{ "scorecard": { "domain": "microsoft.com", "company_name": "Microsoft", "slug": "microsoft", "headline": { "label": "weak", "total_score": 8, "summary": "Public trust surface scored 8 with 38 positive detectors out of 74 across 4 pages. Higher remediation scores mean more visible work remains." }, "scores": { "public_surface": 0, "ai_language": 0, "legal_clarity": 0, "security_trust": 0, "consistency": 50, "remediation_opportunity": 100 }, "maturity": [ { "dimension_key": "public_surface", "label": "Public Surface", "public_description": "Whether trust, legal, security, AI, and methodology pages are visible and navigable." }, { "dimension_key": "ai_language", "label": "AI Language", "public_description": "Whether AI claims are specific, bounded, and paired with review or data-use language." }, { "dimension_key": "legal_clarity", "label": "Legal Clarity", "public_description": "Whether privacy, terms, DPA, subprocessors, and acceptable-use surfaces are visible." }, { "dimension_key": "security_trust", "label": "Security Trust", "public_description": "Whether security, vulnerability, incident-response, and contact paths are documented." }, { "dimension_key": "consistency", "label": "Consistency", "public_description": "Whether claims, caveats, and trust artifacts are coherent across pages." }, { "dimension_key": "remediation_opportunity", "label": "Remediation Opportunity", "public_description": "Whether the public surface makes the next improvement work obvious." } ], "observed_artifacts": [ { "type": "privacy_policy", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "privacy_center", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "data_subject_request_portal", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "cookie_policy", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "cookie_preferences", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "consent_management", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "data_retention_policy", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "data_sharing_notice", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "cross_border_transfers", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "data_breach_notice", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "data_residency_policy", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "data_processing_addendum", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "subprocessors_list", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "acceptable_use_policy", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "ai_usage_policy", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "responsible_ai_principles", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "customer_data_training_policy", "present": true, "url": "https://www.microsoft.com/trust-center/privacy" }, { "type": "model_provider_disclosure", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "prompt_logging_policy", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "human_review_policy", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "evals_and_red_teaming", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "prohibited_uses", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "model_card_or_system_card", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "ai_evaluation_or_safety_report", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "transparency_report", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "model_limitations", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "output_moderation_policy", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "feedback_training_policy", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "security_practices_page", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "backup_and_recovery", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "secure_sdlc_page", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "vulnerability_disclosure", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "security_contact", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "incident_response", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "incident_history", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "postmortems", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "security_txt", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "security_whitepaper", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "bug_bounty", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "certifications", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "attestation_summary", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "security_overview", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "incident_communication", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "encryption_at_rest", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "mfa_sso", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "status_page", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "methodology_page", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "scoring_rubric", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "score_caveat", "present": false, "url": "https://www.microsoft.com/trust-center" }, { "type": "data_sources", "present": false, "url": "https://www.microsoft.com/trust-center" }, { "type": "confidence_labels", "present": false, "url": "https://www.microsoft.com/trust-center" }, { "type": "endorsement_and_certification", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "sponsor_separation", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "unsupported_maturity", "present": false, "url": "https://www.microsoft.com/trust-center" }, { "type": "customer_logos", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "testimonials", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "third_party_validation", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "awards", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "trust_center", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "contact_paths", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "docs_hub", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "public_status_page", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "footer_crosslinks", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "sitemap", "present": false, "url": "https://www.microsoft.com/en-us/trust-center/" }, { "type": "navigation", "present": true, "url": "https://www.microsoft.com/trust-center" }, { "type": "responsible_disclosure_contact", "present": true, "url": "https://www.microsoft.com/trust-center" } ], "public_findings": [ { "title": "Missing Privacy Policy", "severity": "high", "category": "legal", "summary": "The public surface did not clearly expose privacy policy.", "public_tip": "Clarify what personal data you collect, process, retain, and disclose." }, { "title": "Missing Cookie Policy", "severity": "medium", "category": "legal", "summary": "The public surface did not clearly expose cookie policy.", "public_tip": "Publish cookie and tracking language with a clear consent path." }, { "title": "Missing Data Retention Policy", "severity": "medium", "category": "legal", "summary": "The public surface did not clearly expose data retention policy.", "public_tip": "State how long data is kept and what triggers deletion or archival." }, { "title": "Missing Data Sharing Notice", "severity": "medium", "category": "legal", "summary": "The public surface did not clearly expose data sharing notice.", "public_tip": "Clarify which parties receive data and why." }, { "title": "Missing Cross-Border Transfers", "severity": "medium", "category": "legal", "summary": "The public surface did not clearly expose cross-border transfers.", "public_tip": "Explain transfer mechanisms, safeguards, and processor relationships." }, { "title": "Missing Data Breach Notice", "severity": "high", "category": "legal", "summary": "The public surface did not clearly expose data breach notice.", "public_tip": "Explain how breach notification works and who is notified." }, { "title": "Missing Data Residency Policy", "severity": "medium", "category": "legal", "summary": "The public surface did not clearly expose data residency policy.", "public_tip": "State where data is stored and whether region selection is supported." }, { "title": "Missing Data Processing Addendum", "severity": "high", "category": "legal", "summary": "The public surface did not clearly expose data processing addendum.", "public_tip": "Make the DPA request path easy to find for customers and partners." }, { "title": "Missing Subprocessors List", "severity": "high", "category": "legal", "summary": "The public surface did not clearly expose subprocessors list.", "public_tip": "Publish a current subprocessor or vendor list with update cadence." }, { "title": "Missing Acceptable Use Policy", "severity": "medium", "category": "legal", "summary": "The public surface did not clearly expose acceptable use policy.", "public_tip": "Clarify prohibited and abusive use patterns in public-facing terms." }, { "title": "Missing Model Provider Disclosure", "severity": "high", "category": "ai-governance", "summary": "The public surface did not clearly expose model provider disclosure.", "public_tip": "State which model or provider services are used and where customer data may flow." }, { "title": "Missing Human Review Policy", "severity": "medium", "category": "ai-governance", "summary": "The public surface did not clearly expose human review policy.", "public_tip": "Explain what is reviewed by humans and what remains automated." }, { "title": "Missing Evals and Red Teaming", "severity": "medium", "category": "ai-governance", "summary": "The public surface did not clearly expose evals and red teaming.", "public_tip": "Describe testing and evaluation practices that back AI claims." }, { "title": "Missing Prohibited Uses", "severity": "medium", "category": "ai-governance", "summary": "The public surface did not clearly expose prohibited uses.", "public_tip": "State the use cases you will not support and where enforcement lives." }, { "title": "Missing Model Card or System Card", "severity": "high", "category": "ai-governance", "summary": "The public surface did not clearly expose model card or system card.", "public_tip": "Publish a model or system card if the site makes substantial AI claims." }, { "title": "Missing AI Evaluation or Safety Report", "severity": "high", "category": "ai-governance", "summary": "The public surface did not clearly expose ai evaluation or safety report.", "public_tip": "Provide a public evaluation or safety summary when AI claims are central." }, { "title": "Missing Transparency Report", "severity": "high", "category": "ai-governance", "summary": "The public surface did not clearly expose transparency report.", "public_tip": "Publish a public transparency report when the product makes AI capability claims." }, { "title": "Missing Model Limitations", "severity": "high", "category": "ai-governance", "summary": "The public surface did not clearly expose model limitations.", "public_tip": "Describe where the model or AI system fails, degrades, or needs human review." }, { "title": "Missing Output Moderation Policy", "severity": "medium", "category": "ai-governance", "summary": "The public surface did not clearly expose output moderation policy.", "public_tip": "Explain how outputs are filtered, blocked, or escalated." }, { "title": "Missing Feedback and Training Policy", "severity": "high", "category": "ai-governance", "summary": "The public surface did not clearly expose feedback and training policy.", "public_tip": "Explain whether feedback data is reused for training or product improvement." }, { "title": "Missing Incident Communication", "severity": "high", "category": "security", "summary": "The public surface did not clearly expose incident communication.", "public_tip": "Document how customers are notified and where public