Sort:  

Currently they are stored for a limited amount of time to prevent abuse. Of course the data is not used for any other purpose than that. Bad actors could create endless fake accounts and would drain all those account tickets available.

If you have any suggestions how to work around this issue, which is not a paywall, let me know. I'am open for improvements to be made. I don't like the fact that I have to store the data myself...

One thing I consider for a week now is open it up for oauth provider like Google/Facebook/Twitter - but this could open gates for abuse as well...

Great suggestion, a shame I didn't came to this solution.

Will go for it this weekend - anyone can check the code on git when it's ready.
I'am also open for an audit if there are security concerns.

All phone numbers are purged from the db now and instead a SHA-256 hash is stored for each account created. Works like a charm!

Aye! I'am really thankful for those insights - which are really valuable for me.

Usually I don't need papers but a little kick into the right direction :)

Excellent idea to protect users' privacy