Customer data submitted for translation through Microsoft Speech, the Microsoft Translator Text API, the Microsoft Translator Speech API, and the text translation features in Microsoft Office products are not written to persistent storage. There will be no record of the submitted text, or portion thereof, in any Microsoft data center. The audio and text will not be used for training purposes either.
The free Microsoft Translator end-user products for which audio and text translations are recorded for service improvements purposes are listed below. Please refer to the Microsoft Translator Privacy Statement to learn about the protections for your data that are in place with or without no trace.
The material you use for training using Custom Translator is stored encrypted in your workspace. Custom Translator uses your submitted documents exclusively to provide your personalized translation system and does not use it to improve the Translator service, or for any other purpose. The documents you upload to Custom Translator will be stored in Europe and in the United States until you delete them or until your account expires.
You may invite whoever you like into the workspace, identified by an email address and authenticated with a Microsoft Account. You are responsible for initiating and controlling such sharing. The people you designate as co-owner have the same access to your training material and training runs that you have. Microsoft will not share the data with anyone else.
Microsoft Translator has received the following compliance certifications:
CSA STAR: The Cloud Security Alliance (CSA) defines best practices to help ensure a more secure cloud computing environment, and to helping potential cloud customers make informed decisions when transitioning their IT operations to the cloud. The CSA published a suite of tools to assess cloud IT operations: the CSA Governance, Risk Management, and Compliance (GRC) Stack. It was designed to help cloud customers assess how cloud service providers follow industry best practices and standards, and comply with regulations. Microsoft Translator has received CSA STAR Attestation. Learn more about CSA STAR
FedRAMP: The US Federal Risk and Authorization Management Program (FedRAMP) attests that Microsoft Translator adheres to the security requirements needed for use by US government agencies in the public Azure cloud. The US Office of Management and Budget requires all executive federal agencies to use FedRAMP to validate the security of cloud services. FedRAMP attestation for Microsoft Translator in the dedicated Azure Government cloud is forthcoming. Learn more about FedRAMP
GDPR: The General Data Protection Regulation (GDPR) is a European Union regulation regarding data protection and privacy for individuals within the European Union and the European Economic Area. Microsoft Translator is GDPR compliant as a data processor. Learn more about GDPR
HIPAA: The Microsoft Translator service complies with the US Health Insurance Portability and Accountability Act (HIPAA) Health Information Technology for Economic and the Clinical Health (HITECH) Act, which govern how cloud services can handle personal health information. This ensures that the health services can provide translations to clients knowing that personal data is kept private. Microsoft Translator is included in Microsoft’s HIPAA Business Associate Agreement (BAA). Health care organizations can enter into the BAA with Microsoft to detail each party’s role in regard to security and privacy provisions under HIPAA and HITECH. Learn more about HIPAA compliance
HITRUST: The Health Information Trust Alliance (HITRUST) created and maintains the Common Security Framework (CSF), a certifiable framework to help healthcare organizations and their providers demonstrate their security and compliance in a consistent and streamlined manner. Microsoft Translator is HITRUST CSF certified. Learn more about HITRUST
ISO: Microsoft Translator is ISO certified with five certifications applicable to the service. The International Organization for Standardization (ISO) is an independent nongovernmental organization and the world’s largest developer of voluntary international standards. Translator’s ISO certifications demonstrate its commitment to providing a consistent and secure service. Microsoft Translator’s ISO certifications are:
- ISO 27001 Information Security Management Standards
- ISO 9001:2015 Quality Management Systems Standards
- 27018:2014 Code of Practice for Protecting Personal Data in the Cloud
- 20000-1:2011: Information Technology Service Management
- ISO 27017:2015: Code of Practice for Information Security Controls
PCI: Payment Credit Industry (PCI) is the global certification standard for organizations that store, process or transmit credit card data. Translator is certified as compliant under PCI DSS version 3.2 at Service Provider Level 1. Learn more about PCI
SOC: The American Institute of Certified Public Accountants (AICPA) developed the Service Organization Controls (SOC) framework, a standard for controls that safeguard the confidentiality and privacy of information stored and processed in the cloud, primarily in regard to financial statements. Microsoft Translator is SOC type 1, 2, and 3 compliant. Learn more about SOC Compliance
The Microsoft Translator service is subject to annual audits on all of its certifications to ensure the service continues to be compliant. View more information about Microsoft’s commitment to compliance in Cognitive Service’s compliance and privacy page and the Microsoft Trust Center
Copyright and Intellectual Property
Translation, or use of a document for training on the Microsoft Translator Hub and on Custom Translator, does not alter the ownership of the intellectual property contained therein.