incident updates live." }, { "title": "Missing Encryption at Rest", "severity": "low", "category": "security", "summary": "The public surface did not clearly expose encryption at rest.", "public_tip": "State where encryption is used and what it protects." }, { "title": "Missing Methodology Page", "severity": "high", "category": "methodology", "summary": "The public surface did not clearly expose methodology page.", "public_tip": "Explain the rules and limitations of the scan." }, { "title": "Missing Scoring Rubric", "severity": "medium", "category": "methodology", "summary": "The public surface did not clearly expose scoring rubric.", "public_tip": "Show how the score is derived from visible evidence." }, { "title": "Missing Score Caveat", "severity": "high", "category": "methodology", "summary": "The public surface did not clearly expose score caveat.", "public_tip": "Keep the public-signal caveat visible near the score and methodology." }, { "title": "Missing Data Sources", "severity": "medium", "category": "methodology", "summary": "The public surface did not clearly expose data sources.", "public_tip": "Explain where the evidence came from and when it was observed." }, { "title": "Missing Confidence Labels", "severity": "low", "category": "methodology", "summary": "The public surface did not clearly expose confidence labels.", "public_tip": "Describe uncertainty bands or confidence levels when the evidence is partial." }, { "title": "Missing Unsupported Maturity Phrasing", "severity": "medium", "category": "claims", "summary": "The public surface did not clearly expose unsupported maturity phrasing.", "public_tip": "Ground broad maturity language in observable public evidence." }, { "title": "Missing Documentation Hub", "severity": "low", "category": "surface", "summary": "The public surface did not clearly expose documentation hub.", "public_tip": "Link product documentation from the trust surface when it helps buyer review." }, { "title": "Missing Public Status Page", "severity": "low", "category": "surface", "summary": "The public surface did not clearly expose public status page.", "public_tip": "Link the status page from the public trust surface if it exists." }, { "title": "Missing Sitemap", "severity": "low", "category": "surface", "summary": "The public surface did not clearly expose sitemap.", "public_tip": "Keep trust pages reachable from a sitemap or index page." }, { "title": "Trust center missing privacy policy", "severity": "high", "category": "consistency", "summary": "A trust center is visible, but the linked privacy policy was not clearly observed.", "public_tip": "Link the privacy policy directly from the trust center and footer." }, { "title": "Trust center missing methodology", "severity": "medium", "category": "methodology", "summary": "A trust center is visible, but the methodology or scoring rubric was not clearly observed.", "public_tip": "Link the methodology page, scoring rubric, and caveat from the trust center." } ], "improvement_guidance": [ { "title": "Close the public trust-page gaps", "public_tip": "Add the missing pages, or clearly link existing pages from the trust center and footer.", "recommended_artifacts": [ "acceptable_use_policy", "ai_evaluation_or_safety_report", "ai_policy", "confidence_labels", "cookie_policy", "cookie_preferences", "cross_border_transfers", "customer_data_training_policy", "data_breach_notice", "data_processing_addendum", "data_residency_policy", "data_retention_policy", "data_sharing_notice", "data_sources", "data_subject_request_portal", "docs_hub", "encryption_at_rest", "evals_and_red_teaming", "feedback_training_policy", "human_review_policy", "incident_communication", "incident_response", "methodology_page", "model_card_or_system_card", "model_limitations", "model_provider_disclosure", "output_moderation_policy", "privacy_center", "privacy_policy", "prohibited_uses", "public_status_page", "score_caveat", "scoring_rubric", "security_practices_page", "sitemap", "status_page", "subprocessors_list", "terms_of_service", "transparency_report", "trust_center", "unsupported_maturity" ], "best_practice_refs": [ { "key": "trust-center", "label": "Trust center coverage" }, { "key": "policy-links", "label": "Policy cross-linking" } ] }, { "title": "Resolve claim mismatches", "public_tip": "Rewrite the public claim so the same wording appears across the trust, legal, and security surfaces.", "recommended_artifacts": [ "methodology_page", "score_caveat" ], "best_practice_refs": [ { "key": "evidence", "label": "Claim-to-evidence traceability" }, { "key": "caveat", "label": "Explicit public caveat" } ] } ], "methodology": { "engine_version": "0.1.0", "rules_version": "trust-scanner-rules.v1", "crawl_snapshot_date": "2026-05-20", "page_count": 4, "disclaimer": "Based on analyzed public trust signals, not proof of any internal security maturity." } }, "detector_hits": [ { "detector_id": "legal:privacy_policy", "label": "Privacy policy", "category": "legal", "severity": "high", "present": false, "summary": "Privacy policy was not clearly observed.", "evidence": [], "urls": [] }, { "detector_id": "legal:privacy_rights_notice", "label": "Privacy rights notice", "category": "legal", "severity": "medium", "present": false, "summary": "Privacy rights notice was not clearly observed.", "evidence": [], "urls": [] }, { "detector_id": "legal:data_retention_policy", "label": "Data retention policy", "category": "legal", "severity": "medium", "present": false, "summary": "Data retention policy was not clearly observed.", "evidence": [], "urls": [] }, { "detector_id": "legal:data_sharing_notice", "label": "Data sharing notice", "category": "legal", "severity": "medium", "present": false, "summary": "Data sharing notice was not clearly observed.", "evidence": [], "urls": [] }, { "detector_id": "legal:cross_border_transfers", "label": "Cross-border transfers", "category": "legal", "severity": "medium", "present": false, "summary": "Cross-border transfers was not clearly observed.", "evidence": [], "urls": [] }, { "detector_id": "legal:data_breach_notice", "label": "Data breach notice", "category": "legal", "severity": "high", "present": false, "summary": "Data breach notice was not clearly observed.", "evidence": [], "urls": [] }, { "detector_id": "legal:data_residency_policy", "label": "Data residency policy", "category": "legal", "severity": "low", "present": false, "summary": "Data residency policy was not clearly observed.", "evidence": [], "urls": [] }, { "detector_id": "legal:terms_of_service", "label": "Terms of service", "category": "legal", "severity": "high", "present": false, "summary": "Terms of service was not clearly observed.", "evidence": [], "urls": [] }, { "detector_id": "legal:cookie_policy", "label": "Cookie policy", "category": "legal", "severity": "low", "present": false, "summary": "Cookie policy was not clearly observed.", "evidence": [], "urls": [] }, { "detector_id": "legal:data_processing_addendum", "label": "Data processing addendum", "category": "legal", "severity": "medium", "present": false, "summary": "Data processing addendum was not clearly observed.", "evidence": [], "urls": [] }, { "detector_id": "legal:subprocessors_list", "label": "Subprocessors list", "category": "legal", "severity": "medium", "present": false, "summary": "Subprocessors list was not clearly observed.", "evidence": [], "urls": [] }, { "detector_id": "legal:acceptable_use_policy", "label": "Acceptable use policy", "category": "legal", "severity": "low", "present": false, "summary": "Acceptable use policy was not clearly observed.", "evidence": [], "urls": [] }, { "detector_id": "legal:hub_completeness", "label": "Legal hub completeness", "category": "legal", "severity": "medium", "present": false, "summary": "3 legal-oriented public pages were observed.", "evidence": [ "3 legal pages matched policy keywords" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "ai-governance:ai_usage_policy", "label": "AI usage policy", "category": "ai-governance", "severity": "medium", "present": true, "summary": "AI usage policy is publicly documented.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "ai-governance:responsible_ai_principles", "label": "Responsible AI principles", "category": "ai-governance", "severity": "low", "present": true, "summary": "Responsible AI principles is publicly documented.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance", "Microsoft Privacy Principles | Microsoft Trust Center" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy" ] }, { "detector_id": "ai-governance:customer_data_training_policy", "label": "Customer data training policy", "category": "ai-governance", "severity": "high", "present": true, "summary": "Customer data training policy is publicly documented.", "evidence": [ "Microsoft Privacy Principles | Microsoft Trust Center", "Microsoft Privacy - Data Location | Microsoft Trust Center" ], "urls": [ "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "ai-governance:model_provider_disclosure", "label": "Model provider disclosure", "category": "ai-governance", "severity": "medium", "present": false, "summary": "Model provider disclosure was not clearly found.", "evidence": [], "urls": [] }, { "detector_id": "ai-governance:prompt_logging_policy", "label": "Prompt logging policy", "category": "ai-governance", "severity": "medium", "present": true, "summary": "Prompt logging policy is publicly documented.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance", "Microsoft Privacy Principles | Microsoft Trust Center", "Microsoft Data Access | Microsoft Trust Center" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access" ] }, { "detector_id": "ai-governance:human_review_policy", "label": "Human review policy", "category": "ai-governance", "severity": "low", "present": false, "summary": "Human review policy was not clearly found.", "evidence": [], "urls": [] }, { "detector_id": "ai-governance:evals_and_red_teaming", "label": "Evals and red teaming", "category": "ai-governance", "severity": "low", "present": false, "summary": "Evals and red teaming was not clearly found.", "evidence": [], "urls": [] }, { "detector_id": "ai-governance:prohibited_uses", "label": "Prohibited uses", "category": "ai-governance", "severity": "low", "present": false, "summary": "Prohibited uses was not clearly found.", "evidence": [], "urls": [] }, { "detector_id": "ai-governance:model_card_or_system_card", "label": "Model card or system card", "category": "ai-governance", "severity": "low", "present": false, "summary": "Model card or system card was not clearly found.", "evidence": [], "urls": [] }, { "detector_id": "ai-governance:ai_evaluation_or_safety_report", "label": "AI evaluation or safety report", "category": "ai-governance", "severity": "low", "present": false, "summary": "AI evaluation or safety report was not clearly found.", "evidence": [], "urls": [] }, { "detector_id": "ai-governance:transparency_report", "label": "Transparency report", "category": "ai-governance", "severity": "low", "present": false, "summary": "Transparency report was not clearly found.", "evidence": [], "urls": [] }, { "detector_id": "ai-governance:model_limitations", "label": "Model limitations", "category": "ai-governance", "severity": "low", "present": false, "summary": "Model limitations was not clearly found.", "evidence": [], "urls": [] }, { "detector_id": "ai-governance:output_moderation_policy", "label": "Output moderation policy", "category": "ai-governance", "severity": "low", "present": false, "summary": "Output moderation policy was not clearly found.", "evidence": [], "urls": [] }, { "detector_id": "ai-governance:feedback_training_policy", "label": "Feedback and training policy", "category": "ai-governance", "severity": "low", "present": false, "summary": "Feedback and training policy was not clearly found.", "evidence": [], "urls": [] }, { "detector_id": "ai-governance:boundedness", "label": "AI language boundedness", "category": "governance", "severity": "medium", "present": false, "summary": "Assesses whether AI claims are bounded, specific, and tied to human-review or data-use language.", "evidence": [], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "security:security_practices_page", "label": "Security practices", "category": "security", "severity": "medium", "present": true, "summary": "Security practices is publicly documented.