Just to add to the privacy & legality discussion, I have a note in my cloneable however I do feel a tiny bit like I’m handing out a loaded gun to people who have no awareness of these issues.
The best practices I run with are as follows;
- Use the Geoip service to collect the data you need, such as region, country, continent, city, and use that to drive your app.
- Save that info only if needed, it’s not PII, so it’s safe to record
- Never save the IP, or collect it in forms, unless that behavior is clearly stated, and it is absolutely necessary, and you’ve covered your bases legally.
- There are almost no situations where this is necessary, outside of some digital signing processes, and a few government sites who track IPs on complaint submissions. Where possible, when you need IP tracking, CYA by farming that out to a service that can protect that data properly
Basically, treat IP capture the same way you’d treat credit card capture.