strange gdpr statement in plugins db entry.

[danmarsden]

the plugins db has this statement
"It uses Firebase to push the updates and stores the data anonymously, so no GDPR concerns there."

This feels like a misleading statement to me.... (IANAL but I suspect that statement hasn't been approved by your legal team) :-)

I think it's probably ok to say:
"we store user submissions/responses in an external system".... "we don't store usernames in the same place" and leave the organisation up to decide if it meets their GDPR requirements.

I also note that your privacy api identifies that "userid" is also passed to the external service - and that most definitely qualifies as identifying user information - so either your privacy api is wrong, or the statement itself is also very wrong.
https://github.com/open-lms-open-source/moodle-mod_livepoll/blob/master/classes/privacy/provider.php#L55