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance", "Microsoft Privacy - Data Location | Microsoft Trust Center" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "security:security_overview", "label": "Security overview", "category": "security", "severity": "low", "present": true, "summary": "Security overview is publicly documented.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "security:secure_sdlc_page", "label": "Secure SDLC", "category": "security", "severity": "medium", "present": true, "summary": "Secure SDLC is publicly documented.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "security:vulnerability_disclosure", "label": "Vulnerability disclosure", "category": "security", "severity": "high", "present": true, "summary": "Vulnerability disclosure is publicly documented.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "security:security_contact", "label": "Security contact", "category": "security", "severity": "medium", "present": true, "summary": "Security contact is publicly documented.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "security:incident_response", "label": "Incident response", "category": "security", "severity": "low", "present": true, "summary": "Incident response is publicly documented.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "security:incident_communication", "label": "Incident communication", "category": "security", "severity": "low", "present": false, "summary": "Incident communication was not clearly found.", "evidence": [], "urls": [] }, { "detector_id": "security:bug_bounty", "label": "Bug bounty", "category": "security", "severity": "low", "present": true, "summary": "Bug bounty is publicly documented.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "security:certifications", "label": "Certifications", "category": "security", "severity": "low", "present": true, "summary": "Certifications is publicly documented.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "security:backup_and_recovery", "label": "Backup and recovery", "category": "security", "severity": "low", "present": true, "summary": "Backup and recovery is publicly documented.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "security:encryption_at_rest", "label": "Encryption at rest", "category": "security", "severity": "low", "present": false, "summary": "Encryption at rest was not clearly found.", "evidence": [], "urls": [] }, { "detector_id": "security:mfa_sso", "label": "MFA and SSO", "category": "security", "severity": "low", "present": true, "summary": "MFA and SSO is publicly documented.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance", "Microsoft Data Access | Microsoft Trust Center" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy/data-access" ] }, { "detector_id": "security:status_page", "label": "Status page", "category": "security", "severity": "low", "present": true, "summary": "Status page is publicly documented.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "security:evidence_density", "label": "Security evidence density", "category": "security", "severity": "medium", "present": false, "summary": "2 pages carry security-oriented evidence language.", "evidence": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy/data-location" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "methodology:page", "label": "Methodology page", "category": "methodology", "severity": "medium", "present": false, "summary": "No clear methodology page was observed.", "evidence": [], "urls": [] }, { "detector_id": "methodology:score_caveat", "label": "Score and caveat language", "category": "methodology", "severity": "low", "present": false, "summary": "Checks for score explanation language, source transparency, and an explicit public-signal caveat.", "evidence": [ "score_language_pages=0", "caveat_language_pages=0", "source_language_pages=0", "confidence_language_pages=0" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "methodology:data_sources", "label": "Data sources", "category": "methodology", "severity": "low", "present": false, "summary": "Checks whether the page explains where the signal data comes from.", "evidence": [ "data_source_pages=0" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "methodology:confidence_labels", "label": "Confidence labels", "category": "methodology", "severity": "low", "present": false, "summary": "Checks whether the methodology describes uncertainty or confidence levels.", "evidence": [ "confidence_pages=0" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "claims:endorsement_and_certification", "label": "Endorsement and certification claims", "category": "claims", "severity": "low", "present": true, "summary": "Certification, trust-badge, or endorsement language was observed and should be checked against evidence.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "claims:sponsor_separation", "label": "Sponsor separation language", "category": "claims", "severity": "low", "present": true, "summary": "Checks whether sponsor or sponsorship language appears in the public trust surface.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "claims:unsupported_maturity", "label": "Unsupported maturity phrasing", "category": "claims", "severity": "medium", "present": false, "summary": "Unsupported maturity language was detected and should be grounded or removed.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance", "unsupported_phrases_pages=1" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "claims:customer_logos", "label": "Customer logos", "category": "claims", "severity": "low", "present": true, "summary": "Customer-logo or customer-name trust language was observed.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance", "Microsoft Privacy Principles | Microsoft Trust Center", "Microsoft Privacy - Data Location | Microsoft Trust Center" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "claims:testimonials", "label": "Testimonials", "category": "claims", "severity": "low", "present": true, "summary": "Testimonial or quote-style endorsement language was observed.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "claims:third_party_validation", "label": "Third-party validation", "category": "claims", "severity": "low", "present": true, "summary": "Third-party, analyst, or press validation language was observed.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "claims:awards", "label": "Awards", "category": "claims", "severity": "low", "present": true, "summary": "Awards, rankings, or recognition language was observed.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "consistency:claim_consistency", "label": "Claim consistency", "category": "consistency", "severity": "low", "present": true, "summary": "Cross-page trust language appears coherent.", "evidence": [ "cross_link_pages=0", "contradiction_count=0" ], "urls": [] }, { "detector_id": "surface:trust_center_discoverability", "label": "Trust center discoverability", "category": "surface", "severity": "info", "present": true, "summary": "A trust-center style public surface is visible.", "evidence": [ "https://www.microsoft.com/trust-center -> trust_center (94)", "https://www.microsoft.com/trust-center: privacy signals", "https://www.microsoft.com/trust-center: role_hint", "https://www.microsoft.com/trust-center: meta:description:Microsoft trust center home", "https://www.microsoft.com/trust-center: meta:trust_center", "https://www.microsoft.com/trust-center: footer_link:https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center: footer_link:https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center: trust center language", "https://www.microsoft.com/trust-center: 3 trust footer links", "https://www.microsoft.com/trust-center: navigation surface", "https://www.microsoft.com/trust-center/privacy -> privacy_policy (94)", "https://www.microsoft.com/trust-center/privacy: privacy signals", "https://www.microsoft.com/trust-center/privacy: role_hint", "https://www.microsoft.com/trust-center/privacy: meta:description:Microsoft privacy principles", "https://www.microsoft.com/trust-center/privacy: meta:trust_center", "https://www.microsoft.com/trust-center/privacy: footer_link:https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy: footer_link:https://www.microsoft.com/trust-center/privacy/data-location", "https://www.microsoft.com/trust-center/privacy: trust center language", "https://www.microsoft.com/trust-center/privacy: 2 trust footer links", "https://www.microsoft.com/trust-center/privacy/data-access -> security_practices (94)", "https://www.microsoft.com/trust-center/privacy/data-access: privacy signals", "https://www.microsoft.com/trust-center/privacy/data-access: role_hint", "https://www.microsoft.com/trust-center/privacy/data-access: meta:description:Microsoft data access guidance", "https://www.microsoft.com/trust-center/privacy/data-access: meta:trust_center", "https://www.microsoft.com/trust-center/privacy/data-access: footer_link:https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access: footer_link:https://www.microsoft.com/trust-center/privacy/data-location", "https://www.microsoft.com/trust-center/privacy/data-access: trust center language", "https://www.microsoft.com/trust-center/privacy/data-access: 2 trust footer links", "https://www.microsoft.com/trust-center/privacy/data-location -> privacy_policy (94)", "https://www.microsoft.com/trust-center/privacy/data-location: privacy signals", "https://www.microsoft.com/trust-center/privacy/data-location: role_hint", "https://www.microsoft.com/trust-center/privacy/data-location: meta:data_residency", "https://www.microsoft.com/trust-center/privacy/data-location: meta:description:Microsoft data location and residency", "https://www.microsoft.com/trust-center/privacy/data-location: meta:trust_center", "https://www.microsoft.com/trust-center/privacy/data-location: footer_link:https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location: footer_link:https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location: trust center language", "https://www.microsoft.com/trust-center/privacy/data-location: 2 trust footer links" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "surface:coverage", "label": "Surface coverage", "category": "surface", "severity": "info", "present": true, "summary": "Observed 3 distinct trust-relevant page roles and 9 trust links.", "evidence": [ "https://www.microsoft.com/trust-center -> trust_center (94)", "https://www.microsoft.com/trust-center: privacy signals", "https://www.microsoft.com/trust-center: role_hint", "https://www.microsoft.com/trust-center: meta:description:Microsoft trust center home", "https://www.microsoft.com/trust-center: meta:trust_center", "https://www.microsoft.com/trust-center: footer_link:https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center: footer_link:https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center: trust center language", "https://www.microsoft.com/trust-center: 3 trust footer links", "https://www.microsoft.com/trust-center: navigation surface", "https://www.microsoft.com/trust-center/privacy -> privacy_policy (94)", "https://www.microsoft.com/trust-center/privacy: privacy signals", "https://www.microsoft.com/trust-center/privacy: role_hint", "https://www.microsoft.com/trust-center/privacy: meta:description:Microsoft privacy principles", "https://www.microsoft.com/trust-center/privacy: meta:trust_center", "https://www.microsoft.com/trust-center/privacy: footer_link:https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy: