I’m looking for a complete list of what personal data Discourse collects, for example first name, last name, email, user principle name, location, etc. Also, I need to know firstly who can view and secondly who can edit this information. I’m trying to onboard Discourse in my organization.

[image] Gavin Hudson: I’m looking for a complete list of what personal data Discourse collects, for example first name, last name, email, user principle name, location, etc. I don’t think there is a definitive list anywhere. Maybe there should be one. The problem with listing what personal d…

[image] simon: I think that covers everything Discourse also stores (top of my head, not complete) IP addresses for anonymous visits. email headers for incoming emails including IP addresses and email agents the browser that was used profiles that have been viewed posts that have been read i…

If you have a new discourse install the privacy policy is a staff-only topic that only an administrator can edit, to post specifically what data your site collects and how that is managed. If you need for this to be in compliance with gdpr they say best to consult with lawyers for making sure everyt…

[image] simon: I don’t think there is a definitive list anywhere. Maybe there should be one. Yes there should. Because I’m from an EU country.

I don’t believe there is any more personal data collected automatically besides registration e-mail, IP, and statistics about reading/posting. However if any personal information is published in a bio or in forum posts moderators can edit that out, and hide revision history so the public can’t stil…

Some #plugin & #theme-component that maybe of interest. Personal Messages Are not a 100% private Admin can view, Moderators can view PM with a site setting change. Discourse has a plugin that enables peer 2 peer encryption. - If going with a paid hosting look to see if plugin is included. Se…

Thank you very much, @simon , @RGJ , @anon65426961 , @Jagster , and @Heliosurge ! This is really helpful.

What personal data is collected and who can read/edit it?

Support

Heliosurge (Dan DeMontmorency) September 23, 2023, 11:04pm 7

Some #plugin & #theme-component that maybe of interest.

Personal Messages

Are not a 100% private Admin can view, Moderators can view PM with a site setting change.

Discourse has a plugin that enables peer 2 peer encryption. - If going with a paid hosting look to see if plugin is included. Self-Hosted cinsider installing:

#theme-component to Consider

The cookie consent Banner might not be enough for GDPR. You would need to check with local laws. @Jagster might have sine info on this and/or suggestions for #theme-component & #plugin to consider.

Topic		Replies	Views
Issue about personal information list Support	2	92	February 27, 2025
Understanding PII storage in Discourse Site Management	0	135	December 4, 2025
GDPR and anonymizing personal data Community Building gdpr , privacy	75	19701	December 1, 2018
Disable DM visibility from Admins Support	7	870	September 16, 2022
Where in Discourse can users publicly share PII? Site Management privacy , reference	0	110	December 11, 2025

What personal data is collected and who can read/edit it?

Personal Messages

#theme-component to Consider

Related topics