It is not. I connected from some IP because I wanted to use your website, at the very least you have to remember my IP address for some time to send me your website back. And if I want to access your website and it will be only available if you store my IP address for a few minutes to fight off attacks, then this is a use of my IP address that I welcome because it is for my benefit. And if you really want to, just store hashes of the IP addresses [1].

Just because we delete data after a while, it doesn't mean I didn't surveil you [...]

Sure, surveillance is not defined by the amount of time you store some data. If you store my shipping address for years it is not surveillance, if you store my IP address for one second to add an entry to my record in your database that I just visited the website it might be surveillance even if you do not permanently record my IP address. But I never claimed that the amount of time you store some information is a or the relevant criterion

[...] nor does it mean I haven't used that data I got from you for my own benefit.

Also irrelevant. If you store my IP address for a short time or my shipping address for a long time in order to send me the website I requested or my order than this benefits you because you will make some profit from my order.

Relevant for whether something is surveillance or not is whether I approve what you are doing. If you track my position day and night in order to show me ads for businesses nearby it is surveillance unless I specifically requested this. If you track my position because I am using a fitness app and requested to record my run, then it is not surveillance.

[1] For IPv4 this is of course essentially pointless. But maybe you could come up with a more elaborate schema than simple hashes, maybe salt them and rotate the salt every few minutes or whatever. But you will probably not gain much besides added complexity.