Microsoft collects data from you and your devices and processes it as described in a separate Privacy Statement, which is incorporated into these terms by reference.
This analysis describes what Microsoft Copilot's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
By agreeing to the Services Agreement, users also accept the data collection and processing practices described in the separate Privacy Statement, which covers all Microsoft consumer services including Copilot.
Interpretive note: The full scope of data collection and processing practices requires review of the separately linked Privacy Statement, which was not fully available in the provided document text.
Understanding your actual data rights and what data Microsoft collects requires reviewing a separate Privacy Statement document, not just these terms; users should review both documents to understand the full scope of data use.
How other platforms handle this
Your use of the Services is also governed by our Privacy Policy, which is incorporated into these Terms by reference. By using the Services, you consent to the collection, use, and disclosure of your information as described in our Privacy Policy.
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
Monitoring
Microsoft Copilot has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Your privacy is important to us. Please read the Microsoft Privacy Statement (the "Privacy Statement") as it describes the types of data we collect from you and your devices ("Data"), how we use your Data, and the legal bases we have to process your Data.— Excerpt from Microsoft Copilot's Microsoft Copilot Terms of Service
(1) REGULATORY LANDSCAPE: Incorporation of a Privacy Statement by reference into terms of service may require evaluation under GDPR transparency requirements, which require that privacy information be provided in a clear, accessible form at the point of data collection. The practice of separating privacy disclosures into a linked document is common but may face scrutiny if material data practices are not adequately surfaced in the primary agreement. The FTC reviews privacy practices for consistency with disclosed policies under the FTC Act. CCPA requires specific disclosures about categories of personal information collected and its uses. (2) GOVERNANCE EXPOSURE: Medium. The incorporation-by-reference structure means users must consult multiple documents to understand their full privacy position. For AI services like Copilot, the Privacy Statement's treatment of prompt data, conversation history, and AI output data is particularly important and may not be fully addressed in the available document text. (3) JURISDICTION FLAGS: GDPR and UK GDPR require affirmative lawful bases for processing personal data, and users in those jurisdictions have data subject rights including access, rectification, erasure, and portability. California CCPA users have rights to know, delete, and opt out of sale or sharing of personal information. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should obtain and review the Privacy Statement as part of vendor due diligence, noting that it may be updated independently of the Services Agreement. Any AI-specific data retention or training use policies should be identified and assessed. (5) COMPLIANCE CONSIDERATIONS: Data mapping exercises should account for all services covered by this agreement and the Privacy Statement, with particular attention to AI-generated interaction data from Copilot. Consent mechanisms should be reviewed to ensure they meet applicable legal standards in each deployment jurisdiction.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
By agreeing to the Services Agreement, users also accept the data collection and processing practices described in the separate Privacy Statement, which covers all Microsoft consumer services including Copilot.
Understanding your actual data rights and what data Microsoft collects requires reviewing a separate Privacy Statement document, not just these terms; users should review both documents to understand the full scope of data use.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Microsoft Copilot.