Ok, follow up, read the thing about ‘allowed for security reasons.
So how long do you store the IPs with the micro cloud, as i understood it it is only allowed by the GDPR to store the IPs for 7 days max?
Collecting IP addresses without a domain name or user consent can violate GDPR if the IP address is linked to an identifiable individual, as it’s considered personal data under Article 4(1). GDPR requires a lawful basis for processing (e.g., consent, legitimate interest) under Article 6. Without explicit user consent or a clear justification, collection risks non-compliance, especially if users aren’t informed via a privacy policy. We don’t violate any of these and our MicroCloud users opt in to share their IP intelligence with us w/o any specific mappings to the user – this means no personal data is stored or collected.
There’s no 7-day GDPR rule for IP retention. Under GDPR, IP addresses are personal data (Recital 30) and we process them under legitimate interests for security (Recital 49). We minimize what we log and delete logs when they’re no longer needed for security/abuse-prevention.
Here is the link to the rules: https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng
