DISCLAIMER: This page is a generic GDPR overview for various Plesk versions, not a legally binding document. We’re not GDPR authority and don’t claim to be a legal or official source. But information on this page is a step on a way to your GDPR compliance.
For more details read related article on our main site. For questions, reach us at privacy@plesk.com.

Introduction

Data subjects of GDPR regarding Plesk are:

  • Plesk administrators, who provide their personal data (e-mail) to receive Plesk licenses or newsletters. This personal data will be stored in the Key Administrator and Partner Central services. Plesk Administrators are subjects to GDPR relations with Plesk International GmbH, since we can store their personal data due to legitimate business reasons.
  • Plesk users, whose accounts are created on Plesk servers. Plesk users are subjects to GDPR relations with Plesk administrators.
  • Site visitors, who visit websites hosted on Plesk servers. Site visitors are subjects to GDPR relations with Plesk administrators.

GDPR compliance of Plesk versions

Below is a table that shows how different Plesk versions handle GDPR aspects.

The following updates are required to have the GDPR related fixed installed on your server(s):

GDPR compliance Aspect 11.x and older
(unsupported versions)
Plesk 12.0,12.5
Plesk Onyx 17.0
Plesk Onyx 17.5
(stable)
Plesk Onyx 17.8
(latest)
Storing personal data of Plesk administrator
These Plesk versions don't support GDPR due to sending personal data of Plesk administrator to Key Administrator and Partner Central services.  * 

Plesk explicitly requests consent or a contract agreement from Plesk administrator before sending admin's personal data to Key Administrator and Partner Central services.  * 

Plesk explicitly requests consent or a contract agreement from Plesk administrator before sending admin's personal data to Key Administrator and Partner Central services.
Storing personal data of Plesk administrator aliases and non-admin Plesk users
Personal data of Plesk administrator aliases and non-admin Plesk users is not sent anywhere regardless of Plesk version.
Storing visitor IP addresses for websites hosted on Plesk
Plesk doesn't anonymize IP addresses in logs, but allows to rotate these logs via log rotation.  * 
Note: this data is not sent anywhere.

Plesk anonymizes IP addresses in logs and allows to rotate these logs via log rotation.  ** 
Note: this data is not sent anywhere.

* Since Plesk versions 11.x and older are no longer officially supported and versions 12.x are going to be in extended support status soon, these versions may not fully act in compliance with current privacy regulations. We strongly recommend to update to latest Plesk versions at all times. Plesk takes no responsibility for breaches of any laws, caused by using non-supported versions of Plesk.
Note: personal data sent by these Plesk versions 11.x and older is not stored in Key Administrator and Partner Central services anymore due to being dropped upon receiving.

** GDPR does not specify an exact timeframe of how long the IP addresses can be stored. In case of IP address anonymizing, each address is kept in its original form for 24 hours. As for log rotation policies, Plesk users have the ability to configure them as they see fit.

IP addresses logging aspect

Clients IP addresses are logged by the following services:

  • Nginx, Apache, ProFTPD, Mail
  • AwStats, Webalizer
Below you can find recommendations how to solve the issue for your servers, including an instruction how to turn IP addresses logging off for Nginx and Apache servers.

Aspect Plesk versions applicability Solution Side effects
Enable IP addresses anonymizing Plesk Onyx 17.5-17.8 Panel UI and CLI instruction There should be no side effects. Fail2ban should continue working since File2ban works with log files before anonymizing.
Disable web statistics tools (AWStats, Webalizer) Plesk 12.0-12.5
Plesk Onyx 17.0-17.8
Instruction of how to disable Users will not be able to use web stats tool in Panel UI.
Force log files Rotation Plesk 12.0-12.5
Plesk Onyx 17.0-17.8
Instruction with a script, which enforces daily rotation policy for logs files
  • All Service Plans and Subscriptions will be automatically updated to remove Logs rotation management permission.
  • Log rotation period will be enforced daily rotation for all existing domains.
  • Plesk clients/resellers will be still able to change the settings, that's why the script should be added to crontab.
Disable IP addresses logging Plesk 12.0-12.5
Plesk Onyx 17.0-17.8
Instruction how to disable IP address logging
The following services will not work:
  • Fail2ban web sites protection will NOT work
  • AwStats, Webalizer web statistics will continue work, but will loose aggregations statistics based on IPs