Is the way you collect statistics GDPR-compliant?

[rojvv]

On fresh.deno.dev, and probably all of the other sites (e.g., deno.com[1], Deno Deploy[2]), you are making Google Analytics reports from the backend on each request that include the visitor’s IP address.3 Is Google anonymizing the IP addresses? If that’s not clear, shouldn’t you have a banner with an option to opt out of this?

[1]: This is closed-source now, but you used to do it according to https://github.com/denoland/dotland/blob/7d0b00da334e8c908c645f4b4bfd781f4bf1d224/import_map.json#L21. [2]: Unsure about Deno Deploy, it’s just a guess.

[marvinhagemeister]

From https://support.google.com/analytics/answer/12017362?hl=en :

Analytics does not log IP addresses

Google Analytics 4 does not log or store individual IP addresses.

Analytics does provide coarse geo-location data by deriving the following metadata from IP addresses: City (and the derived latitude, and longitude of the city), Continent, Country, Region, Subcontinent (and ID-based counterparts). For EU-based traffic, IP-address data is used solely for geo-location data derivation before being immediately discarded. It is not logged, accessible, or used for any additional use cases.

[lucacasonato]

@roj1512 You can find our privacy policy here: https://docs.deno.com/deploy/manual/privacy-policy.

[rojvv]

Thank you for the useful reference, @marvinhagemeister! This is enough to close this issue.

---

@lucacasonato Although, since Deno Deploy collects information itself, and it is written "to your consent" in the privacy policy, I think it might be better to leave a link to the privacy policy in the landing page of https://deno.dev for users that are not signed up, possibly near the log in button.