Skip to main content
English (US)

How to leverage SMS marketing campaign to increase return visits

This technical guide details how venue operators can use their existing Guest WiFi infrastructure to capture verified phone numbers and automate SMS marketing campaigns that drive return visits. It covers captive portal consent architecture, GDPR-compliant opt-in flows, automated campaign triggers based on physical presence data, and CRM integration. Operators across retail, hospitality, and events verticals can expect a 15 to 25% increase in repeat visit frequency among opted-in guests within 90 days.

📖 8 min read📝 1,989 words🔧 2 worked examples3 practice questions📚 10 key definitions

Listen to this guide

View podcast transcript
Welcome to the Purple technical briefing series. Today, we are getting into something that a lot of venue operators know they should be doing but have not quite nailed yet: SMS marketing campaigns, and specifically how to use them to bring guests back through your doors. Let me set the scene. You are running a hotel group, a retail chain, or a stadium. You have thousands of people walking through your venues every week. Some of them connect to your guest WiFi. Some of them do not. But the ones who do? They are handing you something genuinely valuable: a verified phone number and, if your captive portal is set up correctly, explicit consent to market to them. The question is: what do you do with that? Section one. Why SMS, and why now. Let us start with the numbers, because they are hard to argue with. SMS messages carry a 98% open rate. Email, by comparison, sits at around 21%. Ninety percent of SMS messages are read within three minutes of delivery. And the average click-through rate for SMS is 26%, versus 3% for email. That is not a marginal difference. That is a different channel entirely. For every pound spent on SMS marketing, well-run programmes return between 21 and 41 pounds in revenue. Omnisend data shows that brands integrating SMS into an omnichannel strategy see a 47.7% lift in customer engagement. So why are not more venue operators doing this properly? Usually it comes down to three things: data quality, consent architecture, and campaign automation. Let us work through each of those. Section two. The data foundation: capturing verified phone numbers at the WiFi login. Here is the thing about phone numbers captured through a guest WiFi captive portal. They are different from phone numbers you would get through a competition entry or a loyalty sign-up form. When someone connects to your WiFi, they are physically present in your venue. They are engaged. They want to be online. And if your splash page asks for a phone number as part of the login flow, the intent signal is high. Purple Engage captures verified guest phone data at the captive portal login and automates marketing campaigns from that point forward. Across 80,000 live venues and 440 million logins in 2024, we have seen that phone number capture rates at the portal consistently outperform post-visit data collection methods. The architecture here matters. Your captive portal sits between the guest's device and internet access. When a guest authenticates, whether that is via social login, email, or phone number with SMS verification, Purple writes that identity record to a centralised guest profile. That profile persists across visits, across locations if you are a multi-site operator, and across time. The hardware does not matter. Purple runs as a cloud overlay on Cisco Meraki, HPE Aruba, Ruckus, Juniper Mist, Ubiquiti UniFi, Cambium, Extreme, and Fortinet. You are not ripping out your network infrastructure. You are adding an intelligence layer on top of it. Section three. Consent architecture and GDPR compliance. This is where a lot of operators get nervous, and understandably so. GDPR and CCPA have real teeth. Getting consent wrong does not just create legal exposure; it destroys the trust that makes SMS marketing effective in the first place. The good news is that the captive portal is actually one of the cleanest consent capture mechanisms available. The guest is actively completing a form. They can see exactly what they are signing up for. And because the interaction is synchronous, you can implement a double opt-in flow without adding meaningful friction. Here is what a compliant SMS opt-in flow looks like at the portal level. First, the guest enters their phone number to authenticate. Second, they receive an SMS with a one-time passcode to verify the number is real. Third, the splash page presents a clearly labelled checkbox, separate from the WiFi access consent, stating: I agree to receive promotional SMS messages from the venue. Message frequency varies. Reply STOP to unsubscribe. Fourth, that consent record, including the timestamp, the IP address, and the specific consent language shown, is written to the guest profile and stored for audit purposes. That last point is critical. Under GDPR Article 7, you must be able to demonstrate that consent was given. Purple stores consent records with full audit trails, which means if you are ever asked to prove consent, you can. Do not bundle SMS marketing consent with WiFi access. Keep the two consent flows separate, clearly labelled, and independently revocable. Section four. Campaign architecture: segmentation, triggers, and