Visitors of my website

donatello · February 16, 2025, 12:10pm

Hi Team,

I plan to host my website on Netlify and would like to clarify whether Netlify collects the IP addresses of visitors accessing my site. My concern is that most of my visitors are German residents, and I want to ensure compliance with GDPR regulations.

I found Netlify’s official privacy policy (Netlify Privacy Policy), which states:

Identifiers: When you access and use our Services, we automatically collect information about your device, which may include: device type, your device operating system, browser type and version, IP address, hardware identifiers.

Could someone confirm if this applies to website visitors and whether this poses any GDPR compliance risks? I’d really appreciate your insights.

Thanks in advance!

hrishikesh · February 16, 2025, 12:18pm

Yes, we collect IPs, but that should not affect GDPR compliance.

donatello · February 16, 2025, 12:20pm

Do I need to sign a Data Processing Agreement (DPA) with you regarding GDPR compliance and data processing?

I am using Netlify Functions to integrate SendGrid in my contact form, which forwards messages directly to my email address. I want to ensure that this setup aligns with GDPR requirements.

I am asking because, I am building websites and would like to host them on netlify. Most customers are based in germany.

hrishikesh · February 16, 2025, 12:24pm

I’ll really recommend you to consult a legal advisor. But my 2 cents:

It really depends on the nature of your website. For a personal website, I don’t think you need to bother. While yes, legally you might have to, I don’t think anyone would be suing you over it. For a commercial, business purpose website, you might want to do that to be safe.

donatello · February 16, 2025, 12:29pm

It is my personal website, where I advertise and present my portfolio.

The Busines Part: Websites I build would be hosted then for my customer on netlify. This is a service I am taking care of.

hrishikesh · February 16, 2025, 5:03pm

In that case, for the portfolio, based on the websites I have seen, I don’t think you need to bother yourself with a DPA. However for the business part, I think you should ask every customer based on their requirements and ask the customer to discuss it with their lawyer as this might be different per customer. But if this is going to be something common for all your customers, you can consult your own legal adviser.

Topic		Replies	Views
Getting my Site GDPR Compliant Admin deployment , netlify-forms , email	2	2601	June 28, 2021
Data Protection and GDPR Compliance Support netlify-analytics , security	3	1924	July 15, 2019
Data Processing Agreement (DPA) Support netlify-forms	3	563	December 2, 2023
I have a client specifically asking for a UK hosted website Support deployment	1	1159	July 29, 2022
Cookies and GDPR compliance Support netlify-analytics	10	3680	August 8, 2023

Visitors of my website

Related topics