GDPR & Compliance FAQ

Yes. CaptiFi is fully GDPR compliant. We provide:

Clear consent collection at the point of data capture
Opt-in checkboxes for marketing communications
Full audit trail of all consent records
Data export capabilities
Right to erasure (deletion) support
Privacy policy integration on splash pages

Where is data stored?

Guest data is stored securely on EU-based servers with encryption at rest and in transit.

Who owns the data?

You do. CaptiFi processes data on your behalf, but you are the data controller. You can export or delete data at any time.

How long is guest data retained?

Guest data is retained for as long as your account is active. You can delete individual guest records at any time. If you cancel your account, data is retained for 30 days to allow you to export it, then permanently deleted. You can also configure automatic data retention policies (e.g. auto-delete data older than 12 months) from your dashboard settings.

Can guests request deletion of their data?

Yes. Under GDPR, guests have the right to request erasure of their personal data. If a guest contacts you with a deletion request, you can remove their data from the CaptiFi dashboard immediately. You should respond to such requests within 30 days as required by GDPR.

Can guests opt out?

Yes. Every marketing email includes an unsubscribe link. Guests can also request data deletion by contacting you directly.

Do I need a privacy policy?

Yes. You should have a privacy policy that covers your use of guest WiFi data. CaptiFi provides a template you can customise, and it's linked directly on your splash page.

The CaptiFi splash page uses only essential cookies required for the WiFi login to function — these do not require a cookie banner under GDPR. If you add third-party tracking (e.g. Facebook Pixel, Google Analytics) to your splash page, then yes, you would need a cookie consent mechanism. CaptiFi can help you configure this if needed.

The CaptiFi splash page uses minimal cookies required for the WiFi login to function. Marketing cookies (if any) are only set with consent.

Can I delete a guest's data?

Yes. From the dashboard, go to Guest Data, find the guest, and click Delete. This permanently removes all their data from CaptiFi.

No. CaptiFi does not sell or share guest data with any third parties. Data is only accessible to you (the venue owner) through your CaptiFi dashboard.

What about data breaches?

CaptiFi has security measures including encryption, access controls, and regular security audits. In the unlikely event of a breach, we will notify affected customers within 72 hours as required by GDPR.

Am I the data controller or data processor?

You (the venue owner) are the data controller — you decide what data is collected and how it's used. CaptiFi acts as a data processor, handling the data on your behalf according to your instructions. We provide a Data Processing Agreement (DPA) as part of our terms.

GDPR & Compliance FAQ ​

Is CaptiFi GDPR compliant? ​

Where is data stored? ​

Who owns the data? ​

How long is guest data retained? ​

Can guests request deletion of their data? ​

Can guests opt out? ​

Do I need a privacy policy? ​

Do I need a cookie banner on my splash page? ​

What about cookie consent? ​

Can I delete a guest's data? ​

Do you share data with third parties? ​

What about data breaches? ​

Am I the data controller or data processor? ​

Is CaptiFi GDPR compliant?