If your organisation’s privacy policy does not allow the collection or processing of user IP addresses, SegmentStream supports an alternative setup.
Instead of sending raw IP addresses, you can hash the IP (with salt) and enrich it with geolocation data on your side, before passing it to the SegmentStream data layer.
This approach ensures:
- No personally identifiable IP data is shared with SegmentStream.
- You still provide necessary contextual information (such as country, city, or region).
- Compliance with stricter data protection requirements (e.g. GDPR).
1. Required Fields in the Data Layer
javascriptwindow.dataLayer = window.dataLayer || []; window.dataLayer.push({ event: 'user_context', ip_hash: '1e4b9f1a3d7e... (hashed and salted value)', country: 'DE', region: 'Berlin', city: 'Berlin', });
Field descriptions:
Field | Type | Description |
ip_hash | string | Hashed (and salted) IP address. The hash ensures anonymity, and the salt prevents reverse-engineering. |
country | string | Country code (e.g. "DE", "FR", "US"). |
region | string | Region or state. |
city | string | City name. |
2. How to Prepare the IP Address
Before sending any IP-related information to SegmentStream, it must be hashed and salted to ensure full anonymity.
For IPv6 addresses, there’s an extra step, they should be normalised first to remove device-specific details.
Step 1. Normalise IPv6 addresses
IPv6 addresses are much more detailed than traditional IPv4 addresses.
They can contain information that identifies an individual device (for example, a specific laptop or phone) rather than just the network.
To keep the data privacy-safe, the IPv6 address should be normalised before hashing.
This means keeping only the network portion (for example, the first half of the address) and removing the device-specific part.
Example:
Type | IPv6 Example | Meaning |
Full IPv6 | 2001:0db8:85a3:0000:0000:8a2e:0370:7334 | Device-level identifier |
Normalised | 2001:0db8:85a3:0000:: | Network-level identifier (safe to hash) |
Here’s a simple example of normalisation in JavaScript:
javascript// Example pseudocode function normalizeIPv6(ipv6) { return ipv6.split(':').slice(0, 4).join(':') + '::'; }
If the IP is IPv4, you can skip this step.
Step 2. Apply Salted Hashing
Once the IP is normalised (if IPv6), you can apply salted hashing using a secure hash algorithm like SHA-256.
A salt is a private random string that makes it impossible to reverse-engineer the hash.
Use the same salt consistently across sessions for stable anonymisation.
Example:
javascriptimport crypto from 'crypto'; const SALT = 'YOUR_PRIVATE_RANDOM_SALT'; // keep this private function hashIP(ip) { return crypto.createHash('sha256').update(ip + SALT).digest('hex'); }
Example usage:
javascriptconst ip = '2001:0db8:85a3:0000:0000:8a2e:0370:7334'; const normalized = normalizeIPv6(ip); const hashedIP = hashIP(normalized);
Result:
javascriptip_hash: 'cfeabd5e64bdf6f...'
3. Geolocation Data
You should use your own geolocation service (e.g. MaxMind, IP2Location, or a cloud provider’s API) to extract country and region information before hashing.
4. Example Combined Implementation
javascript(async () => { const ip = await fetch('/api/get-user-ip').then(r => r.text()); const normalized = normalizeIPv6(ip); const hashed = hashIP(normalized); const geo = await fetch('/api/geo-lookup?ip=' + ip).then(r => r.json()); window.dataLayer = window.dataLayer || []; window.dataLayer.push({ event: 'user_context', ip_hash: hashed, country: geo.country, region: geo.region, city: geo.city, }); })();
5. Summary Checklist
- Do not send raw IPs to SegmentStream.
- Always normalise IPv6 before hashing.
- Apply salted hashing (e.g. SHA-256).
- Include geo data derived before hashing.
- Ensure the salt remains private and consistent.