IP address and Geolocation handling in Countly

Countly takes a privacy-first approach to analytics. IP addresses are never stored in their raw form, ensuring user privacy. Below is an overview of how IP addresses are utilized within Countly Analytics:

1. IP Address Acquisition

When an SDK connects to the Countly server, the server determines the user's IP address from this connection. This IP address is then used to infer the user's geographical location.

2. Geolocation Process

Countly uses the MaxMind database to convert IP addresses into location data such as country, city, and region. The MaxMind database is bundled with Countly and is updated with every new Countly release. Users who upgrade regularly will benefit from the latest geolocation data.

3. Data Storage Practices

Countly does not store the actual IP address of users. It only retains the location data (country, city, region) derived from the IP using the MaxMind database.

4. GPS Location Storage

In user profiles, Countly stores the country, region, city, and coordinates (if provided). Coordinates follow the GeoJSON format: [longitude, latitude]. A 'gps' flag indicates whether the coordinates came from GPS (true) or were inferred from IP via MaxMind (false).

Example:

 "loc": {
"gps": true,
"geo": {
"type": "Point",
"coordinates": [-46.6718331, -23.8043604]
}
}

5. SDK Location Overrides

Countly SDKs allow developers to override location-related properties manually. This
includes:

- Country
- City
- Region
- IP address
- Coordinates (Latitude/Longitude)

This can be useful when integrating with GPS-based location services or user preferences.

6. Disabling Location Tracking

To enhance user privacy, the SDK allows developers to disable location tracking. When this feature is turned off, the server does not receive the user's IP address, thereby preventing any location determination.

7. Potential IP Address Logging

Even if Countly itself does not store IPs, your infrastructure (e.g., Nginx or a WAF) may log IP addresses in audit logs. Countly also stores them in its audit logs, and a setting is available to disable storing IP addresses if required. You may want to sanitize or turn off these logs to comply fully with privacy regulations.

8. Configuring Nginx to Remove IP Addresses from Logs

To ensure that IP addresses are not stored in Nginx logs, you can adjust the logging configuration as follows:

  • Access Logs: Modify the log_format directive to exclude the $remote_addr variable, which represents the client's IP address.

nginx
log_format anonymized '[$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
  access_log /var/log/nginx/access.log anonymized;

In this configuration, the anonymized log format omits the client's IP address, thereby preventing its storage.

  • Error Logs: Nginx error logs typically do not include client IP addresses by default. However, it's prudent to review the error_log directive to ensure that IP addresses are not inadvertently logged.

9. Configuring Web Application Firewalls (WAF)

WAFs can be configured to avoid logging client IP addresses:

  • ModSecurity: If using ModSecurity, adjust the logging rules to exclude IP addresses. For example, you can modify the SecAuditLogParts directive to exclude the 'A' part, which contains the request headers including the IP address.

apache
SecAuditLogParts BCEFHZ

This configuration logs only the specified parts, thereby omitting the section that includes the IP address.

By implementing these configurations, you can ensure that IP addresses are not stored in your logs, aligning with Countly's commitment to user privacy.

Was this page helpful?
Reach out to us for any other questions.
Helpful?

Looking for more Help?