Limitless connects Digital touchpoints for Physical spaces

Limitless are a location aware data platform that connects location, store & external data in a light to no touch cloud platform.  Connecting the individual customer to their transactional data in a GDPR compliant manner.

Providing similar analytics as Google & Amazon for physical spaces by capturing data touchpoints at each step of the customer journey.  Measuring the customer journey, linking it back to travel paths and purchases so that you can intervene and impact the customer in the buying moment.  Limitless is not just another wi fi or data platform but an insights platform that drives business & customer insights with the ability to engage with the customer & personalise their experience driving business improvements.

We are an enterprise solution with key features that can bolted on to solve many challenging use cases.  We specialise within the retail & property / place verticals however our platform can help any business with a physical building & customers.

Key Features 

1. Single Sign on Connect your customer in any channel on line / wi fi  /app

2. Social Login Seamless Login connecting customer in channel of choice

3. Splash Page Customisable splash page with additional drip questions

4. Insights Customisable dashboards reporting on Business Insights

5. Engagement Captive Portal, Digital coupons or digital screens

6. Redemption From Digital campaigns to physical redemption with transparency

Use cases

Understand your existing customer base & registered users to impact anonymous customers increasing loyalty.

Utilise your location data from wi fi and apps to measure dormancy , latency & abandoned baskets & encourage frequency.

Utilise existing sales data to increase spend, improve communication and drive engagement with personalised engagement based on their behaviours and not amalgamated data.

Benchmark your business by country / region improving each stores efficiencies and driving improvements across your stable of stores with reporting by function.

Gallery & Video

Overview or explainer Video

Wifi – Insight from Location aware data to category level

Login – Single sign on for web, wi fi single customer view

Reemp – Digital campaigns to physical redemption

Multiple Offers or Basic Basket Analysis

Full Retail Analytics

Customer Results / Case studies

Henderson’s Case study

The Boulevard Case Study

Bon Accord Case Study

Moes Grill Case Study

Meraki Documentation

Open a web browser and log in to your Meraki dashboard at

Step 1 – Access Control

Click Configure > Access Control on the left menu. From the SSID dropdown, choose the one you wish to use, then configure with the below settings:

Association Requirements

Open (no encryption)

Splash pageClick – through
Network Access ControlDisabled: do not check clients for antivirus software
Assign Group PoliciesDisabled: do not assign group policies automatically
Captive portal strengthAllow non – HTTP traffic prior to sign on
Walled gardenWalled garden is enabled
Walled garden ranges*
Note: If you wish to support social network logins, you also need to add the below entries for each network you plan to support.


Note: The Meraki MX/Z1 does not support the Client IP assignment or DNS settings, so please skip these two settings.

Client IP assignment NAT modeMeraki DHCP
Content filteringBlock Adult content

Step 2 – Splash Page

Click Splash page on the left and configure with the below settings:

Custom splash URL*insert access_url here*
Where should users go after the splash page?A Different URL:
*insert redirect_url here*

Click Save to finish

The configuration is now complete.

Support Guides


What is Presence Data ?

Presence data is the total count of unauthenticated / anonymous devices (laptops, mobiles, tablets etc.) that come into contact (‘ping’) with an access point in a venue.

These devices get close enough to an access point so that their unique MAC address can be recorded, but do not authenticate onto the Wi-Fi network.

Recorded alongside the devices’ unique MAC address is also:

Strength of signal (RSSI); signifying how close a device is in proximity to an access point
•Duration; how long the device was seen by any access point within a venue

These distinct sets of data form two important reports within the Limitless Portal


Based on signal strength only, devices which have an RSSI of 30 or above are classed as ‘registered’ (coming close enough to an access point to infer that they entered the venue).

Passers By

‘Passers By’ visitors are those whose devices were seen by an access point, but who did not meet the RSSI 30 threshold.

These are classed as ‘passed’ as they were close enough to the venue itself to become a visitor (and be picked up by an access point), but most likely did not enter the venue.

The motive for these computations is that many customers want to better understand not only the number of visitors they had, but also the number of potential visitors that passed by and could have entered the venue.

Being able to track this over time allows venues to measure success in attempts to convert a higher number of potential passers-by, encouraging them to enter the venue, and identify specific locations that have a higher percentage of conversion.

