Q1. How is geolocation value determined ?

Q2 Are we saving the AXA Session IP Address?  

Q3. What is the purpose of the geolocation flag? (SDKNoGeoLocationCapturing)

A1.Three ways of collecting geolocation by IP address. Check the geocoordinates, Else use Device IP. Else use X-Forwarded header IP address. Derives location by IP address.

A2. Not saved in the logs or the backend. Can mask and override public/private subnets with a string.

A3. The geolocation flag is about turning off the request for geolocation from the browser, which can cause a pop-up and collect the detailed location of the user.  If you turn it off, we do a simple mapping of IP address as received by out collector endpoint to the location based on a static list the IP range owner publicly posts.  This "geofenced" information lacks precision to be considered PII.  If the customer is asking for masking of the IP address, that would be a new feature.