Confidentiality

Azure Cognitive Services Translator is a cloud-based machine translation service and is part of the Azure Cognitive Services family of cognitive APIs for building intelligent apps. Customer data submitted for translation to Azure Cognitive Services Translator (both standard and custom models), Speech service, the Microsoft Translator Speech API, and the text translation features in Microsoft Office products are not written to persistent storage. There will be no record of the submitted text or voice, or any portion thereof, in any Microsoft data center. The audio and text will not be used for training purposes either.

The free Microsoft Translator end-user products for which voice clips and text translations are recorded for service improvements purposes are listed below.

• Microsoft Translator apps
• Translator for Bing
• Microsoft Edge
• Web Translator

Please refer to the Translator Privacy Statement to learn about the protections for your data that are in place with or without no trace.

The documents you upload using Custom Translator (portal or APIs) are stored encrypted in your workspace. If you signed up for a Translator subscription with customer-managed keys, you may use it by associating your Translator subscription with a new workspace in Custom Translator. Custom Translator uses your uploaded documents exclusively to provide your personalized translation system and does not use it for any other purpose. The documents you upload to Custom Translator will be stored in the Azure region you selected when you created your Translator key until you delete them or until your account expires.

You may invite whoever you like into the workspace, identified by an email address and authenticated with a Microsoft Account. You are responsible for initiating and controlling such sharing. The people you designate as co-owner have the same access to your training material and training runs that you have. Microsoft will not share the data with anyone else.

Translation requests to your custom models via Translator on Azure are no trace— there will be no record of the submitted text, or portion thereof, in any Microsoft data center.

Translator has received the following compliance certifications:

CSA STAR: The Cloud Security Alliance (CSA) defines best practices to help ensure a more secure cloud computing environment, and to helping potential cloud customers make informed decisions when transitioning their IT operations to the cloud. The CSA published a suite of tools to assess cloud IT operations: the CSA Governance, Risk Management, and Compliance (GRC) Stack. It was designed to help cloud customers assess how cloud service providers follow industry best practices and standards, and comply with regulations. Translator has received CSA STAR Attestation. Learn more about CSA STAR

FedRAMP: The US Federal Risk and Authorization Management Program (FedRAMP) attests that Microsoft Translator adheres to the security requirements needed for use by US government agencies. The US Office of Management and Budget requires all executive federal agencies to use FedRAMP to validate the security of cloud services. Translator is rated as FedRAMP High in both the Azure public cloud and the dedicated Azure Government cloud. Learn more about FedRAMP

GDPR: The General Data Protection Regulation (GDPR) is a European Union regulation regarding data protection and privacy for individuals within the European Union and the European Economic Area. Translator is GDPR compliant as a data processor. Learn more about GDPR

HIPAA: The Translator service complies with the US Health Insurance Portability and Accountability Act (HIPAA) Health Information Technology for Economic and the Clinical Health (HITECH) Act, which govern how cloud services can handle personal health information. This ensures that the health services can provide translations to clients knowing that personal data is kept private. Translator is included in Microsoft’s HIPAA Business Associate Agreement (BAA). Health care organizations can enter into the BAA with Microsoft to detail each party’s role in regard to security and privacy provisions under HIPAA and HITECH. Learn more about HIPAA compliance

HITRUST: The Health Information Trust Alliance (HITRUST) created and maintains the Common Security Framework (CSF), a certifiable framework to help healthcare organizations and their providers demonstrate their security and compliance in a consistent and streamlined manner. Translator is HITRUST CSF certified. Learn more about HITRUST

ISO: Translator is ISO certified with five certifications applicable to the service. The International Organization for Standardization (ISO) is an independent nongovernmental organization and the world’s largest developer of voluntary international standards. Translator’s ISO certifications demonstrate its commitment to providing a consistent and secure service. Translator’s ISO certifications are:

• ISO 27001 Information Security Management Standards
• ISO 9001:2015 Quality Management Systems Standards
• 27018:2014 Code of Practice for Protecting Personal Data in the Cloud
• 20000-1:2011: Information Technology Service Management
• ISO 27017:2015: Code of Practice for Information Security Controls

PCI: Payment Credit Industry (PCI) is the global certification standard for organizations that store, process or transmit credit card data. Translator is certified as compliant under PCI DSS version 3.2 at Service Provider Level 1. Learn more about PCI

SOC: The American Institute of Certified Public Accountants (AICPA) developed the Service Organization Controls (SOC) framework, a standard for controls that safeguard the confidentiality and privacy of information stored and processed in the cloud, primarily in regard to financial statements. Translator is SOC type 1, 2, and 3 compliant. Learn more about SOC Compliance

US Department of Defense (DoD) Provisional Authorization: US DoD Provisional Authorization enables US federal government customers to deploy highly sensitive data on in-scope Microsoft government cloud services. Translator is rated at Impact Level 4 (IL4) in the government cloud. Impact Level 4 covers Controlled Unclassified Information and other mission-critical data. It may include data designated as For Official Use Only, Law Enforcement Sensitive, or Sensitive Security Information. Learn more about US Department of Defense (DoD) Provisional Authorization

The Translator service is subject to annual audits on all of its certifications to ensure the service continues to be compliant. View more information about Microsoft’s commitment to compliance in Cognitive Service’s compliance and privacy page and the Microsoft Trust Center

Translation, or use of a document for training on the Microsoft Translator Hub and on Custom Translator, does not alter the ownership of the intellectual property contained therein.