EDIT 13th October: Discord is dealing with a catastrophic breach that exposed 1.5 terabytes of user data, including selfies, government IDs, emails, and phone numbers from roughly 70,000 people, after hackers compromised customer service vendor Zendesk and began leaking files to extort the company. 404 Media has more here.
If you care about privacy, your safest mainstream bet in 2025 is Discord — while Meta’s apps and TikTok remain the riskiest.
That’s the headline from Incogni’s new audit of the 15 most-used social platforms, scored across AI practices, fines and breaches, data collection, user control, transparency, and ease of managing your account.
Data came from policies and privacy resources collected between August 15–29, 2025, with web pages archived September 8–14, 2025.
The leaderboard (overall)
Least privacy-invasive: 1) Discord, 2) Pinterest, 3) Quora
Most privacy-invasive: Facebook, WhatsApp, Instagram, Messenger (all Meta) + TikTok
What changed from 2024? Reddit, last year’s winner, fell after Incogni added AI-related criteria. Discord climbed to #1 largely because it doesn’t use or permit user data for generative-AI training.
The AI turn: why 2025 looks different
This year’s ranking pivots on how platforms integrate AI and whether user data feeds those models. Telegram, Twitch, and Discord do not appear to create a legal basis for training their own generative models on user data, nor do they declare an intent to provide such data to others.
By contrast, Meta’s platforms, YouTube, Snapchat, Pinterest, X, and LinkedIn indicate that user data may be used to train AI models.
Several services give users some agency here: Snapchat, Pinterest, X, Quora, and LinkedIn offer opt-outs. TikTok is both unclear about training and lacks a described opt-out mechanism. Reddit does not seem to allow users to opt out of its external data-sharing deals for model training. Within Meta’s family, WhatsApp stands out — its policies indicate that if a user doesn’t interact with Meta AI, their data won’t be used to develop or improve it.
This AI lens explains much of the movement on the leaderboard. Discord’s stance on model training helped it overtake last year’s leaders, while platforms that signal broader use of user data for AI took a hit.
What’s collected, what’s kept, and who it’s shared with
Beyond AI, the raw volume and sensitivity of data collection matter. On Android, Facebook and Instagram interact with 37 of 38 possible data types, followed by LinkedIn with 31 and Pinterest and YouTube with 27 each. At the lighter end, Telegram interacts with 9 data types and WhatsApp with 15.
Sensitive personal information can be collected and processed by Discord, Twitch, LinkedIn, Snapchat, TikTok, YouTube, and Meta’s products (except WhatsApp). LinkedIn is the only platform indicating it could collect users’ race or ethnicity data; Meta’s products (except WhatsApp) and LinkedIn may collect sexual orientation and health information.
Policy disclosures under the CCPA add another layer. Several platforms’ policies can be interpreted as sharing data—including YouTube, Pinterest, X, Quora, LinkedIn, and Twitch—while only Pinterest indicates practices that could be interpreted as the sale of data.
When users initiate account deletion, timelines are not always transparent. TikTok does not provide a readily available answer, Telegram doesn’t specify duration despite enabling privacy-friendly deletion methods, and Reddit removed a previously stated timeframe. While most platforms note that some records must be retained for legal reasons, the lack of clear user-facing timelines makes it harder to assess how quickly data truly disappears after a deletion request.
Fines, breaches, and government requests
Regulatory history is a strong signal of risk.
Across Europe, data protection bodies have fined TikTok four times; Facebook four times; WhatsApp, Instagram, and YouTube twice each; and Discord and LinkedIn once each. In the US, the Federal Trade Commission has charged Facebook, YouTube, TikTok, Snapchat, and X (Twitter) for privacy-related transgressions.
Security incidents are widespread: ten of the fifteen platforms suffered at least one breach. Notable examples include Instagram’s 2017 API bug that exposed celebrities’ contact details, Quora’s 2019 incident affecting approximately 100 million users, Twitch’s 2021 exfiltration of personally identifiable information and source code, and Snapchat’s 2016 compromise via employee-targeted phishing.
Read more: Leading with empathy to fight social injustice with Iva Gumnishka from Humans in The Loop
Transparency toward governments varies, too. Among platforms with available figures, X discloses information in response to 51% of government requests, followed by LinkedIn at 53% and Pinterest at 54%. The highest disclosure rates are Snapchat at 82%, followed by Meta at 78% and Discord at 77.4%.
Some services are penalized for missing or inaccessible information: Telegram, Quora, and Twitch lack global disclosure statistics; YouTube, TikTok, Telegram, and X (Twitter) lack CCPA-style addendums. Meta’s products were also penalized for not publishing per-app government-request breakdowns.
How much can you control your privacy?
What users can actually configure — without a law degree — often decides real-world privacy.
Pinterest leads on user control and consent thanks to comprehensive opt-outs and a small data footprint under strict settings; Telegram ranks second due to strong defaults and minimal signup data. TikTok, Messenger, and WhatsApp perform worst here because of heavier collection at signup and less privacy-friendly defaults.
For those minimizing their public footprint, several chat-centric services let you restrict visibility to contacts only — WhatsApp, Telegram, Messenger, and Pinterest perform best — while Facebook, YouTube, Instagram, TikTok, Quora, and Snapchat typically still show at least a profile picture and username even at the strictest settings.
Usability matters as well. Snapchat, X, and Discord tie for first on user-friendliness, with relatively legible policies and simple account-deletion flows. Policies rated easier to read (by the Dale-Chall formula) include WhatsApp, Snapchat, Telegram, LinkedIn, and Discord, while many others land at a “college graduate” difficulty level that impedes informed consent.
What this means for users
If your platform offers an AI-training opt-out, on Snapchat, Pinterest, X, Quora, or LinkedIn — enable it. Provide the minimum data at signup, audit app permissions on heavy collectors like Meta’s apps, LinkedIn, and YouTube, and locate the delete-account option so you understand how long removal might take.
As AI becomes a central privacy variable, the platforms most explicit about limits, and about your ability to say no, are the ones shifting upward in 2025.
For full report check Incogni’s page.
