Why are you saving the user IP addresses? Your privacy policy says they're saved as a salted hash, but why store this at all? It seems fairly unfriendly to user privacy to have a database of fingerprints AND associated IP addresses sitting around.