WiFi Data Retention: How Long Should You Keep Guest Data?

What Data You Actually Hold

A WiFi marketing deployment generates several categories of data, each with different retention implications:

Contact data: Name, email address, consent timestamp, consent wording at time of opt-in. This is the core marketing record.

Session records: Timestamped WiFi session logs — device MAC address, access point, session start, session end, session duration. These are generated for every connected device, including those who did not complete the opt-in form.

Behavioural data: Derived from session records — visit frequency, dwell time averages, visit gap analysis. This data powers segmentation and automation.

Marketing interaction data: Email open history, click history, unsubscribe events. Held by your email platform (Mailchimp, etc.) and subject to their retention terms.

Aggregated analytics data: Anonymised footfall counts, dwell time distributions — no personal identifiers. Retention of anonymised aggregates is generally not limited under GDPR.

GDPR's Storage Limitation Principle

GDPR Article 5(1)(e) requires personal data to be "kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed."

The phrase "no longer than is necessary" does not specify a universal retention period — it requires you to document your retention rationale per data category. The documentation exercise forces you to think clearly about why you hold each type of data.

Practical Retention Windows

Active marketing contacts (opted-in, visiting): Retain while active plus 12 months post-last-visit. "Active" means the contact has visited in the last 12 months or has opened a marketing email in the last 6 months. After 12 months of complete inactivity, the contact should be moved to a suppression list (to prevent future sends) and the personal data beyond email (for suppression purposes) should be deleted.

Session logs (raw WiFi session records): 12–24 months from session date. Session logs older than 24 months are rarely useful for marketing purposes and their retention without clear justification is a compliance risk.

Unsubscribed contacts: The email address must be retained in a suppression list indefinitely (to prevent accidentally re-adding them to future imports). All other personal data (name, session history) should be deleted at unsubscribe.

Hard-bounced contacts: Delete personal data immediately (or within 30 days). Hard bounces indicate the email is invalid — there is no marketing rationale for retaining the record.

The Deliverability Argument for Retention Limits

Beyond legal compliance, data retention limits are a deliverability best practice. An email list containing addresses that have not engaged in 24 months will have significantly degraded deliverability: a higher proportion of spam reports, bounces, and spam-trap hits than a regularly cleaned list.

Mailchimp and similar platforms now apply deliverability penalties to lists with high proportions of disengaged contacts. A 24-month inactive purge — removing contacts who have not visited or opened an email in 24 months — typically improves list open rates by 8–14% and reduces unsubscribe rates by 18–22%.

Implementing Automatic Deletion

Configure retention automation in VoqadoWiFi:

Settings > Data Retention > Auto-archive contacts after [X months] of inactivity

"Archive" in VoqadoWiFi means the contact is moved to a suppression list, their session data is anonymised, and their personal data is deleted — while the email address is retained for suppression purposes only.

Set session log retention: Settings > Data Retention > Delete session records older than [12/24 months].

Document your retention periods in your Records of Processing Activities (ROPA) and in your privacy policy. If a data subject requests information about retention, you should be able to state specific periods rather than "we keep it as long as necessary" (which GDPR auditors consider inadequate).