For more information, read the article about GDPR compliance on the Plesk blog. Have questions? Reach us at privacy@plesk.com.
Data subjects of GDPR regarding Plesk are:
- Plesk administrators, who provide their personal data (e-mail) to receive Plesk licenses or newsletters. We store this personal data in the Key Administrator and Partner Central services. Plesk Administrators are subjects to GDPR relations with Plesk International GmbH since we can store their personal data due to legitimate business reasons.
- Plesk users, whose accounts are created on Plesk servers. Plesk users are subjects to GDPR relations with Plesk administrators.
- Site visitors, who visit websites hosted on Plesk servers. Site visitors are subjects to GDPR relations with Plesk administrators.
Note: Plesk Obsidian is the recommended Plesk version in terms of GDPR compliance.
Any version of Plesk Obsidian is GDPR-compliant.
Plesk versions earlier than Obsidian require the following updates to receive the GDPR-related fixes:
- Plesk Onyx 17.8.11 Update 8
- Plesk Onyx 17.5.3 Update 48
- Plesk Onyx 17.0.17 Update 51
- Plesk 12.5.30 Update 76
- Plesk 12.0.18 Update 103 (Linux)
- Plesk 12.0.18 Update 103 (Windows)
The table below shows how different Plesk versions handle GDPR aspects.
GDPR compliance aspect | Plesk Obsidian (recommended); Plesk Onyx 17.8 and 17.5 |
Plesk Onyx 17.0; Plesk 12.5 and 12.0 (unsupported versions) |
Plesk 11.x and earlier (unsupported versions) |
---|---|---|---|
![]() |
![]() |
![]() |
|
Storing the Plesk administrator aliases and non-admin Plesk users' personal data | ![]() |
||
Storing the visitor IP addresses for websites hosted on Plesk | ![]() Note: this data is not sent anywhere. |
![]() Note: this data is not sent anywhere. |
*
Since Plesk versions 12.x, 11.x, and earlier are no longer officially supported, they may not be in full compliance with the current privacy regulations. We strongly recommend updating to the latest Plesk version. Plesk takes no responsibility for breaches of any laws caused by using non-supported versions of Plesk.
Note: personal data sent by Plesk versions 11.x and earlier is not stored in the Key Administrator and the Partner Central services any more.
** GDPR does not specify exactly how long IP addresses can be stored. When IP addresses are anonymized, each address is kept in its original form for 24 hours. As for log rotation policies, Plesk users have the ability to configure them as they see fit.
Clients IP addresses are logged by the following services:
- Nginx, Apache, ProFTPD, Mail
- AWStats, Webalizer
Aspect | Plesk versions applicability | Solution | Side effects |
---|---|---|---|
Enable IP addresses anonymizing | Plesk Obsidian (recommended) Plesk Onyx 17.5-17.8 |
Enable IP addresses anonymizing via panel UI or CLI | There should be no side effects. Fail2ban should continue working since File2ban processes log files before they are anonymized. |
Disable web statistics tools (AWStats, Webalizer) | Plesk Obsidian (recommended) Plesk Onyx 17.5-17.8 Plesk 12.0-12.5 |
Disable web statistics tools | Users will not be able to use the web statistics tool in Plesk. |
Force log file rotation | Plesk Obsidian (recommended) Plesk Onyx 17.5-17.8 Plesk 12.0-12.5 |
Use a script which enforces daily rotation policy for log files |
|
Disable IP addresses logging | Plesk Obsidian (recommended) Plesk Onyx 17.5-17.8 Plesk 12.0-12.5 |
Disable IP address logging | The following services will be affected:
|