Someone made a mistake here. It’s not getting your IP address. An IP address is assigned by the gateway when you’re connected to an access point. An IP address is not an identity. They are always changing and can be shared. This has already been tested and upheld in court.
It’s actually collecting your MAC address. Which is exchanged when your phone or tablet scan nearby WiFi points or Bluetooth devices. However, this can already be defeated. By default iOS and Android both have the option to randomise the MAC address in intervals. Making it extremely difficult to prove anything. This feature exists because the devices real MAC address never changes. It is unique. Alternatively, users can disable WiFi and Bluetooth scanning entirely. However, your device no longer participates in the Find My Devices program by Apple and Google, location does take longer to acquire in some scenarios, and accuracy may take longer to triangulate.
Most IT positions are salary so this makes sense and is reasonable for critical systems. If you’re not salary, yikes.