What is a customer data platform

Executive summary

Your guest WiFi network already generates two types of data: anonymous presence data from device probe requests, and identified engagement data from captive portal authentications. A customer data platform (CDP) sits at the intersection of these two streams, resolving identities, building unified customer profiles, and activating those profiles across email, SMS, and paid media channels.

For IT managers and venue operations directors, this means the network infrastructure you have already deployed can become the primary engine for first-party data capture. Purple Engage captures verified guest email and phone data at login and automates marketing campaigns, integrating with hardware from Cisco Meraki, HPE Aruba, Ruckus, Juniper Mist, Ubiquiti UniFi, Cambium, Extreme, and Fortinet without requiring a hardware replacement. Harrods achieved a 57x return on investment by marketing to customers acquired through their guest WiFi network (Purple, 2026). This guide provides the technical architecture, implementation steps, and compliance framework to replicate that outcome at your venue.

Technical deep-dive

What a CDP actually does

A customer data platform (CDP) is a centralised system that ingests data from multiple sources, resolves identities, and builds persistent unified customer profiles that marketing and operations teams can activate. The CDP Institute defines a CDP as "packaged software that creates a persistent, unified customer database that is accessible to other systems" (CDP Institute, 2024). In a physical venue, the primary ingestion point is the Guest WiFi network.

The architecture has five functional layers:

The data capture layer: guest WiFi as the ingestion point

When a device enters your venue with its WiFi radio active, it broadcasts probe requests - the device asking the network whether a known access point is nearby. Every access point in range picks up the probe request, recording the device MAC address and signal strength. This is the foundation of presence analytics: anonymous footfall counting and dwell time calculation.

The complication is MAC randomisation. Since iOS 14 and Android 10, mobile devices rotate through temporary MAC addresses for probe requests. Platforms that do not correct for this overstate visitor counts significantly. Purple applies statistical correction models calibrated against camera ground truth, maintaining accuracy within 3% to 7% (Purple, 2026).

Engagement data begins when the user connects through the captive portal. The captive portal is the authentication gateway and the primary mechanism for capturing first-party data. The user provides a verified email address or phone number. The CDP links this identifier to the device session and, via identity resolution, to any existing CRM record. For a deeper look at how this works across multiple network segments, see Three SSIDs to rule them all: guest, Passpoint, and IoT WiFi .

Identity resolution in practice

Identity resolution is the process of linking multiple identifiers - MAC address, email, CRM ID, loyalty number - to a single individual. When a shopper authenticates via WiFi at your Manchester store, then purchases through your mobile app two days later, the CDP recognises both interactions as the same person. It merges the records and updates the unified profile.

This matters because fragmented data is the default state in most venues. The POS system holds transaction history. The CRM holds contact records. The WiFi network holds visit frequency and dwell time. Without identity resolution, these datasets cannot be joined. With it, you build a profile that reflects the full relationship: how often the person visits, how long they stay, what they buy, and which marketing messages they respond to.

CDP vs CRM vs DMP: choosing the right tool

A common source of confusion is the distinction between a CDP, a customer relationship management system (CRM), and a data management platform (DMP). These tools serve different purposes and operate on different data types.

A CRM manages known contacts and transactional relationships. It is built for sales and support teams. A DMP aggregates anonymous, cookie-based data for advertising targeting. It operates on short retention windows and is increasingly constrained by cookie deprecation. A CDP unifies first-party, consent-based data into persistent profiles. It is built for marketing and IT teams working together, and it is the only tool in this group that meets the GDPR standard for consent-based marketing activation.

The practical implication: if you already have a CRM, a CDP does not replace it. The CDP ingests data from the CRM, enriches it with behavioural data from WiFi and other channels, and syncs the enriched profiles back. The two systems work together.

The Purple architecture: cloud overlay on existing hardware

Purple operates as a cloud overlay. You do not replace your access points. You configure your existing Cisco Meraki, HPE Aruba, Ruckus, Juniper Mist, Ubiquiti UniFi, Cambium, Extreme, or Fortinet hardware to direct authentication traffic to the Purple cloud. The platform delivers the captive portal, captures the data, and manages the API integrations with your downstream systems.

The data flows out via standard REST APIs or webhooks into your CRM, POS system, or business intelligence platform. Purple has processed 440 million logins in 2024 across 80,000+ live venues, and operates at 99.999% uptime (Purple, 2026). The platform is ISO 27001 certified, GDPR compliant, and holds Cyber Essentials and B Corp certification.

Implementation guide

Deploying a CDP in a physical venue requires coordination between IT, marketing, and operations teams. The following steps apply regardless of which hardware vendor you use.

Step 1: Audit your current infrastructure. Map every access point in your venue against the supported hardware list. Confirm firmware versions are current. Identify which SSID will carry guest traffic and which will carry staff traffic. These should be separate - see Guest WiFi for SSID segmentation guidance.

Step 2: Design the captive portal flow. The captive portal is your primary data ingestion point. Keep the login flow to three steps or fewer. Ask for the minimum viable data - usually email or phone number. Use Purple Verify to validate email addresses at the point of capture. A validated email list reduces bounce rates and improves deliverability for downstream campaigns.