timing. Once you have a verified, consented phone number attached to a guest profile, the next question is: what do you send, and when? The answer depends on your vertical, but the underlying logic is the same across hospitality, retail, and events. You are trying to identify the right moment to send a message that is relevant enough to prompt a return visit. Let me walk through three campaign types that consistently perform well. The first is the welcome series. A guest connects to your WiFi for the first time. Within 24 hours, they receive an SMS: Thanks for visiting. Here is 10% off your next visit. Valid for 30 days. Reply STOP to unsubscribe. Simple, immediate, and tied to a specific action. In hospitality, operators using this approach see welcome conversion rates of 12 to 18%. The second is the re-engagement trigger. A guest who visited regularly has not been back in 45 days. Purple Engage detects the lapse based on WiFi connection history and fires an automated SMS: We have missed you. Here is something to bring you back. The trigger is the absence of a WiFi connection event. No manual segmentation required. The third is the visit-frequency campaign. You identify guests who visit more than twice a month. They are your high-value segment. You send them an exclusive offer, early access to an event, or a loyalty reward. The message feels personal because it is based on real behaviour data, not a demographic assumption. In retail, a chain with 50 locations using Purple Engage to run these three campaign types can expect to see a 15 to 25% increase in repeat visit frequency among opted-in guests within the first 90 days. Section five. Integration with your existing marketing stack. Purple Engage does not operate in isolation. The guest data captured at the WiFi portal needs to flow into your CRM, your marketing automation platform, and your analytics tools. Purple integrates natively with Salesforce, HubSpot, Mailchimp, Klaviyo, and a range of other platforms via webhook and API. When a guest opts in at the portal, their profile, including phone number, consent record, visit history, and location data, syncs to your CRM in real time. This matters for two reasons. First, it means your SMS campaigns can be orchestrated from the same platform you use for email, so you are not managing a separate tool. Second, it means your guest data is enriched over time. Every WiFi connection event adds a data point: which location, what time, how long. After six months, you have a behavioural profile that is genuinely useful for segmentation. Section six. Implementation pitfalls and how to avoid them. Let me give you the four failure modes I see most often. The first is low opt-in rates at the portal. If fewer than 15% of your WiFi logins are capturing a phone number, your splash page copy is the problem. The value exchange needs to be explicit. Entering your number to get online and receive exclusive offers outperforms simply entering your number to get online by a significant margin. Test the copy. The second is message fatigue. Sending more than four SMS messages per month to the same contact without strong personalisation will drive up your opt-out rate. Keep frequency low and relevance high. The third is data decay. Phone numbers change. People get new numbers. If you are not running regular database hygiene checks, your deliverability will drop over time. Purple's analytics dashboard flags contacts with repeated delivery failures so you can remove them from active segments. The fourth is attribution gaps. If you cannot connect an SMS send to a physical return visit, you cannot prove ROI. Make sure your WiFi analytics platform and your SMS platform share a common identifier so that return visits can be attributed to specific campaigns. Now for a quick Q&A. Question one: Do I need new hardware to run this? Answer: No. Purple is hardware-agnostic and integrates with your existing Cisco Meraki, HPE Aruba, or other enterprise access points. Question two: Is SMS marketing compliant with GDPR? Answer: Yes, provided you use explicit, unbundled opt-in checkboxes on your captive portal and maintain full audit trails, which Purple handles automatically. Question three: How quickly can I see ROI? Answer: Most venues see measurable uplift in return visits within the first 30 to 45 days of launching automated re-engagement triggers. To wrap up. SMS marketing campaigns driven by Guest WiFi data offer an unmatched 98% open rate and a return on investment of between 21 and 41 pounds for every pound spent. By capturing verified phone numbers at the captive portal, maintaining clean consent architecture, and automating triggers based on actual venue presence, you turn anonymous foot traffic into known, returning customers. Start by auditing your current captive portal flow. Are you capturing phone numbers? Are your consent checkboxes compliant and unbundled from WiFi access? If not, that is step one. Thank you for listening, and we will see you on the next technical briefing.

header_image.png

Executive summary

Venue operators across retail , hospitality , and public sectors face a consistent challenge: converting anonymous foot traffic into known, returning visitors. Traditional data capture methods - such as post-visit surveys or loyalty app downloads - yield low participation rates and unverified contact data.