Walk Throughs

‘Walk Throughs’ visitors are those who do not meet the minimum duration threshold, and therefore did not meet the standard of a meaningful visit. They were in range of an access point for only a short time, and left the vicinity quickly, before they became visitors.

Walk through rate provides insights into the number of visitors leaving only a short time after entering. Tracking the bounce rate over time allows users to analyze successes in encouraging longer visits and improving ‘registered’ percentage, and the ability to measure walk throughs across different venues.

The walk through duration is customizable as different sectors and industries will classify a visit in different ways. Quick service restaurants (QSR) will have a different definition and expectation from restaurants with table service, and shopping centres might want to set a higher bounce duration than a coffee shop.


When we measure visitors frequency we may see that a visitor comes to a venue 5 times a week, then starts to move to 4 , 3, 2 & leaves the venue.  This can be known as churn and most physical buildings do not capture the churn rate.  With Limitless we can detect this and intervene bringing the customer back so we don’t lose them or increasing frequency again.  This could work for re vamping stores, or spotting a competitor with specific promotions that impact your business.  

Latency can be set through venue as you may visit food retail every day, a larger shop once a week or Shopping centre at different frequencies.


Dormancy measures when the Limitless platform has last seen you in venue again based on the visitor frequency and the size of the venue.  Limitless use this measure to re engage around special occasions or activations to bring the customer back to the venue.  Whether recently dormant or having been seen for a while we can engage with the customer & understand the reason behind this.

My Reports

Standard Reports

  1. Select the reports tab along the top bar & this will bring standard reports
  2. Select the date range for pre selected reports

Customised reports

  1. Select the Reports tab 
  2. Scroll to concertina tab for Your Reports
  3. Click Create New Report
  4. Select Report Name & Name it 
  5. Select site or sites
  6. Select date Range
  7. Run Report

My Dashboards 

Limitless standardises the dashboard by industry so that you don’t have to Tabs are provided for 

  1. Customers Insights
  2. Reactive Map 


Users & Permissions Profiles 

At the moment Limitless does this as part of the ‘setup’

Creating a new user

  1. Select ‘Add new user”
  2. Enter the required user details
  3. Choose whether to manually set password or leave fields blank 
  4. Set the users access (Brand / Group/ Location)
  5. Select permission profile
  6. Select save

Disabling a User Account

  1. Select the user you wish to disable and click edit
  2. Disable the ‘Active Account’ toggle switch
  3. Select ‘Save’

Enabling a User to view PII

  1. select the user menu button and select ‘Edit’
  2. Enable the ‘Show personal identifiable information’ toggle
  3. Select ‘Save’

Enabling a User to view MAC Addresses

  1. Select the user or menu button and select “edit”
  2. Enable the “show device MAC address’ toggle
  3. Select ‘Save”

Creating a Permission Profile

  1. Select ‘Create new profile’
  2. Set each of the sliders to either Denied Read or edit
  3. Enable permissions for PII or MAC if required
  4. Select ‘Save as new profile’
  5. Give the profile a name & select ‘OK’


Creating a Brand

  1. Click the menu button and select ‘Add Brand’
  2. Select the locations you wish to add to the Brand
  3. Populate all of the required fields
  4. Click the ‘Add Brand’ button

Creating a Group

  1. Click the menu button and select ‘Add Group’
  2. Select the locations you wish to add to the group
  3. Populate all of the required fields
  4. Click the ‘Add Group’ button

Creating a Location / Venue

  1. Click the menu button and select ‘Add Venue’
  2. Populate all of the required fields
  3. Click the ‘Add venue’ button

Data & Security 


Data in Transit

All public facing portals and websites are encrypted with TLS (Transport Layer Security). TLS is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. Limitless support TLS 1.2 minimum.

Limitless regularly review TLS ciphers offered, and remove ciphers that are no longer considered to meet minimum security requirements.

Data at rest

All Limitless-hosted data is hosted within cloud services such as Google Cloud (GCP) or Amazon Web Services (AWS), and all disks hosting data are encrypted (AES-256) using the security controls available with those cloud providers.

