Atlas Device Sync + GDPR

I am currently evaluating Atlas Device Sync for a mobile app with respect to GDPR requirements for a German company.
The data that should be synced is non-personal, but it seems that the Atlas Sync service itself collects personal identifiable data like the client’s IP address or device identifiers.

  • How is this data handled inside of Atlas?
  • Can I prevent Atlas Sync from storing the IP address?
  • What would be measures to prevent any personal data from being transferred to MongoDB (since its a US company)?

There are two solutions that came to my mind, in order to prevent personal data from being send to MongoDB:
1: Encrypt Atlas with a custom KMS key, that my company owns. Does this encryption include metadata (like the IP) from Atlas Device Sync?
2: Proxy the connection between the device and Atlas and remove the client’s IP address before it reaches Atlas. Is this possible? How can I configure a custom URL in the Realm Sync Configuration?

I would appreciate your thoughts and ideas on that topic. Thanks in advance.