IMHO, as long as Elitium complies with the GDPR, it won't be a problem (from the legal perspective) because companies always have their customers record. The problem is with security, like how to prevent data leak, stolen, etc.
Thank you for your answer, I'm just remember about
data leaking of voice records that happens because of Google partner, of course GDPR is good, as you say cyber crime is the real enemy for our online data, maybe destroying activity tracking can minimized risk of leaking VERA users activity like Google Voice case. CMIIW