The best way to do this is with end-to-end encryption, made possible by our discourse-encrypt plugin.
Admins are administrators of the forum and have access to all of the data. There’s lots of ways for admins to view message contents without it being logged:
- downloading a backup
- data explorer
- impersonation
- creating API keys
To fully protect users the best solution is to use encrypted messaging. If you don’t trust your admins, they shouldn’t be admins.