So I’ve added a page in the documentation about the topic: a very short page indeed, since Duplicate Post does not collect any kind of data or information; everything you do with it is happening in your website (actually in your database, for the most part) and nothing is exported outside.
You could look at the source code to check with your eyes, but you can also trust the guidelines of the WordPress.org repository, which require that every plugin hosted there can’t collect any data unless with explicit approval (Duplicate Post does not ask for it, since it doesn’t export any information).
So feel safe that Duplicate Post is 100% GDPR-compliant.
Also in the news: just a few minutes ago, Duplicate Post hit the 7 million downloads mark :-).
As always, thanks to each and every user!