How to Use First-Party Data in Marketing Campaigns

Welcome to the Purple Architecture Briefing. I'm your host, and today we're tackling a critical challenge for IT and marketing leaders: How to use first-party data in marketing campaigns. Specifically, we're looking at how to activate the data captured through your enterprise WiFi infrastructure. If you're a CTO, an IT manager, or a venue operations director, you already know the value of your network. But bridging the gap between raw network telemetry and actionable marketing intelligence — that's where the real ROI lies. So let's get into it. Section One: Context and Why This Matters Now. Third-party cookies are depreciating across all major browsers. Privacy regulations like GDPR in the UK and Europe, and CCPA in the United States, are stricter than ever. Marketers are under enormous pressure to find clean, consented, first-party data sources. Meanwhile, you have thousands of guests, shoppers, or fans connecting to your access points every single day. By implementing a captive portal with clear opt-ins, your WiFi network becomes the most reliable first-party data engine in your physical venue. Think about what that means in practice. A hotel with two hundred rooms might see three hundred unique device connections per day. A retail flagship store in a busy city centre might see two thousand. A stadium on match day? Tens of thousands. Every single one of those connections is a potential data point — a name, an email address, a phone number, a demographic profile — all captured with explicit consent at the point of connection. The question is not whether you should be doing this. The question is whether you are doing it correctly, compliantly, and at scale. Section Two: The Technical Architecture. Let's start at the edge. When a device associates with an access point, the wireless LAN controller detects an unauthenticated client. It then redirects the device's initial HTTP request to a captive portal — a web page hosted either on-premise or in the cloud. This splash page is the critical point of value exchange. The venue provides high-speed internet access. The user provides their data and consent. Simple. But the implementation details matter enormously. For authentication methods, you have several options. Social OAuth — allowing users to log in via Facebook, Google, or Apple — is the most frictionless option and provides rich demographic data instantly. Form-based authentication, where you request specific fields such as email address, phone number, and postal code, gives you more control over the data you capture. And then there is Passpoint, or Hotspot 2.0, which uses the IEEE 802.11u standard to allow automatic, secure connections for returning users, completely bypassing the captive portal after the initial setup. Now, here is a technical challenge that many deployments underestimate: MAC randomisation. Modern operating systems — iOS 14 and above, Android 10 and above — generate a unique, temporary MAC address for each wireless network the device connects to. This was introduced as a privacy feature, and it fundamentally breaks device-centric tracking. If you are relying on the hardware MAC address to identify returning visitors, you will see a massive spike in what appears to be new visitors, while your returning visitor metrics plummet. Footfall remains consistent, but your data looks completely wrong. The solution is to shift from device-centric tracking to identity-centric tracking. Once a user authenticates via the captive portal, their session data — including the randomised MAC — is tied to their CRM profile. On subsequent visits, when they authenticate again using the same email address or social login, the system links the new randomised MAC back to the existing profile. The identity is the anchor, not the device. For the most seamless experience, particularly in hospitality and transport environments, Passpoint profiles can be provisioned to the user's device after their first authentication. On every subsequent visit, the device connects automatically and securely, the user is recognised, and the data is captured — all without the user having to interact with a portal again. Section Three: Data Flow and Integration. Capturing the data is step one. Getting it into your marketing stack is step two. The standard architecture looks like this. The Purple platform sits between the network edge and your marketing tools. When a user authenticates, the platform normalises the data — handling deduplication, profile merging, and consent management — and then pushes the data downstream via REST APIs or Webhooks. A Webhook is simply an HTTP callback. When a specific event occurs — a new user authenticates, a returning user connects, a user's dwell time exceeds fifteen minutes — the platform sends a structured JSON payload to a pre-configured endpoint. That endpoint might be your Salesforce CRM, your HubSpot marketing hub, your Marketo automation platform, or a custom middleware layer. The key advantage of Webhooks over scheduled batch exports is real-time activation. If a hotel guest checks in and connects to the WiFi, you want to send them a welcome email within minutes, not the following morning. Real-time data flow makes that possible. Section Four: Activating the Data Across Channels. Let's talk about the four primary activation channels: email, SMS, social advertising, and programmatic display. Email is the most mature channel. Triggered welcome emails, sent