GitLab Next

Given that the EU is about to enforce GDPR, I believe that a privacy policy is necessary for GitLab Pages under gitlab.io: Are visitors' IP addresses recorded? If so, why and for how long?

Privacy by design would ask not to collect IP addresses at all. If that was not an option, what about offering project owners the option to disable logging of IP addresses for their subdomains?

IANAL, but GitLab's privacy policy does not seem sufficient: It informs that GitLab "collects potentially personally-identifying information like Internet Protocol (IP) addresses" but does neither state the purpose nor any of the following (from the Wikipedia article linked above): "The notice requirements remain and are expanded. They must include the retention time for personal data, and contact information for data controller and data protection officer has to be provided."