If I don't collect any PII, even to the point of not bothering with analytics, and the only cookies I use are for auth or other absolutely necessary functionality, are there GDPR rules I need to worry about?
No. Various 'consultancies' will tell you otherwise, but the only thing you really need to provide is a chance for users to delete their data. Ideally also an option to extract/download it, but I don't think anyone has ever really been hassled for that.
Contrary to all the BS the tech lobby says, you don't even have to have a cookie banner today I'd you don't collect datat beyond what is technically needed.
Contrary to all the BS the tech lobby says, you don't even have to have a cookie banner today I'd you don't collect datat beyond what is technically needed.