What sort of server logging do you do? How do you strike a balance between user privacy and improving your service?
tl;dr you can't have user privacy against someone with admin access to the DB, track away
This is why I ask: https://signal.org/bigbrother/eastern-virginia-grand-jury/
Open Whisper Systems kept the bare minimum of user data and it payed off
I use Segment for the convenience and then route things onwards from there. But regarding what's being tracked I try (at the moment) to send as little user identifiable information to Segment as possible (hello GDPR) while at the same time tracking the main user events that I've found to be crucial, maybe that all needs to be adjusted as well and only be user_ids that's tracked.
We're currently doing a big push at work to comply with GDPR so for the side projects I'm gonna piggy back on that one's I know what the actual limits are.