Privacy at Microsoft

A woman standing at a desk in an office, logging in to her laptop.
Microsoft believes privacy is a fundamental human right. We are committed to providing you with products, information, and controls that allow you to choose how data is collected and used.

Protecting your data is our highest priority

When you use Microsoft business cloud services, you are entrusting us with your most valuable asset—your data. You trust its privacy will be protected and that it will only be used in a way that’s consistent with your expectations.

Our time-tested approach to privacy is grounded in our commitment to give you control over the collection, use, and distribution of your customer data. We are transparent about the specific policies, operational practices, and technologies that help ensure the privacy of your data in Microsoft business cloud services.

PRIVACY CONSIDERATIONS IN THE CLOUD

Our commitment to GDPR

As part of our ongoing commitment to privacy, we made a number of investments and improvements to our data handling practices to support GDPR and the privacy rights of individuals.

LEARN MORE

Built-in privacy

The Security Development Lifecycle (SDL) and Privacy Statement provide additional detail on our development process and transparent approach to keeping your data private.

Microsoft Security Development Lifecycle (SDL): privacy requirements are defined and integrated in the SDL, the software development process that helps developers build more secure products and services. The SDL helps address data protection and privacy requirements including effective privacy reviews of each release of a Microsoft product or service.

Microsoft Online Services Privacy Statement puts our commitment in writing and details Microsoft data protection policies and practices in clear, straightforward language.

Microsoft contractual commitments back our privacy best practices

Microsoft makes broad contractual commitments to business in our Online Services Terms. Microsoft will use customer data only to provide the services agreed upon, and for purposes compatible with providing those services. We do not use customer data or derive information from it for advertising.

Furthermore, we will not disclose customer data hosted in Microsoft business services to a government agency unless required by law. If law enforcement demands customer data, we will attempt to redirect the agency to request that data directly from the customer. If we are compelled to disclose customer data to law enforcement, we promptly notify the customer and provide a copy of the demand, unless legally prohibited from doing so.

In addition, we make specific, contractual, privacy-related commitments:

ISO/IEC 27018:2014 EU MODEL CLAUSES

Our primary privacy principles

Graphic icon of three slider switches to represent control
Control

We will put you in control of your privacy with easy-to-use tools and clear choices.

Graphic icon of an eye that is wide open.
Transparency

We will be transparent about data collection and use so you can make informed decisions.

Graphic icon of a shield with an exclamation point in the middle
Security

We protect your data with strong security and encryption. To learn more, visit Microsoft Security.

Graphic icon representing a document box with a shield on the front
Strong legal protections

We will respect your local privacy laws and fight for legal protection of your privacy as a right.

Graphic icon of a person centered between four corners to represent a target
No content-based targeting

We will not use your email, chat, files, or other personal content to target ads to you.

Graphic icon of a line graph with an arrow representing an upward trend
Benefit to you

When we do collect data, we will use it to benefit you and to make your experiences better.

How Microsoft manages data

You own your data

Customer data is only used to provide agreed upon services and if you leave the data is removed.

Where your data is located

Need to maintain data in a specific location, such as the EU? Rely on our network of datacenters.

Who has access to data

Access your own data at any time for any reason knowing it’s protected from inappropriate access.

Government requests

See the report we publish twice a year on the number of legal demands we receive for customer data.

Our approach to reporting

Make informed choices about our products and services, and evaluate our CSR commitments.

Protecting your privacy

Read how Microsoft won a court case to protect email from search warrants.

We offer a policy roadmap—a set of 78 recommendations in 15 policy categories—as the foundation for a regulatory environment that leads to a trusted, responsible, and inclusive cloud.

LEARN MORE

Additional privacy resources

Graphic icon of a padlock with a white circle in the middle
Privacy at Microsoft
Graphic icon with two rectangular shapes representing documents, the one in front with horizontal lines representing information
Microsoft Online Services Privacy Statement
Graphic icon representing a person wearing a headset with a microphone
Online Services Terms
Graphic icon representing a device screen with information flowing from the screen to the cloud
Protecting data and privacy in the cloud
Graphic icon with three rectangular shapes representing two computers and a monitor with a checkmark symbol
GDPR Overview
Graphic icon of three stacked rectangular boxes with checkmarks
Ask your cloud provider about compliance