Privacy: It’s all about you

We are committed to ensuring the privacy of organizations through our contractual agreements and by providing user control and transparency.

A woman standing at a desk in a conference room, touching a large Surface device monitor.

Privacy is a fundamental human right. “We are committed to providing products, information, and controls that let you choose how your data is collected and used.” Brad Smith, President & Chief Legal Officer

Learn more

Our commitment to privacy

Controlled by you

We commit to strong privacy protections through greater user control and transparency.

No data profiling

We won’t share or use your data for marketing, advertising, or other commercial purposes.

Strong legal protection

We don’t provide governments with "back doors,” encryption keys, or assistance to break encryption.

GDPR for all customers

We extend General Data Protection Regulation (GDPR) data protection rights to all customers worldwide, not just in Europe.

Listening to customers

We actively collaborate with customers and regulators to foresee and shape compliance regulations.

Person leaning against a wall in a conference room using a laptop while three other people have a discussion around a table in the background.

Global data protection compliance

Microsoft offers a comprehensive set of compliance offerings to help your organization comply with national, regional, and industry-specific requirements governing the collection and use of data.

Learn about compliance offerings from Microsoft

Why OST and DPA are necessary

Establish our respective roles and responsibilities when processing and controlling data

Prohibit us from using data for commercial purposes without your express permission

Clarify our role as data controller for specific legitimate business operations, with limitations

The classifications of data set by the DPA

  • Customer data
  • Diagnostic data
  • Service generated data
  • Professional services data (which includes support data)

We protect all data as personal data as defined by the GDPR.

Read how Microsoft classifies data
Person sitting in a meeting looking at a laptop.

How Microsoft manages your data

You own your data

Customer data is only used to provide agreed upon services, and if you’re no longer a customer, the data is removed.

Where your data is located

Do you need to maintain data in a certain location, such as the EU? Rely on our network of datacenters.

Who has access to data

Access your own data at any time for any reason knowing it’s protected from inappropriate access.

Government requests

See the report we publish twice a year on the number of legal demands we receive for customer data.

Our approach to reporting

Make informed choices about our products and services, and evaluate our CSR commitments.

Protecting your privacy

Read how Microsoft won a court case to protect email from search warrants.

How we may, and may not, use your data

For service delivery

We may use your data to deliver the service as licensed, configured, and used by your employees and customers.

For troubleshooting

We may use your data to troubleshoot the service (for example, to prevent, detect, and repair problems).

For maintenance and improvement

We may use your data to maintain and improve the service (such as install updates and enhance reliability).

No user profiling

We may not build profiles of your users based on data and their use of our online services.

No advertising

We may not create ads based on your data or use of our online services.

No market research

We may not use your online usage patterns to research new functionality, products, or services.

Privacy resources to answer your questions

Privacy at Microsoft

Microsoft Online Services Privacy Statement

Online Services Data Protection Addendum (DPA)

Protecting data and privacy in the cloud

GDPR Overview

Ask your cloud provider about compliance