A shopper stepping through a retail storefront entrance at the door line, soft daylight, phone in hand (no screen detail v...
BlogPeople CountingRetail Stores

Entry-based loyalty: how anonymous entry data powers per-visit rewards without an opt-in form

Jun 2, 202613 min read

What entry-based loyalty actually means

Classic retail loyalty starts with a form. A shopper hands over an email or a phone number, picks a password, and the brand begins counting purchases against that identity. Entry-based loyalty starts somewhere different. It treats the act of walking into the store as the first measurable event in the relationship, and it does that without identifying who walked in. The store knows that a visit happened, when it happened, and at which door. The shopper is never asked to register to make that count.

infographic illustrating anonymous store entry tracked over time leading to per-visit loyalty rewards without personal data

This split matters because most physical traffic never registers. Industry reporting on retail loyalty has put sign-up rates from in-store prompts in the single digits to low double digits for years, which means the vast majority of visits sit outside any loyalty system. An entry-based design builds a program that recognises the visit first, then layers an optional identifier on top for the shoppers who want personal rewards. The visit count drives the program design. The identifier, when it appears, drives the personal reward.

Two things have to be true for that to work cleanly. The store needs an accurate, continuous count of entries that does not depend on a phone or a card. And there has to be a separate, consent-gated path for shoppers who want to be recognised across visits. The rest of this post walks through how those two layers fit together and what each one is good for.

Why opt-in forms leak most of the data

A loyalty program built only on registrations sees a partial store. The members are real. The non-members are invisible. That is fine for some questions, such as which member segment redeems a coupon, and unhelpful for others, such as how many people walked in on a wet Tuesday or whether a new storefront pulls more traffic than the old one.

Three structural problems sit underneath that. First, sign-up friction is real. A queue at the till is a bad moment to ask for a registration. Second, the people who do register are not a random sample of visitors. They skew toward shoppers already inclined to buy, which makes their behaviour a poor proxy for everyone else. Third, members hand over personal data that the retailer then has to store, secure, and process under GDPR, and that obligation grows every time the dataset grows.

Entry-based loyalty inverts the order. The store builds its picture of demand from the visit data first, where no personal data is involved, and uses identified members for the marketing layer that genuinely needs identity. The program still has members. It just stops pretending the members are the whole audience.

The two layers: anonymous entry counts and identified members

An entry-based loyalty program runs on two layers that share nothing but a timestamp.

  • Layer one, anonymous entry counts. A ceiling-mounted Time-of-Flight sensor at each entry counts every visitor crossing the threshold and reports per-hour, per-day, and per-store traffic. It records geometry, not images, and it carries no identifier. This layer answers the questions about demand: how many visits, when, at which door, by what zone if interior sensors are added.
  • Layer two, identified members. Shoppers who choose to register with the brand log into the loyalty app or scan a card at checkout. The brand stores the identifier the shopper has consented to share, links it to their purchases, and runs the personal reward logic against it. This layer answers the questions about a known individual: which rewards they hold, which they have redeemed, when to send a message they have opted in to receive.

The two layers join only at aggregate level. The store can say: traffic was up 12 percent this week, of which member visits were up 9 percent, which implies non-member traffic grew faster. That is a useful program-design signal. It does not say which non-members walked in, and it does not need to.

How Ariadne measures the entry layer

The anonymous entry layer is the part most loyalty teams underestimate, because they assume any reliable count needs to identify a device or a person. It does not.

Ariadne measures this with Hybrid Fusion, its patented camera-free method. Time-of-Flight depth sensing counts every visitor at the entrances, capturing geometry rather than images, while patented phone signal sensing follows movement through the interior, detecting the signals a phone emits even in airplane mode. The sensor streams both feeds to Ariadne, where Hybrid Fusion combines them into one trajectory per visit and computes counts, dwell, and paths. The streams carry no identifier: no MAC address, no device ID, no biometric data, and no camera is involved. Identifiers are stored only when a visitor explicitly opts in, which keeps the method GDPR-friendly and outside biometric territory.

