Last Updated: August 14, 2024
Overall Score
Risk by Category
Discord's Privacy Policy outlines how the company collects, uses, shares, and protects user data across its communication platform. It covers personal information from account creation, messages, voice/video calls, usage analytics, and device details. Data is used for service provision, safety, advertising, and legal compliance. Sharing occurs with service providers, affiliates, and in response to legal requests. Users have rights to access, delete data under GDPR/CCPA, with retention tied to account activity and legal needs. Standard industry practices with moderate transparency on third-party sharing and retention.
Collects messages, voice data, IP addresses, and device info extensively for platform functionality.
Shares data with advertisers and analytics providers for targeted ads.
Retains data as long as account is active or needed for legal purposes without specific timelines.
Supports GDPR, CCPA rights like access, deletion, and opt-outs.
Uses HTTPS and end-to-end encryption for some voice features.
Provides privacy dashboard for data access and download.
Spotify collects the following categories of personal data. High Risk categories are used for advertising profiling or involve sensitive personal information.
Username, email, phone, profile info.
Messages, voice/video recordings if enabled.
IP, device ID, app usage patterns.
Your data serves the following purposes. Mandatory purposes cannot be disabled without canceling the service. Opt-out available purposes allow some user control.
To operate the platform, send messages, host servers.
Analyze content for abuse, spam detection.
Personalized ads based on usage and interests.
Spotify shares data with several categories of third parties. Sharing with advertising partners is extensive and represents the primary commercial use of your behavioral data.
Shares identifiers for targeted ads (e.g., Google, Meta).
Cloud hosts like AWS, analytics like Amplitude.
Shared within Discord entities.
The following rights may be available to you depending on your region. EU/EEA users have the broadest protections under GDPR. Non-EU users have more limited guarantees.
Request copy of personal data via privacy dashboard.
Delete account and data, but some retained for legal reasons.
Limit personalized advertising and data sharing.
Data is retained for different periods depending on category, and security disclosures vary in depth. The policy highlights the following retention and transparency points.
Retention Periods
As long as account exists; post-deletion up to 90 days.
Indefinite for billing, disputes, legal holds.
Analytics data retained indefinitely in aggregated form.
Security & Transparency
Data in transit encrypted with TLS; some E2EE for calls.
Notifies users of breaches as required by law.
Regular audits and bug bounty program.
Source Text
We collect content you create and info about how you use Discord.
Interpretation
Broad collection of user-generated content poses privacy risks if breached.
Source Text
Share with vendors, advertisers, for legal compliance.
Interpretation
Standard but increases exposure through multiple parties.
Source Text
Access, rectification, erasure under applicable laws.
Interpretation
Strong support for key privacy rights.
Account details, messages, voice data, device info, usage analytics.