WiFi marketing service contract: what to include
Key takeaways: A WiFi marketing service contract protects both the reseller and the venue client. The critical clauses most resellers miss: data ownership (who owns the captured guest data?), data processing responsibility (who is the GDPR data controller?), liability limits (what happens if the portal goes down during a major event?), and termination data handling (does the client get to keep their contact database?). Get these wrong, and you're exposed to legal risk that a $99/month contract shouldn't create.
This article provides general guidance on contract structure. It is not legal advice. Consult a qualified attorney to draft contracts specific to your jurisdiction and business model.
Handshake deals work until they don't. A restaurant owner who's happy with your WiFi marketing service today might have a dispute tomorrow about data ownership, service uptime, or the contact database you built for them. Without a contract, you're both guessing about who's responsible for what.
WiFi marketing contracts have specific considerations that standard service agreements don't cover: guest data ownership, privacy regulation compliance, hardware interaction, and the unique revenue model where a reseller operates software on a venue's physical infrastructure.
Here's what every WiFi marketing service contract should include, clause by clause.
Clause 1: Scope of services
Define exactly what you're providing. Ambiguity creates disputes.
Include:
- •Captive portal setup and configuration (how many locations, how many SSIDs)
- •Portal design (initial design + number of revisions included)
- •Marketing automation setup (which sequences, how many)
- •Monthly reporting (what's included, delivery schedule)
- •Ongoing management (campaign optimization, list hygiene, technical support)
- •Hardware compatibility assessment (site survey, AP verification)
Exclude (explicitly):
- •Internet service provision (the venue provides their own internet)
- •Hardware procurement (unless you're selling APs as part of the package)
- •Network infrastructure changes beyond the guest WiFi SSID
- •Content creation (email copy, promotional offers, creative design — unless included)
- •Guaranteed lead volumes or revenue outcomes
The scope section prevents scope creep. When the client asks you to redesign their website because you're "the tech person," you point to the contract: "That's outside our scope. Happy to refer you to a web designer."
Clause 2: Data ownership and processing
This is the most important clause in a WiFi marketing contract. Get it right.
Who owns the captured data?
Three options:
Option A: Client owns the data. The venue operator is the data controller. You (the reseller) are the data processor. Captured guest data belongs to the client. If the contract terminates, the client retains the data.
Option B: Reseller owns the data. You retain ownership of the contact database. The client has access during the contract term but doesn't get to export or keep the data upon termination.
Option C: Shared ownership. Both parties have rights to use the data for their respective purposes.
Recommendation: Option A (client owns the data) is the safest and most common approach. It aligns with GDPR's data controller/processor framework and gives clients confidence that they're building an asset. It also reduces your liability — as the data processor, your obligations are narrower than a data controller's.
Data processing agreement (DPA)
If you serve clients in the EU (or process data of EU residents), GDPR requires a Data Processing Agreement between the data controller (venue) and the data processor (reseller/platform).
The DPA should cover:
- •Purpose of data processing (WiFi marketing, analytics, automated campaigns)
- •Types of personal data processed (email, name, phone, device data, visit timestamps)
- •Data retention period
- •Sub-processors (MyWiFi Networks, email delivery providers, SMS providers)
- •Data security measures
- •Breach notification procedures
- •Data subject rights handling (who responds to access/deletion requests?)
- •Cross-border data transfers
MyWiFi provides a platform-level DPA that covers the relationship between MyWiFi and the reseller. The reseller needs their own DPA with the venue client.
Privacy policy requirement
The contract should require the venue to display a privacy policy (on the captive portal and in their establishment) that covers WiFi data collection. The portal's built-in consent checkboxes handle technical compliance, but the legal compliance requires a privacy policy specific to the venue.
Clause 3: Service levels (SLA)
Define what uptime and support look like.
Platform uptime
The WiFi marketing platform's uptime is not something you directly control — it depends on MyWiFi's infrastructure. Don't promise 99.9% uptime in your contract unless the platform vendor provides the same guarantee to you.
Recommended language: "The Service Provider will use commercially reasonable efforts to maintain platform availability. Platform uptime is subject to the upstream provider's service level agreement. Scheduled maintenance windows will be communicated 48 hours in advance."
