[kiallmacinnes]

I stand corrected - not everyone can agree!

In reality, as a service provider, you have no ability to determine if the client IP belongs to an individual or not - so you have no choice but to assume it does identify an individual.

[_ixnm]

This is ludicrous. Nginx logs are regulated now? What if you just want to make a static website and get on with your life?

[isbvhodnvemrwvn]

You're not sending your nginx logs to Google, a well known advertiser, do you?

In this case you can store IP addresses if you have a legitimate reason (e.g. you can show you need it for troubleshooting etc), as long as it's reasonable and doesn't infringe on the rights of the user, and you have documented it along with the retention strategy.