When visitors connect to Guest WiFi , they provide an immediate, high-intent opportunity to capture verified phone numbers. SMS delivers a 98% open rate and an ROI between $21 and $41 for every $1 spent [1]. By capturing phone numbers at the captive portal and triggering campaigns based on physical presence data, IT and marketing teams can deploy a highly effective channel for increasing return visits.

Purple Engage captures verified guest phone data at the captive portal login and automates marketing campaigns from that point forward. Across 80,000+ live venues and 440 million logins in 2024 (Purple internal data), phone number capture rates at the portal consistently outperform post-visit collection methods.

This guide covers the full implementation stack: network architecture, consent design, campaign automation, CRM integration, and attribution. It is written for IT managers, network architects, CTOs, and venue operations directors who need to act this quarter.

Technical deep-dive

Why SMS outperforms other re-engagement channels

SMS is not a new channel, but its performance metrics remain unmatched. Open rates sit at 98%, compared to 21% for email [1]. Ninety percent of messages are read within three minutes of delivery. The average click-through rate for SMS is 26%, versus 3% for email [1]. Response rates average 45%, compared to 6% for email [1].

sms_vs_email_comparison_chart.png

The channel advantage compounds when you consider the quality of the underlying data. A phone number captured via a WiFi captive portal is verified in real time through SMS one-time passcode (OTP) authentication. The contact is physically present at your venue. The intent signal is high. This is fundamentally different from a phone number entered into a web form or a competition entry.

Network architecture and hardware agnosticism

Purple operates as a cloud overlay, meaning you do not need to replace your existing network infrastructure. It integrates natively with Cisco Meraki, HPE Aruba, Ruckus, Juniper Mist, Ubiquiti UniFi, Cambium, Extreme, and Fortinet access points.

When a guest attempts to access the network, the access point redirects their traffic to the Purple captive portal. Authentication occurs via a RADIUS server. Once authenticated, the device MAC address is associated with the user profile, allowing subsequent visits to be tracked passively without requiring a new login. This passive tracking is the foundation of behavioral campaign triggers.

For multi-site operators, the guest profile persists across locations. A shopper who visits your Manchester store and your Birmingham store is recognised as the same individual, allowing you to segment campaigns by multi-location visit patterns.

Captive portal as a data capture mechanism

The captive portal is the interface between the guest's device and internet access. It is also the primary point at which first-party data is collected. Purple's captive portal supports multiple authentication methods: social login (Facebook, Google), email, phone number with SMS OTP, and passwordless WiFi via Passpoint.

For SMS marketing campaigns, phone number with SMS OTP is the preferred authentication method. It produces a verified, deliverable contact record at the moment of capture. Social login captures an email address but not a phone number. Email login captures an email address but requires a separate step to collect a phone number.

If your current portal uses social or email login, you can add an optional phone number field to the post-authentication profile completion screen. This is a lower-friction approach than requiring a phone number for initial authentication, but it produces lower capture rates. The optimal configuration depends on your vertical and the strength of the incentive you offer.

Collecting phone numbers for SMS marketing requires explicit, freely given consent under GDPR Article 7 and CCPA. The captive portal provides a synchronous, transparent environment for capturing this consent.

A compliant SMS opt-in flow works as follows:

  1. The guest enters their phone number on the splash page.
  2. An OTP is sent via SMS to verify the number is real and belongs to the person present.
  3. The guest enters the OTP to authenticate and access the network.
  4. The splash page presents a clearly labelled, unticked checkbox, separate from the WiFi access terms, stating: "I agree to receive promotional SMS messages from [venue name]. Message frequency varies. Reply STOP to unsubscribe."
  5. Purple logs the consent record, including timestamp, IP address, and exact consent wording, to the guest profile.

The separation of WiFi access consent from marketing consent is non-negotiable. Accessing the internet cannot be conditional on agreeing to receive marketing messages. That is a direct violation of GDPR's freely given consent requirement. Purple stores consent records with full audit trails, satisfying the Article 7 requirement to demonstrate that consent was given.

For venues operating across the EU and the US, Purple is ISO 27001, GDPR, CCPA, and Cyber Essentials certified.

