Last updated: Sept 2014
Microsoft is committed to protecting your privacy. This privacy statement applies to the data collected by Microsoft through the Microsoft Security Bounty Program (“Program”) and does not apply to other Microsoft sites, products, or services.
Collection of Your Information
We will ask you when we need information that personally identifies you or allows us to contact you. The personal information we collect may include your full name, email address, additional preferred methods of contact, postal address, tax identification number (e.g., Social Security Number) or in some instances, employer name.
Security of Your Information
At Microsoft, we take the security of your personal information very seriously. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. For example, we store the personal information you provide on computer servers with limited access that are located in controlled facilities. Additionally, if we transmit sensitive personal information (such as a credit card number) over the Internet, we protect it through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
Control of Your Personal Information
Except as otherwise described in this statement, personal information you provide will not be shared outside of Microsoft and its controlled subsidiaries and affiliates without your permission.
Please be aware that this privacy statement and any choices you make within this program will not necessarily apply to personal information you may have provided to Microsoft in the context of other, separately operated, Microsoft products or services.
Use of Your Information
The information collected will be used in our investigation of the bugs submitted, and to fulfill the distribution of payment(s) to those determined eligible.
In support of these uses, Microsoft may use your information to provide you with more effective customer service, make improvements to the program and any related Microsoft products or services, perform statistical analysis, and make our website(s) easier to use.
Microsoft occasionally hires other companies to provide limited services on our behalf, such as website hosting, packaging, mailing, and delivering prizes, answering customer questions about products and services, and sending information about our products, special offers, and other new services. We will only provide those companies the personal information they need to deliver the service. They are required to maintain the confidentiality of the information and are prohibited from using that information for any other purpose.
We may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers or the public. We may also disclose personal information as part of a corporate transaction such as a merger or sale of assets.
Information that is collected may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union.
Changes to this Privacy Statement
We may occasionally update this privacy statement. When we do, we will also revise the "last updated" date at the top of the privacy statement. For material changes to this privacy statement, we will notify you either by placing a prominent notice on the home page of our website or by directly sending you a notification. We encourage you to periodically review this privacy statement to stay informed about how we are helping to protect the personal information we collect.
Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please contact us by e-mail at
firstname.lastname@example.org or by postal mail at:
One Microsoft Way
Attn: Microsoft Bug Bounty Program
Redmond, WA 98052