[aviaviavi]

Glad to hear and thanks for the kind words!

Fully complying with GDPR is a requirement as we build this out. Our data policies and practices have been thoroughly reviewed by our legal team. If we are doing anything incorrectly with respect to GDPR, it will be promptly addressed.

It turns out that the data we are actually storing about end-user traffic do not meet the criteria that trigger requirements for explicit consent. Scarf also operates a data processor with respect to GDPR, rather than a controller.

[smarx007]

Ah, shrewd move! For others reading this: your project using Scarf will bear responsibility for GDPR compliance regarding processing purposes as the controller and Scarf is just a processor like AWS (not that I buy it completely but I am sure smart folks at noyb.eu will look at this when time comes).