Whether the individuals for which you have collected personal data are users of the system or not is irrelevant. The individual still has the right to have their data erased. Whether the people who buy and/or use your software like that or not is also irrelevant.
GDPR does not only apply to software systems, but to organizations/companies as a whole and how they collect, process and store data about individuals. For example, if someone calls your company on the phone and you write down their name on a piece of paper, the laws now apply to that piece of paper in the same manner they apply to any personal user data you store in a database.
The core principle behind GDPR is quite simple: as an individual I have certain rights regarding how my personal data is collected, stored and used. It’s the company’s responsibilty to ensure that my rights are not violated.
In essence: don’t collect data you don’t need, give (justified) reasons for needing the data you do collect, don’t use an indivudal’s data for anything they did not explicitly consent to, give them acces to their data and delete (or anonymize) their data if they ask you to.