Microsoft Syntex Optical Character Recognition (“OCR”) Feature Preview Agreement

The purpose of this Agreement. We intend to enter discussions in which Company may provide input in connection with Microsoft offerings as described below. This Agreement clarifies our respective rights and obligations regarding that input. We agree that Company providing or Microsoft using input is voluntary.

Input is all suggestions, comments, feedback, ideas, or know how, in any form, that Company provides to Microsoft. It doesn't include sales forecasts, financial results, future release scheduled, marketing plans and high-level product plans or feature lists for anticipated products.


The optical character recognition (OCR) service in Microsoft Syntex lets you extract printed or handwritten text from images, such as posters, drawings, and product labels, as well as from documents like articles, reports, forms, and invoices. Microsoft Syntex OCR uses AI to extract text from customers' images, whether in OneDrive and SharePoint, Exchange emails, or Teams messages. This text extraction is done on a pay-as-you-go basis (each page of an image costs $0.001) using the latest tech from Azure Cognitive Services. Global and SharePoint admins can configure Microsoft Syntex OCR in the Microsoft Admin Center, and Compliance admins can also configure OCR in Microsoft Purview as they may need the capability for different scenarios and/or not want to leave Purview admin. The Microsoft Syntex OCR service will honor settings from either admin experience, keeping the extracted text and not charging the customer twice even if it's configured in multiple places within admin.

The OCR service supports more than 150 languages.

FEATURE PREVIEW: Company agrees that by using this Preview Feature Company has accepted these terms. To terminate this Preview, don't use the Preview Feature. Microsoft may change or discontinue the Preview Feature at any time with or without notice. Microsoft may also choose not to make the Preview Feature generally commercially available.

No SLA applies to this Feature Preview.

THE PREVIEW FEATURE IS PROVIDED “AS-IS,” “WITH ALL FAULTS,” AND “AS AVAILABLE.” Microsoft provides no performance guarantee for the Feature Preview (including accompanying URLs provided for embedded or unauthenticated viewing) and Company bears the risk of using it. The Feature Preview isn't included in the SLA for Microsoft Syntex and may not be covered by customer support.


If Company provides Input, including feedback, Company grants to Microsoft, without charge, the nonexclusive License to make, modify, distribute, or otherwise commercialize the Input as part of any Microsoft offering.

Company retains all right, title and interest in and to the Input. The above License doesn't extend to any technologies that may also be necessary to make or use any offering or portion thereof that incorporates the Input but aren't themselves expressly part of the Input (for example, enabling technologies).


Microsoft Syntex OCR services use pay-as-you-go billing through an Azure subscription. Microsoft Syntex OCR services billing is determined the number of pages processed for images (JPEG, JPG, PNG, or BMP); the number of pages processed for PDF, TIF, or TIFF; or the number of embedded images in Teams chats and email messages. Each of these counts as one transaction. Processing occurs every time the file is edited. Company will be able to view this usage as meter events through the Azure subscription it chooses.

Microsoft Syntex OCR services Feature Preview pricing is as follows:

OCR Meters Meter Price
Pages Processed Optical character recognition (Preview) $0.001/Transaction

Prerequisites to enable Microsoft Syntex OCR services pay-as-you-go are:

 (i) An Azure subscription with admin access as owner or contributor on the subscription; 

 (ii) A SharePoint tenant ID;

 (iii) An Azure resource group;

 (iv) The ability to run PowerShell cmdlets to configure billing; and

 (v) A Microsoft Entra appID in the same tenancy. 


With respect to the Microsoft Syntex OCR services, Microsoft may access or disclose information about Company, its account, and the content of its communications in order to:

 a) provide, operate, and improve Microsoft services;

 b) comply with the law or respond to lawful requests or legal process; or

 c) protect the rights or property of Microsoft or our customers, including the enforcement of Microsoft’s agreements or policies governing the use of the Microsoft Syntex OCR services.

