Masking user data, e.g., IP

Hi all,

I’ve been looking into making my web-app, which uses Kong to proxy the backend APIs, GDPR compliant and after reading I thought it’d be much easier to do so if I wasn’t logging personal user data, e.g., IPs, in my logs.

Thus I was wonder whether it would be possible for Kong to not log any personal info (IPs being the only one I can think off but if you can think of other data please let me know) via some masking process.

Does anyone know if that can be done?