User Consent

Discord Forum API includes a built-in consent system to respect user privacy. This guide explains how it works and how to configure it.

Why Consent Matters

When syncing Discord content to an external database:

• GDPR compliance: EU users have rights over their data
• User trust: Transparency builds community trust
• Platform ToS: Discord’s terms require respecting user privacy
• Ethical practice: Users should control their data visibility

Note

Even in public Discord channels, users may not expect their content to appear on external websites.

How It Works

Default Behavior

By default, Discord Forum API:

1. Syncs all public content from forum channels
2. Respects Discord’s visibility settings (private channels aren’t synced)
3. Stores metadata about all messages
4. Exposes content only from consented users (if enabled)

Consent System

When the consent system is enabled:

User Status	Content Visibility	Metadata Stored
Opted In	Full content visible	Yes
Opted Out	Content hidden, shows “[Content hidden]“	Yes
No Response	Depends on DEFAULT_CONSENT setting	Yes

Configuration

Environment Variables

# Enable consent system
ENABLE_CONSENT=true

# Default consent for new users (true = opt-in by default)
DEFAULT_CONSENT=true

# How to handle opted-out content
CONSENT_HIDE_MODE=placeholder  # or "remove"

Consent Modes

Mode	Behavior
placeholder	Shows “[Content hidden by user]“
remove	Completely excludes from API responses

User Commands

Users can manage their consent via Discord slash commands:

Opt In

/consent opt-in

Grants permission to display their content on external sites.

Opt Out

/consent opt-out

Hides their content from API responses.

Check Status

/consent status

Shows current consent status.

API Behavior

With Consent System Disabled

All synced content is returned:

{
  "messages": [
    {
      "id": "123",
      "content": "This is the full message content",
      "author": {
        "username": "user123",
        "avatar": "abc123"
      }
    }
  ]
}

With Consent System Enabled

For opted-out users (placeholder mode):

{
  "messages": [
    {
      "id": "123",
      "content": "[Content hidden by user]",
      "author": {
        "username": "user123",
        "avatar": null,
        "consentStatus": "opted_out"
      }
    }
  ]
}

For opted-out users (remove mode):

{
  "messages": [
    // Message from opted-out user not included
  ]
}

Implementation Guide

Displaying Content

When building a frontend, handle consent gracefully:

function renderMessage(message) {
  if (message.author.consentStatus === 'opted_out') {
    return (
      <div className="message hidden-content">
        <span className="author">Anonymous</span>
        <p className="content muted">{message.content}</p>
      </div>
    );
  }

  return (
    <div className="message">
      <img src={getAvatarUrl(message.author)} alt="" />
      <span className="author">{message.author.username}</span>
      <p className="content">{message.content}</p>
    </div>
  );
}

Informing Users

Add a notice to your site explaining the consent system:

## Privacy Notice

This site displays content from our Discord community.
- Your Discord messages may appear here if you've opted in
- Use `/consent opt-out` in Discord to hide your content
- Use `/consent opt-in` to make your content visible again

Best Practices

1. Enable Consent by Default

For public-facing sites, enable the consent system:

ENABLE_CONSENT=true
DEFAULT_CONSENT=false

This requires explicit opt-in from users.

2. Communicate Clearly

Inform your Discord community:

• Pin a message explaining the integration
• Add channel topic mentioning content syncing
• Include privacy info in server guidelines

3. Provide Easy Controls

Make it simple for users to:

• Check their current status
• Change their preference
• Understand what data is shared

4. Respect Choices

Never:

• Store opted-out content in a visible way
• Share opted-out user information
• Make opting out difficult or confusing

Legal Considerations

Caution

This is not legal advice. Consult a lawyer for compliance requirements in your jurisdiction.

GDPR (EU)

Key requirements:

• Lawful basis: Legitimate interest or consent
• Right to erasure: Users can request data deletion
• Transparency: Clear privacy policy
• Data minimization: Only store necessary data

CCPA (California)

Key requirements:

• Right to know: Users can request their data
• Right to delete: Users can request deletion
• Opt-out rights: For sale of personal information

Implementation Checklist

• Consent system enabled
• Privacy policy published
• Data retention policy defined
• Deletion process documented
• User communication plan

Data Retention

Configure how long to retain data:

# Delete opted-out user data after X days (0 = never auto-delete)
CONSENT_RETENTION_DAYS=30

Manual Data Deletion

To delete a user’s data:

# Using the CLI
pnpm db:studio
# Then delete records for user ID

Or via API (if admin endpoints are enabled):

curl -X DELETE http://localhost:3000/api/admin/users/USER_ID \
  -H "Authorization: Bearer ADMIN_TOKEN"

Troubleshooting

User says they opted out but content still visible

• Check database for consent record
• Verify ENABLE_CONSENT=true is set
• Clear API cache if enabled
• Check for multiple Discord accounts

Consent commands not working

• Verify bot has applications.commands scope
• Check slash commands are registered
• Review bot permissions in channel

Metadata still stored for opted-out users

This is expected behavior. Metadata (message ID, timestamp, etc.) is stored for:

• Maintaining thread structure
• Analytics and statistics
• Audit purposes

Content is hidden, but existence of messages is preserved.