WhatDoTheyCollect
Back to Home
Microsoft logo

Microsoft Privacy Summary

microsoft.comLast updated: 04/11/2026
Cloud Services
High Exposure

Microsoft is a technology company providing operating systems, cloud services, productivity apps, AI assistants (Copilot), search, and gaming platforms.

This summary was generated using AI and may contain errors or omissions. Learn about our methodology. Always refer to the original privacy policy for legal purposes.

Quick Summary

  • What They Collect: Account details, communications and stored files, device and diagnostic data, precise location, contacts, payment and demographic data.
  • How They Use & Share It: Used to operate and improve services, personalize content and ads, and shared with affiliates, service providers, ad partners, and payment processors; data brokers may be purchased for demographics.
  • Your Rights: You can access, correct, delete, export data, opt-out of sharing for personalized ads, and control cookies and some personalization settings.
Read the full privacy policy

Why You Should Care About Microsoft's Privacy Practices

  • Microsoft may use your conversations and files to train generative AI models unless you opt out, exposing content to model training and review.
  • Contact syncing uploads non-user contacts, creating shadow profiles for people who never consented to the service's data practices.
  • Behavioral profiling and purchased demographic data feed targeted advertising and personalization, affecting what you see and how you are categorized.
  • International transfers and broad sharing with advertising and service partners increase the surface area for data access and potential misuse.

Why High Exposure?

  • Policy allows using user conversations to train generative AI models unless you opt out, increasing exposure of content to model training.
  • The company shares many categories of personal data with advertising partners and purchases data from data brokers for targeting.
  • Contact syncing collects and stores non-user contact information, creating shadow profiles and privacy exposure for non-consenting individuals.
  • Data retention and combination practices vary by product and often lack a single clear, limited global retention timeline.
Learn more about our methodology →

Privacy Highlights

What They Collect

  • Account information
  • Profile information
  • User content and files
  • Payment information
  • Seller/financial data

How They Share Data

  • Business affiliates and subsidiaries
  • Service providers (hosting, payments, customer support)
  • Advertising partners / third parties that perform online advertising services
  • Payment processing providers

Data Retention

Retention varies by product: some content (e.g., email) stored until user deletes; opt-out cookies expire in five years; detailed timelines depend on product-specific policies and agreements.

Your Rights

  • Access data
  • Rectify data
  • Erase or limit processing
  • Object to processing (opt-out of sharing for personalized advertising)

Detailed Analysis

Concerning Practices

  • Uses user conversations and prompts to train AI models in certain markets unless user opts out
  • Manual review of AI outputs and some automated processing of user content
  • Shares personal data with advertising partners for personalized advertising (sharing opt-out available)
  • Purchases demographic data from data brokers to supplement profiles
  • Collects data about non-users via contact syncing (contact uploads and matching)
  • International data transfers under EU-U.S., UK Extension, and Swiss-U.S. Data Privacy Frameworks
  • Behavioral profiling and inferred interests used for personalization and advertising

Personal Data Types

Account informationProfile informationUser content and filesPayment informationSeller/financial dataDemographic informationFeedback dataSupport dataContact sync dataLinked account dataDevice and technical informationGeolocation informationService usage informationWebsite usage dataLog and event dataThird-party demographic dataSocial media interaction dataAd engagement data from other services

Tracking Methods

CookiesAdvertising IDTracking ProtectionDo Not TrackGlobal Privacy Control (GPC) browser opt-out signal

Third Parties

Business affiliates and subsidiariesService providers (hosting, payments, customer support)Advertising partners / third parties that perform online advertising servicesPayment processing providersThird-party app/integration developersThird-party storefronts and platforms

User Controls

Access dataRectify dataErase or limit processingObject to processing (opt-out of sharing for personalized advertising)Data portability / Request data copy or exportWithdraw consent (where applicable)Opt-out of marketingDelete account / Delete your personal dataLimit personalizationCookie preferences

Frequently Asked Questions About Microsoft

Legal Disclaimer

This analysis is provided for informational purposes only and should not be used as legal advice. Privacy Exposure ratings and summaries are AI-generated assessments based on publicly available privacy policies — they are not statements of fact and may contain errors. Learn how ratings are determined. Consult with legal professionals for matters requiring legal guidance.