Thanks @danbjoseph and @yanokwa for your thoughtful responses regarding use of data. It's helpful to get the human response as well as the 'corporate' one of the Privacy Statement 
I recognise the difficulties of permissions and for me it is more a case of reassuring folk that their data is not going anywhere else - and taking appropriate responsibility for their data in form design.
Another topic just arising (ODK Privacy and Security) highlights an issue with privacy between different projects - especially difficult if working with more than one client... will be interested to see if there is a way of introducing 'walls' within one instance of Aggregate.
Thanks for taking time to respond.