footer_link:https://www.microsoft.com/trust-center/privacy/data-location", "https://www.microsoft.com/trust-center/privacy: trust center language", "https://www.microsoft.com/trust-center/privacy: 2 trust footer links", "https://www.microsoft.com/trust-center/privacy/data-access -> security_practices (94)", "https://www.microsoft.com/trust-center/privacy/data-access: privacy signals", "https://www.microsoft.com/trust-center/privacy/data-access: role_hint", "https://www.microsoft.com/trust-center/privacy/data-access: meta:description:Microsoft data access guidance", "https://www.microsoft.com/trust-center/privacy/data-access: meta:trust_center", "https://www.microsoft.com/trust-center/privacy/data-access: footer_link:https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access: footer_link:https://www.microsoft.com/trust-center/privacy/data-location", "https://www.microsoft.com/trust-center/privacy/data-access: trust center language", "https://www.microsoft.com/trust-center/privacy/data-access: 2 trust footer links", "https://www.microsoft.com/trust-center/privacy/data-location -> privacy_policy (94)", "https://www.microsoft.com/trust-center/privacy/data-location: privacy signals", "https://www.microsoft.com/trust-center/privacy/data-location: role_hint", "https://www.microsoft.com/trust-center/privacy/data-location: meta:data_residency", "https://www.microsoft.com/trust-center/privacy/data-location: meta:description:Microsoft data location and residency", "https://www.microsoft.com/trust-center/privacy/data-location: meta:trust_center", "https://www.microsoft.com/trust-center/privacy/data-location: footer_link:https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location: footer_link:https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location: trust center language", "https://www.microsoft.com/trust-center/privacy/data-location: 2 trust footer links" ], "urls": [ "https://www.microsoft.com/en-us/trust-center/" ] }, { "detector_id": "surface:docs_hub", "label": "Documentation hub", "category": "surface", "severity": "low", "present": false, "summary": "No clear documentation hub was observed.", "evidence": [], "urls": [] }, { "detector_id": "surface:status_page", "label": "Status page", "category": "surface", "severity": "low", "present": false, "summary": "No clear public status page was observed.", "evidence": [], "urls": [] }, { "detector_id": "surface:footer_crosslinks", "label": "Footer cross-links", "category": "surface", "severity": "info", "present": true, "summary": "Trust-relevant footer cross-links were observed.", "evidence": [ "https://www.microsoft.com/trust-center -> trust_center (94)", "https://www.microsoft.com/trust-center: privacy signals", "https://www.microsoft.com/trust-center: role_hint", "https://www.microsoft.com/trust-center: meta:description:Microsoft trust center home", "https://www.microsoft.com/trust-center: meta:trust_center", "https://www.microsoft.com/trust-center: footer_link:https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center: footer_link:https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center: trust center language", "https://www.microsoft.com/trust-center: 3 trust footer links", "https://www.microsoft.com/trust-center: navigation surface", "https://www.microsoft.com/trust-center/privacy -> privacy_policy (94)", "https://www.microsoft.com/trust-center/privacy: privacy signals", "https://www.microsoft.com/trust-center/privacy: role_hint", "https://www.microsoft.com/trust-center/privacy: meta:description:Microsoft privacy principles", "https://www.microsoft.com/trust-center/privacy: meta:trust_center", "https://www.microsoft.com/trust-center/privacy: footer_link:https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy: footer_link:https://www.microsoft.com/trust-center/privacy/data-location", "https://www.microsoft.com/trust-center/privacy: trust center language", "https://www.microsoft.com/trust-center/privacy: 2 trust footer links", "https://www.microsoft.com/trust-center/privacy/data-access -> security_practices (94)", "https://www.microsoft.com/trust-center/privacy/data-access: privacy signals", "https://www.microsoft.com/trust-center/privacy/data-access: role_hint", "https://www.microsoft.com/trust-center/privacy/data-access: meta:description:Microsoft data access guidance", "https://www.microsoft.com/trust-center/privacy/data-access: meta:trust_center", "https://www.microsoft.com/trust-center/privacy/data-access: footer_link:https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access: footer_link:https://www.microsoft.com/trust-center/privacy/data-location", "https://www.microsoft.com/trust-center/privacy/data-access: trust center language", "https://www.microsoft.com/trust-center/privacy/data-access: 2 trust footer links", "https://www.microsoft.com/trust-center/privacy/data-location -> privacy_policy (94)", "https://www.microsoft.com/trust-center/privacy/data-location: privacy signals", "https://www.microsoft.com/trust-center/privacy/data-location: role_hint", "https://www.microsoft.com/trust-center/privacy/data-location: meta:data_residency", "https://www.microsoft.com/trust-center/privacy/data-location: meta:description:Microsoft data location and residency", "https://www.microsoft.com/trust-center/privacy/data-location: meta:trust_center", "https://www.microsoft.com/trust-center/privacy/data-location: footer_link:https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location: footer_link:https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location: trust center language", "https://www.microsoft.com/trust-center/privacy/data-location: 2 trust footer links" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "surface:sitemap", "label": "Sitemap", "category": "surface", "severity": "low", "present": false, "summary": "No sitemap surface was clearly observed.", "evidence": [], "urls": [] }, { "detector_id": "surface:navigation", "label": "Navigation", "category": "surface", "severity": "info", "present": true, "summary": "The site appears to expose navigable trust or policy entry points.", "evidence": [ "https://www.microsoft.com/trust-center -> trust_center (94)", "https://www.microsoft.com/trust-center: privacy signals", "https://www.microsoft.com/trust-center: role_hint", "https://www.microsoft.com/trust-center: meta:description:Microsoft trust center home", "https://www.microsoft.com/trust-center: meta:trust_center", "https://www.microsoft.com/trust-center: footer_link:https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center: footer_link:https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center: trust center language", "https://www.microsoft.com/trust-center: 3 trust footer links", "https://www.microsoft.com/trust-center: navigation surface", "https://www.microsoft.com/trust-center/privacy -> privacy_policy (94)", "https://www.microsoft.com/trust-center/privacy: privacy signals", "https://www.microsoft.com/trust-center/privacy: role_hint", "https://www.microsoft.com/trust-center/privacy: meta:description:Microsoft privacy principles", "https://www.microsoft.com/trust-center/privacy: meta:trust_center", "https://www.microsoft.com/trust-center/privacy: footer_link:https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy: footer_link:https://www.microsoft.com/trust-center/privacy/data-location", "https://www.microsoft.com/trust-center/privacy: trust center language", "https://www.microsoft.com/trust-center/privacy: 2 trust footer links", "https://www.microsoft.com/trust-center/privacy/data-access -> security_practices (94)", "https://www.microsoft.com/trust-center/privacy/data-access: privacy signals", "https://www.microsoft.com/trust-center/privacy/data-access: role_hint", "https://www.microsoft.com/trust-center/privacy/data-access: meta:description:Microsoft data access guidance", "https://www.microsoft.com/trust-center/privacy/data-access: meta:trust_center", "https://www.microsoft.com/trust-center/privacy/data-access: footer_link:https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access: footer_link:https://www.microsoft.com/trust-center/privacy/data-location", "https://www.microsoft.com/trust-center/privacy/data-access: trust center language", "https://www.microsoft.com/trust-center/privacy/data-access: 2 trust footer links", "https://www.microsoft.com/trust-center/privacy/data-location -> privacy_policy (94)", "https://www.microsoft.com/trust-center/privacy/data-location: privacy signals", "https://www.microsoft.com/trust-center/privacy/data-location: role_hint", "https://www.microsoft.com/trust-center/privacy/data-location: meta:data_residency", "https://www.microsoft.com/trust-center/privacy/data-location: meta:description:Microsoft data location and residency", "https://www.microsoft.com/trust-center/privacy/data-location: meta:trust_center", "https://www.microsoft.com/trust-center/privacy/data-location: footer_link:https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location: footer_link:https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location: trust center language", "https://www.microsoft.com/trust-center/privacy/data-location: 2 trust footer links" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "surface:contact_paths", "label": "Public contact paths", "category": "surface", "severity": "info", "present": true, "summary": "4 pages expose public contact or trust-contact language.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance [link, page]", "Microsoft Privacy Principles | Microsoft Trust Center [link, page]", "Microsoft Data Access | Microsoft Trust Center [link]", "Microsoft Privacy - Data Location | Microsoft Trust Center [link]" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "safety:redaction", "label": "Public output redaction", "category": "safety", "severity": "info", "present": true, "summary": "Public output does not surface obvious secrets, credentials, or private keys.", "evidence": [], "urls": [] }, { "detector_id": "legal:privacy_center", "label": "Privacy Center", "category": "legal", "severity": "info", "present": true, "summary": "Privacy Center was observed in the public surface.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance", "Microsoft Privacy Principles | Microsoft Trust Center", "Microsoft Data Access | Microsoft Trust Center", "Microsoft Privacy - Data Location | Microsoft Trust Center" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "legal:data_subject_request_portal", "label": "Data Subject Request Portal", "category": "legal", "severity": "info", "present": true, "summary": "Data Subject Request Portal was observed in the public surface.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance", "Microsoft Privacy Principles | Microsoft Trust Center", "Microsoft Data Access | Microsoft Trust Center", "Microsoft Privacy - Data Location | Microsoft Trust Center" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "legal:cookie_preferences", "label": "Cookie Preferences", "category": "legal", "severity": "info", "present": true, "summary": "Cookie Preferences was observed in the public surface.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance", "Microsoft Privacy Principles | Microsoft Trust Center", "Microsoft Privacy - Data Location | Microsoft Trust Center" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "legal:consent_management", "label": "Consent Management", "category": "legal", "severity": "info", "present": true, "summary": "Consent Management was observed in the public surface.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance", "Microsoft Privacy Principles | Microsoft Trust Center", "Microsoft Data Access | Microsoft Trust Center", "Microsoft Privacy - Data Location | Microsoft Trust Center" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "security:incident_history", "label": "Incident History", "category": "security", "severity": "info", "present": true, "summary": "Incident History was observed in the public surface.