Data Processing and Transfers

To the extent Microsoft is a processor of Personal Data subject to the European Union’s General Data Protection Regulation (“GDPR”), the GDPR Terms set forth in Attachment 1 govern that processing and the parties also agree to the following terms. For the purpose of this section, the term “Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person:

a) Processing Details. The parties acknowledge and agree that:

 i. The subject-matter of the processing is limited to Personal Data within the scope of GDPR;

 ii. The duration of the processing shall be for the duration of the Company’s right to participate in the Feature Preview Program and until all Personal Data is deleted or returned in accordance with Company instructions or this Agreement;

 iii. The nature and purpose of the processing shall be to provide the Microsoft Syntex OCR services pursuant to the Agreement;

 iv. The types of Personal Data processed by the Feature Preview Program include those expressly identified in Article 4 of the GDPR to the extent included by Company’s data; and

 v. The categories of data subjects are Company’s representatives and end users, such as employees, contractors, collaborators, and customers.

b) Data Transfers.

 i. Company’s data, and Personal Data that Microsoft processes on Customer’s behalf may be transferred to, and stored and processed in, the United States or any other country in which Microsoft or its Subprocessors operate. Company appoints Microsoft to perform any such transfer of Company data and Personal Data to any such country and to store and process data and Personal Data to provide the Microsoft Syntex OCR services.

 ii. Microsoft will abide by the requirements of European Economic Area and Swiss data protection law regarding the collection, use, transfer, retention and other processing of Personal Data from the European Economic Area and Switzerland. All transfers of Personal Data to a third country or an international organization will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR.

 iii. In addition, Microsoft is certified to meet the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and the commitments they entail. Microsoft agrees to notify Company in the event that it determines that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield principles.

Acknowledgments and Consent by Company

If Company collects, stores, or processes Personal Data when using Microsoft Syntex OCR services, Company agrees to comply with all privacy and data protection laws, taking into account the nature of the information to be processed, as well as the features and limitations of the Feature Preview Program as described in this Agreement or as otherwise provided to Company.

Pre-Release Service Features and Privacy Choice

Company affirms that it has obtained or will obtain any required consents from data subjects who may participate in Company’s use of the Feature Preview Program. Company must not allow Personal Data to be collected through use of the Microsoft Syntex OCR services in jurisdictions or industries where the Feature Preview attributes described herein would make such use contrary to applicable law. The Feature Preview may employ lesser or different security measures than those present in Microsoft’s existing commercial versions of Microsoft software or Online Services or expected to be present in future commercial versions of the software and Online Services. Without limiting the foregoing, security disclosures or independent security certifications applicable to existing commercial versions of the software and Online Services don't apply to the Feature Preview.


Termination. This Agreement continues in effect until December 31, 2023, or until the Preview Feature is generally commercially available to the public. Either of us may terminate this Agreement, or any input schedule, for any reason by 1) by Microsoft providing Company with 10 days’ advance notice, or 2) Company stops using the Preview Feature. Termination of this Agreement or any Input schedule won't change any of the rights, licenses granted, or duties made while this Agreement or input schedule is in effect.

Effects upon Termination. Once terminated, Company will no longer use Microsoft Syntex OCR services.

This Agreement can't be extended. Microsoft may also choose not to make the Preview Feature generally commercially available.

Disclosure. The Parties agree to keep confidential the terms of this Agreement and only disclose information to relevant parties limited to the extent necessary for the good execution of this Agreement, as well as the source of the Input.

Disclosing if required by law; or other action. Each of us may disclose the confidential information described above if required to comply with a court order or other government demand that has the force of law or if in the context of an actual or threatened infringement or other action related to this Agreement or the Input. Before doing so, each of us must seek the highest level of protection available and, when possible, give the other enough prior notice to provide a reasonable chance to seek a protective order.


Input. Company represents that it will not give any Input that:

  1. Violates any copyright or trade secret claim or right of any third party;

  2. It has reason to believe violates any patent claim or right of any third party; or

  3. Is subject to an excluded license.

Authority. Company represents it has all rights and authority necessary to sign this Agreement and grant the rights in it for itself and its affiliates.

Limitations. All information, materials and input are provided “as-is” and Microsoft bears the risk of using them; Company gives no express warranties, guarantees or conditions as to its Input; and to the extent permitted under local law, Company excludes the implied warranties of merchantability, fitness for a particular purpose, title and non-infringement as to its Input.


Except as described herein, the only remedy either of us has for claims relating to this Agreement is to terminate it. Neither of us can recover any damages, including direct, consequential, lost profits, special, punitive, indirect or incidental damages from the other. This limitation applies:

  1. To claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law.

  2. Even if one of us knew or should have known about the possibility of the damages.

The limitations in this section doesn't apply to claims arising from or in connection with any infringement, misuse or misappropriation by one of us of the other’s intellectual property rights.


