IP addresses and users' privacy policy

At Webtrekk, we take privacy very seriously. We have been working since we started more then 10 years ago to safeguard user privacy while granting our customers full ownership of the data we collect on their behalf.

The IP addresses of our customers' users are never permanently written to disk in their original form. They are simply processed, and the IP is immediately deleted.

Processing of the IP address means that Webtrekk runs a reverse look-up with the DNS to resolve the geo-localisation (country, region, ciry, organisation/ISP name) of the internet provider.

This ensures that Webtrekk cannot run any analysis of disaggregated IP addresses data.

Furthermore, in case Webtrekk’s customers wish to guarantee even further anonymisation, they can do so by choosing to anonymise part or all of their users' IP adresses even before the above processing occurs.

Since IP adresses are used by the HTTP protocol to route packets and collect information, those cannot be anonymised at their source. Anonymisation can occur as soon as it reaches the end point of the data-collection chain. The anonymisation in such case takes place as soon as technically possible while still ensuring the collection of the needed traffic data, and soon enough to guarantee users’ privacy according to even the most restricted privacy regulations.

Since Webtrekk was founded, we have always avoided saving users' IP addresses to disk, and we have always granted our customers the ability to choose to anonymise, partially or entirely, users' IP adsresses.

The IP anonymisation occurs at server level. This ensures that regardless of what happens on the client-side, the IP will be anonymised once it reaches Webtrekk's servers. Users cannot override this option, and it cannot be disabled by mistake in case of a faulty implementation of the Webtrekk tracking pixel.

Webtrekk allows several configuration options related to IP anonymisation:

  • No Anonymisation: The IP address is received (123.123.123.123), processed and discarded (not saved to disk). The derived information is: country of access, region of access, city of access, organisation/ISP.
  • Anonymisation: The IP address is received, the last octet is immediately anonymised (123.123.123.xxx), processed and discarded (not saved to disk). This results in a less accurate geo-localization lookup.
  • Stronger Anonymisation: The IP address is received, the last two octets are immediately anonymised (123.123.xxx.xxx), processed and discarded (not saved to disk). This results in an even less accurate geo-localization lookup.
  • Complete Anonymisation: the IP address is received and immediately discarded, as if all octets were anonymized (xxx.xxx.xxx.xxx). No information at all is derived from the received IP address and it is not saved to disk.