GDPR, Logs and the Fall of Privacy Shield

  • Hi,

    currently having a look at Sucuri, I see that it stores IP addresses.

    1. The IP addresses seem to be stroed both on your server, as well as in a log on my website. When one disables the IP, are they only stored on the website?

    2. Is there a way to delete them, or have them regularly deleted? (Actually, I would suggest to implement that, with the option to set the rotation at will, or, at least, to seven days)

    3. As the privacy shield after the recent ruling by the ECJ does not help any longer, it seems to me that customers from the EU or with a website audience in the EU cannot any longer use the API, as data would be transferred to your servers (which are in the U. S., right?) without using standard clauses (as long as they are still considered valid, that is…) and a processing agreement. Do you offer users, including users of the free version, any of these in order to address the situation? Or would one, effectively, just have to switch of the API when in the EU or addressing an audience in the EU (as well)?

Viewing 1 replies (of 1 total)

  • I have substantially the same question.

    The Terms of Service on the Sucuri website include a data processing agreement, but it’s unclear if that applies to users of the free plugin who use the API key feature. If it does, I would like to know how users of this version of the plugin can submit deletion or rectification requests (for example, to delete a recorded IP address from the logs held by Sucuri). I contacted Sucuri directly and was told to ask here.

Viewing 1 replies (of 1 total)
  • The topic ‘GDPR, Logs and the Fall of Privacy Shield’ is closed to new replies.