Measure swarm · Cross-touchpoint-identity-resolution agent · Build pillar · Published June 24, 2026

How to build cross-touchpoint identity resolution at multi -location retail scale

A multi-location retail or franchise operator running 50-500 stores generates customer touchpoint events across web + email + phone + walk-in + SMS + chat + social. Without cross-touchpoint identity resolution, attribution falls apart and the franchisor cannot answer the question how many customers do we have versus how many records do we have. This guide walks the 4-skill bundle (Ingest + Match + Resolve + Audit) on the cross-touchpoint-identity-resolution agent end-to-end inside the hard wall of state-comprehensive -privacy + GDPR + WA My Health My Data + Texas SCOPE + FTC v X-Mode + FTC v Mobilewalla + Massachusetts AG v Copley Advertising precedent.

Start Tier 1 AI Readiness Assessment See Tier 3 Fractional CMO with AI Swarm Take the 3-question fit quiz

The 4-skill bundle on the cross-touchpoint-identity-resolution agent

Ingest

Pull touchpoint events from web event stream (Segment + RudderStack + Snowplow + Adobe Launch + GA4) + email (Klaviyo + Iterable + Braze + Customer.io + Mailchimp) + SMS (sibling #515 multi-location SMS broadcast engine substrate) + phone (CallRail + Invoca + DialogTech + CallTrackingMetrics + Phonexa + Twilio Voice) + walk-in (POS Toast + Square + Clover + Lightspeed + Aloha + loyalty enrollment) + chat (Intercom + Drift + Crisp + Tidio) + social (Facebook Conversions API + Instagram Graph API + LinkedIn + TikTok + Pinterest + X). Per -touchpoint PII collection MINIMIZED at source per GDPR Article 5. Hash PII via SHA-256 + Argon2 at ingest; cleartext PII NEVER persists past ingest boundary. Per -touchpoint sensitive-scope classification (healthcare vertical + financial vertical + minors) applied at ingest; sensitive-scope tag travels with the event.

Match

Deterministic identifier match: hashed email + hashed phone E.164 + loyalty ID + customer ID + account ID. Operator-counsel-approved probabilistic match: device fingerprint + cookie graph + LiveRamp RampID + UID2 + Tapad. Per-match confidence scoring per operator-counsel -defined band. Probabilistic match BOUNDED by confidence threshold and DISABLED entirely when sensitive scope (healthcare or financial vertical, or sensitive-scope tag from Ingest). Cryptographic primitives at the cross-vendor boundary: private-set-intersection for cross-vendor match without cleartext exchange; secure -multi-party-computation where the substrate supports it; differential privacy for aggregate reporting.

Resolve

Build per-customer identity graph with per-identifier decay (cookie 30 days + IP 7 days + fingerprint 14 days + operator-counsel-set per identifier). Cross-store cross-location identity linkage. Customer-journey graph query. DSAR overlay surface answers data-subject access + deletion + rectification across the substrate within statutory response window (CCPA 45 days, CPRA 45 days, GDPR 30 days extendable). Per-customer profile minimization: Resolve output retains only identifiers required for operator-counsel-approved use case; per -customer attributes outside scope are not retained. Per-customer right-to-be-forgotten propagation across vendor substrate including downstream consumers.

Audit

Per-resolution canonical record (event ID + per-touchpoint pointer + hash digest of PII + sensitive-scope tag + Match decision + per-match confidence + cryptographic primitive snapshot + Resolve decay state + DSAR overlay tag + per-vendor LLM zero-retention verification when LLM used at Match disambiguation). WORM storage. Per -resolution record retains for CCPA right-to-know + CPRA enforcement + state-AG enforcement + GDPR Article 33/34 breach notification preparation + FTC consent -decree compliance + Massachusetts AG v Copley Advertising precedent defense + audit committee review.

