Your private messages on Substack are not encrypted end-to-end, meaning Substack can technically read them, and the people you message can keep copies of your messages permanently even if you delete them or close your account.
This analysis describes what Substack's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Users who assume their direct messages are private may not realize that Substack staff can access message contents and that deletion of messages or accounts does not guarantee the other party cannot retain them indefinitely.
Substack now discloses that it shares account identifiers, such as email addresses and usernames, with trusted industry child safety organizations to detect and prevent online child sexual exploitati…
This provision means that direct message content, including personally sensitive communications, is accessible to Substack personnel and cannot be fully retracted once sent, creating a persistent disclosure risk that users should factor into what they communicate on the platform.
Cross-platform context
See how other platforms handle Direct Messages Not End-to-End Encrypted and similar clauses.
Compare across platforms →Monitoring
Substack has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Please note that, at this time, direct messages are not end-to-end encrypted, and are not a substitute for secure messaging services. Direct messaging contents are disclosed to their intended recipients. The platform may restrict your access to direct messages received from other users when those users delete messages or block your account. Nevertheless, please note that — regardless of platform functionality or policy — recipients of direct messages may keep those messages even if you request their deletion, and even if you delete your Substack account.— Excerpt from Substack's Substack Privacy Policy
REGULATORY LANDSCAPE: This provision engages GDPR principles of data minimization and purpose limitation, as internal access to direct message content for broad purposes including 'providing our services' may require a documented legal basis under GDPR Article 6. The FTC may also evaluate the adequacy of consumer disclosure under Section 5 of the FTC Act if users reasonably expected private messaging. The UK GDPR applies equivalent obligations for UK users. GOVERNANCE EXPOSURE: High. The authorization for Substack personnel to access direct message contents for purposes as broad as 'as otherwise necessary to provide our services' is a wide internal access grant. While the policy discloses this access, the breadth of the purpose carve-out may not satisfy GDPR data minimization requirements, and the absence of end-to-end encryption is operationally significant for any user transmitting sensitive information. JURISDICTION FLAGS: EU and UK users have heightened rights under GDPR and UK GDPR regarding access to personal data, including message metadata and contents. California residents may have CCPA rights regarding the personal data embedded in direct messages. Illinois and New York users may have additional state-level privacy considerations depending on the nature of communications. CONTRACT AND VENDOR IMPLICATIONS: The disclosure that automated scanning is applied to direct messages for spam, malicious content, and child abuse material implies the involvement of third-party scanning services; compliance teams should verify that appropriate data processing agreements are in place for any third parties with access to message content, consistent with GDPR Article 28 requirements. COMPLIANCE CONSIDERATIONS: Legal teams should evaluate whether the current disclosure is sufficiently prominent at the point of first message send to constitute informed consent or adequate notice, particularly for EU users. Access logging and internal access control policies for direct message content should be reviewed and documented. Any automated scanning tools used on message content should be assessed as data processors under applicable frameworks.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Users who assume their direct messages are private may not realize that Substack staff can access message contents and that deletion of messages or accounts does not guarantee the other party cannot retain them indefinitely.
This provision means that direct message content, including personally sensitive communications, is accessible to Substack personnel and cannot be fully retracted once sent, creating a persistent disclosure risk that users should factor into what they communicate on the platform.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Substack.