// Trust & Security Report

    Discord Inc. logo

    Discord Inc.

    Discord is a real-time communication platform (voice, video, text chat) with integrated AI features including AutoMod AI for content moderation, conversation summaries, and search functionality. Previously offered Clyde (OpenAI-powered chatbot) which was discontinued in 2026.

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR Compliance
    HELD

    Discord and its U.S. entities/subsidiaries also comply with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework.

    Verify on discord.com
    Data Privacy Framework Certification (EU-U.S., UK, Swiss)
    HELD

    Discord and its U.S. entities/subsidiaries also comply with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework.

    Verify on discord.com
    > Show 5 unconfirmed / not-held certifications
    SOC 2 Type II
    NOT CONFIRMED

    Although Discord takes security seriously with encryption and robust security practices, it has not undergone a formal SOC 2 audit to achieve certification.

    source: ocd-tech.com
    ISO 27001
    NOT CONFIRMED

    Discord does not have ISO 27001 certification, whereas competitors like Slack do.

    source: ocd-tech.com
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA certification. Discord is a consumer/gaming-focused platform without enterprise healthcare compliance claims.

    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification on vendor-domain resources.

    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP certification on vendor-domain resources.

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Not specified; Discord has EU-U.S. Data Privacy Framework certification indicating EU/US data flows

    Discord does not allow external AI companies (e.g., OpenAI) to train their models using Discord user data. OpenAI cannot use Discord data to train general models. Discord's own AI features (AutoMod AI, summaries) may analyze user data, but users can opt out via Privacy & Safety > How we use your data toggle. Previous concerns arose in 2025 when Discord revised its privacy policy following backlash over AI training practices; the company clarified that Clyde would not use user data for training external models.

    // Security controls

    Encryption in Transit

    TLS (Transport Layer Security) used for all text and image communications

    discord.com

    Voice and Video Encryption

    End-to-end encrypted; users can verify encryption status in service

    discord.com

    Text Message Encryption

    Encrypted in transit via TLS, but not end-to-end encrypted. Discord stores data in readable format on servers for moderation purposes.

    discord.com

    Trust & Safety Team

    Dedicated team for content moderation, CSAM detection, policy enforcement, and law enforcement cooperation

    discord.com

    Transparency Reporting

    Quarterly transparency reports published covering policy enforcement, legal requests, IP removal requests, and moderation actions

    discord.com

    AI for Content Moderation

    AutoMod AI detects rule violations and CSAM; Conversation Summaries use ML to identify key topics and decisions; tools for community moderation without constant human oversight

    discord.com

    // Products & data scope

    Discord (Core Platform)Real-time Communication

    data: Voice, video, text, files, user profiles, server metadata

    Free and paid tiers (Nitro). Includes voice channels, video calls, text chat, rich media sharing, user presence, moderation tools.

    AutoMod AIAI Content Moderation

    data: Message content, metadata; server settings

    AI-powered content filtering for rule violations; detects CSAM; customizable per server. May train on user data but users can opt out of data collection for AI features.

    Conversation SummariesAI Intelligence Features

    data: Message content within channels where feature is enabled

    Uses ML to identify key topics, questions, decisions. Feature opt-in/out at user and server level.

    Clyde (DISCONTINUED)AI Chatbot

    data: Messages in threads where Clyde was invoked

    Powered by OpenAI; supported by Midjourney image generation. Shut down in 2026 after ~1 year of testing. OpenAI was contractually prohibited from using Discord user data for training external models. Discontinued due to privacy concerns and low user adoption.

    // What to watch

    • OVER-CLAIM DETECTED: Nudge Security's security profile claims Discord holds SOC 2, ISO 27001, HIPAA, PCI DSS, FedRamp, and CSA STAR Level 1 certifications, but multiple authoritative sources (OCD-Tech, independent security analysts) contradict these claims. No vendor-domain evidence supports these certs. This is a potential identity-conflation risk or third-party database error.
    • IDENTITY CLARIFICATION: Evidence file refers to 'Discord AI' but Discord is a single product with integrated AI features. No separate 'Discord AI' product exists. Clarify in listing as 'Discord (with AI features)' to avoid confusion.
    • SOC 2 / ISO 27001 GAP: Unlike enterprise competitors (Slack, Microsoft Teams), Discord lacks formal SOC 2 Type II and ISO 27001 certifications, limiting suitability for regulated/enterprise use cases.
    • PRIOR SECURITY INCIDENTS: Discord has experienced data breaches (e.g., government ID exposure from age verification system). Recent incident history should be considered for enterprise trust assessment.
    • AI PRODUCT DISCONTINUATION: Clyde chatbot was shut down after ~1 year due to low adoption and privacy concerns, indicating potential challenges with user trust and AI feature maturity.
    • AI TRAINING POLICY EVOLUTION: Privacy policy was revised in February 2025 following user backlash over AI training implications. Users can opt out of data collection for AI, but unclear how this affects feature quality/availability.
    • TEXT MESSAGE ENCRYPTION LIMITATION: Text messages are not end-to-end encrypted (only TLS in transit), meaning Discord employees and automated systems can access readable content for moderation. This is a material difference from E2EE platforms.
    • GDPR COMPLIANCE vs CERTIFICATION: Discord claims GDPR compliance via Data Privacy Framework but does not hold a formal ISO 27001 or third-party audit. DPF is a legal framework, not a security certification.

    // At a glance

    Pricing model

    Freemium (core platform) + subscription (Nitro). No explicit per-seat pricing for AI features.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Discord Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    discord.com

    > Browse all vendor trust reports