The real ecosystem this sits above

CDP + identity providers

Adobe Real-Time CDP, Treasure Data, Tealium, Salesforce Customer 360, mParticle, Twilio Engage, BlueConic, ActionIQ, Lytics CDP. LiveRamp RampID, The Trade Desk UID2, Throtle, Tapad, Neustar, Acxiom, Merkle, FullContact, Pipl identity providers. Operator-counsel review of per-vendor data processing addendum is gating before any ingestion runs.

Touchpoint event ingestion

Segment, RudderStack, Snowplow, Adobe Launch, GA4 web event. Klaviyo, Iterable, Braze, Customer.io, Mailchimp email. Sibling #515 SMS substrate. CallRail, Invoca, DialogTech, CallTrackingMetrics, Phonexa, Twilio Voice phone. Toast, Square, Clover, Lightspeed, Aloha POS + loyalty. Intercom, Drift, Crisp, Tidio chat. Facebook Conversions API, Instagram Graph, LinkedIn, TikTok, Pinterest, X social conversions.

Cryptography + privacy + WORM

SHA-256 + Argon2 + bcrypt + scrypt password and PII hashing. Google Privacy Sandbox PIR + Microsoft EdgeDL primitives + libsodium + OpenMined PySyft secure-multi -party-computation. Apple + Google + Microsoft differential privacy references. Private-set-intersection libraries for cross-vendor match. OneTrust + TrustArc + Didomi + Cookiebot consent management. AWS S3 Object Lock + Azure Blob immutable + Google Cloud Storage Bucket Lock + Wasabi compliance WORM for Audit.

The 5-anchor compliance overlay

Anchor 1 — CCPA + CPRA + state-comprehensive-privacy + WA MHMDA + Texas SCOPE + COPPA (operationally distinctive)

CCPA + CPRA + 17-state-comprehensive-privacy (Virginia VCDPA + Colorado CPA + Connecticut CTDPA + Utah UCPA + Texas TDPSA + Oregon OCPA + Montana MCDPA + Tennessee TIPA + Iowa Act + Indiana ICDPA + Delaware DPDPA + New Jersey NJDPA + New Hampshire NHPA + Kentucky KCDPA + Maryland MODPA + Minnesota CDPA + Rhode Island DTPPA) + Washington My Health My Data Act 2024 (HIPAA-adjacent with private right of action) + Texas SCOPE Act 2024 (social-media-platform obligations to minors; relevant when operator targets minors) + COPPA 15 USC 6501 when minors scope. Operationally distinctive frame: identity resolution by definition processes personal information; the substrate must minimize collection at source, hash at ingest, bound probabilistic matching, and surface DSAR overlay within statutory response window. Per -customer right-to-be-forgotten must propagate across vendor substrate including downstream consumers.

Anchor 2 — GDPR Article 5 + 6 + 25 + 32 + 33 + 34 + 35 + Recital 47

GDPR Article 5 data minimization + Article 6 legal basis (consent or legitimate interest with documented LIA balancing per Recital 47 for direct marketing) + Article 25 privacy by design and by default + Article 32 security of processing + Article 33 + 34 breach notification + Article 35 DPIA when high-risk processing. Cross-touchpoint identity resolution is high-risk processing under Article 35; DPIA is mandatory before deployment.

Anchor 3 — FTC v X-Mode + FTC v Mobilewalla + Massachusetts AG v Copley Advertising location-data precedent

FTC v X-Mode Social and Outlogic (January 2024 settlement over location data shared without proper consent). FTC v Mobilewalla (December 2024 settlement over location data sold by data broker). Massachusetts AG v Copley Advertising (April 2017 settlement over geofenced advertising at abortion clinics, establishing state-AG precedent for location data tied to sensitive scope). These precedents apply directly to cross -touchpoint identity resolution: walk-in data IS location data, and stitching walk-in to web creates a profile that can intersect sensitive categories. Sensitive-scope detection at ingest disables probabilistic match for those events.

