Completions

Measure swarm · Foot-traffic-attribution agent · Build pillar · Published July 11, 2026

How to build foot-traffic integration for multi-location retail attribution

A multi-location retail or franchise operator running 50-300 stores wants to join foot-traffic data to POS spend, online order, and call attribution. The benefit is real. The exposure is also real: foot-traffic data is exactly the category the FTC v X-Mode Social and Outlogic January 2024 consent decree + FTC v Mobilewalla December 2024 consent decree + Massachusetts AG v Copley Advertising April 2017 settlement targeted. This guide walks the 4-skill bundle (Ingest + Join + Attribute + Audit) on the foot-traffic -attribution agent end-to-end with mandatory per-vendor due-diligence + sensitive-scope detection at ingest.

Start Tier 1 AI Readiness AssessmentSee Tier 3 Fractional CMO with AI SwarmTake the 3-question fit quiz

The 4-skill bundle on the foot-traffic-attribution agent

Ingest

Pull visit events from per-vendor APIs (Placer.ai + SafeGraph + Near + Foursquare + Veraset + Cuebiq + Onemata + Predicio + AirSage + StreetLight Data + Spectus + Adsquare + Vista Insights + Pelmorex + Allspark). Per-vendor due-diligence is a gating prerequisite before any vendor enters the substrate: operator-counsel review of the vendor data-processing addendum + the vendor consent-collection methodology + the vendor FTC consent-decree status (FTC v X-Mode Social and Outlogic January 2024 + FTC v Mobilewalla December 2024) + the vendor downstream-data-sharing posture + the vendor sensitive-scope filtering. Per-vendor HMAC-SHA-256 or OAuth signature verification on every pull. Per-vendor event-shape normalization into canonical visit record (vendor + visit ID + location ID + device ID hashed at ingest + visit start + end + duration + dwell + confidence + prior -trail summary). Sensitive-scope detection at ingest tags visits adjacent to healthcare clinics + reproductive-health facilities + religious institutions + addiction-services + mental-health + child-care + criminal-justice + military-base + immigration; tag travels with visit through substrate.

Join

Correlate visit events to POS receipt, online order, call event (sibling #523 missed-call-recovery), and loyalty enrollment via per-visit per-touchpoint operator-counsel-approved match logic with documented confidence band. Sensitive-scope-tagged visits route to a separate substrate where probabilistic linking is disabled. Deterministic match (hashed device ID resolved to loyalty ID + hashed phone E.164 from call attribution) is preferred where consent posture supports it. Probabilistic match (geo + time window + co-occurrence) is bounded by operator-counsel-defined confidence threshold and disabled entirely for sensitive-scope events. Cross-vendor deduplication via private-set-intersection where the substrate supports it. Per-match audit record retained.

Attribute

Emit per-visit attribution events to downstream MMM (sibling marketing-mix-modeling agent) and per-cohort reporting (sibling #513 cohort-framed KPI rollup). Sensitive-scope-tagged events excluded from any FPR -bound reporting (FTC Franchise Rule Item 19 substantiation chain). Per-visit confidence band propagated downstream so MMM sees the uncertainty. Per-visit attribution decay (recency weighting) and per-channel touchpoint weighting (first-touch + last -touch + linear + time-decay + position-based) per operator-counsel-approved methodology. Per-attribution event includes per-vendor provenance pointer for FTC consent-decree compliance preparation.

Audit

Per-visit canonical record (vendor + visit ID + location ID + hashed device ID + sensitive-scope tag + per -vendor due-diligence pointer + per-vendor FTC consent -decree status snapshot at ingest + cryptographic primitive snapshot + Join decision + Attribute emission pointer + per-vendor LLM zero-retention verification when LLM-assisted normalization used). WORM storage. Per-visit record retains for FTC v X-Mode + FTC v Mobilewalla consent-decree compliance preparation + Massachusetts AG v Copley Advertising precedent defense + state-AG enforcement + GDPR Article 33/34 breach notification preparation + FTC Franchise Rule Item 19 FPR substantiation + audit committee + external counsel review.

