‘In order to maintain operations, for prevention of abuse and and for visitors analysis, IP addresses of users are processed. Storage only takes place for IP addresses made anonymous which are therefore not personal data any more. This processing takes place for the purposes of the legitimate interests pursued by the controller according to Art. 6 para. 1 p. 1 lit. f) GDPR.’
Does anyone know how they ‘anonymise’ IP addresses?
Maybe remove parts so they only know the country
I don’t know, but would assume that they store the ip address without your account related to it. They need to store ip addresses to improve their service (1.g. performance improvements)
Pro tip: ignore that because “anonymizing IP addresses” is a joke for privacy. But overall, “anonymized IP addressed” mean it strips out the last one or two octets of an IP address (so 220.127.116.11 becomes 18.104.22.168)
In an email I received from Tutanota they said,
1. They do not store login IP Addresses.
2. They de-anonymise IP Addresses by stripping a number of octets from the IP address. IP Addresses are also not directly associated or linked to any accounts, only that the stripped IP address created an account.
So, as @mazer said.
They don’t even link IP Addresses to an account, so it is less of a concern. They simply have, X stripped IP Address created an account + they would probably log the date and time as well.