Microsoft · Microsoft Privacy Statement (Legacy)

Data Retention and Deletion Rights

Medium severity
Share 𝕏 Share in Share

What it is

Microsoft retains your personal data for as long as necessary to provide services, comply with legal obligations, or resolve disputes, and you have the right to request deletion of your data subject to certain exceptions.

Why it matters

Understanding how long Microsoft keeps your data — and the limitations on deletion rights — is critical for assessing your ongoing privacy exposure, particularly for sensitive data collected over many years of product use.

Institutional analysis (Compliance & legal intelligence)

Data retention obligations under GDPR Article 5(1)(e) require storage limitation to the minimum necessary period, with documented retention schedules. Compliance teams should request Microsoft's data retention schedule and assess whether retention periods for each data category are proportionate and legally justified, particularly for sensitive data and AI-generated records.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Consumer impact

Microsoft collects extensive personal data across its products including search history, voice recordings, location data, browsing behaviour, and inferred interests, and uses this data for targeted advertising and product improvement. Users' data may be shared with affiliates, advertising partners, and other third parties, and sensitive data such as health and biometric information may also be collected in certain contexts. You can review, download, or delete your personal data by visiting Microsoft's Privacy Dashboard at account.microsoft.com/privacy.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Go to account.microsoft.com/privacy, sign in, and use the Privacy Dashboard to submit a data deletion request. Note that Microsoft may retain some data for legal or operational reasons.

Applicable agencies

  • FTC
    The FTC can investigate whether data retention and deletion practices are consistent with representations made in privacy notices.
    File a complaint →

Provision details

Document information
Document
Microsoft Privacy Statement (Legacy)
Entity
Microsoft
Document last updated
March 5, 2026
Tracking information
First tracked
March 15, 2026
Last verified
March 15, 2026
Record ID
CA-P-00001009
Document ID
CA-D-00001
Evidence Provenance
Source URL
https://www.microsoft.com/en-us/privacy/privacystatement
Wayback Machine
View archived versions →
SHA-256
45f09bce08bba70d095c6310e3c8383cc7e2ee6d93fc0795641bd50132df016b
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Microsoft | Document: Microsoft Privacy Statement (Legacy) | Record: CA-P-00001009
Captured: 2026-03-15 11:31:06 UTC | SHA-256: 45f09bce08bba70d…
URL: https://conductatlas.com/platform/microsoft/microsoft-privacy-statement-legacy/data-retention-and-deletion-rights/
Accessed: April 4, 2026
Classification
Severity
Medium
Categories
Privacy Data sharing Liability

Other provisions in this document