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "security:postmortems", "label": "Postmortems", "category": "security", "severity": "info", "present": true, "summary": "Postmortems was observed in the public surface.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "security:security_txt", "label": "security.txt", "category": "security", "severity": "info", "present": true, "summary": "security.txt was observed in the public surface.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "security:security_whitepaper", "label": "Security Whitepaper", "category": "security", "severity": "info", "present": true, "summary": "Security Whitepaper was observed in the public surface.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance", "Microsoft Privacy - Data Location | Microsoft Trust Center" ], "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "detector_id": "security:attestation_summary", "label": "Attestation Summary", "category": "security", "severity": "info", "present": true, "summary": "Attestation Summary was observed in the public surface.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] }, { "detector_id": "methodology:scoring_rubric", "label": "Scoring Rubric", "category": "methodology", "severity": "medium", "present": false, "summary": "Scoring Rubric was not clearly observed.", "evidence": [], "urls": [] }, { "detector_id": "contact:responsible_disclosure_contact", "label": "Responsible Disclosure Contact", "category": "surface", "severity": "info", "present": true, "summary": "Responsible Disclosure Contact was observed in the public surface.", "evidence": [ "Microsoft Trust Center | Data Security, Privacy, and Compliance" ], "urls": [ "https://www.microsoft.com/trust-center" ] } ], "artifact_observations": [ { "artifact_id": "privacy_policy", "detector_id": "legal:privacy_policy", "human_label": "Privacy Policy", "category": "legal", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Clarify what personal data you collect, process, retain, and disclose.", "matched_terms": [ "privacy", "privacy_policy", "trust_center" ], "score_dimensions": [ "public_surface", "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [ { "artifact_id": "privacy_policy", "detector_id": "legal:privacy_policy", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft privacy principles Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, ma", "start_offset": 10, "end_offset": 17, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched privacy evidence for Privacy Policy via Some(\"privacy_policy\")", "matched_terms": [ "privacy" ], "score_dimensions": [ "public_surface", "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "privacy_policy", "detector_id": "legal:privacy_policy", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "Microsoft data location and residency Microsoft Privacy - Data Location | Microsoft Trust Center Microsoft describes data residency choices, where data is stored at res", "start_offset": 48, "end_offset": 55, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched privacy evidence for Privacy Policy via Some(\"privacy_policy\")", "matched_terms": [ "privacy" ], "score_dimensions": [ "public_surface", "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review" } ] }, { "artifact_id": "privacy_center", "detector_id": "legal:privacy_center", "human_label": "Privacy Center", "category": "legal", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Privacy Center was observed in the public surface.", "matched_terms": [ "center", "privacy", "privacy_policy", "trust_center" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [ { "artifact_id": "privacy_center", "detector_id": "legal:privacy_center", "page_role": "trust_center", "url": "https://www.microsoft.com/trust-center", "title": "Microsoft Trust Center | Data Security, Privacy, and Compliance", "snippet": "Microsoft trust center home Microsoft Trust Center | Data Security, Privacy, and Compliance Microsoft Trust Center provides guidance on", "start_offset": 16, "end_offset": 22, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched center evidence for Privacy Center via Some(\"trust_center\")", "matched_terms": [ "center" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "privacy_center", "detector_id": "legal:privacy_center", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft privacy principles Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, may access modify or delete it, and receive transparency about the p", "start_offset": 76, "end_offset": 82, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched center evidence for Privacy Center via Some(\"privacy_policy\")", "matched_terms": [ "center" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "privacy_center", "detector_id": "legal:privacy_center", "page_role": "security_practices", "url": "https://www.microsoft.com/trust-center/privacy/data-access", "title": "Microsoft Data Access | Microsoft Trust Center", "snippet": "Microsoft data access guidance Microsoft Data Access | Microsoft Trust Center Microsoft limits access by personnel and subcontractors, logs access, defines response requirements for governmen", "start_offset": 71, "end_offset": 77, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched center evidence for Privacy Center via Some(\"security_practices\")", "matched_terms": [ "center" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "privacy_center", "detector_id": "legal:privacy_center", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "Microsoft data location and residency Microsoft Privacy - Data Location | Microsoft Trust Center Microsoft describes data residency choices, where data is stored at rest, and regional storage controls for Azure", "start_offset": 90, "end_offset": 96, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched center evidence for Privacy Center via Some(\"privacy_policy\")", "matched_terms": [ "center" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" } ] }, { "artifact_id": "data_subject_request_portal", "detector_id": "legal:data_subject_request_portal", "human_label": "Data Subject Request Portal", "category": "legal", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Data Subject Request Portal was observed in the public surface.", "matched_terms": [ "access", "delete", "privacy", "privacy_policy", "request", "trust_center" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [ { "artifact_id": "data_subject_request_portal", "detector_id": "legal:data_subject_request_portal", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, may access modify or delete it, and receive transparency about the policies and technologies that support privacy in commercial cloud service", "start_offset": 149, "end_offset": 155, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched delete evidence for Data Subject Request Portal via Some(\"privacy_policy\")", "matched_terms": [ "delete" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "data_subject_request_portal", "detector_id": "legal:data_subject_request_portal", "page_role": "security_practices", "url": "https://www.microsoft.com/trust-center/privacy/data-access", "title": "Microsoft Data Access | Microsoft Trust Center", "snippet": "Microsoft data access guidance Microsoft Data Access | Microsoft Trust Center Microsoft limits access by personnel and subcontractors,", "start_offset": 15, "end_offset": 21, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched access evidence for Data Subject Request Portal via Some(\"security_practices\")", "matched_terms": [ "access" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "data_subject_request_portal", "detector_id": "legal:data_subject_request_portal", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "Microsoft data location and residency Microsoft Privacy - Data Location | Microsoft Trust Center Microsoft describes data residency choices, where data is stored at res", "start_offset": 48, "end_offset": 55, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched privacy evidence for Data Subject Request Portal via Some(\"privacy_policy\")", "matched_terms": [ "privacy" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" } ] }, { "artifact_id": "cookie_policy", "detector_id": "legal:cookie_policy", "human_label": "Cookie Policy", "category": "legal", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Publish cookie and tracking language with a clear consent path.", "matched_terms": [ "privacy_policy", "trust_center" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [] }, { "artifact_id": "cookie_preferences", "detector_id": "legal:cookie_preferences", "human_label": "Cookie Preferences", "category": "legal", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Cookie Preferences was observed in the public surface.", "matched_terms": [ "privacy_policy", "trust_center" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [] }, { "artifact_id": "consent_management", "detector_id": "legal:consent_management", "human_label": "Consent Management", "category": "legal", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Consent Management was observed in the public surface.", "matched_terms": [ "privacy", "privacy_policy", "trust_center" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [ { "artifact_id": "consent_management", "detector_id": "legal:consent_management", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft privacy principles Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, ma", "start_offset": 10, "end_offset": 17, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched privacy evidence for Consent Management via Some(\"privacy_policy\")", "matched_terms": [ "privacy" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "consent_management", "detector_id": "legal:consent_management", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "Microsoft data location and residency Microsoft Privacy - Data Location | Microsoft Trust Center Microsoft describes data residency choices, where data is stored at res", "start_offset": 48, "end_offset": 55, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched privacy evidence for Consent Management via Some(\"privacy_policy\")", "matched_terms": [ "privacy" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" } ] }, { "artifact_id": "data_retention_policy", "detector_id": "legal:data_retention_policy", "human_label": "Data Retention Policy", "category": "legal", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "State how long data is kept and what triggers deletion or archival.", "matched_terms": [ "delete", "privacy_policy", "trust_center" ], "score_dimensions": [ "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [ { "artifact_id": "data_retention_policy", "detector_id": "legal:data_retention_policy", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, may access modify or delete it, and receive transparency about the policies and technologies that support privacy in commercial cloud service", "start_offset": 149, "end_offset": 155, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched delete evidence for Data Retention Policy via Some(\"privacy_policy\")", "matched_terms": [ "delete" ], "score_dimensions": [ "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review" } ] }, { "artifact_id": "data_sharing_notice", "detector_id": "legal:data_sharing_notice", "human_label": "Data Sharing Notice", "category": "legal", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Clarify which parties receive data and why.", "matched_terms": [ "privacy_policy", "trust_center" ], "score_dimensions": [ "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [] }, { "artifact_id": "cross_border_transfers", "detector_id": "legal:cross_border_transfers", "human_label": "Cross-Border Transfers", "category": "legal", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Explain transfer mechanisms, safeguards, and processor relationships.", "matched_terms": [ "privacy_policy", "trust_center" ], "score_dimensions": [ "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [] }, { "artifact_id": "data_breach_notice", "detector_id": "legal:data_breach_notice", "human_label": "Data Breach Notice", "category": "legal", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Explain how breach notification works and who is notified.", "matched_terms": [ "privacy_policy" ], "score_dimensions": [ "legal_clarity", "security_trust" ], "remediation_motion": "privacy_legal_review", "urls": [ "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [] }, { "artifact_id": "data_residency_policy", "detector_id": "legal:data_residency_policy", "human_label": "Data Residency Policy", "category": "legal", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "State where data is stored and whether region selection is supported.", "matched_terms": [ "data location", "data residency", "privacy_policy", "region", "trust_center" ], "score_dimensions": [ "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [ { "artifact_id": "data_residency_policy", "detector_id": "legal:data_residency_policy", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "Microsoft data location and residency Microsoft Privacy - Data Location | Microsoft Trust Center Microsoft describes data residenc", "start_offset": 10, "end_offset": 23, "confidence": 98, "evidence_strength": "strong", "visibility": "public_safe", "public_safe": true, "reason": "Matched data location evidence for Data Residency Policy via Some(\"privacy_policy\")", "matched_terms": [ "data location" ], "score_dimensions": [ "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review" } ] }, { "artifact_id": "data_processing_addendum", "detector_id": "legal:data_processing_addendum", "human_label": "Data Processing Addendum", "category": "legal", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Make the DPA request path easy to find for customers and partners.", "matched_terms": [ "privacy_policy", "processor", "trust_center" ], "score_dimensions": [ "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [ { "artifact_id": "data_processing_addendum", "detector_id": "legal:data_processing_addendum", "page_role": "security_practices", "url": "https://www.microsoft.com/trust-center/privacy/data-access", "title": "Microsoft Data Access | Microsoft Trust Center", "snippet": "s by personnel and subcontractors, logs access, defines response requirements for government requests, and publishes subprocessor information for online services.", "start_offset": 220, "end_offset": 229, "confidence": 85, "evidence_strength": "strong", "visibility": "public_safe", "public_safe": true, "reason": "Matched processor evidence for Data Processing Addendum via Some(\"security_practices\")", "matched_terms": [ "processor" ], "score_dimensions": [ "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review" } ] }, { "artifact_id": "subprocessors_list", "detector_id": "legal:subprocessors_list", "human_label": "Subprocessors List", "category": "legal", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Publish a current subprocessor or vendor list with update cadence.", "matched_terms": [ "privacy_policy", "trust_center" ], "score_dimensions": [ "legal_clarity", "public_surface" ], "remediation_motion": "privacy_legal_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [] }, { "artifact_id": "acceptable_use_policy", "detector_id": "legal:acceptable_use_policy", "human_label": "Acceptable Use Policy", "category": "legal", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Clarify prohibited and abusive use patterns in public-facing terms.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "ai_usage_policy", "detector_id": "ai-governance:ai_usage_policy", "human_label": "AI Usage Policy", "category": "ai-governance", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "AI Usage Policy was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "ai_language", "legal_clarity", "consistency" ], "remediation_motion": "ai_policy_review", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "responsible_ai_principles", "detector_id": "ai-governance:responsible_ai_principles", "human_label": "Responsible AI Principles", "category": "ai-governance", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Responsible AI Principles was observed in the public surface.", "matched_terms": [ "transparency", "trust_center" ], "score_dimensions": [ "ai_language", "consistency" ], "remediation_motion": "ai_policy_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy" ], "evidence_spans": [ { "artifact_id": "responsible_ai_principles", "detector_id": "ai-governance:responsible_ai_principles", "page_role": "trust_center", "url": "https://www.microsoft.com/trust-center", "title": "Microsoft Trust Center | Data Security, Privacy, and Compliance", "snippet": "Microsoft Trust Center provides guidance on data security, privacy, compliance, and trustworthy AI. The site emphasizes transparency, customer control, and security practices across Microsoft cloud services.", "start_offset": 212, "end_offset": 224, "confidence": 85, "evidence_strength": "strong", "visibility": "public_safe", "public_safe": true, "reason": "Matched transparency evidence for Responsible AI Principles via Some(\"trust_center\")", "matched_terms": [ "transparency" ], "score_dimensions": [ "ai_language", "consistency" ], "remediation_motion": "ai_policy_review" }, { "artifact_id": "responsible_ai_principles", "detector_id": "ai-governance:responsible_ai_principles", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "iples | Microsoft Trust Center Microsoft says customers control their data, may access modify or delete it, and receive transparency about the policies and technologies that support privacy in commercial cloud services.", "start_offset": 172, "end_offset": 184, "confidence": 85, "evidence_strength": "strong", "visibility": "public_safe", "public_safe": true, "reason": "Matched transparency evidence for Responsible AI Principles via Some(\"privacy_policy\")", "matched_terms": [ "transparency" ], "score_dimensions": [ "ai_language", "consistency" ], "remediation_motion": "ai_policy_review" } ] }, { "artifact_id": "customer_data_training_policy", "detector_id": "ai-governance:customer_data_training_policy", "human_label": "Customer Data Training Policy", "category": "ai-governance", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Customer Data Training Policy was observed in the public surface.", "matched_terms": [ "privacy_policy" ], "score_dimensions": [ "ai_language", "legal_clarity", "consistency" ], "remediation_motion": "ai_policy_review", "urls": [ "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [] }, { "artifact_id": "model_provider_disclosure", "detector_id": "ai-governance:model_provider_disclosure", "human_label": "Model Provider Disclosure", "category": "ai-governance", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "State which model or provider services are used and where customer data may flow.", "matched_terms": [], "score_dimensions": [ "ai_language", "legal_clarity" ], "remediation_motion": "ai_policy_review", "urls": [], "evidence_spans": [] }, { "artifact_id": "prompt_logging_policy", "detector_id": "ai-governance:prompt_logging_policy", "human_label": "Prompt Logging Policy", "category": "ai-governance", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Prompt Logging Policy was observed in the public surface.", "matched_terms": [ "log", "trust_center" ], "score_dimensions": [ "ai_language", "legal_clarity" ], "remediation_motion": "ai_policy_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access" ], "evidence_spans": [ { "artifact_id": "prompt_logging_policy", "detector_id": "ai-governance:prompt_logging_policy", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "ays customers control their data, may access modify or delete it, and receive transparency about the policies and technologies that support privacy in commercial cloud services.", "start_offset": 214, "end_offset": 217, "confidence": 66, "evidence_strength": "weak", "visibility": "public_safe", "public_safe": true, "reason": "Matched log evidence for Prompt Logging Policy via Some(\"privacy_policy\")", "matched_terms": [ "log" ], "score_dimensions": [ "ai_language", "legal_clarity" ], "remediation_motion": "ai_policy_review" }, { "artifact_id": "prompt_logging_policy", "detector_id": "ai-governance:prompt_logging_policy", "page_role": "security_practices", "url": "https://www.microsoft.com/trust-center/privacy/data-access", "title": "Microsoft Data Access | Microsoft Trust Center", "snippet": "access guidance Microsoft Data Access | Microsoft Trust Center Microsoft limits access by personnel and subcontractors, logs access, defines response requirements for government requests, and publishes subprocessor information for online se", "start_offset": 135, "end_offset": 138, "confidence": 66, "evidence_strength": "weak", "visibility": "public_safe", "public_safe": true, "reason": "Matched log evidence for Prompt Logging Policy via Some(\"security_practices\")", "matched_terms": [ "log" ], "score_dimensions": [ "ai_language", "legal_clarity" ], "remediation_motion": "ai_policy_review" } ] }, { "artifact_id": "human_review_policy", "detector_id": "ai-governance:human_review_policy", "human_label": "Human Review Policy", "category": "ai-governance", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Explain what is reviewed by humans and what remains automated.", "matched_terms": [], "score_dimensions": [ "ai_language", "consistency" ], "remediation_motion": "ai_policy_review", "urls": [], "evidence_spans": [] }, { "artifact_id": "evals_and_red_teaming", "detector_id": "ai-governance:evals_and_red_teaming", "human_label": "Evals and Red Teaming", "category": "ai-governance", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Describe testing and evaluation practices that back AI claims.", "matched_terms": [], "score_dimensions": [ "ai_language", "methodology" ], "remediation_motion": "ai_policy_review", "urls": [], "evidence_spans": [] }, { "artifact_id": "prohibited_uses", "detector_id": "ai-governance:prohibited_uses", "human_label": "Prohibited Uses", "category": "ai-governance", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "State the use cases you will not support and where enforcement lives.", "matched_terms": [], "score_dimensions": [ "ai_language", "legal_clarity" ], "remediation_motion": "ai_policy_review", "urls": [], "evidence_spans": [] }, { "artifact_id": "model_card_or_system_card", "detector_id": "ai-governance:model_card_or_system_card", "human_label": "Model Card or System Card", "category": "ai-governance", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Publish a model or system card if the site makes substantial AI claims.", "matched_terms": [], "score_dimensions": [ "ai_language", "methodology" ], "remediation_motion": "ai_policy_review", "urls": [], "evidence_spans": [] }, { "artifact_id": "ai_evaluation_or_safety_report", "detector_id": "ai-governance:ai_evaluation_or_safety_report", "human_label": "AI Evaluation or Safety Report", "category": "ai-governance", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Provide a public evaluation or safety summary when AI claims are central.", "matched_terms": [], "score_dimensions": [ "ai_language", "methodology" ], "remediation_motion": "ai_policy_review", "urls": [], "evidence_spans": [] }, { "artifact_id": "transparency_report", "detector_id": "ai-governance:transparency_report", "human_label": "Transparency Report", "category": "ai-governance", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Publish a public transparency report when the product makes AI capability claims.", "matched_terms": [], "score_dimensions": [ "ai_language", "methodology", "public_surface" ], "remediation_motion": "methodology_clarification", "urls": [], "evidence_spans": [] }, { "artifact_id": "model_limitations", "detector_id": "ai-governance:model_limitations", "human_label": "Model