What's the relationship between Stripe and Discord?
Stripe acts as our identity verification provider, and is legally and contractually obligated to only use the data in a way that we’ve approved, which is to provide the service of identity verification. The data still comes from Discord and still belongs to Discord, and so we have the right and ability to remove that data. Essentially, they’re providing a service to us like Google or Cloudflare does.
Who can access the information I submit?
A small number of employees who are involved in security and legal will be able to access the information. The information is not stored on Discord itself and is not generally accessible to employees outside of this group. We understand that this is highly sensitive, and access to the information is not something that we take lightly. It is expressly for the use case of bad, bad actors. We’re not talking about general Trust and Safety concerns, like spambots or a bot deleting channels in a server. Instead, we’re looking to prevent data breaches, wide-scale privacy violations, and illegal activity.
Why are you doing this, again?
Discord is a platform where hundreds of millions of people talk to each other on a daily basis about everything going on in their lives. Keeping that information secure is one of our top priorities. We spend a lot of time hardening the security of our internal databases and procedures, but we also want to make sure that access to data through the API is also handled responsibly and thoughtfully. This includes proactive measures, like this verification process, proper authentication and limits on our APIs, and stipulations in our Developer Terms of Service, like the mandate that End-User data is encrypted at rest.
As such, verification accomplishes two goals: it serves as a barrier to growth to bad actors in the first place, and it is also a method to act on them if they are to get through that barrier.
How can I delete the information I’ve submitted?
Removing information upon demand defeats the purpose of verifying identity. At the same time, we have no interest in keeping this data longer than we need to, and we want to balance those two principles. As such, our retention policy is that we'll remove the identification information a year after the bot that it is connected with has been deleted.
This is in line with industry-standard retention guidelines for anti-abuse and anti-fraud situations. Keeping information after bot deletion for some amount of time is absolutely necessary — as we know in the security world, some misdeeds don't come to light immediately, and we want to make sure that we can take the steps to keep users safe.
Legal Nerd Hat
In case you're curious about the legal front, use of data for this purpose is outlined both in the GDPR (see Recital 47), as well as the CCPA (Cal Civ Code § 1798.105(d)(2)).