Countly takes a privacy-first approach to analytics. IP addresses are never stored in their raw form, ensuring user privacy. Below is an overview of how IP addresses are utilized within Countly Analytics:
1. IP Address Acquisition
When an SDK connects to the Countly server, the server determines the user's IP address from this connection. This IP address is then used to infer the user's geographical location.
2. Geolocation Process
Countly uses the MaxMind database to convert IP addresses into location data such as country, city, and region. The MaxMind database is bundled with Countly and is updated with every new Countly release. Users who upgrade regularly will benefit from the latest geolocation data.
3. Data Storage Practices
Countly does not store the actual IP address of users. It only retains the location data (country, city, region) derived from the IP using the MaxMind database.
4. GPS Location Storage
In user profiles, Countly stores the country, region, city, and coordinates (if provided). Coordinates follow the GeoJSON format: [longitude, latitude]. A 'gps' flag indicates whether the coordinates came from GPS (true) or were inferred from IP via MaxMind (false).
Example:
"loc": {
"gps": true,
"geo": {
"type": "Point",
"coordinates": [-46.6718331, -23.8043604]
}
}
5. SDK Location Overrides
Countly SDKs allow developers to override location-related properties manually. This
includes:
- Country
- City
- Region
- IP address
- Coordinates (Latitude/Longitude)
This can be useful when integrating with GPS-based location services or user preferences.
6. Disabling Location Tracking
To enhance user privacy, the SDK allows developers to disable location tracking. When this feature is turned off, the server does not receive the user's IP address, thereby preventing any location determination.
7. Potential IP Address Logging
Even if Countly itself does not store IPs, your infrastructure (e.g., Nginx or a WAF) may log IP addresses in audit logs. Countly also stores them in its audit logs, and a setting is available to disable storing IP addresses if required. You may want to sanitize or turn off these logs to comply fully with privacy regulations.
8. Configuring Nginx to Remove IP Addresses from Logs
To ensure that IP addresses are not stored in Nginx logs, you can adjust the logging configuration as follows:
-
Access Logs: Modify the
log_formatdirective to exclude the$remote_addrvariable, which represents the client's IP address.
In this configuration, the anonymized log format omits the client's IP address, thereby preventing its storage.
- Error Logs: Nginx error logs typically do not include client IP addresses by default. However, it's prudent to review the
error_logdirective to ensure that IP addresses are not inadvertently logged.
9. Configuring Web Application Firewalls (WAF)
WAFs can be configured to avoid logging client IP addresses:
-
ModSecurity: If using ModSecurity, adjust the logging rules to exclude IP addresses. For example, you can modify the
SecAuditLogPartsdirective to exclude the 'A' part, which contains the request headers including the IP address.
This configuration logs only the specified parts, thereby omitting the section that includes the IP address.
By implementing these configurations, you can ensure that IP addresses are not stored in your logs, aligning with Countly's commitment to user privacy.