Is the way you collect statistics GDPR-compliant?

[rojvv]

On fresh.deno.dev, and probably all of the other sites (e.g., deno.com[1], Deno Deploy[2]), you are making Google Analytics reports from the backend on each request that include the visitor’s IP address.[3] Is Google anonymizing the IP addresses? If that’s not clear, shouldn’t you have a banner with an option to opt out of this?

[1]: This is closed-source now, but you used to do it according to https://github.com/denoland/dotland/blob/7d0b00da334e8c908c645f4b4bfd781f4bf1d224/import_map.json#L21.
[2]: Unsure about Deno Deploy, it’s just a guess.
[3]: https://github.com/denoland/ga4/blob/04a1ce209116f158b5ef1658b957bdb109db68ed/mod.ts#L87

[marvinhagemeister]

From https://support.google.com/analytics/answer/12017362?hl=en :

Analytics does not log IP addresses

Google Analytics 4 does not log or store individual IP addresses.

Analytics does provide coarse geo-location data by deriving the following metadata from IP addresses: City (and the derived latitude, and longitude of the city), Continent, Country, Region, Subcontinent (and ID-based counterparts). For EU-based traffic, IP-address data is used solely for geo-location data derivation before being immediately discarded. It is not logged, accessible, or used for any additional use cases.

[lucacasonato]

@roj1512 You can find our privacy policy here: https://docs.deno.com/deploy/manual/privacy-policy.

[rojvv]

Thank you for the useful reference, @marvinhagemeister! This is enough to close this issue.

---

@lucacasonato Although, since Deno Deploy collects information itself, and it is written "to your consent" in the privacy policy, I think it might be better to leave a link to the privacy policy in the landing page of https://deno.dev for users that are not signed up, possibly near the log in button.