Discord Age Verification Data in UK Now Leaves Devices: Temporary Storage and Facial Data Changes Spark Privacy Concerns

Discord has informed UK users that their age verification selfies and data “may be part of an experiment” in which this sensitive information actually leaves their phones, is processed by third-party vendor Persona, and stored for up to seven days, contradicting its original promise that “video selfies submitted for facial age estimation will never leave a user’s device.”

Discord’s updated UK age verification policy has sparked user concerns after the company revealed that, for some British users, their personal information is temporarily uploaded and stored by external provider Persona, rather than being processed exclusively on their devices. This shift comes amid Discord’s global expansion of mandatory age verification, moving away from its earlier assurance that facial age estimation data would remain strictly on users’ phones.

Key Changes: From Device-Only Processing to Third-Party Data Handling

Originally, Discord’s official FAQ stated: “Video selfies submitted for facial age estimation will never leave a user’s device.” The company further assured users that “all identification documents submitted to its vendor partners for processing will be deleted quickly; in most cases, immediately after age confirmation.” This approach was designed to limit the exposure of sensitive personal data, such as facial biometrics and digital identification documents, during verification”.

However, as part of a new trial affecting UK users, Discord has now updated its policy and FAQ. UK users “may be part of an experiment” requiring submission of age data to Persona, an age-assurance vendor. Under these terms, the user’s information, including their selfie and date of birth, is sent to Persona’s servers, where it is “temporarily stored for up to 7 days, then deleted.”

The FAQ specifies that during this process, “all details are blurred except your photo and date of birth, so only what’s truly needed for age verification is used.”

• Original Policy for Facial Age Estimation: “Video selfies submitted for facial age estimation will never leave a user’s device.”
• New UK Policy (Persona experiment): “Your information will now be temporarily stored for up to 7 days, then deleted.”
• Data Handling Detail: “All details are blurred except your photo and date of birth, so only what’s truly needed for age verification is used.”

Background: Discord’s Global ‘Teen-by-Default’ Age Verification Expansion

Last week, Discord announced a mandatory, phased global rollout of age verification, framing the change as part of its new “teen-by-default” experience. This worldwide update, beginning early March 2026, aims to make all settings, channels, and content on Discord appropriate for teenagers by default unless users successfully complete age verification.

• Mandatory Age Verification: All new and existing users worldwide must verify their age to access sensitive content, age-gated channels, certain app commands, and bypass filters.
• Verification Methods: Users can verify through facial age estimation (video selfie) or submission of an identification document.
• Previous UK/Australia Policy: Without age verification, users cannot access age-gated features or receive direct messages from unknown users.

This transition reportedly stems from attempts to address users bypassing Discord’s previous partner, k-ID, through workarounds. While Discord explicitly assures users that “Discord and k-ID do not permanently store personal identity documents or your video selfies, and the video selfie used for facial age estimation never leaves your device,” no equal assurance is given for the Persona experiment affecting UK users.

The new arrangement has generated privacy anxiety, especially regarding the involvement of Persona as the verification vendor. Persona, whose investors include the Fund of Palantir founder Peter Thiel, is controversial among privacy advocates due to Palantir’s government data contracts and Thiel’s repeated citations in the Epstein files. The announcement of this partnership, and the lack of concrete data retention commitments in Discord’s new UK experiment, have escalated scrutiny. Some users have directly voiced discomfort with the backing of Persona’s investment partners, citing privacy and surveillance worries.

The underlying issue is compounded by recent security lapses. In October, Discord confirmed that a third-party customer support system used by its staff was hacked, exposing some user data, including government IDs. UK users now fear that their selfies and sensitive data may be at greater risk while the Persona experiment is underway.

• Vendor Detail: Persona is the age assurance vendor conducting the UK processing experiment.
• Data Retention: “Temporarily stored for up to 7 days, then deleted.”
• Data Minimisation: “All details are blurred except your photo and date of birth.”
• Concerns Raised: Persona’s investors include Peter Thiel’s fund (Palantir founder).
• Recent Security Incident: Discord customer service firm hack exposed user data, including government IDs (October 2025).

This new phase in Discord’s age verification policy represents a significant operational shift for millions of UK users. Despite reassurances on data blurring and short-term storage, the absence of the original device-only data guarantee and the involvement of surveillance-linked investors have created a groundswell of user concern and calls for more transparency.