immediately after a user's first authentication, are highly effective for delivering promised incentives. Post-visit survey emails, sent 24 hours after disconnection, drive review generation. Re-engagement campaigns, targeting users who have not connected in 90 days, are excellent for driving repeat visits. SMS is the highest-intent channel for in-venue activation. Because you are reaching someone who is physically present in your venue, the context is perfect for time-sensitive offers. A retail customer who has been browsing the footwear section for ten minutes is a highly qualified prospect for a shoe promotion. A hotel guest who has been in their room for three hours might be receptive to a dinner reservation offer. Location analytics — using WiFi trilateration or BLE beacons — can trigger these SMS messages automatically. For social advertising, first-party data is becoming increasingly valuable as third-party targeting options diminish. You can export your most engaged WiFi user segments — say, users who have visited your venue more than three times in the last 60 days — as hashed email lists and upload them to Facebook Ads Manager or Google Ads as Custom Audiences. From there, you can create Lookalike Audiences to find new prospects who share similar characteristics with your most loyal physical visitors. This is a powerful bridge between offline behaviour and online advertising. Finally, programmatic display. By syncing your first-party audience segments with a Demand-Side Platform, you can serve targeted display ads to known visitors across the open web, reinforcing brand awareness after they leave your venue. Section Five: Implementation Pitfalls and Risk Mitigation. Let me walk you through the most common failure modes I see in deployments. The first is compliance failure. The most common mistake is bundling the marketing consent checkbox with the Terms of Service acceptance. Under GDPR, consent for marketing communications must be freely given, specific, informed, and unambiguous. Bundling it with the terms of service invalidates the consent entirely. You must use separate, unticked checkboxes for each type of marketing communication — email and SMS should be separate opt-ins. The second pitfall is a slow captive portal. If the splash page takes more than three seconds to load, abandonment rates spike dramatically. This is particularly problematic in venues with high footfall, where a slow portal becomes a bottleneck. Optimise the portal page aggressively: compress images, minimise JavaScript, and ensure your Walled Garden configuration allows the portal's resources to load before authentication. The third pitfall is poor Walled Garden configuration. If you are using social OAuth for authentication, you need to ensure that the authentication endpoints for Facebook, Google, and Apple are accessible before the user has completed the login. This requires careful Walled Garden configuration on the wireless LAN controller. The fourth pitfall is ignoring data quality. It is tempting to ask for as much information as possible on the first login. Resist this. Progressive profiling — asking for basic information on the first visit and enriching the profile on subsequent visits — produces far higher conversion rates and better data quality. Section Six: Rapid-Fire Q&A. Question one: Can we track users who do not log in? You can see anonymous probe requests for presence analytics — footfall counts and dwell time — but you cannot use this data for targeted marketing without explicit consent and an authenticated session. Anonymous analytics is useful for operational decisions, but marketing activation requires identity. Question two: How do we handle the transition from our existing email list to WiFi-captured data? Start by cross-referencing your existing CRM contacts with new WiFi authentications. When a known contact logs into the WiFi, enrich their existing profile with the new behavioural data. Over time, your WiFi-captured profiles will become your richest data source. Question three: What is the typical opt-in rate for a well-configured captive portal? In our experience, a well-designed portal with a clear value proposition — free high-speed WiFi in exchange for an email address and marketing consent — achieves opt-in rates of between 60 and 80 percent of authenticated users. Poorly designed portals with complex forms or unclear value propositions can drop to below 20 percent. Section Seven: Summary and Next Steps. Let me bring this together. Your WiFi infrastructure is a massive, untapped first-party data asset. By deploying a secure, compliant captive portal, integrating it with your marketing stack via APIs and Webhooks, and leveraging location-based triggers, you can turn your IT cost centre into a measurable marketing revenue generator. The implementation roadmap is straightforward. Start with the captive portal deployment and integrate it with your email platform. Run a simple welcome campaign and measure the conversion rate. Then, scale up to SMS-based location triggers. Then, export your audience segments to social platforms for Lookalike targeting. Each step builds on the last, and each step generates measurable ROI. The data you are sitting on is valuable. The infrastructure to capture it is already in place. The question is simply whether you are activating it. For detailed deployment guides and integration documentation, visit the Purple platform at purple.ai. Thank you for joining this briefing.