Thank you for your quick reply.
It’s not a GDPR requirement, but again, what other way can we keep proof it was the user who performed the confirmation action and not the company?
We can also set an email to be sent to the company whenever a user confirms a subscription to have some sort of record, but how to keep proof of that, since the email address of the email we receive is our own and not from the user?
Also, then what do you mean when you say “Newsletter collects Ip addresses at the moment of the subscription and whenever a user performs an action on newsletters, if tracking is active.”, since you now say Newsletter plugin does not store IP addresses on changes?