We will not collect PII that can identify user directly. We will need some mechanism to collate sessions from the same user (otherwise we won’t be able to tell correlation between events). However, identifier needs to be short-lived to prevent profiling.
Good idea!