[lerela]

Funny coincidence that I have received a notification from the Play store this morning saying that analysis of my app (with super tiny outreach) showed that my Data Safety Form was inaccurate and asking me to fix it asap.

Seems like letting the user enter an email address to recover his password counts as email collection (he cannot subscribe, provide or see his email using the app, hence the initial form I submitted).

[warp]

If you're sending the email address to a server (which is presumably needed to recover a password), I think this makes sense. Apple/Google has no way of knowing or verifying what the the server is doing with that data.

[lerela]

Absolutely, I meant that the app is not used to collect the email address since it is already in our system but it is true they have no way of knowing.