Can Access Logs be turned off?

Netlify’s commitment to privacy mentions

Types of Personally Identifiable Information (PII) we collect

  • Access logs including the IP addresses of your site visitors, stored for less than 30 days

I was wondering, is there a way to turn off these logs?

Sadly, no. They’re on by default and I think every server collects them.

That’s also the data that will be displayed to you once you turn on Analytics. So, Netlify is always collecting that data, just not displaying it.

Hi, @wahidshafique. I’m just confirming what @hrishikesh already said. There is no way to turn of the collection of this information (visitor IP addresses).

If there are other questions or concerns, please let us know.

@luke Is it possible to anonymize the IP’s in the access log?

Hi, @wahidshafique. No, our access logs do record the IP addresses.

@luke My final note on this after discussing with my team. Keeping the various privacy acts such as GDPR in mind, is it at all possible to make a special request to NOT store IP’s of customers until we enable analytics? I’m very unsure as to why IP’s would be logged, can you answer the rationale behind storing them as well?

Hi, @wahidshafique. While I can enter a feature request to change this, I also want to be clear that this is unlikely to change.

About this:

I’m very unsure as to why IP’s would be logged, can you answer the rationale behind storing them as well?

IP addresses are required to troubleshoot a number of issues. From connectivity issues, to tracking down specific HTTP responses, to tracking DDoS attacks - without client IP addresses, it becomes much harder or even impossible to troubleshoot these issue. Storing this information (only for 30 days) is an absolute must if we are going to be able to fix these types of issues.

This is the reason that IP addresses are collected. They are required information for troubleshooting a wide variety of issues.

Again, it is almost certain that our collection of this information will never change. However, if you want us to create a feature request for this please let us know. I must reiterate, though, that this is almost certainly not going to change. (I don’t want you waiting for a feature request which isn’t actually going to happen.)

Ok, with this info in mind, I have another follow up that was relayed to me by my team this week. For our work, it’s operation critical that our users are deidentified. Since Netlify does collect access logs, is it the case the our team cannot access those IP logs directly? We want there to be a strict demarcation of what we have access to and what Netlify has access to internally, especially if we see us using the product in a production capacity, and as we draft our privacy policies.

Hey @wahidshafique,

Nothing will answer your question better than our dedicated marketing page however, to put it simply – our logs contain IP addresses and countries of your visitors, which can be considered PII.

We do not share this information outside of Netlify, not even with the site operator(s). However, nothing is stopping you from collecting and collating this data yourself, through analytics services, functions and (soon) edge handlers.

The only PII/identifiable information we share with you would be form submissions. And, there are ways to ensure that this information doesn’t touch our backend, if that’s of interest to you.

1 Like