Loading document...
SnapVector LIA
Back to Home

Legitimate Interests Assessment

Compliance with UK GDPR Article 6(1)(f)

This document explains why SnapVector processes pseudonymized technical identifiers to maintain a secure environment for media hosting.

Data Minimization Strategy

Our server only processes usernames, bcrypt-hashed passwords, and bcrypt-hashed IP addresses. No real-world identities or email addresses are stored unless provided for support.

Step 1

The Purpose Test

Legitimate Interests for Processing

SnapVector has a legitimate interest in processing technical data for:

  • Rate Limiting: Preventing server exhaustion by monitoring request frequency per IP.
  • Security Logging: Identifying and blocking malicious actors or "Banned IPs" from accessing the platform.
  • Session Management: Linking active sessions to the correct user to prevent session hijacking.
  • Account Integrity: Recording "last seen" data to help users monitor unauthorized account access.
Step 2

The Necessity Test

Is this processing essential?

Yes. To operate a public media hosting service, we must be able to defend against DDoS attacks and credential stuffing.

  • Advanced Hashing: We do not store plain-text IPs. We use bcrypt to hash IP addresses, providing a high level of pseudonymization that is computationally difficult to reverse.
  • Automatic Lifecycle: Our system is designed for a "clean slate" approach. Images are automatically purged on the 1st of every month, ensuring we do not store user-contributed data indefinitely.
Step 3

The Balancing Test

User Privacy vs. Platform Security

The impact on user privacy is negligible compared to the security benefits provided:

  • Immediate Deletion: Upon account deletion, the user record, password hash, and all associated IP metadata are irreversibly removed.
  • Reasonable Expectation: Users expect their hosted images to be protected from unauthorized access.
  • No Tracking: We do not use this data for marketing, profiling, or third-party sharing.

Final Determination

Based on the three-part test above, we conclude that processing bcrypt-hashed IP data is strictly necessary for the security of SnapVector. By prioritizing pseudonymization and automatic data lifecycles, the processing remains proportionate and does not infringe upon the fundamental privacy rights of our users.