// Trust & Security Report
Discord Inc.
Discord is a real-time communication platform (voice, video, text chat) with integrated AI features including AutoMod AI for content moderation, conversation summaries, and search functionality. Previously offered Clyde (OpenAI-powered chatbot) which was discontinued in 2026.
Certifications held
2
Maturity
Growth
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on discord.com“Discord and its U.S. entities/subsidiaries also comply with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework.”
Verify on discord.com“Discord and its U.S. entities/subsidiaries also comply with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework.”
> Show 5 unconfirmed / not-held certifications
source: ocd-tech.comAlthough Discord takes security seriously with encryption and robust security practices, it has not undergone a formal SOC 2 audit to achieve certification.
source: ocd-tech.comDiscord does not have ISO 27001 certification, whereas competitors like Slack do.
No public evidence of HIPAA certification. Discord is a consumer/gaming-focused platform without enterprise healthcare compliance claims.
No public evidence of PCI DSS certification on vendor-domain resources.
No public evidence of FedRAMP certification on vendor-domain resources.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Not specified; Discord has EU-U.S. Data Privacy Framework certification indicating EU/US data flows
Discord does not allow external AI companies (e.g., OpenAI) to train their models using Discord user data. OpenAI cannot use Discord data to train general models. Discord's own AI features (AutoMod AI, summaries) may analyze user data, but users can opt out via Privacy & Safety > How we use your data toggle. Previous concerns arose in 2025 when Discord revised its privacy policy following backlash over AI training practices; the company clarified that Clyde would not use user data for training external models.
// Security controls
Encryption in Transit
TLS (Transport Layer Security) used for all text and image communications
discord.comVoice and Video Encryption
End-to-end encrypted; users can verify encryption status in service
discord.comText Message Encryption
Encrypted in transit via TLS, but not end-to-end encrypted. Discord stores data in readable format on servers for moderation purposes.
discord.comTrust & Safety Team
Dedicated team for content moderation, CSAM detection, policy enforcement, and law enforcement cooperation
discord.comTransparency Reporting
Quarterly transparency reports published covering policy enforcement, legal requests, IP removal requests, and moderation actions
discord.comAI for Content Moderation
AutoMod AI detects rule violations and CSAM; Conversation Summaries use ML to identify key topics and decisions; tools for community moderation without constant human oversight
discord.com// Products & data scope
data: Voice, video, text, files, user profiles, server metadata
Free and paid tiers (Nitro). Includes voice channels, video calls, text chat, rich media sharing, user presence, moderation tools.
data: Message content, metadata; server settings
AI-powered content filtering for rule violations; detects CSAM; customizable per server. May train on user data but users can opt out of data collection for AI features.
data: Message content within channels where feature is enabled
Uses ML to identify key topics, questions, decisions. Feature opt-in/out at user and server level.
data: Messages in threads where Clyde was invoked
Powered by OpenAI; supported by Midjourney image generation. Shut down in 2026 after ~1 year of testing. OpenAI was contractually prohibited from using Discord user data for training external models. Discontinued due to privacy concerns and low user adoption.
// What to watch
- OVER-CLAIM DETECTED: Nudge Security's security profile claims Discord holds SOC 2, ISO 27001, HIPAA, PCI DSS, FedRamp, and CSA STAR Level 1 certifications, but multiple authoritative sources (OCD-Tech, independent security analysts) contradict these claims. No vendor-domain evidence supports these certs. This is a potential identity-conflation risk or third-party database error.
- IDENTITY CLARIFICATION: Evidence file refers to 'Discord AI' but Discord is a single product with integrated AI features. No separate 'Discord AI' product exists. Clarify in listing as 'Discord (with AI features)' to avoid confusion.
- SOC 2 / ISO 27001 GAP: Unlike enterprise competitors (Slack, Microsoft Teams), Discord lacks formal SOC 2 Type II and ISO 27001 certifications, limiting suitability for regulated/enterprise use cases.
- PRIOR SECURITY INCIDENTS: Discord has experienced data breaches (e.g., government ID exposure from age verification system). Recent incident history should be considered for enterprise trust assessment.
- AI PRODUCT DISCONTINUATION: Clyde chatbot was shut down after ~1 year due to low adoption and privacy concerns, indicating potential challenges with user trust and AI feature maturity.
- AI TRAINING POLICY EVOLUTION: Privacy policy was revised in February 2025 following user backlash over AI training implications. Users can opt out of data collection for AI, but unclear how this affects feature quality/availability.
- TEXT MESSAGE ENCRYPTION LIMITATION: Text messages are not end-to-end encrypted (only TLS in transit), meaning Discord employees and automated systems can access readable content for moderation. This is a material difference from E2EE platforms.
- GDPR COMPLIANCE vs CERTIFICATION: Discord claims GDPR compliance via Data Privacy Framework but does not hold a formal ISO 27001 or third-party audit. DPF is a legal framework, not a security certification.
// At a glance
Pricing model
Freemium (core platform) + subscription (Nitro). No explicit per-seat pricing for AI features.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Discord Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
discord.com