For a web or mobile app where users upload their own media, not for public consumption (think Shutterfly, for example) are there best practices to implement to ensure that the people working on that site (i.e. devs, dev-ops etc.), in production, don't get to see the user's media unless they absolutely have to or is it just kind of accepted that those workers get to see your stuff?
I don't have experience in this area and would like to hear from those who do. I'm especially interested in photo and video content.
