Handling IP addresses of the visitors

 

At Webtrekk, we take privacy very seriously. We have been working since we started more than 14 years ago to safeguard user privacy while granting our customers full ownership of the data we collect on their behalf.

The IP addresses of our customers' users are never permanently written to disk in their original form. They are simply processed, and the IP is then immediately deleted.

Processing of the IP address means that Webtrekk runs a reverse look-up with the DNS to resolve the geo-localization (country, region, city, organisation/ISP name of the internet provider).

This ensures that Webtrekk cannot run any analysis of disaggregated IP addresses data.

Furthermore, in case Webtrekk’s customers wish to guarantee even further anonymization, they can do so by choosing to anonymize part or all of their users' IP addresses even before the above processing (geo-localisation) occurs. 

Since IP addresses are used by the HTTP protocol to route packets and collect information, those cannot be anonymized at their source. Anonymization can occur as soon as it reaches the end point of the data-collection chain. The anonymization in such case takes place as soon as technically possible while still ensuring the collection of the needed traffic data, and soon enough to guarantee users’ privacy according to even the most restricted privacy regulations.

Since Webtrekk was founded, we have always avoided saving users' IP addresses to disk, and we have always granted our customers the ability to choose to anonymize, partially or entirely, users' IP addresses.

The IP anonymization occurs at server level. This ensures that no other service providers are needed and regardless of what happens on the client-side, the IP will be anonymized once it reaches Webtrekk's servers. Users cannot override this option inadvertently, and it cannot be disabled by mistake in case of a faulty implementation of the Webtrekk tracking pixel.

Webtrekk allows several configuration options related to IP anonymization before the geo-localisation occurs:

  • No Anonymization: The IP address is received (123.123.123.123), processed and discarded (not saved to disk). The derived access information are: country, region, city, organization/ ISP name of the internet provider.
  • Standard Anonymization: The IP address is received, the last octet is immediately anonymized (123.123.123.xxx), processed and discarded (not saved to disk). This results in a less accurate geo-localization lookup.
  • Strong Anonymization: The IP address is received, the last two octets are immediately anonymized (123.123.xxx.xxx), processed and discarded (not saved to disk). This results in an even less accurate geo-localization lookup.
  • Complete Anonymization: the IP address is received and immediately discarded, as if all octets were anonymized (xxx.xxx.xxx.xxx). No information at all is derived from the received IP address and it is not saved to disk.