Comment by gator-io

Data collection for legitimate purposes came up in our GDPR compliance review.

This product (https://truestats.com) collects the I.P. address and user agent for the purpose of detecting fraud (not selling data or profiling users). It is used for frequency checking and other patterns that would indicate fraud. We are still going through the legal analysis of how to deal with this, even though we have no idea who the visitors are.

I think considering the I.P. address as PII is a little much if you are not using it in a way that would violate privacy or selling the data.