> The ID is immediately deleted. We do not keep any information around like your name, the city that you live in, if you used a birth certificate or something else, any of that information.

This is also contradicted by what Discord actually says:

> Quick deletion: Identity documents submitted to our vendor partners are deleted quickly— in most cases, immediately after age confirmation.

What are the non-most cases?

> The ID is immediately deleted. We do not keep any information around like your name, the city that you live in, if you used a birth certificate or something else, any of that information.

Everyone says this, including the TSA. But they never say they don't keep a hash, or an eigenvector of your biometric. Which is equally as important.

I believe the original finding was that they were not deleting IDs that were involved in disputes.

They explained it in their announcement at https://discord.com/press-releases/update-on-security-incide...

TL;DR: The IDs were used in age-related appeals. If someone's account was banned for being too young they have to submit an ID as part of the appeal. Appeals take time to process and review.

Discord has 200,000,000 users and age verification happens a lot due to the number of young users and different countries.

And do they really actually delete it this time?

Until we have some kind of "One Time ID Verification" service that would work, the ID will never be deleted. Or a hash of the info or some kind of identifiable info.

> The ID is immediately deleted.

I call it bollocks. Likely they have to keep it for audit and other purposes.

They're a nonsense company, and trusting them with any information is foolish. They'll store everything and anything, because data is valuable, and won't delete anything unless legally compelled to and held accountable by third party independent verification. This is the default.

The purpose of things is what they do. They're an adtech user data collection company, they're not a user information securing company.

>Why they didn't do that the first time?

The company they hired to do the support tickets archived them, including attachments, rather than deleting them.

Compliance

Sigh, I guess it's time to move platforms again or get your identity stolen. The more a company makes a fuss about trusting users, the more likely they store all of their shit in plaintext with vibe coded server security.

Liars…

[dead]