risk mitigation
Low opt-in rates
If fewer than 40% of visitors are opting in to receive SMS marketing, review the value exchange on the captive portal. The user needs a clear reason to share their phone number. High-speed WiFi access is the baseline. Adding an immediate digital coupon or loyalty points at the point of opt-in typically increases opt-in rates by 15-25% (Purple internal data, 2024). Also review the portal design: a cluttered form with too many fields reduces completion rates significantly.
SMS delivery failures
Delivery failures typically result from invalid phone numbers or SMS gateway routing issues. Implement SMS OTP during the initial login to eliminate invalid numbers. Ensure your SMS gateway supports all the country codes relevant to your venue locations. For international venues, use a gateway with direct carrier connections rather than aggregator routing to improve delivery rates.
MAC address randomisation
As noted above, iOS 14+ and Android 10+ randomise MAC addresses per network. This means a returning user may appear as a new device to the controller. Purple's matching logic handles this, but it requires the user to re-authenticate via the captive portal when a new MAC is detected. Design your portal to make re-authentication as quick as possible - ideally a single tap for returning users who have already consented.
GDPR and CCPA compliance failures
The most common compliance failure is using pre-ticked consent checkboxes. This is explicitly prohibited under GDPR Article 7 and Recital 32. A second common failure is retaining phone numbers after a user opts out. Purple Engage processes opt-out requests automatically and removes the number from all active campaign lists within 24 hours. Ensure your data retention policy is documented and that Purple's data processing agreement (DPA) is in place before going live.
ROI and business impact
SMS marketing delivers measurable business impact when deployed correctly. Industry benchmarks from Sakari (2025) show SMS campaigns generate an average return of $41 for every $1 invested. Seasonal campaigns can reach $71 per dollar during peak periods.
For a venue capturing 500 verified phone numbers per month and running a single lapsed visitor campaign targeting users absent for 30 days, a conservative 5% conversion rate on the SMS offer translates to 25 additional return visits per campaign send. At an average transaction value of £30 per visit, that is £750 in directly attributable revenue per campaign. Against an SMS send cost of approximately £0.04 per message, the economics are compelling.
Metrics to track in Purple Engage
Track the following metrics in the WiFi Analytics dashboard to measure the impact of your SMS marketing programme:
| Metric | Definition | Target benchmark |
|---|---|---|
| Database growth rate | Verified phone numbers captured per week | 5-10% of weekly unique visitors |
| Opt-in rate | % of visitors who consent to marketing | 40-60% |
| Return visit rate | % of users who visit 2+ times | 30-50% within 90 days |
| Campaign open rate | % of SMS messages opened | 90-98% (Sakari, 2025) |
| Campaign conversion rate | % of SMS recipients who return to venue | 5-15% |
| Opt-out rate | % of recipients who unsubscribe per send | Below 2% |
By capturing first-party data and automating targeted SMS campaigns, you transform your Guest WiFi from a cost centre into a revenue-generating asset. Purple's ISO 27001 and GDPR certifications ensure the data infrastructure meets enterprise security and compliance requirements. For related guides on SMS campaign strategy, see How to leverage SMS campaigns for marketing to increase return visits .
Key Definitions
Captive portal
The web page guests see before WiFi access is granted, used to capture first-party data, enforce acceptable use policies, and present marketing consent options.
The captive portal is the primary interface where IT infrastructure and marketing objectives intersect. Its design directly determines opt-in rates and data quality.
RADIUS
Remote Authentication Dial-In User Service. A networking protocol that provides centralised Authentication, Authorisation, and Accounting (AAA) management for users connecting to a network.
Your wireless controllers must point to Purple's RADIUS servers to enable the cloud overlay architecture. RADIUS Accounting-Start and Accounting-Stop messages are used to log session start and end events, which trigger automated campaigns.
SMS OTP
A One-Time Password sent via text message to verify that the user possesses the mobile device associated with the phone number they provided.
Essential for building a clean, verified database of phone numbers. Without OTP verification, a significant proportion of captured numbers will be invalid, reducing campaign deliverability and wasting spend.
First-party data
Information a company collects directly from its customers or venue users, which it owns entirely and can use without dependency on third-party platforms.
Capturing first-party data via Guest WiFi protects venues from the deprecation of third-party cookies and changes to mobile advertising identifiers (IDFA, GAID). It is the most durable data asset a venue can build.
Cloud overlay
A software architecture that sits on top of existing physical network hardware to provide additional services, without requiring hardware replacement.
Purple operates as a cloud overlay, meaning you can deploy SMS marketing capabilities on your existing Cisco Meraki, HPE Aruba, or other supported infrastructure without a capital expenditure on new access points.
Walled garden
A restricted network environment that allows access only to specified domains before full authentication is completed, enabling the captive portal to load on the user's device.
Must be configured correctly on the wireless controller. If Purple's domains are not included in the walled garden, the portal will not load and no data will be captured. This is the most common deployment error.
MAC address randomisation
A privacy feature in iOS 14+ and Android 10+ that assigns a different, randomised MAC address to each WiFi network a device connects to, preventing cross-network tracking.
Affects the ability to recognise returning devices without re-authentication. Purple's matching logic links new randomised MACs to existing user profiles via the verified phone number or email address when the user re-authenticates.
Conscious-choice opt-in
An explicit, active confirmation by the user that they agree to receive marketing communications, presented as an unchecked checkbox that the user must actively select.
Mandatory for compliance with GDPR Article 7 and CCPA. Pre-ticked boxes are explicitly prohibited under GDPR Recital 32. Purple's portal builder enforces this requirement by design.
VLAN
Virtual Local Area Network. A logical network segment that isolates traffic from other segments on the same physical infrastructure.