All passwords are encrypted with the bcrypt hashing function & Multi Factor Authentication (MFA).

Data Protection

Limitless host and handle data in a way consistent with the standards of the EU’s GDPR regulations.

All data purposes and rights are explained clearly and transparently to the end user in Limitless’ EULA and privacy policy, which are presented in concise and user-friendly terms.

Separate active opt-in is sought for all marketing consents within the EU and as activated by customers elsewhere, and any EULA or opt-in consent is stored against the user and venue with the date, time and language of opt-in. Once a user has logged in, they are sent a link to an end user profile where they can view data held about themselves, view (and change) any opt-in consents and immediately delete all data collected about them.

Additionally, users can email the Limitless Data Protection Officer (via a clearly displayed email address) with any queries, for any changes to their data or to exercise their right to be forgotten.

Data is only used for the stated purposes, and Limitless do not collect more data than is strictly needed (although the individual customers decide their own data uses and configure the portal to collect the information required by themselves, as well as uploading their own additional EULAs and privacy policies where required, consent of which is tracked individually).

Limitless have a declared data retention period of 12 months of inactivity, after which all PII data about a customer are destroyed.

Captive Portal
  • The captive portal is the mechanism via which users accept Limitless’ terms of use, provide any authentication information that the customer requires before allowing access to the WiFi, and consent to any marketing.

When a user joins a Limitless Insights SSID and reaches the splash page, their device MAC address and user agent are stored, as well as the AP MAC (and therefore venue the user is at). When a user logs in via the WiFi, any user data they provide is also stored against their profile. The exact data collected varies according to the login method chosen and the configuration created by the customer, but can include personally identifiable information (PII; see PII section below), as well as other potentially sensitive information such as a user’s Facebook likes. This data is either submitted by the user via web form, or transferred from their social media account if they grant access. Data in transit via the captive portal is always secured via TLS, and all data collected is initially stored local to the captive portal software in a document store.

DNS Should we be doing this along with Radius server

If configured by the customer, Limitless may additionally collect domain lookup data via a third party company, WebTitan, by using WebTitan’s own DNS servers (the same mechanism for blocking access to prohibited websites). Domain look-ups are logged against the venue’s web-facing IP, and aren’t traceable to an individual user or device.

Location Based Services

Location data is data collected passively about devices (both registered and anonymous) by compatible network access points. Typically, an AP records a received signal strength indication (RSSI) value, a MAC address (which may be randomised, depending on the client software) and a date/time for each client WiFi probe. With the right hardware and 4 or more APs, this data may be enhanced to an estimated geometric coordinate of the device relative to the uploaded floor-plan.

When a client MAC is recognised as having logged in via Limitless in the past, some demographic data may be associated with the location data records (gender, age). Where a user has logged into this venue before and accepted the venue’s T&Cs, a recognised device will be linked against the user record, regardless of whether the user is currently authenticated to the WiFi.
Limitless are voluntary supporters of the Future of Privacy Forum (, via which a user can opt out of client MAC tracking across a range of services.

Limitless do not store data about randomised MAC addresses (devices like modern iPhones that do not present their true MAC addresses until authenticated to the WiFi), and anonymous MAC addresses (addresses that haven’t authenticated to the WiFi) are one-way hashed with a company-specific salt on export to prevent sharing of data about anonymous devices and comparisons with third party data sources.


Customers can configure ‘Connectors’, which are third party integrations that copy data into or out of Limitless’s hosting. This information is typically basic CRM data about end users (e.g. names and email addresses, Mobile No being exported to third party email lists, under accounts run by the same company).

Connector connection/session data is stored encrypted.


A RESTful API exists for extracting most end user data in raw format. Access to this service is via signed public/private keys, provided on request by the Limitless support team once a customer’s rights to the data have been verified. Access to Limitless’ APIs is encrypted in transit using HTTPS, and requested are signed with a nonce to prevent replay attacks, and a full audit log exists of all requests, including the source IP of the requests.


Users can also define Webhooks that trigger data export on certain actions (e.g. a user logging into the WiFi) via an HTTPS POST to a user-defined endpoint, which allows for real-time responses to events. These endpoints must be HTTPS with a valid certificate, and are verified by header.

