LIA - Legitimate Interests Assessment

Back to SnapVector

This Legitimate Interests Assessment (LIA) documents our compliance with UK GDPR Article 6(1)(f). It explains why SnapVector processes pseudonymized technical identifiers to maintain a secure environment for media hosting.

Data Minimization: Our server only processes usernames, bcrypt-hashed passwords, and bcrypt-hashed IP addresses. No real-world identities or email addresses are stored unless provided for support.

Step 1: The Purpose Test

Legitimate Interests for Processing

SnapVector has a legitimate interest in processing technical data for:

  • Rate Limiting: Preventing server exhaustion by monitoring request frequency per IP.
  • Security Logging: Identifying and blocking malicious actors or "Banned IPs" from accessing the platform.
  • Session Management: Linking active sessions to the correct user to prevent session hijacking.
  • Account Integrity: Recording "last seen" data to help users monitor unauthorized account access.
Step 2: The Necessity Test

Is this processing essential?

Yes. To operate a public media hosting service, we must be able to defend against DDoS attacks and credential stuffing.

  • Advanced Hashing: We do not store plain-text IPs. We use bcrypt to hash IP addresses, providing a high level of pseudonymization that is computationally difficult to reverse.
  • Automatic Lifecycle: Our system is designed for a "clean slate" approach. Images are automatically purged on the 1st of every month, ensuring we do not store user-contributed data indefinitely.
Step 3: The Balancing Test

User Privacy vs. Platform Security

The impact on user privacy is negligible compared to the security benefits provided:

  • Immediate Deletion: Upon account deletion, the user record, password hash, and all associated IP metadata are irreversibly removed.
  • Reasonable Expectation: Users expect their hosted images to be protected from unauthorized access.
  • No Tracking: We do not use this data for marketing, profiling, or third-party sharing.

Final Determination

We have determined that processing bcrypt-hashed IP data is necessary for the security of SnapVector and does not override the fundamental rights and freedoms of our users.

Last Updated: December 23, 2025