how to prevent deleted accounts from creating a new account

I think the second option may still violate the GDPR law. GDPR is really tricky

TL;DR

Developers discussed various methods to prevent deleted accounts from creating a new account. One solution shared was to update the user's status to "blocked" using the provided endpoint, and then delete the phone value from the user object. This method would restrict the user from accessing resources while still retaining necessary data for prevention purposes.

Where are you from @d_honig ? Are you considering serving EU citizens?

possibly. but then in a way, its not traceable to a user, nor identifiable.

It kinda is under GDPR law. Even if you hash the personal data it is pseudo personal information and that itself is not allowed to be saved

"If the user ID is unique, then the hashed user ID will be unique as well. Thus, the hashed ID will enable “singling out”, and would still count as identifying in the sense of the GDPR."

Yes, the app has to be GDPR compliant. However, we do have the participant's agreement to save their identifiable data for the length of the experiment, about 5 years, at which point we will delete all the phone numbers.

If we can identify the user this way then it is still a breach lmao

The hashing is an interesting option, I think it makes a difference if we can access their actual phone number or not, I will check

You are allowed to save their phone number?

Why do you not try to track the user via that way?

I think best option is still to prevent users based on their payment details

It's not like they can open back accounts or so

Uber EATS does it that way

Then I can block users instead, that is a great idea. I don't know if Apple has specific criteria for "delete account", and I doubt that they care that much if it's a blocked account or a deleted account, as long as the data is deleted at some point

You can delete the personal data yes, but do not delete the account

The reason is that the permissions in documents and files and whatever are still intact

A new user with the same userId can potentially abuse that

Just override all personal data and block the account

As you asked before, what does "account deletion" mean? I assumed it meant to remove the phone number, but this seems to be unfeasible. We don't have payment details, this is done via go gift, they send an email with gift card options according to their country of residence. I can ask them regarding the actual payment details, that is also a great idea. However, they are paid at the end of the experiment (10 days). If they participate for 10 days and only then we will know if they already participated, that makes things complicated