Thank you for the question.
As I think my colleague Steve noted in his opening statement, we do have a Canadian operating entity. We have Canadian users so we are subject to Canadian law, but I want to emphasize, too, that we have data access approval policies. If any employee wants to access user data, they need to make a request.
We operate by the principle of least privilege, which means that employees only have access to the minimum amount of data necessary to perform their job functions. In some cases, that may mean they don't have access to personally identifiable information at all. We also have data classification policies with increasing levels of sensitivity of data. User data is the most sensitive. If an employee makes a request for user data, that will require increasing and higher levels of approval and more rigorous review.
We think a combination of these protocols addresses some of the risks and concerns you're alluding to.