> My app’s website doesn’t even show a cookie consent dialog, I don’t track or serve ads, so there’s no need for that.
I just want to point out a slight misconception. GDPR tracking consent isn't a question of ads, any manner of user tracking requires explicit consent even if you use it for e.g. internal analytics or serving content based on anonymous user behavior.
You may be able to legally rely on "legitimate interest" for internal-only analytics. You would almost certainly be able to get away with it for a long time.
I just want to point out a slight misconception. GDPR tracking consent isn't a question of ads, any manner of user tracking requires explicit consent even if you use it for e.g. internal analytics or serving content based on anonymous user behavior.