Response times
| Priority | Example | Response Time |
|---|---|---|
| Critical | Portal is down, no data capture | 4 hours |
| High | Automation sequence not firing | 24 hours |
| Medium | Dashboard report displaying incorrectly | 48 hours |
| Low | Feature request, portal design tweak | 5 business days |
What's NOT covered
Explicitly exclude issues outside your control:
- •Venue's internet outage
- •Venue's hardware failure (AP dies, switch fails)
- •Third-party service outages (Facebook OAuth down, Mailchimp down)
- •Issues caused by venue staff modifying network settings
Clause 4: Pricing and payment
Fee structure
| Component | Amount | Frequency |
|---|---|---|
| Setup fee (one-time) | $[X] | At signing |
| Monthly service fee | $[X]/month | Monthly, due on the 1st |
| Additional locations | $[X]/month per location | As added |
| Ad-hoc services (extra portal redesigns, campaign builds) | $[X]/hour | As incurred |
Payment terms
- •Payment due within 15 days of invoice (net-15) or on the 1st of each month (subscription)
- •Late payments: 1.5% per month interest after 14 days overdue
- •Service suspension after 45 days of non-payment (with 15-day written notice)
- •Client responsible for any payment processing fees
Price increases
"Service Provider may increase fees with 60 days' written notice. Client may terminate the agreement within 30 days of receiving the notice without penalty."
This protects you from being locked into a price forever while giving the client a fair exit if you raise prices beyond their budget.
Clause 5: Term and termination
Contract term
Options:
- •Month-to-month — Maximum flexibility for both parties. Lower commitment, but higher churn risk.
- •12-month term — Most common. Provides revenue predictability for the reseller and forces the client to give the platform enough time to prove ROI.
- •24–36 month term — For enterprise and multi-location clients. Often includes a price discount.
Termination
By client: 30 days' written notice (for month-to-month) or at end of term (for fixed term).
By reseller: 30 days' written notice for any reason, or immediately for non-payment exceeding 45 days.
Early termination fee: For fixed-term contracts, consider an early termination fee equal to 50% of remaining contract value. This compensates for the setup investment and lost revenue.
Post-termination obligations
This is where data ownership matters:
"Upon termination, Service Provider will export all captured contact data in CSV format and deliver it to Client within 15 business days. After delivery confirmation, Service Provider will delete all Client data from the platform within 30 days."
If the reseller owns the data (Option B above), this clause changes significantly — the client doesn't get a data export. That's a tougher sell but protects the reseller's competitive moat.
Clause 6: Liability and indemnification
Limitation of liability
"Service Provider's total liability under this agreement shall not exceed the total fees paid by Client in the 12 months preceding the claim."
This caps your exposure. Without it, a data breach or portal outage could theoretically expose you to unlimited liability.
Indemnification
The venue indemnifies you against claims arising from:
- •Content the venue supplies for the captive portal (logos, offers, promotional copy)
- •The venue's failure to maintain a valid privacy policy
- •The venue's use of captured data in violation of applicable privacy laws
- •Claims by the venue's customers arising from the venue's marketing practices
You indemnify the venue against claims arising from:
- •Your negligence in configuring or maintaining the platform
- •A data breach caused by your failure to follow reasonable security practices
- •Platform downtime caused by your direct actions (not the upstream provider)
Insurance
Consider professional liability insurance (errors and omissions) and cyber liability insurance. These are inexpensive ($500–$2,000/year for small businesses) and protect against the tail risks that contracts can't fully address.
Clause 7: Confidentiality
Both parties agree to keep confidential:
- •Business information shared during the engagement
- •Captured guest data (the reseller doesn't share venue client data with competitors)
- •Pricing terms (the venue doesn't share your rates with other prospects)
- •Platform credentials and API keys
Standard confidentiality clauses with a 2–3 year survival period after termination.
Clause 8: Intellectual property
Portal design
Who owns the portal design? If you build a custom portal for the client using the platform's WYSIWYG editor, the design elements (layout, copy, color scheme) are typically considered the client's property (since they paid for the service). The platform itself (software, code, infrastructure) remains MyWiFi's property.
Data insights
Aggregate, anonymized data insights (e.g., "restaurants in this city average a 52% WiFi opt-in rate") belong to the reseller and can be used for marketing, case studies, and benchmarking — as long as no individual venue or guest is identifiable.
FAQ
Do I need a lawyer to draft this contract? Strongly recommended for the initial template. Once you have a solid template reviewed by an attorney, you can adapt it for each client. The legal cost ($500–$2,000 for a contract review) is insurance against disputes that could cost 10x more.
Should I use the same contract for all clients? Use the same template with client-specific details (venue name, location count, pricing, term length) filled in per deal. The core clauses stay the same.
What about clients who refuse to sign a contract? If a client won't sign a service agreement, that's a red flag. At minimum, send a Scope of Work email that outlines the terms and ask for written (email) confirmation. That creates a paper trail, even if it's not a formal contract.
How do I handle data requests from guests (GDPR subject access requests)? Define this in the DPA. Typically, the venue (data controller) is responsible for responding to data subject requests. The reseller (data processor) provides technical support — exporting data, deleting records — at the venue's request.
Should the contract reference MyWiFi's terms of service? Yes. Include a clause noting that the service is built on a third-party platform (MyWiFi Networks) and that certain features and availability are subject to the platform provider's terms and policies.
Resellers starting their WiFi marketing business can register for a free trial and begin building the client portfolio that makes these contracts necessary.