What type of user data does Discord collect and store?
Executive summary
Discord stores a wide range of account and activity data including account details, messages, server membership and activity logs — all of which can be exported to users as a downloadable data package in JSON format within about 30 days (Discord support) [1] [2]. Public research and scraping incidents show large volumes of messages and profile details can be collected from public servers and APIs — researchers assembled multi-billion-message datasets and third‑party scrapers claimed billions of messages and linked profile metadata [3] [4].
1. What Discord itself says it holds: account, activity and messages
Discord’s public-facing documentation and support pages make clear that a user’s “data package” includes core account information, activity and activities, messages, servers (current membership and related IDs), ads-related data and support tickets; the files are delivered as JSON and include IDs tying messages to Guild (server) ID, Channel ID and User IDs [2]. The privacy page reiterates users can request a copy of their data via User Settings and that Discord will deliver data in common digital formats within roughly 30 days [1] [5].
2. Exactly what the downloadable package contains — message and server linkage
Support documentation specifies message files include contextual metadata: for server messages the data package contains Guild ID, Channel ID and Channel Name; for direct messages and group chats it includes Channel ID and User IDs. The data package is a ZIP of JSON files intended to represent the account’s entire history on the service [2].
3. Data retention and user control — built‑in settings and limits
Discord’s privacy page says personal information is retained until it’s no longer needed for processing or legal compliance and points users to privacy settings that can limit certain types of processing (for example, limiting Discord’s use of data to improve services). Users can manage filters, friend requests and certain data uses in User Settings > Privacy & Safety, and specific “Data Privacy Controls” pages explain how Discord uses information and where controls live [1] [6].
4. What external research and incidents reveal about public and scraped data
Independent researchers and projects have demonstrated that large volumes of publicly available Discord messages and metadata can be collected via the platform’s APIs: an academic dataset gathered more than 2.05 billion messages from 3,167 public servers covering 4.7 million distinct users [3]. Separately, a commercial scraping service offered a database of over four billion public Discord messages and compiled user profiles that included aliases, pronouns, connected accounts and server memberships, showing how publicly visible data can be aggregated and structured [4].
5. Privacy implications and real‑world exposure risk
The researcher and scraper outputs illustrate a simple reality: Discord will package and keep account and message data for a user’s account, and public messages and server membership can be accessed or scraped at scale by third parties. Malwarebytes’ reporting on a scraping operation highlights that even if the data was publicly accessible, aggregation and organization of that data into profiles creates new privacy risks — combining aliases, pronouns, linked accounts and server lists can materially increase harms to users [4].
6. What is not spelled out in the provided sources
Available sources do not mention a full, line‑by‑line public inventory of every backend telemetry field Discord collects (for example, exhaustive lists of analytics or low‑level IP, device, or precise retention intervals for every category) beyond the general categories in the privacy policy and the Data Package contents [1] [2]. Detailed claims about exact retention windows for each data type are not present in the excerpts provided [1].
7. Competing perspectives and hidden incentives
Discord frames data exportability and privacy controls as user‑centric features and notes the ability to limit certain processing [1] [6]. Researchers and security reporters emphasize that public data and API access enable large‑scale collection, and that third‑party scrapers can turn public fragments into comprehensive profiles — a tension between platform usability and risk of mass aggregation [3] [4]. Note the incentive conflict: Discord promotes user controls and data portability while the business benefits from aggregated usage data to improve product features and monetize services [1] [2].
8. What you should do now (practical steps)
Request your data package from User Settings if you want a full copy of what Discord retains for your account; the company delivers it as a ZIP of JSON files and starts collecting it after you submit the request [2] [5]. Review privacy controls under Privacy & Safety and the Data Privacy Controls pages to limit optional processing where available [6] [1]. Be aware that public posts and server memberships can be aggregated by others even if they are widely accessible — limit what you post publicly and consider server privacy settings where confidentiality matters [4] [3].
Limitations: this briefing relies only on the cited Discord support pages and third‑party reporting provided. It does not attempt to confirm any data beyond those sources; where the sources do not list specific telemetry fields or detailed retention timelines, those specifics are "not found in current reporting" [1] [2] [4] [3].