Everyone should assume that _anything_ connected to internet will get uploaded to internet and someone within the company will have permission to review the contents regardless of what the policy says.

1. Debugging for troubleshooting.

2. Analytical for making product better.

3. Bugs that collects your info when it shouldn't.

4. Bugs from 3rd party vendor if company uses those.

5. Insecure process. Getting access to a private content within the company is trivial due to coarse permission model.

Source: I worked at two well known social media companies. Trust & Safety and data infra teams