Anchor 4 — Per-vertical (HIPAA + GLBA + Regulation P + FTC Franchise Rule)

HIPAA 45 CFR 164.514 de-identification standard when healthcare scope + 164.308 administrative safeguards + 164.312 technical safeguards + Business Associate Agreement mandatory with every vendor in substrate. GLBA Safeguards Rule + Regulation P privacy notice when financial-services scope. FTC Franchise Rule 16 CFR Part 436 + FDD Item 12 territorial rights cross-check when franchisor builds the substrate (cross-franchisee identity linkage may implicate Item 12).

Anchor 5 — Cryptographic primitives + NIST AI RMF + ISO 42001 + ISO 27001 + SOC 2 Type II

SHA-256 + Argon2 + bcrypt + scrypt password and PII hashing. Secure-multi-party-computation (Google Privacy Sandbox PIR + Microsoft EdgeDL + libsodium + OpenMined PySyft). Differential privacy (Apple + Google + Microsoft references) for aggregate reporting. Private -set-intersection for cross-vendor match without cleartext exchange. NIST AI Risk Management Framework Govern + Map + Measure + Manage. ISO 42001 AI Management System. ISO 27001 Information Security. SOC 2 Type II CC6 logical and physical access + CC7 system operations + CC8 change management.

The 6-workstream pre-engagement-baseline reporting cycle

Completions does not commit to numeric match-rate targets before engagement scope is documented. The Q6 pre-engagement -baseline reporting cycle covers the six workstreams that ship in every engagement.

Ingest coverage. Per-touchpoint vendor enumeration + per-touchpoint PII minimization at source + per-touchpoint hash discipline + per-touchpoint sensitive -scope classification + per-touchpoint consent posture freshness.
Match quality. Per-match deterministic + probabilistic confidence band + per-match operator -counsel signoff + per-sensitive-scope probabilistic disable + cryptographic primitive freshness (PSI + SMPC + DP) + per-vendor data processing addendum freshness.
Resolve quality. Per-identifier decay policy + cross-store cross-location linkage correctness + DSAR overlay readiness within statutory response window + per-customer profile minimization + per-customer right -to-be-forgotten propagation across substrate including downstream consumers.
Audit quality. Per-resolution canonical record completeness + WORM storage posture + per -resolution sensitive-scope tag retention + cryptographic primitive snapshot retention.
Compliance posture. CCPA + CPRA + state -comprehensive-privacy + WA MHMDA + Texas SCOPE + COPPA + GDPR Article 5 + 6 + 25 + 32 + 33 + 34 + 35 + Recital 47 + FTC v X-Mode + FTC v Mobilewalla + Massachusetts AG v Copley Advertising precedent review + HIPAA + GLBA + Regulation P + FTC Franchise Rule + NIST AI RMF + ISO 42001 + ISO 27001 + SOC 2 Type II + per-vendor LLM zero -retention freshness.
Audit-trail completeness. Per-Ingest + per-Match + per-Resolve + per-Audit canonical record retention in versioned-history substrate readable by CCPA right-to-know + state-AG enforcement + GDPR breach notification + FTC consent-decree compliance + HIPAA OCR + audit committee + external counsel review.

Frequently asked questions

What problem does cross-touchpoint identity resolution solve for a multi-location retail operator?

A multi-location retail or franchise operator running 50-500 stores generates customer touchpoint events across web + email + phone + walk-in + SMS + chat + social. A single customer can appear at the same physical store and on the brand website with no shared identifier; the email subscriber and the SMS subscriber are the same person whose touchpoints live in separate vendor accounts; the walk-in receipt and the online order are reconcilable only if the loyalty program connects them. Without cross-touchpoint identity resolution, attribution falls apart, lifetime value calculations are wrong, save-flow eligibility is wrong, and the franchisor cannot answer the question how many customers do we have versus how many records do we have. The skill ships the substrate that stitches identity across touchpoints inside the hard wall of CCPA + CPRA + state-comprehensive-privacy + GDPR + Washington My Health My Data Act + Texas SCOPE Act + FTC v X-Mode and FTC v Mobilewalla precedent + Massachusetts AG v Copley Advertising precedent + HIPAA + GLBA where applicable.

