How quickly can I be up and running?

Most venues are live in minutes. Just plug in your device or connect to your existing WiFi, and you're ready to go. Setup time: Under 5 minutes.

Can I design my own splash page?

Yes! Our built-in splash builder lets you create and update your own branded login pages whenever you like. Drag-and-drop design tools included.

Do I need new hardware to use CaptiFi?

No new hardware needed! CaptiFi works with most existing access points, including UniFi. If you don't have compatible hardware, we'll send you a free plug-and-play device. Compatible with 95% of existing systems.

Is CaptiFi GDPR compliant?

Absolutely. We collect guest details with clear consent and provide a full audit trail so you stay compliant. GDPR & data protection certified.

What marketing can I automate?

You can send welcome emails, review requests, win-back offers, birthday messages, and more — all automatically. Set it once, runs forever.

Will it work if I have more than one venue?

Perfect for multi-location businesses! Our multi-venue dashboard lets you manage all your sites from one login. Unlimited venues on higher plans.

What support do you offer?

All plans include live chat and email support. Premium plans get priority response times. Average response time: Under 2 hours.

Can I export my guest data?

Your data, your control. You have full access to export your contacts at any time. CSV, Excel, and API access available.

Back to Blog

GDPR & Compliance

GDPR-Compliant WiFi: What Every UK Business Needs to Know

December 28, 2024 · 2 min read

GDPR has a branding problem.

It is often portrayed as an obstacle, a buzzkill, or an excuse to plaster websites with unreadable popups. In reality, GDPR is painfully reasonable. It asks you to be clear, honest, and restrained.

Guest WiFi sits right in the middle of this.

Understanding your role

If you operate the venue, you are the data controller. That means you decide why data is collected and how it is used. Your WiFi platform is a data processor, acting on your instructions.

This distinction matters. If something goes wrong, responsibility does not vanish into the router.

What data WiFi actually collects

Most people think of emails and phone numbers. GDPR goes further.

Device identifiers, connection logs, timestamps, and usage patterns can all be personal data if they can be linked to an individual. WiFi systems generate more personal data than most businesses realise.

That does not make them illegal. It makes them regulated.

Consent is not a technicality

Consent must be freely given, specific, informed, and unambiguous. That is not legal poetry. It is practical guidance.

If someone joins your WiFi, they must know what they are agreeing to. Marketing consent cannot be assumed. Silence is not consent. Pre-ticked boxes do not count.

Done properly, this builds trust. People are more comfortable sharing data when they understand why.

Collect less, worry less

Data minimisation is one of the most ignored GDPR principles.

Ask yourself a simple question. What do we actually need to run our marketing responsibly? For most venues, the answer is surprisingly short.

Every extra field increases risk, complexity, and future regret.

Retention is a decision, not an accident

You need to define how long you keep data and stick to it. Indefinite retention is not allowed.

Automated deletion after a sensible period protects you legally and operationally. It also forces better discipline.

Compliance as a competitive advantage

Clear privacy practices signal professionalism. Sloppy data handling signals chaos.

Customers may not read your privacy policy, but they notice when something feels off. GDPR done well fades into the background. Done badly, it becomes very visible.