Guest WiFi email capture: how it works and what to expect
Guest WiFi email capture turns every WiFi login into a verified, GDPR-aligned contact in a database you own. This guide explains how the captive portal mechanism works, how to configure it for your venue, and how Purple Engage uses that first-party data to drive repeat visits and measurable revenue. It is aimed at marketing directors and CRM managers who want to stop relying on third-party data and start building a list that grows with every guest who walks through the door.
Why this matters for your venue
Every day, guests walk into your restaurant, hotel, or store, connect to your WiFi, and leave without you knowing who they are. You have no way to reach them again unless you pay a third-party platform to find them. Facebook, Google, and programmatic ad networks all charge you to re-engage people who have already chosen to visit you. That is an expensive way to run a loyalty strategy, and it is getting more expensive as third-party cookies disappear.
Guest WiFi email capture closes that gap. It ties internet access to a value exchange: free connectivity in return for a verified email address and, where the guest chooses, marketing consent. The result is a first-party database that builds itself from foot traffic you are already generating. Venues using Purple Engage typically see opt-in rates of 30% to 50% (Purple internal data, 2024), generating thousands of verified contacts per location every month. Those contacts feed automated campaigns that drive repeat visits, increase revenue per send, and give you the closed-loop attribution to prove it.
If you are currently using Mailchimp, Klaviyo, or HubSpot to send campaigns, those tools are excellent at sending. They do not build the list. Guest WiFi is the mechanism that fills it.
The approach
The mechanism behind guest WiFi email capture is a captive portal - a web page that intercepts a device's internet connection and requires an action before granting access. When a guest selects your WiFi network, the access point redirects their device to a branded splash page. That splash page is where the data capture and consent logging happen.
The key distinction from a website sign-up form is volume and verification. A website form captures people who are already engaged enough to seek out a subscription. A captive portal captures every guest who connects to your network - including the ones who would never have found your website. And because the email address is required to complete the connection, the data quality is inherently higher than a voluntary form.
The flow has four steps. The guest selects your WiFi network. The hardware redirects them to the Purple-hosted splash page. They enter their email address and, optionally, tick the marketing consent checkbox. Purple logs the profile and consent data, then authorises the device via RADIUS, granting full internet access.
GDPR is the governing framework for this process in the UK and EU. It requires that marketing consent be freely given, specific, informed, and unambiguous. That means the consent checkbox must be unticked by default, the purpose of the marketing must be clearly stated next to it, and consent cannot be bundled with the terms for internet access. Purple handles the consent logging automatically, recording the timestamp, the exact wording shown, and the IP address for every opt-in.
How to do it with your guest WiFi
Implementing guest WiFi email capture requires four configuration steps.
Step 1 - Configure the SSID. Set up an open SSID on your access points. Enable MAC-based authentication and configure a walled garden that allows traffic only to the Purple portal and any social login providers (such as Google Workspace or Microsoft Entra ID) before authentication is complete. Purple works with Cisco Meraki, HPE Aruba, Ruckus, Juniper Mist, Ubiquiti UniFi, Cambium, Extreme, and Fortinet out of the box.
Step 2 - Design the splash page. Use Purple's drag-and-drop editor to build a branded captive portal. Keep it clean: your logo, a value proposition that explains the exchange, and the login form. The value proposition is the single biggest lever on your opt-in rate. "Connect to our WiFi" is not a value proposition. "Connect for free WiFi and 15% off your next visit" is.
Step 3 - Set the consent rules. Configure which data fields appear on the form. Email is the minimum. First name enables personalisation. Date of birth enables birthday campaigns. Every additional field reduces completion rates, so ask only for what you will use. The marketing consent checkbox must be optional, clearly labelled, and unticked. Purple generates the GDPR-compliant consent text automatically.
Step 4 - Enable email verification. Configure Purple to grant restricted access (for example, five minutes at reduced speed) immediately after form submission, then send a verification link to the submitted address. Full access is granted only once the guest clicks the link. This eliminates fake email entries and keeps your sender reputation clean.
Once the portal is live, Purple remembers authenticated devices by their MAC address. You can set a re-authentication window of up to 365 days, meaning returning guests connect automatically without seeing the portal again. This protects the experience for loyal guests while still logging their return visit in your analytics.
What to send, and when
The database is only as valuable as the campaigns you run against it. Purple Engage connects your verified contact list to an automation engine that triggers messages based on real-world venue behaviour, not just email interactions.
Three automations deliver the highest return for most venues.
The Welcome Email triggers 15 minutes after a guest's first login. It introduces the brand, delivers any incentive promised on the splash page, and sets expectations for future communications. Sending it 15 minutes after connection means the guest is likely still in your venue or has just left - your brand is front of mind. This is the highest-performing email in most venue programmes, with open rates consistently above 50% (Purple internal data, 2024).
The Birthday Campaign requires a date of birth field on the splash page. Trigger the email seven days before the birthday with a personalised offer - a complimentary item, a discount, or a loyalty points credit. The lead time gives the guest a reason to plan a visit rather than receiving a message on the day itself when plans are already set.
The Lapsed Visitor Flow triggers when a device has not been seen in the venue for a defined period - typically 60 to 90 days. The message acknowledges the absence and offers an incentive to return. Because the trigger is based on physical presence data rather than email inactivity, it reaches guests who may still be opening your emails but have simply stopped visiting.
For more on how to segment your list and reward your most frequent visitors, see Segmenting guests by visit frequency: how to reward your best customers.
Measuring what works
Generic email platforms measure success by open rates, click-through rates, and unsubscribes. These are useful hygiene metrics, but they do not tell you whether your marketing is driving revenue. A guest can open every email you send and never walk through your door again.
When your email list is built from WiFi logins, you gain a different measurement layer. Purple tracks the MAC address associated with each verified email. When a campaign recipient returns to the venue and connects to the network, Purple logs that event and links it back to the campaign. This gives you closed-loop attribution: the ability to see, for any given campaign, how many recipients physically returned to the venue within a defined window.
The metrics that matter for venue operators are revenue per send (total revenue attributed to a campaign divided by the number of emails sent), return visit rate (the percentage of campaign recipients who visited the venue within 30 days), and list growth rate (new verified opt-ins per week, per location). Purple surfaces all three in its reporting dashboard.
This approach also allows you to A/B test offers against real footfall rather than clicks. You can send two versions of a campaign to equal segments and measure which drove more physical visits - a level of attribution that no generic email tool can provide without a separate loyalty or EPOS integration.
Where to start
The following checklist covers the minimum steps to go from zero to a live, GDPR-compliant guest WiFi email capture programme.
- Audit your hardware. Confirm your access points (Cisco Meraki, HPE Aruba, Ruckus, Juniper Mist, Ubiquiti UniFi, Cambium, Extreme, or Fortinet) support external captive portals and RADIUS authentication. If you are unsure, Purple's onboarding team can confirm compatibility.
- Define your data requirements. Decide which fields to include on the splash page. Start with email and first name. Add date of birth only if you will run birthday campaigns.
- Draft the value proposition. Write the incentive that will appear next to the marketing consent checkbox. Test two versions: a discount offer and a loyalty points offer. The higher opt-in rate wins.
- Build the automated flows. Set up the Welcome Email and the Lapsed Visitor campaign in Purple Engage before the portal goes live. Do not wait until after launch - you will miss the first wave of contacts.
- Launch at a single test venue. Monitor the opt-in rate and the email verification completion rate for 48 hours. Adjust the value proposition if the opt-in rate is below 25%. Once you are satisfied, deploy across the estate.