Notices. Notices may be provided either by electronic or physical mail. Each of us designates the persons specified on the last page of this Agreement to receive notices. Each of us may specify changes by giving notice to the other.

Law that applies; jurisdiction and venue. The laws of the State of Washington govern this Agreement. If federal jurisdiction exists, each of us consents to exclusive jurisdiction and venue in the federal courts in King County, Washington. If not, each of us consents to exclusive jurisdiction and venue in the Superior Court of King County, Washington.

Waiver. Any delay or failure of either of us to exercise a right or remedy won't result in a waiver of that, or any other, right or remedy.

Breach. Each of us agrees that the other may seek court orders to stop any breach of this Agreement.

Attorneys’ fees. In any dispute relating to this Agreement the prevailing party will be entitled to recover reasonable attorneys' fees and costs.

No Assignment. Neither of us may assign this Agreement, by operation of law, or otherwise, without the prior, written approval of the other.

Enforceability. If any provision of this Agreement is unenforceable, the parties (or, if we can't agree, a court) will modify this Agreement to revise it so that it can be enforced. Even if no revision is possible, the rest of this Agreement will remain in place.

Entire Agreement. This Agreement includes all exhibits and schedules. If Company has entered into a license agreement for use of any Microsoft offering, that license agreement will govern its use of the Microsoft offering, and any feedback given to Microsoft under that license agreement. With these exceptions, this is the entire agreement between us regarding the Input. It replaces all other agreements and understandings regarding the subject matter of this Agreement.

               Attachment 1 – GDPR Terms

For purposes of these GDPR Terms, Company and Microsoft agree that Company is the controller of Personal Data and Microsoft is the processor of such data, except when Company acts as a processor of Personal Data, in which case Microsoft is a subprocessor. These GDPR Terms apply to the processing of Personal Data, within the scope of the GDPR, by Microsoft on behalf of Company. These GDPR Terms don't limit or reduce any data protection commitments Microsoft makes to Company in other agreements between Microsoft and Company. These GDPR Terms don't apply where Microsoft is a controller of Personal Data.

Relevant GDPR Obligations: Articles 28, 32, and 33

  1. Microsoft shall not engage another processor without prior specific or general written authorization of Company. In the case of general written authorization, Microsoft shall inform Company of any intended changes concerning the addition or replacement of other processors, thereby giving Company the opportunity to object to such changes. (Article 28(2))

  2. Processing by Microsoft shall be governed by these GDPR Terms under European Union (hereafter “Union”) or Member State law and are binding on Microsoft with regard to Company. The subject-matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data, the categories of data subjects and the obligations and rights of the Company are set forth in the Agreement, including these GDPR Terms. In particular, Microsoft shall:

   a. process the Personal Data only on documented instructions from Company, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by Union or Member State law to which Microsoft is subject; in such a case, Microsoft shall inform Company of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;

   b. ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

   c. take all measures required pursuant to Article 32 of the GDPR;

   d. respect the conditions referred to in paragraphs 1 and 3 for engaging another processor;

   e. taking into account the nature of the processing, assist Company by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Company’s obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR;

   f. assist Company in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to Microsoft;

   g. at the choice of Company, delete or return all the Personal Data to Company after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the Personal Data;

   h. make available to Company all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by Company or another auditor mandated by Company.

  1. Microsoft shall immediately inform Company if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions. (Article 28(3))

  2. Where Microsoft engages another processor for carrying out specific processing activities on behalf of Company, the same data protection obligations as set out in these GDPR Terms shall be imposed on that other processor by way of a contract or other legal act under Union or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR. Where that other processor fails to fulfill its data protection obligations, Microsoft shall remain fully liable to the Company for the performance of that other processor's obligations. (Article 28(4))

  3. Taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Company and Microsoft shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

   a. the pseudonymization and encryption of Personal Data;

   b. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

   c. the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and

   d. a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. (Article 32(1))

  1. In assessing the appropriate level of security, account shall be taken of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored, or otherwise processed. (Article 32(2))

  2. Company and Microsoft shall take steps to ensure that any natural person acting under the authority of Company or Microsoft who has access to Personal Data doesn't process them except on instructions from Company, unless he or she is required to do so by Union or Member State law. (Article 32(4))

  3. Microsoft shall notify Company without undue delay after becoming aware of a Personal Data breach. (Article 33(2)). Such notification will include that information a processor must provide to a controller under Article 33(3) to the extent such information is reasonably available to Microsoft.