Limitations", "category": "ai-governance", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Describe where the model or AI system fails, degrades, or needs human review.", "matched_terms": [], "score_dimensions": [ "ai_language", "consistency" ], "remediation_motion": "ai_policy_review", "urls": [], "evidence_spans": [] }, { "artifact_id": "output_moderation_policy", "detector_id": "ai-governance:output_moderation_policy", "human_label": "Output Moderation Policy", "category": "ai-governance", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Explain how outputs are filtered, blocked, or escalated.", "matched_terms": [], "score_dimensions": [ "ai_language", "legal_clarity" ], "remediation_motion": "ai_policy_review", "urls": [], "evidence_spans": [] }, { "artifact_id": "feedback_training_policy", "detector_id": "ai-governance:feedback_training_policy", "human_label": "Feedback and Training Policy", "category": "ai-governance", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Explain whether feedback data is reused for training or product improvement.", "matched_terms": [], "score_dimensions": [ "ai_language", "legal_clarity", "consistency" ], "remediation_motion": "ai_policy_review", "urls": [], "evidence_spans": [] }, { "artifact_id": "security_practices_page", "detector_id": "security:security_practices_page", "human_label": "Security Practices", "category": "security", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Security Practices was observed in the public surface.", "matched_terms": [ "controls", "security", "security practices", "trust_center" ], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "security_evidence_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [ { "artifact_id": "security_practices_page", "detector_id": "security:security_practices_page", "page_role": "trust_center", "url": "https://www.microsoft.com/trust-center", "title": "Microsoft Trust Center | Data Security, Privacy, and Compliance", "snippet": "Microsoft trust center home Microsoft Trust Center | Data Security, Privacy, and Compliance Microsoft Trust Center provides guidance on data security, privacy, compliance, and tr", "start_offset": 58, "end_offset": 66, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched security evidence for Security Practices via Some(\"trust_center\")", "matched_terms": [ "security" ], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "security_evidence_review" }, { "artifact_id": "security_practices_page", "detector_id": "security:security_practices_page", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "| Microsoft Trust Center Microsoft describes data residency choices, where data is stored at rest, and regional storage controls for Azure and Microsoft 365 customers.", "start_offset": 192, "end_offset": 200, "confidence": 96, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched controls evidence for Security Practices via Some(\"privacy_policy\")", "matched_terms": [ "controls" ], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "security_evidence_review" } ] }, { "artifact_id": "backup_and_recovery", "detector_id": "security:backup_and_recovery", "human_label": "Backup and Recovery", "category": "security", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Backup and Recovery was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "security_trust", "consistency" ], "remediation_motion": "security_evidence_review", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "secure_sdlc_page", "detector_id": "security:secure_sdlc_page", "human_label": "Secure SDLC", "category": "security", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Secure SDLC was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "security_trust", "consistency" ], "remediation_motion": "security_evidence_review", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "vulnerability_disclosure", "detector_id": "security:vulnerability_disclosure", "human_label": "Vulnerability Disclosure", "category": "security", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Vulnerability Disclosure was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "security_evidence_review", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "security_contact", "detector_id": "security:security_contact", "human_label": "Security Contact", "category": "security", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Security Contact was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "contact_routing", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "incident_response", "detector_id": "security:incident_response", "human_label": "Incident Response", "category": "security", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Incident Response was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "security_trust", "consistency" ], "remediation_motion": "security_evidence_review", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "incident_history", "detector_id": "security:incident_history", "human_label": "Incident History", "category": "security", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Incident History was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "security_evidence_review", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "postmortems", "detector_id": "security:postmortems", "human_label": "Postmortems", "category": "security", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Postmortems was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "security_trust", "methodology" ], "remediation_motion": "security_evidence_review", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "security_txt", "detector_id": "security:security_txt", "human_label": "security.txt", "category": "security", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "security.txt was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "public_surface", "security_trust" ], "remediation_motion": "contact_routing", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "security_whitepaper", "detector_id": "security:security_whitepaper", "human_label": "Security Whitepaper", "category": "security", "present": true, "public_safe": true, "confidence": 65, "evidence_strength": "moderate", "visibility": "public_safe", "reason": "Security Whitepaper was observed in the public surface.", "matched_terms": [ "controls", "trust_center" ], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "security_evidence_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [ { "artifact_id": "security_whitepaper", "detector_id": "security:security_whitepaper", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "| Microsoft Trust Center Microsoft describes data residency choices, where data is stored at rest, and regional storage controls for Azure and Microsoft 365 customers.", "start_offset": 192, "end_offset": 200, "confidence": 70, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched controls evidence for Security Whitepaper via Some(\"privacy_policy\")", "matched_terms": [ "controls" ], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "security_evidence_review" } ] }, { "artifact_id": "bug_bounty", "detector_id": "security:bug_bounty", "human_label": "Bug Bounty", "category": "security", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Bug Bounty was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "security_evidence_review", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "certifications", "detector_id": "security:certifications", "human_label": "Certifications", "category": "security", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Certifications was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "security_trust", "consistency" ], "remediation_motion": "security_evidence_review", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "attestation_summary", "detector_id": "security:attestation_summary", "human_label": "Attestation Summary", "category": "security", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Attestation Summary was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "security_evidence_review", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "security_overview", "detector_id": "security:security_overview", "human_label": "Security Overview", "category": "security", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Security Overview was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "security_evidence_review", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "incident_communication", "detector_id": "security:incident_communication", "human_label": "Incident Communication", "category": "security", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Document how customers are notified and where public incident updates live.", "matched_terms": [], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "security_evidence_review", "urls": [], "evidence_spans": [] }, { "artifact_id": "encryption_at_rest", "detector_id": "security:encryption_at_rest", "human_label": "Encryption at Rest", "category": "security", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "State where encryption is used and what it protects.", "matched_terms": [], "score_dimensions": [ "security_trust", "consistency" ], "remediation_motion": "security_evidence_review", "urls": [], "evidence_spans": [] }, { "artifact_id": "mfa_sso", "detector_id": "security:mfa_sso", "human_label": "MFA and SSO", "category": "security", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "MFA and SSO was observed in the public surface.", "matched_terms": [ "sso", "trust_center" ], "score_dimensions": [ "security_trust", "consistency" ], "remediation_motion": "security_evidence_review", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy/data-access" ], "evidence_spans": [ { "artifact_id": "mfa_sso", "detector_id": "security:mfa_sso", "page_role": "security_practices", "url": "https://www.microsoft.com/trust-center/privacy/data-access", "title": "Microsoft Data Access | Microsoft Trust Center", "snippet": "personnel and subcontractors, logs access, defines response requirements for government requests, and publishes subprocessor information for online services.", "start_offset": 225, "end_offset": 228, "confidence": 96, "evidence_strength": "weak", "visibility": "public_safe", "public_safe": true, "reason": "Matched sso evidence for MFA and SSO via Some(\"security_practices\")", "matched_terms": [ "sso" ], "score_dimensions": [ "security_trust", "consistency" ], "remediation_motion": "security_evidence_review" } ] }, { "artifact_id": "status_page", "detector_id": "security:status_page", "human_label": "Status Page", "category": "security", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Status Page was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "trust_center_cleanup", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "methodology_page", "detector_id": "methodology:page", "human_label": "Methodology Page", "category": "methodology", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Explain the rules and limitations of the scan.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "methodology_clarification", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "scoring_rubric", "detector_id": "methodology:scoring_rubric", "human_label": "Scoring Rubric", "category": "methodology", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Show how the score is derived from visible evidence.", "matched_terms": [], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "methodology_clarification", "urls": [], "evidence_spans": [] }, { "artifact_id": "score_caveat", "detector_id": "methodology:score_caveat", "human_label": "Score Caveat", "category": "methodology", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Keep the public-signal caveat visible near the score and methodology.