There are many instances in the code base where we log user data and there is a class of users that do not want this behavior. As an example, we might be debugging an issue on the mailing list and the user has to scrub the logs they share by hand because they don't want it to leak.
On the server-side, we should replace all those instances with some string like "redacted" and add a process flag to enable the logging of user data.
On the client-side, it gets a bit more tricky. We can't use such flags so we need to strike a balance between removing unnecessary logging of user information and still keep the software usable.