Privacy, security, and compliance in Microsoft OneDrive
Microsoft is transparent about the specific policies, operational practices, and technologies that help you ensure the privacy, security, and compliance of your data across Microsoft OneDrive.
Microsoft respects the privacy and ownership of data you use to train and process models in Microsoft OneDrive.
None of your organization's data is used or transferred by Microsoft to train AI models, large-language models, or any other models.
Your data remains securely within your organization’s tenant.
Privacy
Privacy is built into all Microsoft OneDrive experiences. Microsoft OneDrive services adhere to the Microsoft Privacy Statement and follow Microsoft's compliance with General Data Protection Regulation and the Microsoft EU Data Boundary.
Microsoft OneDrive inherits privacy features and settings from Microsoft 365 and SharePoint, where applicable.
GDPR compliance
Microsoft OneDrive supports compliance with General Data Protection Regulation (GDPR) requirements.
Data residency
Data residency refers to the geographic location where data is stored at rest. The way that data is transferred and stored in Microsoft OneDrive is defined in the Microsoft Products and Services Data Protection Addendum (DPA).
All data within Microsoft OneDrive is stored within the customer tenant for any given service and follows the standard Microsoft 365 data storage guidelines by available geography.
Security
Microsoft OneDrive works with and integrates into Microsoft 365. This means that the Microsoft 365 security capabilities—such role-based access, identity and app management, and others—apply to Microsoft OneDrive.
Compliance
Microsoft offers a comprehensive set of compliance offerings to help your organization comply with national, regional, and industry-specific requirements governing the collection and use and data.
Microsoft OneDrive is also covered under the Microsoft Product Terms and Data Protection Agreement (DPA). Learn more on the Microsoft Trust Center.
For more detailed information, see the following resources:
Microsoft 365 – Quick tasks for getting started with compliance in Microsoft Purview
Microsoft SharePoint – Plan compliance requirements for SharePoint and OneDrive
Microsoft Graph – Use the Microsoft Graph compliance and privacy APIs
Microsoft Entra ID – Microsoft Entra security baseline for Microsoft Entra ID
Azure – Azure, Dynamics 365, Microsoft 365, and Power Platform compliance offerings