There are different levels of privacy. I can expect data I share with a company for a specific use case to not be public knowledge, yes.

You can't expect that when major data breaches happen all the time.

Even assuming a perfectly benevolent company, that means nothing. Just them having the data is a liability. Which is why Rule Number 1 of data security is: have the least data.

Isn’t that the point of this thread - people are questioning whether the scope of this subpoena is excessive?