Offline-to-Online Retargeting: Turn Foot Traffic Into Facebook Audiences (2026)

Here's an asymmetry that has quietly cost local businesses billions. An online store knows exactly who browsed it. A pixel fires on every visit, and within the hour those people are seeing ads for the thing they looked at. A physical store — which earns far harder-won, higher-intent attention when someone actually walks through the door — knows nothing. The visitor browses, maybe buys, leaves, and is gone. There has never been a 'retarget the people who came in' button for the real world.

Offline-to-online retargeting is how you build that button. It uses the one digital touch a physical visit reliably produces — a QR scan — as the trigger to drop the same retargeting pixel an online store would. Done right, the people who scan your in-store code become a genuine Facebook or Google audience you can advertise to for weeks afterward.

Not all audiences are equal. A cold interest-based audience is a guess. A website-visitor audience is warmer. But someone who physically chose to enter your store, look around, and scan a code is about as high-intent as a local audience gets — they've spent the scarcest resource of all, their time and presence, on your business.

Turning that into an ad audience changes the economics of local marketing. Instead of broadcasting to a postcode and hoping, you run a tight campaign to the few hundred people who were genuinely in your store this month: a 'come back this weekend' offer, a loyalty nudge, a new-arrivals teaser. The match between message and audience is the whole reason retargeting works online — and now it works for the high street too.

Most QR codes are dynamic links: scan, and the short link 302-redirects you to the destination. That redirect is invisible and instant — and that's exactly why it can't run a tracking pixel. A pixel is browser JavaScript; it needs a page to execute on. A bare HTTP redirect never renders one, so there's nothing for the pixel to live in.

The fix is a hand-off page — a tiny interstitial that loads in the browser, fires your Meta and Google tags, and then forwards to the real destination a few hundred milliseconds later. The visitor barely registers the hop; your pixel gets its moment to run and, crucially, to set the first-party cookie that makes the browser retargetable.

If you only fire the in-browser pixel, you lose every visitor whose browser blocks it — ad blockers, iOS tracking protection, privacy browsers. That's a large and growing share, and on mobile (where every QR scan happens) it's even higher. Your audience would be quietly half-empty.

The robust approach fires twice: the browser pixel for the cookie and the match, and a server-side event through Meta's Conversions API and Google's Measurement Protocol for everyone else. Generate one event ID and attach it to both, and Meta de-duplicates them — so a visitor whose browser pixel did fire isn't counted twice, while a visitor whose browser blocked it still lands in your audience via the server. This is the same pixel-plus-CAPI pattern Meta now recommends for all serious advertisers; offline-to-online just applies it to a scan instead of a page view.

Power like this comes with obligations. Firing a tracking pixel on an EU, EEA or UK visitor without a lawful basis is a real GDPR risk, not a footnote. The safe default is to region-gate: skip the pixel for those visitors unless you have explicit consent, so you start compliant and opt into more only deliberately.

Be clear about roles, too. When you build an audience from your own customers, you are the data controller — the responsibility for disclosure and consent is yours, not your QR tool's. Used with that respect, offline-to-online retargeting is one of the highest-leverage tools a local business has. Used carelessly, it's a liability. Treat it like the serious marketing infrastructure it is.

On QRs.bd this is the Ghost Retargeting Pixel. You add your Meta Pixel ID and Google Ads tag once at the workspace level — handy for agencies running a roster of stores or a brand with many locations — and switch retargeting on for any code, or override the pixel per code when a campaign needs its own. Eligible scans pass through the fast hand-off page; everything else redirects clean and instant as before.

Region-gating is on by default, the browser-plus-CAPI de-dup is handled for you, and the audience builds inside your own ad accounts, which you keep full control of. From there it's a normal Custom Audience: open Ads Manager, target the people who scanned, and run the campaign that brings them back.