1. Do we have to use consent for our product, or can we use legitimate interest as the basis for our processing?
2. If we use consent, are we allowed to deny the user the use of our service if they do not consent?
For some background, our product is an IoT device which communicates with our web servers hosted on GCP, to store user emails and device sensor data in order to send out email alerts and provide sensor data visualizations. It also allows user control over the unit.