Guest WiFi devices must be placed on a dedicated VLAN, isolated from Staff WiFi and internal systems. This is a security requirement and a prerequisite for captive portal redirect to function correctly.
Worked Examples
A 400-location retail chain needs to re-engage shoppers who have not visited in 60 days. Their current database contains a high proportion of fake phone numbers entered at the WiFi login, making campaigns ineffective.
Deploy Purple Verify on the captive portal to mandate SMS OTP authentication before internet access is granted. Configure the Cisco Meraki controllers at each location to use Purple as the RADIUS server for authentication and accounting. In Purple Engage, build an automated lapsed visitor workflow triggered when a user's MAC address has not been seen for 60 days. The campaign dispatches a personalised SMS with a discount code unique to each recipient, tracked via UTM parameters. Measure redemption rates in the Purple analytics dashboard to calculate direct revenue attribution.
A 60,000-seat stadium wants to send SMS offers for merchandise and food and beverage discounts to fans who are currently inside the venue and connected to the Guest WiFi network, without interrupting the match-day experience.
Configure the Purple captive portal to capture phone numbers and marketing consent upon initial login at the stadium gates. In Purple Engage, create a real-time trigger based on the Login Event. Apply a 30-minute delay after login to allow fans to reach their seats. Dispatch an SMS offering a 10% discount at the nearest merchandise stand or food outlet, with a short URL linking to a digital voucher. Segment the audience by gate entry point (mapped to seating zones) to direct fans to the closest outlet, reducing queue pressure. Track voucher redemptions against the SMS send list to measure conversion.
Practice Questions
Q1. A regional transport hub operating under GDPR wants to deploy SMS marketing to passengers who connect to the Guest WiFi. Their legal team has flagged concerns about consent validity. What is the correct captive portal architecture to ensure compliance?
Hint: Consider how the consent checkbox is presented and what data must be logged to demonstrate compliance to a supervisory authority.
View model answer
Design the captive portal with an unchecked marketing consent checkbox that the passenger must actively select. The checkbox must be separate from the terms of service acceptance. The consent statement must clearly describe how the phone number will be used and link to the privacy policy. Purple automatically logs the timestamp, IP address, and exact consent wording for every opt-in, providing the audit trail required under GDPR Article 7. This log is exportable from the Purple dashboard for regulatory review.
Q2. You have deployed Purple Engage across 50 retail locations using HPE Aruba access points. The captive portal is live, but users report they cannot receive the SMS OTP code to log in. What is the most likely network configuration issue and how do you resolve it?
Hint: Think about what network access the device needs before it has completed authentication.
View model answer
The walled garden configuration on the HPE Aruba controllers is likely incomplete. Before a device completes authentication, it can only access domains listed in the walled garden. The device must be able to reach Purple's portal domains and the SMS gateway's API endpoints to trigger and receive the OTP. Add Purple's domains and the relevant SMS gateway domains to the walled garden list on each controller. After updating the walled garden, test on a fresh device that has not previously connected to confirm the portal loads and the OTP is delivered successfully.
Q3. A hotel chain wants to trigger a post-checkout SMS campaign to guests 2 hours after they leave the property. The IT team is unsure how to detect when a guest has checked out. How should this be configured in Purple Engage?
Hint: Consider how the network detects that a device has disconnected and what RADIUS message is generated.
View model answer
Configure an automated workflow in Purple Engage using the Session End trigger. The network detects a session end when the device's MAC address disconnects from the access point and the RADIUS Accounting-Stop message is received by Purple's cloud platform. Set a delay of 2 hours on the trigger, then dispatch the SMS campaign. Note that MAC address randomisation may cause a guest's device to appear as a new session if they reconnect briefly before leaving. To mitigate this, set a minimum session duration threshold (e.g., 30 minutes) to filter out brief reconnections before the Accounting-Stop event triggers the campaign.
Q4. A stadium operator wants to measure the direct revenue impact of their SMS lapsed fan campaign. They have Purple Engage deployed and are sending SMS campaigns with a discount code. What is the correct measurement framework?
Hint: Consider how to link a specific SMS send to a specific return visit and transaction.
View model answer
Assign a unique discount code to each SMS recipient using Purple Engage's personalisation variables. When the fan redeems the code at the point of sale, the transaction is linked to the specific SMS send. Track the following metrics in the Purple analytics dashboard: number of SMS sent, number of unique codes redeemed, total revenue from redemptions, and return visit rate for the lapsed segment versus a control group that did not receive the SMS. Calculate ROI as (revenue from redemptions minus SMS send cost) divided by SMS send cost, multiplied by 100. A control group is essential to isolate the campaign's contribution from organic return visits.
Continue reading in this series
How to leverage SMS marketing for restaurants to increase return visits
This technical guide explains how venue operators and IT teams can implement SMS marketing using existing guest WiFi infrastructure to drive return visits. It covers the data capture architecture, GDPR compliance requirements, and behavioural segmentation strategies that deliver measurable ROI for restaurants.
How to leverage SMS text marketing to increase return visits
This guide details how venue operators can use SMS text marketing to drive measurable return visits by capturing verified first-party phone data through Guest WiFi. It covers the full technical architecture from captive portal authentication to RADIUS integration, the compliance requirements under GDPR and TCPA, and the automated campaign triggers that deliver consistent ROI across hospitality, retail, and transport environments.
How to leverage SMS marketing business to increase return visits
This guide details how venue operators can build an SMS marketing business strategy using enterprise Guest WiFi infrastructure to capture verified phone numbers, automate behaviour-triggered campaigns, and drive measurable return visits. It covers the full technical architecture from captive portal configuration and RADIUS authentication to GDPR-compliant consent flows and Purple Engage automation, with real-world scenarios from hospitality and retail environments.