Personally identifiable information (Pii) 

Depending on the customer’s configuration of their captive portal and the access method chosen by the end user, Limitless may capture and store the following data classified by Limitless as PII: first name, last name, date of birth, email address, mobile number, and social user ID (e.g. Facebook ID). Additionally, Limitless can collect other data that is categorised as being potentially personally identifiable when combined with other data: client/device MAC, gender, login date/time, Facebook likes, Facebook/Twitter location/home town, postcode/zip code.

PII data is stored in three locations: the access document store (where the user logs into the WiFi), the central analytics data store (where the data is stored/processed) and in the end user-facing profile document store (where the end user themselves can review, modify and delete their own data). It is encrypted in all three locations, as detailed above.

When a user requests to be forgotten or when a user has been inactive long enough to meet the end of the data retention period, all PII data is removed from the user record and the user’s sessions become anonymous. Limitless retain basic anonymous demographic information: the age and gender of the user at the time of log-in.

It is possible for customers to add custom data fields or survey questions for the user to complete, which can include other PII data such as national IDs or passport numbers. All custom data like this is treated as PII.


Limitless do not handle or store any user financial data. Any payments are taken via a direct communication between the end user and our payment gateway provider ‘Stripe’ ( Stripe are fully PCI-DSS compliant. Limitless Insights record only a one-time transaction ID for potential refund purposes.

Data Sovereignty 

All data gathered by the Limitless platform resides in one of three GCP hosting locations depending on where the customer is located in the world, they are as follows:

California for North and South America

London, UK and Amsterdam, Netherlands for Europe, Africa and the Middle East

Singapore for APAC, APJ, ASEAN and ANZ

Limitless is compliant with regional data storage/privacy requirements where implemented, to retain data within the geographical boundaries determined by local legislation.

Data Retention

All user data is anonymized after a period of 12 months of inactivity. This means Limitless will store a user’s personal data, in its full form, for at least 13 months, and after 12 months of inactivity (not logging back into the WiFi) we strip out anything which is deemed personally identifiable. This includes name, email, telephone number, etc. However, we do maintain non-identifiable information such as age and gender at the time of login, and session metadata such as time of login, network data usage and connection method used.

Limitless may discard raw data sooner. For example individual location data records from location services can be dropped after 24 hours, but an aggregated record of when the device was present on a floor plan and what zones were visited will be kept.

Data Storage and Backup

All of our databases are replicated to a secondary instance in a different Zone. The replication is real time. In the event of planned database maintenance, DB instance failure, or a Zone failure, the affected cloud service (e.g. Amazon RDS or Google CloudSQL) will automatically failover to the standby. This means that we do not have a single point of failure.

Limitless runs daily snapshots on all databases, which means we have the ability to restore our database quickly should the need arise.

Data Ownership / Controller

The customer will have access to the end-user data and share ownership of this data with Limitless as a third party, in order to provide the solution. In this scenario you are also considered a joint Controller of this data and are required to treat this data in accordance with the same regulations as Limitless and any local legislation concerning the safe storage of data. At present the solution is centrally hosted.

Communications Assistance Enforcement Act (Calea)

What is CALEA ?

CALEA, or the Communications Assistance for Law Enforcement Act, is a United States law that oversees telecommunication security which has now been expanded to internet security. CALEA is intended to preserve the ability of law enforcement agencies such as the FBI and FCC to conduct electronic surveillance while protecting the privacy of information outside the scope of the investigation.

It requires that telecommunications carriers and manufacturers of telecommunications equipment design their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities to comply with legal re-quests for information.

How does CALEA apply to Limitless Insights ?

Limitless is a global guest Wi-Fi analytics, occupancy management, and Insights platform, deployed in over 30 countries globally and partnered with some of the largest service providers in the world.

Limitless captures Personal Identifiable Information (PII) from millions of users every month, on boarding an average of 7,000 users per day across more than 34,000 venues.

Limitless cloud based software solution maintains real-time compliance global with data protection laws such as GDPR, RIPA, CALEA and many more.

Submitting a Law Enforcement Request

First, we must review the order for validity. If the order contains an error (e.g. recites the wrong standard of due process) it should be returned to the law enforcement agency for correction.

