Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
NexusPHP is an open-source PHP application for running private BitTorrent tracker communities. It manages user accounts, torrent indexing, upload/download ratio tracking, and community features. When deployed for European users, the operator — not the software — is the data controller responsible for GDPR compliance. Key obligations include user consent for analytics cookies, lawful basis for account data, and appropriate handling of IP address logs.
NexusPHP is an open-source PHP web application for running private BitTorrent tracker communities. It provides user registration and management, torrent indexing, upload and download ratio enforcement, seeding bonus systems, forum functionality, and community management tools. NexusPHP is self-hosted — operators deploy it on their own infrastructure. The software itself does not process data; the operator who deploys it is the data controller under GDPR.
A NexusPHP tracker typically collects user email addresses, usernames, IP addresses (for ratio enforcement and abuse prevention), upload and download statistics, seeding history, invitation tree data, and any profile information provided by users. Session cookies are used for authentication. IP addresses are particularly significant as they are used to enforce ratio rules and identify abusive users.
Operators running NexusPHP trackers for EU users must comply with GDPR as data controllers. Key obligations include: publishing a privacy policy describing all data collected and processed; providing a lawful basis for each processing activity; honoring data subject access, erasure, and portability requests; implementing appropriate retention limits for IP logs; and ensuring server security to protect user data.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
IP address logging for ratio enforcement and security can generally rely on legitimate interest under GDPR Article 6(1)(f), provided the operator documents a balancing test. IP logs should be retained only as long as necessary for the stated purpose and should not be shared with third parties. Users must be informed of IP logging in the privacy policy.
Publish a privacy policy covering all tracker data processing. Implement user data subject rights (access, erasure, portability). Define IP log retention periods and automate deletion. Host on EU infrastructure with a signed hosting DPA. Obtain analytics cookie consent if tracking scripts are used. Configure secure authentication cookies with appropriate attributes.
Websites using NexusPHP must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is advisable for NexusPHP tracker deployments processing large numbers of EU users, particularly given the combination of persistent user accounts, IP address logging for ratio enforcement, and the technically sensitive nature of torrent tracking data.
Sample consent text
This private tracker uses NexusPHP. By creating an account, you agree to the processing of your username, email address, and activity data for tracker membership purposes. See our privacy policy for full details.
Third-party domains contacted
nexusphp.orggithub.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| PHPSESSID | session | Session | Strictly necessary PHP session cookie used for user authentication on NexusPHP tracker |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
A NexusPHP tracker collects user email addresses, usernames, IP addresses for ratio enforcement and security, upload and download statistics, seeding history, invitation data, and profile information. Session cookies are used for authentication.
No. NexusPHP is open-source software. The operator who deploys and runs the tracker is the data controller responsible for GDPR compliance. The software provides the functionality; compliance is the operator's responsibility.
Legitimate interest (Art. 6(1)(f)) can apply for IP logging used for ratio enforcement and security purposes, provided a documented balancing test is maintained. IP logs should be retained only as long as necessary and should not be shared with third parties.
Yes. Any NexusPHP tracker serving EU users must publish a privacy policy describing all personal data collected, the legal basis for each processing activity, retention periods, user rights, and contact details for data subject requests.
A DPIA is advisable for trackers with large EU user bases, given the combination of persistent user accounts, IP address logging for ratio enforcement, and activity tracking data. Smaller private trackers with limited EU users may not meet the scale threshold.
Implement an account export feature (data portability), an account deletion flow (erasure), and a process for data access requests. When a user deletes their account, anonymise or delete all personal data including IP logs, seeding history, and profile information.
EU-based hosting (OVHcloud, Hetzner, Scaleway) with a signed DPA with the hosting provider ensures EU data residency. This eliminates third-country transfer concerns for the tracker data itself.
Yes, provided they comply with GDPR. The software itself is not illegal. However, trackers distributing copyright-infringing content face separate legal risks unrelated to data protection. GDPR compliance does not address copyright law obligations.