Anecdotally, I’ve received a few data requests from customers powered by it, and it was very easy to handle on our side - at most a couple of e-mail back and forth, and the customers seemed happy
Just chiming in as a happy user of 33mail - congratulations and I'm happy to know that it is sustainable and growing.
One suggestion would be to better advertise new features to existing users - I was going to suggest adding 2FA authentication, and went for a quick check on my account, and it was already available :-)
My understanding is keeping the deletion requests fullfills a legitimate business interest, so no -I would not delete the request. What we do is we keep those in a separate system, since the user records themselves (in my app, crm, etc) would be removed. That system is also how we "prove" that we executed the deletion requests in a timely manner
This all depends on what the legal basis for you processing personal data is in the first place.
There are several possible legal bases for processing personal data and legitimate interests is one; if legitimate interests wasn't your reason for processing personal data in the first place, then you couldn't rely on it later.
If legitimate interests were the basis for your processing, and a person requested their data be deleted, you have to be able to demonstrate that your legitimate interest overrides their rights. You should probably also demonstrate there aren't other steps you could reasonably take, eg partially deleting or anonymising the data.