Step 3: Configure consent management. GDPR requires explicit, granular consent for marketing communications. Your captive portal must present a clear opt-in mechanism that is separate from the terms of service acceptance. The CDP stores the consent state against each profile and enforces it across all activation channels. Do not conflate network access consent with marketing consent - these are two separate legal bases.

Step 4: Integrate downstream systems. Data sitting in a dashboard does not generate value. Configure the API integrations to push data into your CRM and marketing automation platforms. Purple supports standard REST API and webhook integrations. Prioritise the CRM integration first - this is where the identity resolution loop closes. For SMS marketing automation, see How to leverage tools for SMS marketing to increase return visits .

Step 5: Optimise access point placement for analytics. If you want accurate location analytics to enrich CDP profiles, design your network for density, not just coverage. Place access points on zone boundaries to enable signal triangulation. The rule of thumb is one access point per 150 to 200 square metres in open-plan environments. In retail environments with high fixture density, reduce this to one per 100 square metres.

Step 6: Define your activation segments. Before launch, agree with the marketing team on the first three audience segments you will activate. Common starting points are: first-time visitors (trigger a welcome offer), lapsed visitors (trigger a re-engagement campaign), and high-frequency visitors (trigger a loyalty programme invitation). These segments should be defined in the CDP and synced to the marketing automation platform before the network goes live.

Best practices

Use first-party data as your primary acquisition channel. First-party data captured via WiFi drives 2.9x higher marketing ROI than third-party data (Purple, 2026) and is not subject to cookie deprecation. Optimise your captive portal conversion rate before investing in additional data sources.

Automate audience suppression. Excluding known contacts from paid acquisition campaigns is the highest-ROI CDP use case. Sync your CDP audience to Google Ads and Meta Ads as a suppression list. This eliminates 10% to 20% of wasted ad spend from week one.

Validate data at the point of capture. A contact list with 30% invalid email addresses is not an asset - it is a liability. Use Purple Verify to validate email addresses at login. This maintains deliverability rates above 95% and protects your sender reputation.

Segment by behaviour, not demographics. Demographic segments (age, gender) are less predictive than behavioural segments (visit frequency, dwell time, zone affinity). Build your initial segments around behavioural signals. A visitor who has been to your venue four times in the last 30 days is a better loyalty programme candidate than one who matches a demographic profile.

Run a Data Protection Impact Assessment (DPIA) before deploying presence analytics. Presence analytics - tracking anonymous devices across your venue - operates under the legitimate interest legal basis under GDPR. A DPIA is required to document this basis. Purple's compliance team can provide a template. For healthcare and transport venues, additional sector-specific requirements apply.

Troubleshooting & risk mitigation

Low captive portal conversion rate. If fewer than 40% of connected devices complete the portal login, the flow is too complex. Reduce the number of form fields. Test the portal on both iOS and Android devices - rendering differences are a common cause of abandonment. Offer a clear value exchange: free WiFi in exchange for an email address.

Duplicate profiles in the CDP. Duplicate profiles indicate that identity resolution is not working correctly. The most common cause is inconsistent email formatting (e.g., " John.Smith@example.com " vs " john.smith@example.com "). Ensure the CDP normalises email addresses to lowercase before matching. Purple's identity resolution engine applies this normalisation by default.

MAC randomisation inflating visitor counts. If your presence analytics show visitor counts significantly higher than your actual footfall, MAC randomisation is likely the cause. Purple's statistical correction model addresses this, but you should validate against a ground truth source (e.g., door counter or CCTV analytics) during the first 30 days of deployment.

GDPR consent not propagating to activation channels. If a contact has opted out of marketing but is still receiving campaigns, the consent state is not being respected by the activation channel. Audit the API integration between the CDP and your marketing automation platform. Ensure the consent field is included in every sync and that the marketing platform honours opt-out flags.

Data not flowing to CRM. Check the webhook endpoint URL and authentication credentials. Confirm that the CRM API rate limits are not being exceeded. Purple's integration logs provide a per-event audit trail that identifies the point of failure.

ROI & business impact

The business case for a CDP rests on three measurable outcomes: increased marketing ROI, reduced acquisition cost, and improved operational efficiency.

Increased marketing ROI. Harrods achieved a 57x return on investment by marketing to customers acquired through their guest WiFi network (Purple, 2026). This figure reflects the value of a clean, consented, first-party data asset combined with a marketing automation workflow that acts on it. A more conservative baseline for a well-configured deployment is a two to five times return in the first year.

Reduced acquisition cost. Audience suppression - excluding known contacts from paid acquisition campaigns - eliminates wasted spend on customers you already have. A venue with 50,000 known contacts suppressing these from a paid campaign with a 15% overlap saves the cost of 7,500 impressions per campaign cycle.

Improved operational efficiency. Location analytics derived from WiFi data can optimise staffing levels, reduce queue times, and improve the overall visitor experience. For hospitality venues, this translates directly to guest satisfaction scores and repeat booking rates.

Measuring success. Define your KPIs before deployment. The three metrics that matter most are: Captive Portal conversion rate (target: 40% or above), email campaign open rate for WiFi-acquired contacts (target: 25% or above), and repeat visit rate for the first-time visitor cohort (target: 30% within 90 days).

For more on how Purple's WiFi Analytics platform delivers these outcomes, and to explore deployment options for your specific vertical, visit the Guest WiFi product page or speak to our team.