Amid the “Ubergate” controversy of the past 24 hours, Uber today released a clarification of its data privacy policy, noting that access to rider records is available for only for “a limited set of legitimate business purposes.”

This follows recent reports in the media that Uber employees may have fairly easy access to rider records, and that some reporters’ data has been accessed. These allegations raised concerns surrounding the safety of reporters who use the service, and whether the company’s executives and employees were able to monitor their use.

This is not an update to Uber’s policy, but rather, a reiteration of its stance. Among the “legitimate business purposes” Uber condones are:

  • Supporting riders and drivers in order to solve problems brought to their attention by the Uber community

  • Facilitating payment transactions for drivers

  • Monitoring driver and rider accounts for fraudulent activity, including terminating fake accounts and following up on stolen credit card reports

  • Reviewing specific rider or driver accounts in order to troubleshoot bugs

The company also says that access to this data is “closely monitored and audited by data security specialists on an ongoing basis” (thought it’s not clear if they’re internal or from a third-party), and that violation of this by an employee “will result in disciplinary action, including the possibility of termination and legal action.”

Earlier today, Uber cofounder and chief executive Travis Kalanick made a series of tweets regarding the above-mentioned reports, especially senior VP Emil Michael’s comments about launching smear campaigns against reporters. While Kalanick condemned Michael’s statements, it appears the company is standing by the executive.