Implementation guide

sms_campaign_architecture_overview.png

Step 1: Configure the captive portal for phone number capture

Update the splash page to require or prominently feature phone number entry. The value exchange must be explicit. "Connect to WiFi and receive 10% off your next visit" consistently outperforms "Connect to WiFi" as a call-to-action. Enable SMS OTP verification to guarantee data quality. A/B test the splash page copy to optimise opt-in rates. Target a minimum of 20% of WiFi logins capturing a phone number with marketing consent.

For hospitality venues, the splash page should reflect the brand and the specific venue. A guest at Premier Inn expects a different visual experience than a shopper at a high street retailer. Purple's splash page builder supports full brand customisation. See How to make a great first impression with your guest WiFi for design guidance.

Step 2: Integrate with your CRM and marketing automation platform

Guest data captured at the portal must flow into your central marketing stack. Purple provides native integrations and webhooks for Salesforce, HubSpot, Mailchimp, Klaviyo, and a range of other platforms. When a guest opts in, their profile, including phone number, consent record, visit history, and location data, syncs to your CRM in real time.

This integration is critical for two reasons. First, it means your SMS campaigns can be orchestrated from the same platform you use for email, so you are not managing a separate tool. Second, it means your guest data is enriched over time. Every WiFi connection event adds a data point: which location, what time, how long. After six months, you have a behavioural profile that is genuinely useful for segmentation.

Step 3: Define automated campaign triggers

Rather than sending bulk broadcasts, configure automated campaigns based on actual visitor behavior detected by the WiFi network. Three campaign types consistently drive return visits:

The welcome series. Triggered 24 hours after a guest's first WiFi login. A simple, time-limited offer drives a fast second visit. Hospitality operators using this approach see welcome conversion rates of 12 to 18% (Purple internal data).

The re-engagement campaign. Triggered when a previously frequent visitor has not connected to the network in 45 days. Purple Engage detects the lapse based on WiFi connection history and fires an automated SMS. No manual segmentation required. The trigger is the absence of a WiFi connection event.

The loyalty reward. Triggered after a guest completes their fifth visit. Identify high-value visitors and send them an exclusive offer, early access to an event, or a loyalty reward. The message feels personal because it is based on real behavior data, not a demographic assumption.

Step 4: Monitor and optimise via WiFi analytics

Purple's WiFi Analytics platform provides full campaign attribution. You can see opt-in rates by location, campaign performance by segment, and return visit attribution. If you send an SMS campaign on a Tuesday and see a 20% uplift in WiFi connections the following weekend, you can attribute that directly to the campaign. This closes the loop between digital marketing spend and physical venue traffic.

Best practices

Maintain low frequency, high relevance. SMS is an intimate channel. Limit promotional messages to two to four per month. Over-messaging is the primary driver of opt-outs; 53% of subscribers cite over-frequency as their reason for unsubscribing [1].

Segment by location and behavior. A multi-site retail operator should not send a generic offer to all users. Segment campaigns based on the specific venue the guest visited, their dwell time, and their visit frequency. A guest with a five-minute dwell time receives different messaging than one with a two-hour dwell time.

Use clear opt-out mechanisms. Every SMS must include a clear instruction on how to unsubscribe. "Reply STOP to opt out" is the standard. Purple automates this and removes opted-out contacts from active segments immediately.

Run regular database hygiene checks. Phone numbers change. People get new numbers. Purple's analytics dashboard flags contacts with repeated delivery failures so you can remove them from active segments and maintain deliverability rates.

Test the splash page copy. Small changes to the call-to-action on the captive portal can significantly impact the opt-in rate. Test different incentives - discount codes, early access, free items - to identify what resonates with your specific audience.

Troubleshooting & risk mitigation

Low opt-in rates at the portal. If fewer than 15% of WiFi logins are capturing a phone number with marketing consent, the splash page design is creating friction. Ensure the form is optimised for mobile devices, the incentive is compelling, and the value exchange is explicit. A/B test the copy.

High bounce rates on SMS delivery. If messages are failing to deliver, the portal is likely capturing invalid numbers. Implement SMS OTP verification during the login process to guarantee data quality at the point of capture.

GDPR compliance violations. Bundling marketing consent with WiFi access is a direct violation of GDPR. Ensure the marketing opt-in checkbox is separate, unticked by default, clearly explained, and independently revocable. Purple's consent architecture handles this by default.

