It hasn't been a great day for Uber's PR team. Late last night, an Uber VP reportedly said that the company was considering spending $1 million to investigate journalists and dig up dirt on their personal lives, a comment that put CEO Travis Kalanick into damage control mode for most of the day. But a secondary controversy arose from this first PR mistake — Ellen Cushing, a journalist at San Francisco magazine said that Uber employees warned her that company executives were possibly looking at her rider logs to see which employees she was speaking to as part of her reporting for a story on Kalanick. While Cushing wasn't able to verify that claim, she did say it felt likely to her based on the recently-revealed statements about investigating journalists.

Now, Uber is doing its best to put out that new fire and reassure riders that their personal data is safe. In a statement, Uber said that it "has a strict policy prohibiting all employees at every level from accessing a rider or driver's data. The only exception to this policy is for a limited set of legitimate business purposes." It went on to note some examples of those legitimate business purposes, including "supporting riders and drivers in order to solve problems brought to their attention by the Uber community," "facilitating payment transactions for drivers," and "reviewing specific rider or driver accounts in order to troubleshoot bugs."

Of course, that "legitimate business purposes" exception is a pretty big one, giving the company leeway to look into user data as long as it can find some business justification. Between the Uber CEO's swift refutal of the claims it wants to dig up dirt on journalists and this public privacy statement, it's clear that the company is trying to assure riders their privacy isn't at risk — but regardless, it may take the company some time to shake off this latest bit of bad press.