What end-user settings apply to how the data is stored and shared? (Point to associated specification for these settings where applicable.)
Is the user's permission explicitly given before storing or sharing the data?
Do you provide a feature to clear logs and history?
Are settings integrated with group policy?