The real ecosystem this sits above

Foot-traffic vendors (with due-diligence gating)

Placer.ai, SafeGraph, Near, Foursquare, Veraset, Cuebiq, Onemata, Predicio, AirSage, StreetLight Data, Spectus, Adsquare, Vista Insights, Pelmorex, Allspark. Operator-counsel due-diligence is gating before any vendor enters substrate. The FTC v X-Mode Social and Outlogic January 2024 + FTC v Mobilewalla December 2024 consent decrees specifically constrain those vendors and downstream consumers of derivative datasets; the substrate documents per-vendor consent -decree status at every ingest and at every audit.

CDP + warehouse + identity

Adobe Real-Time CDP, Treasure Data, Tealium, Salesforce Customer 360, mParticle, Twilio Engage, BlueConic, ActionIQ, Lytics CDP. Snowflake, Databricks, BigQuery, Redshift, Postgres warehouse. Sibling #521 cross -touchpoint identity resolution provides the substrate for hashed-device-ID + loyalty-ID + hashed-phone joins. Sibling #513 cohort-framed KPI rollup consumes per -visit attribution events.

Cryptography + policy + WORM

SHA-256 + Argon2 + bcrypt + scrypt for hashing device ID at ingest. Google Privacy Sandbox PIR + Microsoft EdgeDL + libsodium + OpenMined PySyft secure-multi -party-computation. Apple + Google + Microsoft differential privacy. Private-set-intersection for cross-vendor match without cleartext exchange. OPA Rego + AWS Cedar + Casbin + Cerbos + Oso + Styra DAS + Permit.io policy-as-code for sensitive-scope routing + per-vendor consent-decree gating. AWS S3 Object Lock + Azure Blob immutable + Google Cloud Storage Bucket Lock + Wasabi compliance WORM for Audit.

The 5-anchor compliance overlay

Anchor 1 — FTC v X-Mode + FTC v Mobilewalla + Massachusetts AG v Copley Advertising + per-vendor due-diligence + sensitive-scope detection at ingest (operationally distinctive)

Foot-traffic data is location data. FTC v X-Mode Social and Outlogic (January 9, 2024) settled over location data shared without proper consent; the consent decree imposes ongoing obligations on Outlogic and (depending on the data path) on downstream consumers of Outlogic-derivative datasets. FTC v Mobilewalla (December 3, 2024) settled over location data sold by a data broker. Massachusetts AG v Copley Advertising (April 2017) settled over geofenced advertising at abortion clinics. These precedents apply directly to foot-traffic integration. Operationally distinctive frame: sensitive-scope detection at ingest + sensitive-scope-tagged events filtered out of downstream probabilistic linking + per-vendor due -diligence as gating prerequisite before any vendor enters substrate. Naive deployments that ingest from any foot-traffic vendor without due-diligence inherit the FTC consent-decree exposure that the original FTC case rested on.

Anchor 2 — CCPA + CPRA + state-comprehensive-privacy + WA MHMDA + Texas SCOPE

CCPA + CPRA + 17-state-comprehensive-privacy + Washington My Health My Data Act 2024 (HIPAA-adjacent with private right of action) + Texas SCOPE Act 2024 when minors-adjacent. DSAR overlay across the substrate including per-visit deletion within statutory response window. Per-vendor data-sale opt-out propagated to the vendor where consent regime applies. Sensitive-scope tag travels with the visit so DSAR response retains the sensitive-scope handling evidence.

Anchor 3 — GDPR Article 5 + 6 + 9 + 25 + 32 + 35 + Recital 47

GDPR Article 5 data minimization + Article 6 legal basis + Article 9 special-category data processing (location data intersecting sensitive scope IS special -category and Article 9 explicit-consent or other Article 9(2) basis applies) + Article 25 privacy by design + Article 32 security + Article 35 DPIA MANDATORY for high-risk processing including large -scale location tracking + Recital 47 legitimate interest balancing for direct marketing.

Anchor 4 — Per-vertical (HIPAA + COPPA + FTC Franchise Rule Item 19 FPR)

HIPAA 45 CFR 164.514 de-identification standard when operator IS healthcare provider + Business Associate Agreement consideration. COPPA 15 USC 6501 when minors-adjacent. FTC Franchise Rule 16 CFR Part 436 Item 19 Financial Performance Representation substantiation when foot-traffic informs FPR + per -state Franchise Investment Law FPR enforcement (California Corporations Code 31000 et seq + Michigan MCL 445.1501 + Maryland + Illinois 815 ILCS 705 + Minnesota Minn Stat 80C + New York GBL Article 33 + Virginia + Washington RCW 19.100). Sensitive-scope -tagged events excluded from FPR-bound reporting via sibling #513 cohort-framed KPI rollup.

