We're glad you asked! As with most things, it is up to the details of the implementation. Rather than list out every possible idea, or have you extrapolate on examples, here are some principles that guide the way we think.
If you have questions about your particular use case, be as descriptive as possible in your application, and please feel free to reach out to our support team, or talk to us in our Discord Server! We're happy to talk you through the process.
Meet User Expectations
In general, a good principle of privacy is to ask yourself "Would someone be surprised by this?" If the answer isn't solidly "no", it might be worth evaluating.
Practice Principles of Least Privilege
The principles of least privilege state that you should only be asking for privileges that you fundamentally need. The Discord API is pretty vast, and there may be a better way to go about what you're trying to do. We'd love to have that conversation with you and help you think it through!
Be Sensitive to What Info You Have
Info from Discord comes in many shapes and sizes, and you have a large responsibility to be sensitive to what info you're getting and storing, especially with data from Privileged Intents. If you're using data that is fully anonymous and aggregated, ensure that access to that data is limited to only those who should be able to see it, be that in the context of your development team or privileges in a server.
If you're using information about individuals, make sure you really take user expectations to heart, and provide users with a way to request deletion of that data. If functionality allows, delete user data that you store as quickly as you are able. 30 days is our gold standard if you need to hold onto the data for a while.
Lastly, be sure to encrypt any personally identifiable information that you collect about a user. This includes email, phone number, address or any other information that could be traced to a user in the real world.
Be Sensitive to Who Has Access
Discord Servers are often private places. Even in public servers, though they're welcome for everyone to join, people have a sense that what they're doing is in that community, and not mirrored or copied somewhere else. Be mindful of who on your team has access to information, as well as under what privileges you show users access to it. For example, data about a specific server--even anonymous and aggregated--should probably be limited in access to just people in that server with proper permissions.
We know this was a lot. If you have any questions about the process or requirements, please feel free to get in touch with us over at dis.gd/contact, or come see us in our Discord Server! We want to help and ensure all of this is as painless as possible. Thank you for your hard work in helping keep Discord a safe place for everyone, and we can't wait to see your creation flourish!