What is the 4-skill bundle and what does each skill do?

Ingest pulls touchpoint events from web event stream (Segment + RudderStack + Snowplow + Adobe Launch + GA4) + email (Klaviyo + Iterable + Braze + Customer.io + Mailchimp) + SMS (sibling #515 multi-location SMS broadcast engine) + phone (CallRail + Invoca + DialogTech + CallTrackingMetrics + Phonexa + Twilio Voice) + walk-in (POS Toast + Square + Clover + Lightspeed + Aloha + loyalty enrollment) + chat (Intercom + Drift + Crisp + Tidio) + social (Facebook Conversions API + Instagram Graph API + LinkedIn + TikTok + Pinterest + X). Per-touchpoint PII collection minimized at source per Article 5 data minimization. Hash PII via SHA-256 + Argon2 at ingest; cleartext PII never persists past the ingest boundary. Match runs deterministic identifier match (hashed email + hashed phone E.164 + loyalty ID + customer ID + account ID) and operator-counsel-approved probabilistic match (device fingerprint + cookie graph + LiveRamp RampID + UID2 + Tapad), with per-match confidence scoring and per-match audit record. Probabilistic match is bounded by operator-counsel-defined confidence thresholds and disabled entirely when sensitive scope (healthcare or financial vertical). Resolve builds the per-customer identity graph with per-identifier decay (cookie 30 days, IP 7 days, fingerprint 14 days, operator-counsel-set), cross-store cross-location identity linkage, and customer-journey graph query. DSAR overlay surface answers data-subject access + deletion + rectification across the substrate. Audit ships per-resolution canonical record to WORM storage for CCPA right-to-know + GDPR Article 22 + 33/34 breach notification + FTC consent-decree compliance preparation.

Why is PII-handling + state-comprehensive-privacy + FTC v X-Mode / FTC v Mobilewalla precedent the operationally distinctive anchor for this skill?

Identity resolution by definition processes personal information. FTC v X-Mode Social and Outlogic (January 2024) settled over location data shared without proper consent; FTC v Mobilewalla (December 2024) settled over location data sold by data broker. Massachusetts AG v Copley Advertising (April 2017) settled over geofenced advertising at abortion clinics, establishing precedent for location data tied to sensitive scope. These precedents apply directly to cross-touchpoint identity resolution because walk-in data is location data and stitching walk-in to web creates a profile that can intersect sensitive categories. Operationally distinctive frame: probabilistic match is bounded by operator-counsel-defined confidence threshold and disabled entirely when the resolution involves sensitive scope (healthcare clinic vertical, abortion-services adjacent, mental-health-related retail, addiction-services). PII is hashed at ingest; cleartext never persists past the ingest boundary. DSAR overlay tagging is applied at Resolve so a data-subject access request returns the per-customer record across the substrate within the statutory response window.

What real regulatory and standards-body hooks does the compliance overlay anchor on?

