You are reading a single comment by @deleted and its replies.
Click here to read the full conversation.
-
From making subject access requests at Uni, I had to prove my identity by responding through my Uni email address, or, by going in person with ID to match what they have on file. I then had to phone them and answer security questions.
If you don't have that ID on file then you can only go by ownership of the email address used on the account, which if the person making the request no longer has access to, cannot be proven to be their data.
Your approach seems pretty watertight relative to existing SAR provisions is what i'm trying to say-it's for the applicant to prove ownership of the data, not you.
deleted
I do not have any data stored about you, only your email (which you can view on your profile page) and the content that you have then provided/created on the forum which is fully accessible via the search link demonstrated in the first post.
I do not store any additional data anywhere, the Shopify shop was deleted, the server logs (which used to have debug info like "sent email asdf5456a4sdf6sadf to email@example.com") have been deleted and disabled, the web server logs (storage of IP address to request) have been deleted and disabled... there is nothing now beyond the content you provide.
If you make a GDPR request, this will be the answer I give... I'll adjust the link in the first post and give it back to you and you can view the data you have created and your email and the only things missing from that link are the things / people you are ignoring, which is this: https://www.lfgss.com/ignored/ and the things you are following https://www.lfgss.com/updates/ .
You are free to inspect the code on github, and view the database structure there too. You can verify for yourself that the software does what I claim it does.