Anchor 5 — Cryptographic primitives + NIST AI RMF + ISO 42001 + ISO 27001 + SOC 2 Type II

SHA-256 + Argon2 + bcrypt + scrypt for hashing device ID at ingest. Secure-multi-party-computation (Google Privacy Sandbox PIR + Microsoft EdgeDL + libsodium + OpenMined PySyft). Differential privacy (Apple + Google + Microsoft references) for aggregate reporting. Private-set-intersection for cross-vendor match without cleartext exchange. NIST AI RMF Govern + Map + Measure + Manage. ISO 42001 AI Management System. ISO 27001 Information Security. SOC 2 Type II CC6 logical and physical access + CC7 system operations + CC8 change management. Per-vendor LLM zero-retention when LLM-assisted normalization used.

The 6-workstream pre-engagement-baseline reporting cycle

Completions does not commit to numeric attribution-uplift targets before engagement scope is documented. The Q6 pre -engagement-baseline reporting cycle covers the six workstreams that ship in every engagement.

  1. Ingest coverage. Per-vendor due -diligence record completeness (data-processing addendum + consent-collection methodology + FTC consent-decree status + downstream-data-sharing posture + sensitive -scope filtering) + per-vendor HMAC/OAuth signature verification + per-vendor event-shape normalization + sensitive-scope detection coverage + geofence registry freshness.
  2. Join quality. Per-match deterministic vs probabilistic confidence band + per-match operator -counsel signoff + per-sensitive-scope probabilistic disable + cryptographic primitive freshness (PSI + SMPC + DP) + cross-vendor deduplication completeness.
  3. Attribute quality. Per-visit attribution event correctness + per-channel touchpoint weighting methodology operator-counsel signoff + sensitive-scope exclusion from FPR-bound reporting via #513 + per-visit provenance pointer freshness.
  4. Audit quality. Per-visit canonical record completeness + WORM storage posture + per -vendor FTC consent-decree status snapshot retention + per-vendor due-diligence pointer freshness.
  5. Compliance posture. FTC v X-Mode + FTC v Mobilewalla consent-decree compliance posture review + Massachusetts AG v Copley Advertising precedent review + per-vendor due-diligence cadence + sensitive -scope detection cadence + CCPA + CPRA + state -comprehensive-privacy + WA MHMDA + Texas SCOPE + GDPR Article 5 + 6 + 9 + 25 + 32 + 35 + Recital 47 + HIPAA + COPPA + FTC Franchise Rule Item 19 FPR + per-state Franchise Investment Law + NIST AI RMF + ISO 42001 + ISO 27001 + SOC 2 Type II + per-vendor LLM zero -retention freshness.
  6. Audit-trail completeness. Per-Ingest + per-Join + per-Attribute + per-Audit canonical record retention in versioned-history substrate readable by FTC consent-decree compliance review + state-AG enforcement + GDPR breach notification + HIPAA OCR when applicable + audit committee + external counsel review.

Frequently asked questions

What problem does foot-traffic integration solve for a multi-location retail operator?

A multi-location retail or franchise operator running 50-300 stores wants to join foot-traffic data (vendor-derived visit events from device-trail or POI-correlation sources) to POS spend, online order, call attribution, and loyalty enrollment, so that paid-media spend can be evaluated against actual store visits rather than only against online conversions. The benefit is real: an ad campaign that drives 0.5 percent online conversion but 8 percent walk-in conversion is worth more than its online dashboard suggests. The exposure is also real: foot-traffic data is exactly the category that FTC v X-Mode Social and Outlogic (January 2024 consent decree) and FTC v Mobilewalla (December 2024 consent decree) targeted, and Massachusetts AG v Copley Advertising (April 2017 settlement over geofenced advertising at abortion clinics) is the state-AG precedent that informs how state attorneys general view location-data-tied-to-sensitive-scope. The skill ships the substrate that makes foot-traffic attribution defensible: per-vendor due-diligence gating before ingest, sensitive-scope detection at ingest, operator-counsel-approved consent posture verification, and audit trail that survives consent-decree compliance review.

