Thank you. As an early-startup variation on that, I think the solution for intentional snooping might be (assuming you you did a good job picking and incentivizing people) to impress upon everyone that snooping is NOT OK, and is a potentially company-ending scandal, that threatens the mission and the personal futures that the entire team are working towards.

That, and don't let anyone get stressed (for whatever reason) to the point that their judgment goes bad.

I'm still wondering about low-hanging fruit tactics to avoid unintentional exposure to user data in the course of moving fast with too little resources.

(Say, prod is down, and normally debugging would include looking at tables, but you haven't built a fleet of privacy-protecting ways to rapidly get the same diagnostic information and intuition about the database that you can just by looking at it.)