Attribution gaps. If you cannot connect an SMS send to a physical return visit, you cannot prove ROI. Ensure your WiFi analytics platform and your SMS platform share a common identifier - phone number or CRM contact ID - so that return visits can be attributed to specific campaigns.

Message fatigue and opt-out spikes. If opt-out rates exceed 2% per send, reduce frequency immediately and review message relevance. Personalisation based on behavioral data - not demographic assumptions - is the most effective way to maintain engagement.

ROI & business impact

The business impact of SMS marketing campaigns driven by Guest WiFi data is highly measurable. Because the network tracks physical presence, operators can attribute return visits directly to specific campaigns.

Retail venues and hospitality groups typically see a 15 to 25% increase in repeat visit frequency among opted-in guests within the first 90 days of deploying automated behavioral triggers (Purple internal data). SMS campaigns deliver an ROI of $21 to $41 for every $1 spent, with seasonal campaigns reporting up to $71 per dollar [1].

For a venue with 10,000 monthly WiFi logins and a 20% opt-in rate, that is 2,000 verified, consented contacts added to the SMS list each month. At a 15% return visit conversion rate from re-engagement campaigns, that is 300 additional visits per month that would otherwise not have occurred.

The WiFi Analytics platform provides the attribution layer to prove this ROI to stakeholders. Every return visit by an opted-in contact is logged against the campaign that triggered it.

References

[1] Sakari, "SMS Marketing Statistics: Data-Backed Insights for 2025-2026", https://sakari.io/blog/sms-marketing-statistics-data-backed-insights-for-2025-2026

Key Definitions

Captive portal

A web page that a user of a public access network must view and interact with before internet access is granted. It sits between the guest device and the network gateway.

This is the primary interface where venue operators capture guest phone numbers and marketing consent. Purple's captive portal supports social login, email, SMS OTP, and Passpoint authentication.

SMS OTP (One-Time Passcode)

A single-use numeric code sent via SMS to verify that a phone number is real and belongs to the person submitting it.

Implementing OTP verification at the captive portal is the most effective way to ensure database hygiene and prevent high SMS bounce rates.

Double opt-in

A consent mechanism where a user signs up and then confirms their subscription via a secondary action, such as entering an SMS OTP or clicking a confirmation link.

Recommended for SMS marketing lists to ensure data quality and demonstrate consent under GDPR Article 7.

MAC address

A unique identifier assigned to a network interface controller, used as a network address in communications within a network segment.

Used by the WiFi analytics platform to passively track return visits and dwell time after the initial authentication, without requiring the guest to log in again.

First-party data

Information a company collects directly from its customers and owns entirely, without relying on third-party intermediaries.

Phone numbers captured via Guest WiFi are high-value first-party data, reducing reliance on paid advertising platforms and providing a direct channel to the guest.

Dwell time

The duration a device remains connected to or visible to the WiFi network during a single visit.

Used to segment users for campaign targeting. A visitor with a five-minute dwell time receives different messaging than one with a two-hour dwell time.

Webhook

A method of sending real-time data from one application to another when a specific event occurs, using HTTP POST requests.

Used to push guest profiles and consent records from the WiFi platform to a CRM in real time when a guest opts in at the captive portal.

Hardware-agnostic

Software that is compatible with multiple different hardware vendors and systems, without requiring a specific brand of equipment.

Purple operates across Cisco Meraki, HPE Aruba, Ruckus, Juniper Mist, Ubiquiti UniFi, Cambium, Extreme, and Fortinet, meaning the venue does not need to replace access points to deploy SMS campaigns.

GDPR Article 7

The article of the General Data Protection Regulation that sets out the conditions for valid consent, including the requirement that consent be freely given, specific, informed, and unambiguous.

Directly governs how venue operators must collect and store SMS marketing consent at the captive portal. Purple's consent architecture is designed to satisfy Article 7 by default.

Cloud overlay

A software layer deployed on top of existing network infrastructure that adds intelligence and management capabilities without replacing the underlying hardware.

Purple's deployment model. It integrates with existing access points via RADIUS and does not require hardware replacement.

Worked Examples

A 50-location retail chain wants to implement a re-engagement SMS campaign for shoppers who have not visited in 60 days. They currently use Cisco Meraki hardware and Salesforce as their CRM.