What is the 4-skill bundle and what does each skill do?

Ingest pulls visit events from per-vendor APIs (Placer.ai + SafeGraph + Near + Foursquare + Veraset + Cuebiq + Onemata + Predicio + AirSage + StreetLight Data + Spectus + Adsquare + Vista Insights + Pelmorex + Allspark). Per-vendor due-diligence is a gating prerequisite before any vendor enters the substrate: operator-counsel review of the vendor data-processing addendum, the vendor consent-collection methodology, the vendor FTC consent-decree status, the vendor downstream-data-sharing posture, and the vendor sensitive-scope filtering. Per-vendor HMAC-SHA-256 or OAuth signature verification on every pull. Per-vendor event-shape normalization into canonical visit record (vendor + visit ID + location ID + device ID hashed at ingest + visit start + end + duration + dwell + confidence + prior-trail summary). Sensitive-scope detection at ingest tags visits adjacent to healthcare clinics + reproductive-health facilities + religious institutions + addiction-services + mental-health + child-care + criminal-justice + military-base + immigration; sensitive-scope-tagged visits route to a separate substrate where probabilistic linking is disabled. Join correlates visit events to POS receipt, online order, call event (sibling #523 missed-call-recovery), and loyalty enrollment via per-visit per-touchpoint operator-counsel-approved match logic with documented confidence band. Attribute emits per-visit attribution events to the downstream MMM and per-cohort reporting (sibling #513 cohort-framed KPI rollup) with sensitive-scope-tagged events excluded from any FPR-bound reporting (sibling FTC Franchise Rule Item 19 substantiation chain). Audit ships per-visit canonical record to WORM storage for FTC consent-decree compliance + state-AG enforcement defense.

Why is FTC v X-Mode + FTC v Mobilewalla + Massachusetts AG v Copley Advertising precedent the operationally distinctive anchor for this skill?

Foot-traffic data is location data. FTC v X-Mode Social and Outlogic (January 9, 2024) settled over location data shared without proper consent; the consent decree imposes ongoing obligations on Outlogic and (depending on the data path) on downstream consumers of Outlogic-derivative datasets. FTC v Mobilewalla (December 3, 2024) settled over location data sold by a data broker. Massachusetts AG v Copley Advertising (April 2017) settled over geofenced advertising at abortion clinics, establishing state-AG precedent for location data tied to sensitive scope. These precedents apply directly to foot-traffic integration because the visit-event stream is a profile that can intersect sensitive categories: a visit to a methadone clinic, an oncology center, a mosque, a child-care facility, an immigration office, or a domestic-violence shelter is a sensitive-category disclosure regardless of whether the operator intended to collect it. Operationally distinctive frame: sensitive-scope detection runs at ingest, sensitive-scope-tagged events are filtered out of downstream probabilistic linking, and per-vendor due-diligence is a gating prerequisite before any vendor enters the substrate. Naive deployments that ingest from any foot-traffic vendor without due-diligence inherit the FTC consent-decree exposure that the original FTC case rested on.

What real regulatory and standards-body hooks does the compliance overlay anchor on?

Anchor 1 is FTC v X-Mode Social and Outlogic January 2024 consent decree + FTC v Mobilewalla December 2024 consent decree + Massachusetts AG v Copley Advertising April 2017 location-data precedent + per-vendor due-diligence gating discipline + sensitive-scope detection at ingest covering healthcare clinics + reproductive-health facilities + religious institutions + addiction-services + mental-health + child-care + criminal-justice + military-base + immigration. Anchor 2 is CCPA + CPRA + state-comprehensive-privacy (Virginia VCDPA + Colorado CPA + Connecticut CTDPA + Utah UCPA + Texas TDPSA + Oregon OCPA + Montana MCDPA + Tennessee TIPA + Iowa Act + Indiana ICDPA + Delaware DPDPA + New Jersey NJDPA + New Hampshire NHPA + Kentucky KCDPA + Maryland MODPA + Minnesota CDPA + Rhode Island DTPPA) + Washington My Health My Data Act 2024 (HIPAA-adjacent with private right of action) + Texas SCOPE Act 2024 when minors-adjacent. Anchor 3 is GDPR Article 5 data minimization + Article 6 legal basis + Article 9 special-category data processing (location data intersecting sensitive scope is special-category) + Article 25 privacy by design + Article 32 security + Article 35 DPIA (mandatory for high-risk processing including large-scale location tracking) + Recital 47. Anchor 4 is per-vertical: HIPAA 45 CFR 164.514 de-identification standard when healthcare-adjacent + Business Associate Agreement consideration when operator IS healthcare provider + COPPA 15 USC 6501 when minors-adjacent + FTC Franchise Rule 16 CFR Part 436 Item 19 Financial Performance Representation substantiation when foot-traffic informs FPR + per-state Franchise Investment Law FPR enforcement (California Corporations Code 31000 et seq + 14 enumerated state statutes). Anchor 5 is cryptographic primitives + standards: SHA-256 + Argon2 + secure-multi-party-computation (Google Privacy Sandbox PIR + Microsoft EdgeDL + libsodium + OpenMined PySyft) + differential privacy (Apple + Google + Microsoft references) + private-set-intersection for cross-vendor match without cleartext exchange + NIST AI RMF + ISO 42001 + ISO 27001 + SOC 2 Type II CC6 + CC7 + CC8.