For a loyalty program, the practical consequences are straightforward. Entry counts are continuous and accurate enough to act on. Interior flow data, when the store wants it, is produced from the same camera-free method. The streams carry no MAC address by default and no device identifier, so there is no personal data in the count and the loyalty CRM never receives a record of an unidentified visit attached to anything resembling an identity. The data handling sits in the privacy policy, and the method itself is the standard Ariadne people counting stack.

Per-visit reward triggers without identification at the door

The interesting design question is how to reward a visit when the program does not know whose visit it is. The answer is that the trigger and the redemption live in different places.

The trigger is the entry event. The store knows a visit happened. The redemption is the moment the shopper either opens the brand app, taps the card at checkout, or scans a QR code in store. At that moment, and only at that moment, the program ties the visit to an identified member.

A few patterns work well under that split, and they share one property: the identified moment is opt-in, on the shopper's own device, and never blocks a non-member from shopping normally.

infographic flow showing anonymous store entry detected by sensor leading to per-visit rewards without personal data collecti
  • App-driven visit credit. A member who has the brand app installed receives a visit credit when the app detects they are in the store. The detection runs on the phone (geofence or Bluetooth beacon, with location permission granted) and is reported to the brand backend. The entry count from the in-store sensors is used by the operations team to size the program; the credit itself is granted by the app's own consented location signal, not by the sensor.
  • QR redemption tied to a visit window. Posters or receipts in the store carry a QR code that opens a redemption flow when scanned. The flow asks the member to log in, then awards a visit-specific reward inside a defined window (today, this weekend, this campaign). The store does not need to know which scan came from which visitor at the door: the scan itself proves presence.
  • Third-party loyalty integration. Many retailers run their loyalty inside a larger ecosystem (a payment-card programme, a coalition programme, or a retail-media network). The brand pushes member events to the partner system through documented APIs. Anonymous entry counts inform the campaign design (budget, window, target stores); the partner system handles the member identity and the redemption.
  • Receipt-based attribution. When a member pays with a registered card or scans the loyalty barcode at checkout, the visit becomes attributable retrospectively. This is the simplest path and the one most retailers already run; the entry layer adds context (how many non-member visits sat alongside the member visit, what the conversion rate looks like by hour) rather than replacing the redemption mechanism.

GDPR-safe consent layers

Entry-based loyalty makes the GDPR conversation noticeably easier, because the two layers carry different obligations.

The entry layer is not processing personal data. A method that captures no images, no faces, and no device identifiers by default is not building a record that can be tied to an individual. The questions a data protection officer will ask about that layer, what is captured, where it is stored, how long it is kept, have short answers because there is little to keep.

The member layer is processing personal data, and that layer needs the same consent and information notices any direct-marketing programme would need. The practical guidance below is informational and is not legal advice. Confirm specifics with your own data protection officer or counsel.

  1. Separate the notices. The entry layer (sensor counts) and the member layer (sign-up, reward, marketing messages) are different processing activities. Use separate notices and separate purpose statements rather than bundling them.
  2. Opt-in is for the member layer only. Sign-up forms, app login, marketing consent, and location permission all sit on the member side and need the lawful basis that fits each one (usually consent for marketing messages, sometimes contract or legitimate interest for the reward mechanics themselves).
  3. Keep the joining minimal. If the program reports aggregate stats that combine entry counts and member behaviour, make sure the join happens at the level of totals, not at the level of individual visits. That keeps the aggregate stats outside the definition of personal data.
  4. Be specific about what location data does. If the program uses app geofencing to credit visits, the location permission notice should say so plainly: what it captures, how often, what it is used for, how the member turns it off. A vague "to improve your experience" is the wrong answer.
  5. Document the architecture. A short data flow diagram showing what each layer captures and where it ends up is the single most useful artefact for a DPIA or an internal review. It also stops the program drifting back into a single-layer design over time.

Why entry data plus opt-in app beats the classic card

The classic plastic loyalty card asks the shopper to do one of two things at the till: present the card, or read out a phone number. Both depend on the shopper choosing to identify. That worked when the alternative was nothing, and it is now competing with a different design.

An entry-based program paired with an opt-in app does the same job and more, for three reasons.

