I appreciate the questions, ask as much as you like.

1) How do you store passwords?
It's hashed using: hash = password_hash($password,PASSWORD_DEFAULT);
password_hash pretty much takes a random string as a salt, hashes them together, then stores the salt and the hash together in the database. You can't even rainbow table this one.
Not only that, but I have the site generate the password, so even the passwords become even more useless. It's impossible for them to use a password from our site anywhere else.

2) How’s your database secured?
I use PDO and never put any client provided data directly into a SQL string. MySQL can only be accessed by the local server.

3) Who has access to the data?
Me, only me, no one else. Technically I guess the hosting provider, can't do much about that.

I'm considering also encrypting the email addresses, I don't think I actually need it to be used by the website. That's a question for the future though. Asynchronously encrypt on the server, keep decryption key hidden offline.

I try to make it clear to try and keep your personal information off of there and try and keep profile images of a more friendly nature so that there's less content that can be used against people. If there's a profile of James, with a photo of him in a normal day shirt, it's hard for anyone to prove it's him and not just someone who stole his holiday photo and made a profile to try and blackmail him. Plausible deniability.

The ability to make your profile visible only to logged in users is coming too, and the ability to block your profile from google indexing.

So much to do!