Step 1: Configure the Meraki dashboard to redirect unauthenticated WiFi traffic to the Purple captive portal. Step 2: Update the splash page to require SMS OTP login, ensuring verified phone number capture. Add an explicit, unticked checkbox for SMS marketing consent, separate from the WiFi access terms. Step 3: Configure the Purple-to-Salesforce webhook to sync guest profiles, including phone number, consent record, and visit history, in real time. Step 4: In Purple Engage, create a dynamic segment: contacts with marketing consent AND last WiFi connection date more than 60 days ago. Step 5: Configure an automated SMS trigger for this segment with a time-limited offer. Step 6: Monitor the WiFi analytics dashboard to track how many contacts from this segment authenticate on the network within seven days of message delivery, providing direct attribution.

Examiner's Commentary: This approach uses the existing Meraki infrastructure without hardware replacement. The re-engagement trigger relies on passive MAC address detection rather than manual segmentation, which scales across 50 locations without additional operational overhead. The Salesforce integration ensures the SMS data enriches the existing CRM rather than creating a data silo.

A hotel group operating 30 properties across the UK and EU needs to deploy an SMS welcome series while ensuring full GDPR compliance. Their current captive portal uses social login only.

Step 1: Add an optional phone number field to the post-authentication profile completion screen on the existing social login flow. Present a clearly labelled, unticked checkbox for SMS marketing consent at this stage. Step 2: Enable SMS OTP verification for the phone number field to ensure data quality. Step 3: Configure Purple to store consent records with timestamp, IP address, and exact consent wording for GDPR Article 7 audit trail compliance. Step 4: Set up an automated welcome SMS trigger to fire 24 hours after a guest's first WiFi login at any property, offering a loyalty reward or discount on their next stay. Step 5: Configure the campaign to suppress guests who have already received a welcome message at any property, preventing duplicate sends across the multi-site estate.

Examiner's Commentary: The post-authentication phone number collection approach is lower friction than requiring a phone number for initial login, but it produces lower capture rates. The trade-off is acceptable here because the existing social login flow is already established and changing it would require guest communication. The cross-property suppression logic is critical for multi-site operators to avoid message duplication, which would damage trust and increase opt-out rates.

Practice Questions

Q1. A stadium operator wants to send a promotional SMS to all 50,000 attendees during halftime. They plan to make phone number entry mandatory on the splash page as a condition of WiFi access. What is the primary compliance risk and how should they address it?

Hint: Consider the GDPR requirement for freely given consent and the difference between authentication data and marketing consent.

View model answer

The primary risk is a GDPR violation. While the venue can require a phone number for network authentication, they cannot make marketing consent a condition of WiFi access. That constitutes bundled consent, which is not freely given under GDPR Article 7. The correct approach is to require the phone number for authentication via SMS OTP, then present a separate, unticked checkbox for SMS marketing consent. The two actions must be independent and separately revocable.

Q2. You deploy an SMS campaign to 5,000 opted-in contacts, but the analytics dashboard shows a 38% bounce rate. What is the most likely cause and what configuration change should you make to the captive portal?

Hint: Consider how the phone numbers were originally collected and what verification step may be missing.

View model answer

The most likely cause is that the captive portal is not using SMS OTP verification, meaning guests can enter any phone number to authenticate. This results in a database containing a high proportion of invalid, mistyped, or fake numbers. The fix is to implement SMS OTP verification on the captive portal. This requires guests to enter a valid, active phone number they currently possess in order to receive the OTP and complete authentication, eliminating invalid numbers at the point of capture.

Q3. A hotel group uses HPE Aruba access points in their European properties and Cisco Meraki in their North American properties. How should they standardise their SMS data capture and campaign automation across both regions without replacing hardware?

Hint: Think about where the intelligence layer should reside relative to the access point hardware.

View model answer

They should deploy a hardware-agnostic cloud overlay such as Purple. By pointing both the HPE Aruba and Cisco Meraki controllers to the same centralised captive portal and RADIUS server, they standardise the data capture flow, consent logging, and CRM integration globally. The guest profile persists across all properties regardless of the underlying hardware vendor. This approach requires no hardware replacement and allows the marketing team to manage campaigns from a single platform across both regions.

Continue reading in this series