Anchor 1 is CCPA + CPRA + state-comprehensive-privacy (Virginia VCDPA + Colorado CPA + Connecticut CTDPA + Utah UCPA + Texas TDPSA + Oregon OCPA + Montana MCDPA + Tennessee TIPA + Iowa Act + Indiana ICDPA + Delaware DPDPA + New Jersey NJDPA + New Hampshire NHPA + Kentucky KCDPA + Maryland MODPA + Minnesota CDPA + Rhode Island DTPPA) + Washington My Health My Data Act 2024 (HIPAA-adjacent with private right of action) + Texas SCOPE Act 2024 (social-media-platform obligations to minors; relevant when operator targets minors) + COPPA 15 USC 6501 when minors scope. Anchor 2 is GDPR Article 5 data minimization + Article 6 legal basis (consent or legitimate interest with documented LIA balancing) + Article 25 privacy by design and by default + Article 32 security of processing + Article 33 + 34 breach notification + Article 35 DPIA when high-risk processing + Recital 47 legitimate interest balancing for direct marketing. Anchor 3 is FTC enforcement precedent on location and identity data: FTC v X-Mode Social and Outlogic (January 2024 settlement over location data shared without proper consent), FTC v Mobilewalla (December 2024 settlement over location data sold by data broker), Massachusetts AG v Copley Advertising (April 2017 geofenced advertising at abortion clinics settlement). Anchor 4 is per-vertical: HIPAA 45 CFR 164.514 de-identification standard when healthcare scope + Business Associate Agreement mandatory + GLBA Safeguards Rule + Regulation P privacy notice when financial-services scope + FTC Franchise Rule 16 CFR Part 436 + FDD Item 12 territorial rights cross-check when franchisor builds the substrate. Anchor 5 is cryptographic primitives + standards: SHA-256 + Argon2 + bcrypt + scrypt password hashing where applicable + secure-multi-party-computation (Google Privacy Sandbox PIR + Microsoft EdgeDL primitives) + differential privacy (Apple + Google + Microsoft references) + private-set-intersection for cross-vendor identity match without cleartext exchange + NIST AI RMF + ISO 42001 + ISO 27001 + SOC 2 Type II CC6 logical and physical access + CC7 system operations + CC8 change management.

How does Match avoid building a profile that crosses into sensitive scope?

Identity resolution can construct a customer profile that includes location patterns (walk-in to a healthcare clinic, a specific pharmacy, a religious institution). FTC v X-Mode + FTC v Mobilewalla + Massachusetts AG v Copley Advertising establish that location data tied to sensitive scope is treated as sensitive even when the underlying touchpoint is ordinary. Match runs three guards. First, sensitive-scope detection at the source: walk-in events from operator stores classified as healthcare or financial scope are tagged at ingest; cross-touchpoint linkage with those events disables probabilistic matching. Second, operator-counsel-reviewed per-touchpoint match policy: deterministic match (hashed email + hashed phone + loyalty ID) is generally allowed; probabilistic match (device fingerprint + IP + cookie) is allowed only inside operator-counsel-defined confidence band and is disabled for sensitive scope. Third, per-customer profile minimization: the Resolve output retains only the identifiers required for the operator-counsel-approved use case; per-customer attributes outside that scope are not retained. DSAR overlay tagging surfaces the per-customer record for deletion within statutory response window.

What does Completions ship and how does an engagement start?

Completions ships the cross-touchpoint-identity-resolution agent + 4-skill bundle (Ingest + Match + Resolve + Audit) + 5-anchor compliance overlay (CCPA + CPRA + state-comprehensive-privacy + WA MHMDA + Texas SCOPE + COPPA + GDPR + FTC v X-Mode + FTC v Mobilewalla + Massachusetts AG v Copley Advertising + HIPAA + GLBA + FTC Franchise Rule + cryptographic primitives + NIST AI RMF + ISO 42001 + ISO 27001 + SOC 2 + per-vendor LLM zero-retention) + the Q6 6-workstream pre-engagement-baseline reporting cycle. Tier 1 AI Readiness Assessment (2-3 weeks) audits the current touchpoint ingestion + PII handling + deterministic + probabilistic match posture + DSAR overlay readiness. Tier 3 Fractional CMO with AI Swarm (6-month minimum, 1-2 days/wk embedded) runs the cross-touchpoint-identity-resolution agent on the operator CDP + web + email + SMS + phone + walk-in + chat + social stack on an ongoing basis.

Engage Completions on the cross-touchpoint-identity-resolution agent

Tier 1 AI Readiness Assessment (2-3 weeks) audits the current touchpoint ingestion + PII handling + deterministic + probabilistic match posture + DSAR overlay readiness. Tier 3 Fractional CMO with AI Swarm (6-month minimum, 1-2 days/wk embedded) runs the cross-touchpoint -identity-resolution agent on the operator CDP + web + email + SMS + phone + walk-in + chat + social stack on an ongoing basis.