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "consistency", "public_surface" ], "remediation_motion": "methodology_clarification", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "data_sources", "detector_id": "methodology:data_sources", "human_label": "Data Sources", "category": "methodology", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Explain where the evidence came from and when it was observed.", "matched_terms": [], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "methodology_clarification", "urls": [], "evidence_spans": [] }, { "artifact_id": "confidence_labels", "detector_id": "methodology:confidence_labels", "human_label": "Confidence Labels", "category": "methodology", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Describe uncertainty bands or confidence levels when the evidence is partial.", "matched_terms": [], "score_dimensions": [ "consistency", "public_surface" ], "remediation_motion": "methodology_clarification", "urls": [], "evidence_spans": [] }, { "artifact_id": "endorsement_and_certification", "detector_id": "claims:endorsement_and_certification", "human_label": "Endorsement and Certification Claims", "category": "claims", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Endorsement and Certification Claims was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "consistency", "public_surface" ], "remediation_motion": "claims_grounding", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "sponsor_separation", "detector_id": "claims:sponsor_separation", "human_label": "Sponsor Separation", "category": "claims", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Sponsor Separation was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "consistency", "public_surface" ], "remediation_motion": "claims_grounding", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "unsupported_maturity", "detector_id": "claims:unsupported_maturity", "human_label": "Unsupported Maturity Phrasing", "category": "claims", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Ground broad maturity language in observable public evidence.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "consistency", "public_surface" ], "remediation_motion": "claims_grounding", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "customer_logos", "detector_id": "claims:customer_logos", "human_label": "Customer Logos", "category": "claims", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Customer Logos was observed in the public surface.", "matched_terms": [ "customer", "trust_center" ], "score_dimensions": [ "consistency", "public_surface" ], "remediation_motion": "claims_grounding", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [ { "artifact_id": "customer_logos", "detector_id": "claims:customer_logos", "page_role": "trust_center", "url": "https://www.microsoft.com/trust-center", "title": "Microsoft Trust Center | Data Security, Privacy, and Compliance", "snippet": "t Center provides guidance on data security, privacy, compliance, and trustworthy AI. The site emphasizes transparency, customer control, and security practices across Microsoft cloud services.", "start_offset": 226, "end_offset": 234, "confidence": 84, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched customer evidence for Customer Logos via Some(\"trust_center\")", "matched_terms": [ "customer" ], "score_dimensions": [ "consistency", "public_surface" ], "remediation_motion": "claims_grounding" }, { "artifact_id": "customer_logos", "detector_id": "claims:customer_logos", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft privacy principles Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, may access modify or delete it, and receive transparency about the policies and technologi", "start_offset": 98, "end_offset": 106, "confidence": 70, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched customer evidence for Customer Logos via Some(\"privacy_policy\")", "matched_terms": [ "customer" ], "score_dimensions": [ "consistency", "public_surface" ], "remediation_motion": "claims_grounding" }, { "artifact_id": "customer_logos", "detector_id": "claims:customer_logos", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "scribes data residency choices, where data is stored at rest, and regional storage controls for Azure and Microsoft 365 customers.", "start_offset": 229, "end_offset": 237, "confidence": 70, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched customer evidence for Customer Logos via Some(\"privacy_policy\")", "matched_terms": [ "customer" ], "score_dimensions": [ "consistency", "public_surface" ], "remediation_motion": "claims_grounding" } ] }, { "artifact_id": "testimonials", "detector_id": "claims:testimonials", "human_label": "Testimonials", "category": "claims", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Testimonials was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "consistency", "public_surface" ], "remediation_motion": "claims_grounding", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "third_party_validation", "detector_id": "claims:third_party_validation", "human_label": "Third-Party Validation", "category": "claims", "present": true, "public_safe": true, "confidence": 45, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Third-Party Validation was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "consistency", "public_surface" ], "remediation_motion": "claims_grounding", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "awards", "detector_id": "claims:awards", "human_label": "Awards", "category": "claims", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Awards was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "consistency", "public_surface" ], "remediation_motion": "claims_grounding", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "trust_center", "detector_id": "surface:trust_center_discoverability", "human_label": "Trust Center Discoverability", "category": "surface", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Trust Center Discoverability was observed in the public surface.", "matched_terms": [ "compliance", "security", "trust", "trust center", "trust_center" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [ { "artifact_id": "trust_center", "detector_id": "surface:trust_center_discoverability", "page_role": "trust_center", "url": "https://www.microsoft.com/trust-center", "title": "Microsoft Trust Center | Data Security, Privacy, and Compliance", "snippet": "Microsoft trust center home Microsoft Trust Center | Data Security, Privacy, and Compliance Microsoft Trust Center provides guidance on data security, privacy, compliance, and trustworthy AI. The site", "start_offset": 81, "end_offset": 91, "confidence": 98, "evidence_strength": "strong", "visibility": "public_safe", "public_safe": true, "reason": "Matched compliance evidence for Trust Center Discoverability via Some(\"trust_center\")", "matched_terms": [ "compliance" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "trust_center", "detector_id": "surface:trust_center_discoverability", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft privacy principles Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, may access modify or delete it, and receive transparency about", "start_offset": 70, "end_offset": 75, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched trust evidence for Trust Center Discoverability via Some(\"privacy_policy\")", "matched_terms": [ "trust" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "trust_center", "detector_id": "surface:trust_center_discoverability", "page_role": "security_practices", "url": "https://www.microsoft.com/trust-center/privacy/data-access", "title": "Microsoft Data Access | Microsoft Trust Center", "snippet": "Microsoft data access guidance Microsoft Data Access | Microsoft Trust Center Microsoft limits access by personnel and subcontractors, logs access, defines response requirements for gov", "start_offset": 65, "end_offset": 70, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched trust evidence for Trust Center Discoverability via Some(\"security_practices\")", "matched_terms": [ "trust" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "trust_center", "detector_id": "surface:trust_center_discoverability", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "Microsoft data location and residency Microsoft Privacy - Data Location | Microsoft Trust Center Microsoft describes data residency choices, where data is stored at rest, and regional storage controls for", "start_offset": 84, "end_offset": 89, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched trust evidence for Trust Center Discoverability via Some(\"privacy_policy\")", "matched_terms": [ "trust" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup" } ] }, { "artifact_id": "contact_paths", "detector_id": "surface:contact_paths", "human_label": "Contact Paths", "category": "surface", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Contact Paths was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "contact_routing", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "docs_hub", "detector_id": "surface:docs_hub", "human_label": "Documentation Hub", "category": "surface", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Link product documentation from the trust surface when it helps buyer review.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "public_surface" ], "remediation_motion": "trust_center_cleanup", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "public_status_page", "detector_id": "surface:status_page", "human_label": "Public Status Page", "category": "surface", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Link the status page from the public trust surface if it exists.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "footer_crosslinks", "detector_id": "surface:footer_crosslinks", "human_label": "Footer Cross-links", "category": "surface", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Footer Cross-links was observed in the public surface.", "matched_terms": [ "privacy", "security", "trust", "trust_center" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [ { "artifact_id": "footer_crosslinks", "detector_id": "surface:footer_crosslinks", "page_role": "trust_center", "url": "https://www.microsoft.com/trust-center", "title": "Microsoft Trust Center | Data Security, Privacy, and Compliance", "snippet": "Microsoft trust center home Microsoft Trust Center | Data Security, Privacy, and Compliance Microsoft Trust Center provides guidance on data security, privacy, compliance, and trustworthy", "start_offset": 68, "end_offset": 75, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched privacy evidence for Footer Cross-links via Some(\"trust_center\")", "matched_terms": [ "privacy" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "footer_crosslinks", "detector_id": "surface:footer_crosslinks", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft privacy principles Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, ma", "start_offset": 10, "end_offset": 17, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched privacy evidence for Footer Cross-links via Some(\"privacy_policy\")", "matched_terms": [ "privacy" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "footer_crosslinks", "detector_id": "surface:footer_crosslinks", "page_role": "security_practices", "url": "https://www.microsoft.com/trust-center/privacy/data-access", "title": "Microsoft Data Access | Microsoft Trust Center", "snippet": "Microsoft data access guidance Microsoft Data Access | Microsoft Trust Center Microsoft limits access by personnel and subcontractors, logs access, defines response requirements for gov", "start_offset": 65, "end_offset": 70, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched trust evidence for Footer Cross-links via Some(\"security_practices\")", "matched_terms": [ "trust" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "footer_crosslinks", "detector_id": "surface:footer_crosslinks", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "Microsoft data location and residency Microsoft Privacy - Data Location | