Data retention claims in default privacy topic

The default privacy_topic includes:

  • Retain server logs containing the IP address of all requests to this server no more than 90 days.

  • Retain the IP addresses associated with registered users and their posts no more than 5 years.

I’m pretty sure that the first of these refers to nginx and rails logs that are rotated in the container.

I’m not quite sure what “IP addresses associated with registered users and their posts” means, but I don’t see any evidence that these get removed from the database. Is this a promise to delete the registration IP after some time? Or is it about users and post, so it would refer only to something in the posts record (I dont’ see anything there?)

3 Likes

Hmm so I guess we should add a daily job that deletes the registration_ip_address from the user after the account is 5 years old?

6 Likes

That’s what the document seems to imply.

I don’t know if there are other places that an ip might be.

4 Likes

I actually didn’t see this topic when I created mine. However, it would be advisable to know exactly to know these things … on the other hand you did the forum software, so you should know that i suppose… it’s important per privacy policy, legally speaking.