Have a bit of an odd one. Let's say SaaS provider who states they do not use customer data for any purpose other than to provide the service (the typical language). What would the situation be in a situation where a provider was collecting certain components or fields of customer data, anonymizing the data, storing encrypted for the purposes of machine learning to improve the service. Done such that it is not "viewable" by humans and would essentially be making tolerance decisions of matched data types based on the token/encryption of such data. Also considering the typical gambit of compliance regulations HITECH/HIPAA/GDPR/Privacy Shield/FERPA/FENRA/etc. Obviously much to this but wanted to keep it as simple as possible in hopes someone/s can point me somewhere solid that okays this or deny's this w/ out further consent.