You’re generally allowed to keep data that is required to provide a service. So in my understanding, yes, if you provide such a service and the user requests that, you should generally be allowed to keep that info _for exactly that purpose_ You can’t use it for anything else though.