like, in order for us to add features to our internal backend APIs for installing, reinstalling, or erasing the datacenter machines, we had to answer a list of questions like "do you handle private user data?" "do you have a plan for what happens when you leak private user data?" "have you thought about any of this at all?"
apparently, not all teams were held to that same standard.