Your Privacy Matters

Your Privacy Matters

We respect the privacy of your data.

Privacy is one of the foundations of Trustworthy Computing at Microsoft. We have a longstanding commitment to privacy, which is an integral part of our product and service lifecycle. We work to be transparent in our privacy practices, offer customers meaningful privacy choices, and responsibly manage the customer data we handle.

The Microsoft Privacy Principles, our specific privacy statements, and our internal privacy standards guide how we collect, use, and protect customer data. General information about Microsoft’s approach to privacy is available from the Microsoft Privacy Web site.

Data collection & use limits

Microsoft Customer Service and Support (“CSS”) collects and uses enterprise customer data for the purpose of providing support services.

The following chart outlines the various ways we may collect data, and provides examples of the types of data collected:

Means of CollectionExamples of Enterprise Data Collected
Phone or Online ChatWhen a customer contacts CSS, he or she may provide us with data such as name, phone number, email address, and a description of the support issue.
Remote Access (“RA”)Accessing customer systems remotely with customer permission via a Microsoft approved tool to view desktop or server configurations over an encrypted channel so as to resolve support issues.
Secure File Transfer tool ("SFT")Receipt of customer data via Microsoft's "SFT", if support issues cannot be resolved by remote access. Resolution may require that the customer upload data via the encrypted SFT tool, such as system configuration or trace data.
Automated TroubleshooterAutomated Troubleshooter may extract data about hardware, software, and other details related to the support incident, such as contact or authentication data, chat session personalization, data about the condition of the computer and the application when the fault occurred and during diagnostics, system and registry data about software installations and hardware configurations, and error-tracking files.
RecordingsPhone conversations, online chat sessions, or RA sessions with support professionals may be recorded and/or monitored. For RA, customers may also access the recording after the session.

CSS may use this customer data in the following ways:


 Customer Contact DataCustomer DataCustomer Private Data
Providing SupportYesYesYes, only as necessary
Improving SupportYesYesNo
Communications (Advice, Surveys, Security Bulletins)Yes1NoNo
Voluntary Disclosure to Law EnforcementNoNoNo

1Following a support incident, we may send you a survey about your experience. We may also send service communications such as information on technical service issues, and security announcements.

2Advertising is the promotion of third party goods and services within the service, or the transfer of data about our customers to third parties for the purposes of such advertising.

Definitions of the types of customer data we collect

  • Customer Contact Data – Personal data limited to business contact details of any employee of a customer who is contacting CSS regarding the services being provided to the customer (e.g., name, email, phone number of customer’s business representative).

  • Customer Data - means all other data, including all text, sound, software, or image files that are provided to CSS by or on behalf of customer in connection with support service.

  • Customer Private Data – Sub-set of customer data that, if exposed, may lead to security vulnerabilities (e.g. passwords, certificates) or identity theft (e.g., billing or financial info), or information that may be used in a discriminatory manner (i.e., health information). This information is generally not sent to CSS or is sent with increased security.

Frequently asked questions

As a valued Microsoft customer, you have entrusted us to help protect your data and your information. We value this trust, and the privacy and security of your data is one of our top concerns. That is why we do not request or accept your account credentials to troubleshoot issues on your behalf. Because the protection of your data is so important to us, should such information be sent to us a part of a support transaction, we will also request that you delete the account credentials you send us.

Customers around the world have serious questions and concerns as a result of recent disclosures about government surveillance. We share many of these concerns. We are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data. Regardless of whether all of these reports are true and completely accurate – and many of the initial reports were not – there’s no question that trust in the security and privacy of online communications has been undermined. We take our customers’ privacy - and earning their trust - seriously and we have clear principles for managing and securing this data. It is the right thing to do and it is in our own business interest. Please visit this link to read more about Microsoft’s position on this topic of Government access to data.

We believe that our customers should control their own data to the greatest extent possible. Accordingly, if a government entity, such as law enforcement, approaches CSS directly for data stored on behalf of our customers, we will first redirect the entity to the customer to afford it the opportunity to determine how to respond.

We will endeavor to only release data to such entities when we are legally required to do so, and we will limit the data we disclose to only the data required to comply with the legal request. Finally, we will use commercially reasonable efforts to notify a business customer in advance of any production, unless legally prohibited from doing so.

We prohibit secondary use of Customer Data, such as use for advertising purposes. For example, our sales and marketing personnel are not allowed to access the CSS case management tools to assist with marketing. The prohibition against secondary use of Customer Data is enforced through policy, training and access controls.

We do not transfer data about our customers to third parties for the purposes of advertising.

Related resources

Business Support Trust Center - Home