I think we always try not to store timezones whenever we use times in privacyIDEA.
Storing timezones does not make any sense.
Imagine a redundant setup, where you have one privacyIDEA server on the east coast, one on the west coast and on in Hawaii. Which timezone should you use?
Or each node would write a different timezone to the database…
So storing GMT is intended. But it I think it should not store the local time “value” with the GMT timezone. This sounds, as if this could be a bug. If you have an account, it would be great if you would open an issue at github: