Th Uber Technologies Inc. car service application (app) is demonstrated for a photograph on an Apple Inc. iPhone in New York, U.S., on Wednesday, Aug. 6, 2014.
Bloomberg—Bloomberg via Getty Images
By Sam Frizell
November 19, 2014

Uber has had a rocky few days. On Monday, it was revealed that the ride-sharing app’s senior vice president, Emil Michael proposed the idea of investigating critical journalists’ personal lives in order to dig up dirt on them. On Tuesday, the company published a blog post clarifying its privacy policy. And Uber is investigating its top New York executive for tracking a reporter without her permission, TIME learned Wednesday.

What is Uber really up to, and what are its employees allowed to do?

What Uber does with your data

Uber has a company tool called “God View” that reveals the location of Uber vehicles and customers who request a car, two former Uber employees told Buzzfeed. Corporate employees have access to the tool, though drivers do not. But a wide number of Uber employees can apparently view customers’ locations. (Uber did not confirm or deny the tool’s existence to TIME, but it’s worth noting that “God View” is a widely used term in the gaming world.)

Still, several previous incidents appear to confirm the existence of Uber’s so-called God View.

Venture capitalist Peter Sims said in a September blog post that Uber had once projected his private location data on a screen at a well-attended Chicago launch party:

And this month, a Buzzfeed reporter arrived for an interview at Uber’s New York headquarters only to find the company’s top manager in the city, Josh Mohrer, was waiting for her. According to Buzzfeed, Mohrer said, “There you are,” while gesturing at his iPhone. “I was tracking you.” Mohrer didn’t ask for permission to track Johana, Buzzfeed reports.

Of course, Uber also uses customer data for the humdrum daily task of connecting riders with drivers as well as resolving disputes and reaching out to customers.

What Uber says it can do with your data

Uber says it only uses your data for “legitimate business purposes” and that its team audits who has access to its data on an ongoing basis. “Our data privacy policy applies to all employees: access to and use of data is permitted only for legitimate business purposes,” a spokesperson told TIME. “Data security specialists monitor and audit that access on an ongoing basis. Violations of this policy do result in disciplinary action, including the possibility of termination and legal action.”

And in its privacy policy, Uber says that it can use your personal information or usage information—that includes your location, email, credit card, name or IP address—”for internal business purposes” as well as to facilitate its service for pickups and communicating with customers.

Uber clarified in a blog post Tuesday that “legitimate business purposes” include facilitating payments for drivers, monitoring for fraudulent activity and troubleshooting user bugs.

Another important point: Uber says it can hold on to your data even if you delete your account. The company claims it keeps your credit card information, geo-location and trip history “to comply with our legal and regulatory obligations” and “resolve disputes.” Users have to provide a written request in order to completely delete an Uber profile along with all their data.

MORE: A Historical Argument Against Uber: Taxi Regulations Are There for a Reason

So did Uber do anything wrong?

Strictly by its own standards, it appears that Uber may not have violated its own rules when Josh Mohrer tracked Buzzfeed’s reporter. There’s no indication Mohrer shared the information outside Uber—which would disqualify it from being “internal”—but it’s hard argue that he tracked the reporter for a “business purpose.” (Maybe it saved Mohrer time? Or he was showing off the feature? It’s hard to say.)

At the Uber Chicago launch party where Peter Sims’ location was reportedly tracked, the data was shared with people outside the company, as non-employees were at the event. That’s hard to justify by Uber’s rules. However, Uber’s privacy policy was updated in 2013, and the Chicago launch party occurred “a couple of years ago,” by Sims’ telling. So it’s unclear whether the move violated Uber’s privacy rules at that time.

Should you delete your Uber account?

If you’ve lost all trust in Uber and think that other ride-share apps like Lyft (or plain old taxis) are better, than yes, perhaps. But there isn’t any evidence that Uber is inappropriately using customer data on a widespread scale. And if you do delete your account, remember: unless you write in, Uber will still have your data.

Contact us at editors@time.com.

Read More From TIME

EDIT POST