|
|
|
|
|
|
by Nextgrid
2187 days ago
|
|
|
Sounds like you're already compliant. Storing metadata about a registered user is perfectly acceptable under the GDPR for functional & legitimate interest purposes. I would recommend adding a way for a user to delete their account, unless the third-party login provider gives you web hooks on when OAuth consent is revoked in which case you can use that as the signal to delete all PII stored locally. |
|
|