For each view/download event, we track an anonymised visitor ID. This anonymised visitor ID changes for a user every 24 hours, hence a user viewing the same record on two different days will have two different anonymised visitor IDs. The reason we track an anonymised visitor ID is in order to count unique views and downloads.
For security purposes, we also keep a web server access log which includes your IP address and your browser’s user agent string. This web server access log is automatically deleted after 1 year max. and is also strictly separated from the usage statistics collection.
The anonymised visitor ID is generated from a personal identifier such as:
- a user ID (e.g. if you are logged in on zenodo.org),
- a session ID,
- or an IP address and your browser’s user-agent string.
We combine the personal identifier with a random text value (a salt) and apply a one-way cryptographic hash function to scramble the data. The salt (random text value) is thrown away and regenerated every 24 hours. Using and discarding the random salt afterwards ensures that the anonymised visitor ID is fully random.