Hello, I have a couple questions about compliance with the "Account deletion within apps" requirement.
My app requires an email & password to login. That information is stored inside a MySQL database.
The app is sold only as a one-time payment for life-time access, not a monthly recurring payment. The user is added to the database using Zapier.
-
Even though there is no recurring payment, Is their username, email & password still considered an "account" and therefore is subject to this requirement?
-
If so, do I need to provide a link that automatically removes that info from the MySQL database, or can it send a notification to me so I can manually remove them?
-
The user paid for lifetime access. However, once they are removed from the MySQL database, there will be no record of them.
If they click the link to remove themselves by mistake or decide they want to access it again, there are 2 problems:
-
We will have no record that they ever paid, so they would be required to buy it again. Is that correct?
-
We will have no record or evidence that they removed themselves from the database (because their data has been removed), which will lead to disputes if a user denies that they removed their data. How do we handle this situation?