How does sensitive-scope detection work at ingest?

Sensitive-scope detection runs against per-visit geo-coordinate at ingest time. A geofence registry covers operator-counsel-reviewed categories: healthcare clinics including methadone + oncology + dialysis + mental-health + reproductive-health, religious institutions, addiction-services, child-care facilities, criminal-justice facilities (jail + court + parole office), military bases, immigration offices, domestic-violence shelters, and other sensitive scope per operator-counsel definition. A visit whose geo-coordinate falls within an operator-counsel-defined buffer of a sensitive-scope POI is tagged at ingest. Sensitive-scope-tagged visits route to a separate substrate where probabilistic linking is disabled, downstream attribution emission excludes the visit, and FPR-bound reporting (FTC Franchise Rule Item 19 substantiation chain via sibling #513 cohort-framed KPI rollup) excludes the visit. The tag travels with the visit through the substrate so the audit trail proves at every downstream step that sensitive-scope events were handled per operator-counsel policy. Geofence registry is updated on operator-counsel-approved cadence and version-pinned.

What does Completions ship and how does an engagement start?

Completions ships the foot-traffic-attribution agent + 4-skill bundle (Ingest + Join + Attribute + Audit) + 5-anchor compliance overlay (FTC v X-Mode + FTC v Mobilewalla + Massachusetts AG v Copley Advertising + per-vendor due-diligence + sensitive-scope detection + CCPA + CPRA + state-comprehensive-privacy + WA MHMDA + Texas SCOPE + GDPR Article 5 + 6 + 9 + 25 + 32 + 35 + HIPAA + COPPA + FTC Franchise Rule Item 19 FPR + per-state Franchise Investment Law + cryptographic primitives + NIST AI RMF + ISO 42001 + ISO 27001 + SOC 2 + per-vendor LLM zero-retention) + the Q6 6-workstream pre-engagement-baseline reporting cycle. Tier 1 AI Readiness Assessment (2-3 weeks) audits the current foot-traffic vendor stack against FTC consent-decree status, sensitive-scope detection coverage, per-vendor due-diligence gaps, and FPR-substantiation chain integrity. Tier 3 Fractional CMO with AI Swarm (6-month minimum, 1-2 days/wk embedded) runs the foot-traffic-attribution agent on the operator MMM + cross-touchpoint substrate on an ongoing basis with operator-counsel embedded review cadence on vendor changes and sensitive-scope geofence updates.

Engage Completions on the foot-traffic-attribution agent

Tier 1 AI Readiness Assessment (2-3 weeks) audits the current foot-traffic vendor stack against FTC consent -decree status, sensitive-scope detection coverage, per -vendor due-diligence gaps, and FPR-substantiation chain integrity. Tier 3 Fractional CMO with AI Swarm ( /month, 6-month minimum, 1-2 days/wk embedded) runs the foot-traffic-attribution agent on the operator MMM + cross-touchpoint substrate on an ongoing basis with operator-counsel embedded review cadence on vendor changes and sensitive-scope geofence updates.

Start Tier 1 AI Readiness AssessmentSee Tier 3 Fractional CMO with AI SwarmTake the 3-question fit quiz

Related reading