i would like to post a privacy policy when I have some free time.
as for your IP, i am anonymizing the ip stored in the nginx logs, basically just storing .0 for the last digit if the ip address, adapted from here: https://www.supertechcrew.com/anonymizing-logs-nginx-apache/
that used to be in one of the lemmy recommended nginx configs, but it appears to have been removed. but it's still being used on this instance, and I should double-check to make sure it also works for IPv6 addresses.
i also don't know if the IP is stored in the DB as well, i'd have to look through the lemmy code/tables to see if that's the case.
i'm currently the only one with access to the server itself, so it would only be me who has access to that info.
i don't think there's any other PII that is stored?
As for how long deleted posts/comments/accounts are stored for? i'm not entirely sure. i know that typically deleted posts are just flagged in the db as "deleted", but i think it also changes the content to deleted by creator
or something, and i don't believe there's any way to get the original post/comment back? there's also a way for admin's to purge users/communities/posts/comments, which deletes them from the database, but i don't think there's anything that does that automatically after a certain time period.
I know i have a lot of "i think"'s in there, so all of this is a best guess. I'll do some digging and testing at some point so I can firmly answer these questions.