Limitless will disclose user information in accordance with our terms of service, privacy policy, and U.S. law.

A valid search warrant issued under the procedures described in the Federal Rules of Criminal Procedure or equivalent state warrant procedures upon a showing of probable cause is required to compel Limitless Insights to provide the Personally Identifiable Information on end users of Limitless Insights’s products or services.

What types of User Information does Limitless Insights have ?

Limitless holds Personal Identifiable Information (PII) on all end users of our guest Wi-Fi service.

The level of detail per individual is dependent on which venue the end user has visited – information such as name, date of birth, contact information including mobile number and email address, MAC address, browser, OS and venues end users have visited.

Limitless makes much of its end user data accessible to the venue owner themselves.

Response Time 

Limitless typically responds to valid requests for information within two business weeks.

However, response times may take longer than two business weeks depending on the complexity and scope of the request.

Benefits to Venue Owners using Limitless Insights

Limitless complies with State and Federal Laws and Carrier Guidelines

Limitless provides a service that reduces the complexity for your business and mitigates the risk associated with managing the legal process of a CALEA request

We assist with Law Enforcement Agencies. Limitless will take the lead on any law enforcement requests and process them accordingly

You can reduce Operating and Capital Expenditure by alleviating responsibility relating to CALEA from the venue owners and ensure they stay compliant and do not commit unnecessary resources

Application components

Captive Portal

When a user connects to a SSID, they will be redirected to a captive portal splash page hosted by Limitless. This splash page is configurable by Limitless customers, and will present the user with one or more access methods (e.g. a registration form or social media login such as Facebook). Upon choosing an access method, the user will be presented with a T&Cs popup which they must accept to continue. This pop up contains links to Limitless’s terms of use, privacy policy and any user-defined terms. Upon declining the terms, the user will be returned to the splash page. Upon accepting the terms, the user will either fill in the form or grant Limitless Insights OAuth access via a social media platform. Limitless will then authorize the user on and redirect the user back to the network controller which will release the user from the captive portal so they can access the wider Internet.

Captive portal splash pages are hosted on access nodes which is an elastically scaling PHP application backed by a scaling NoSQL database. Static content is served from Amazon’s CDN.

Location / Presence Data Collection

Location-based services such as Cisco MSE, Mist , Ruckus SPOT or Meraki Cloud can be used with the product. These collect the MAC addresses of WiFi-enabled devices within range of the network APs and either provide basic RSSI information (which can be used to estimate the distance from the AP to derive footfall, dwell time, conversion and bounce rate stats) or estimated X/Y coordinates that can be used to place a user on a map and track paths a user takes around a venue. Location data can be linked to known WiFi users via MAC address.

Customer Portal

The portal is the application where resellers and customers manage their licenses, infrastructure and view reports. Access to this application is controlled by username and password. User accounts can be given granular rights (read or write access to many individual sections of the portal) and are assigned hierarchically (e.g. with rights to a single venue, a group of venues, a whole company or a whole reseller, etc). Platform rights are granted by individual users, and a user cannot grant or revoke rights beyond their own scope.

When a new portal user is created, they are sent a username (email) and a randomly generated password in email format. Upon first login, they are asked to change this password to one of their choice, which must be greater than 8 characters and contain both numbers and capital letters. The user must change their password every 90 days and they are not allowed to reuse any password from the past 12 months.

Store Data

Limitless integrate with many of our customers Epos systems so that we can help analyse instore efficiencies and monitor sales margin and best selling lines. This allow us to analyse aggregated data to suggest promotions based on personas.  With promotions & redemptions we can connect purchases to the individual therefore personalising their in store experience.  This is controlled by the customers EULA & Marketing consent of the customer.  We ingest & display the data in conjunction with our customer.


