You say you're in the US and you sound like a small entity so not entirely clear why you care about the GDPR, but you want to comply, cool.
As said, this info may be personal data. SO why do you want to store it? If it's for security/fraud prevention you should look for a carve out (legitimate interest, etc) that would allow you to store it without explicit consent and would possibly also allow you not to delete it on request. In which case, you would be able to simply stipulate in your T&Cs/privacy policy that you are collecting that info for that specific reason, for that specific period of time (all of which should be reasonable).
mytailorisrich|2 years ago
As said, this info may be personal data. SO why do you want to store it? If it's for security/fraud prevention you should look for a carve out (legitimate interest, etc) that would allow you to store it without explicit consent and would possibly also allow you not to delete it on request. In which case, you would be able to simply stipulate in your T&Cs/privacy policy that you are collecting that info for that specific reason, for that specific period of time (all of which should be reasonable).