Can you share a little what technologies you used? Like you use actual models or using a third party service? I mean from a privacy point of view, it's plugged to others services?
Sole trader, not Ltd (or whatever the equivalent term is in Australia)?
I did that ages ago, before everyone was storing user data; these days I'd definitely suggest incorporating and getting public liability insurance, just in case a GDPR accident happens.
Best of luck, I hope you're more successful with this than I was with my adventure. :)
This is how you kill entrepreneurship. Tell everyone to incorporate and get liability insurance before they even get started... due to fears around a law from a foreign government that has no jurisdiction where the founder lives.
Obviously, if this gets traction, it will be worth incorporating, getting insurance, accounting and legal services, etc, but if you do all of that before putting anything on the market, you're not going to get anywhere unless you're already wealthier than most people.
Incorporation, specifically limited liability, is specifically there to make it easier and less risky to be an entrepreneur — no matter how hard a company gets sued, the owner can't (normally) be bankrupted.
Likewise insurance.
Also, quick Google immediately found that Australia has an equivalent to GDPR in the form of the Privacy Act (1988).
(Extra-territorial rules may seem unreasonable, but they are the flip-side to the internet not recognising national borders: everywhere gets to say you're operating in their jurisdiction).
Millions of EU citizens use WeChat, which is obligated by Chinese law to collect information not allowed by the GDPR, and the EU have not and will not be able to enforce an "extra-territorial effect" against Tencent.
While that answer is not complete, it's also definitely not "no answer". I agree that there should probably be some company associated, but as MVP from single developer, do you expect to get his full address too?
why are you being so hard on a solo entrepreneur? I'm sure making a sleek service like that takes plenty of all nighters. He is even offering a free service costing him server and costs to make API calls to an AI service. If you're concerned about privacy, be more supportive, help him sort this out or at least give him some time to sort it out. Don't assume he's being dodgy. Everyone has to start somewhere.