> It's what they do with it that matters, not what the contract says.

What they do with the data changes based on leadership (should we sell to 3rd party data brokers to increase our revenue or not?)

It’s also out of their hands once a subpoena for that data comes from law enforcement.

I respectfully disagree with your initial point regarding "can" versus "what they do."

Even if a company provides assurances and pledges never to mishandle your data or use it for nefarious purposes, there remains a risk that your data could still end up in the wrong hands.

Would you sign a paper saying I can come into your house unannounced if I suspect you stole something? If you do not steal you have nothing to worry about

With respect, I believe that both things are important.

It's important to know what they do with that data today.

It's also important to know what they could do with that data tomorrow.