  • Coverage of demand, not just members. The entry layer sees every visit, whether or not the shopper has any relationship with the brand. A card-only programme sees the visits that ended at the till and were swiped in. That makes the entry-based design a better basis for capacity planning, conversion analysis, and campaign sizing.
  • Lower friction at the till. App credit, QR redemption, and receipt-based attribution can all be invisible to a busy till. The cashier does not need to ask, the shopper does not need to fumble for a card, and the program still records the visit on the member side.
  • Privacy posture you can explain on a slide. Layer one captures no personal data. Layer two only stores what the member chose to share. That is a cleaner story than a single-layer card programme that quietly accumulates purchase history attached to a phone number.

None of this means classic cards stop working. It means the card, when it is still in play, is one of several redemption mechanisms running on top of an entry layer that is doing the heavier analytical work.

A program-design checklist

If you are designing or rebuilding a loyalty program for a physical retail brand, these are the questions worth answering on a single page before any tech is bought.

  1. What signal counts as a visit? Is it crossing the door (entry sensor), opening the app in the store (geofence or beacon), scanning a code, or arriving at the till? Pick a clear answer for each reward type.
  2. Which rewards need identity, and which do not? A weekend-traffic discount aimed at all visitors does not need identity. A personal birthday reward does. Slot each reward into the right layer.
  3. How is consent collected for the member layer? Sign-up flow, app login, marketing tick-boxes, location permission. List them and the legal basis each one rests on.
  4. How are aggregate reports built? Make sure entry counts and member behaviour are joined at totals, not visits, so the resulting figures stay outside personal data definitions.
  5. What does the data flow look like, in one diagram? Sensors to platform, app to backend, member CRM to messaging tool. If you cannot fit it on a page, the program is more complex than it needs to be.
  6. How is the program measured? Visit growth, member visit share, redemption rate, sales lift versus a holdout. Pick the four numbers the team will report against and stop there.

Most of these decisions get easier when the underlying counting system is camera-free and identifier-free. The same architecture that makes the GDPR notices short also makes the program easier to explain to a board or a sponsor. A broader view of how this fits into in-store visitor work sits on the visitor marketing hub, and the platform side, including app-to-store linking, is described on the EaseLink page. The hardware that powers the entry layer is the standard retail people counting deployment.

FAQ

Does the entry sensor identify shoppers in any way?

No. Ariadne counts with Hybrid Fusion: Time-of-Flight depth sensing plus patented phone signal sensing, never cameras. Time-of-Flight captures geometry rather than images, and signal sensing captures no MAC address by default, so the measurement involves no video, no faces, and no biometric data.

Can a loyalty program run without an email address at sign-up?

Yes, in the sense that the program design does not need an email to count visits or to size campaigns. Identified rewards still need some identifier (app account, registered card, phone number) for the brand to recognise the member across visits and to send a message they have opted in to receive. The entry layer covers everything that does not depend on knowing who the shopper is; the member layer covers everything that does.

How is the entry count joined to the member layer for reports?

At aggregate level only. A weekly report can say total visits, member visits, and the ratio of the two, plus sales totals split the same way. It does not (and should not) say which individual non-member visits happened, because the entry layer never captures the data that would let it. Keeping the join at totals is what keeps the resulting reports outside the personal-data definition.

Is this approach GDPR-compliant out of the box?

flat vector infographic illustrating anonymous store entries detected by a sensor leading to visitor counts and per-visit rew

The entry layer is built on a method that captures no personal data, which is a strong starting point. The member layer still needs the standard GDPR groundwork: lawful basis, clear notices, retention limits, data subject rights, and processor agreements. This article is informational and not legal advice. Confirm the specifics with your own data protection officer before launch.

Related articles

More on People Counting:

people counting platform page

Deployments in Retail Stores:

Retail Stores

Talk to us

Two questions, twenty minutes, a real walkthrough of your venue's footfall.

What to expect

  • 20-minute screen share, walked through on your venue map
  • Live walkthrough of Hybrid Fusion sensor outputs
  • Where Ariadne fits, and where it doesn't

Got a different question?

Send us a message

Anything that isn't a sales conversation. We'll route it to the right person and get back within one business day.