For compliance with German law I’d like to understand who’s responsible for the fly service? The website mentions the team, but does not mention company/address. Is such information available?
The privacy policy also doesn’t mention any logging of IP addresses, even for administrative purposes. Is that correct for the operated service?
Much appreciated!
The company name and address are:
Fly.io, Inc.
2045 West Grand Avenue Ste B
Chicago, IL 60612
We do log IP addresses for administrative purposes. We don’t, however, attach them to any of your users’ identities (they’re just isolated IPs with no other information attached).
Thank you for the address, I’ll add it to my privacy statement.
I’m not a lawyer, so this is all laymen’s understanding. EU (GDPDR and hence German DSGVO) law requires to be entirely clear about processing of personal data. IP addresses are considered personal data, regardless if profiled or not. As such the processing, and that includes logging for technical purposes, retention time, deletion policy should be documented as part of the data privacy statement.
Also not a lawyer! But my understanding is that “indirectly identifying” information like an IP address is only considered personal data when they can be combined with other personal data. For end users, we have no way of identifying them.
Where a piece of information (such as an IP address) does not directly identify a person, that piece of information will nevertheless be personal data in the hands of any party that can lawfully obtain sufficient additional data to link the information to a person’s real world identity. On the other hand, that same piece of information will not be personal data in the hands of a party that has no legal means of obtaining sufficient additional data to make such a link.
We don’t have a legal means of obtaining additional data about end users, though we would if we were an ISP.
Here‘s one example what Miro documents about IP addresses: Terms of Service, Online Whiteboard | Miro