We have several forms on our website. We want to turn off the fact that these forms collect the IP address of the user submitting them so that users can submit anonymously. Is this possible to do? We can’t find a way to do it. Or connect it to the anonymous user ID instead of the IP address? [Note, I blurred out the email and the last octet of the IP for security reasons but all 4 octets show up in the form]
Heya @KateJaneway, unfortunately there’s currently no way to remove that IP address. I can see how this would present a problem if you’re trying to assure people submitting to the form that their responses are anonymous. I could file a feature request for you if you’d like- for an ability to remove IP address from the UI and remove it from the CSV when downloading form data. That way, it would remain unknown at least to the creators of the form. Is that something you’d want to see?
In the meantime, one thing you could suggest is that people submitting to the form use a VPN or a public Wi-Fi hot spot.
Hi Jen. Yes please can you add that as a feature request? I don’t know that everyone has the same concerns as we do about PII so maybe make it an option when you set up a form to display or not display the IP address of the form submitter and that way other users have a choice. Thanks!
Done, thanks for the suggestion We can’t make any promises about if/when this will be implemented, but we will certainly post here if there are updates on this.
Hello Jen. I have another question related to this issue. In your DPA (section 2.2.2) Netlify only processes data based on the controller’s (me) “documented instructions”. In this case, I haven’t give any documented instructions; collecting IP address, which is PII, is automatic and I can’t turn it off. Further, in section 9.1 it says that I have the right to request to delete data. How do I make manual requests to delete IP addresses off all of our forms on a, I guess, daily basis?
2.2.2 process the Personal Data only on documented instructions from the Controller,
unless Processing is required by applicable laws to which Netlify is subject, in which
case Netlify shall to the extent permitted by applicable laws inform the Controller of
that legal requirement before the relevant Processing of that Personal Data;
9.1 At Customer’s request or following the termination or expiration of the Principal
Agreement, Netlify shall return Customer Data to Customer and, to the extent allowed by
applicable law, delete Customer Data.
Hey @KateJaneway, I believe we’re already in touch with you (or a colleague of yours) via email and that we’ve shared all the information and guidance we have there.