PMs are accesible by admins if the admin has the link

The best way to do this is with end-to-end encryption, made possible by our discourse-encrypt plugin.

Admins are administrators of the forum and have access to all of the data. There’s lots of ways for admins to view message contents without it being logged:

  • downloading a backup
  • data explorer
  • impersonation
  • creating API keys

To fully protect users the best solution is to use encrypted messaging. If you don’t trust your admins, they shouldn’t be admins.