Captive Portal

  1. Select ‘Profile Information’
  2. Enter the name of your question ‘Gender, Age, Postcode’
  3. Select order 
  4. Select ‘OK’ to progress


When a venue does not have wi fi or a native app

  1. Scan QR code for venue
  2. Login with single sign in
  3. Register on the system 
  4. Receive offers


Generic offers can be served up 

  1. Based on Frequency of visit / dwell time 
  2. Based on areas visited
  3. Based on previous purchases
  4. Based on Dormany / Latency rules


Promotions can be based around current promotions

  1. Based on area’s previously shopped
  2. Based on items previously purchased
  3. Based on areas visited & not purchased
  4. Can be integrated into tills

Micro Surveys

Micro surveys are additional questions that can be asked between 3 – 9 questions

  1. Select Micro Survey
  2. Enter General question
  3. Select answer type radial buttons or text star rating
  4. Add comment box


Splash Pages

  1. Select ‘Use existing template’ to open an existing template
  2. Enter the name in the text field or import logo
  3. Import background image
  4. Select Login types “social, e mail, SSO’
  5. Create New

Creating a new Splash Page

  1. Select ‘Create New template’ to open a new template
  2. Enter the name in the text field or import logo
  3. Import background image
  4. Select Login types “social, e mail, SSO’
  5. Create New

Using the Splash Page Builder

  1. Add modules by selecting ‘Header Modules’ or Content Modules’
  2. Move Modules on the build area
  3. Add or remove connection methods
  4. Add the form option for any additional question

Configuring Form Settings

  1. Select the pencil icon to edit & configure
  2. Enable or disable pre-set options by sliding toggle
  3. Add ‘section headers’ or ‘custom fields’.
  4. Choose text or image to choose answer option

Holding Splash explained

  1. Holding page is required as part of onboarding
  2. They are displayed before user logs in
  3. User is still in walled garden

Online Splash Explained

  1. Online splash is optional as an access journey and can forward to url
  2. They are displayed after login and may capture additional information

Access Journey

Creating a new Access Journey

  1. Select ‘Create New Journey’
  2. Enter the journey name
  3. Select the ownership & scope
  4. Click ‘Create New’ to progress

Assigning a Splash Page to a journey

  1. Select the ‘Splash Page’ from drop down
  2. View the Splash Page in desktop or mobile
  3. Select ‘Save’ to store changes

Adding Custom Terms

  1. Toggle ‘Enable Custom Terms’
  2. Add the new terms or url
  3. Add terms text in ‘content’ and select ‘Save’
  4. Select menu icon to edit, preview 

Access Journey Options

  1. Toggle desired options & settings
  2. Learn more about each setting
  3. Save changes at any time by selecting ‘Save’

Language Versions

  1. Select ‘Save’ to access ‘Create language versions’ function by IP
  2. Select the desired language from the dropdown
  3. Toggle to carry out the translation
  4. Select yes to review

Frequently Asked Questions

How do I contact support ?

Send an email to us to create a support ticket at

How do I report a bug ?

you can email us to create a support ticket at

How do I reset Limitless Password ?

On the login screen to the Limitless Insights Portal, click ‘Forgot your Password.Type in the email address you use for the Portal Systems

Select ‘Request Password Reset’ and if the email address you entered matches a record in our System then an email will be sent out to reset the password.

Find the email sent to your inbox (Always check your spam folder as it can end up there!)

Click the link within the email and then type in a new Password (Make sure it’s in-line with our Password Requirements)

Can users ‘opt out’ ?

Users have the ability to unsubscribe from the service at any time, which means their details will not be included in future email marketing you send via Limitless Insights

To do this users can click the ‘Unsubscribe’ button located at the bottom of every email they receive

Users have the right to have their personal data erased as per our Privacy Policy by sending an email to

Does Limitless provide Hardware ?

Limitless is primarily a software platform so we do not provide hardware.  In the case of WiFi you must have your own hardware and an existing network in order to deploy Limitless but we do work with recommended installers.

What Happens if my licence expire ?

You can monitor your current licensing by visiting the ‘Licensing Status’ area of the portal.  We will contact you in advance of any upcoming license expiry to check in and ensure there is no disruption to our service.  If you are using Presence and/or Location then it is vital your licensing remains in place and is not allowed to expire to prevent any data loss.

What type of licenses do I need ?

There are several different license types available, each with different features.

Where do I send a GDPR related request ?

For any GDPR requests you can email us at

Where can I find your SLA ?

Standard SLA 

interested in a free 30 day trial

When a customer interacts with your brand the experience should be seamless. Online, in store or social. Sign up for free 30 day trial

Contact Limitless
Close Bitnami banner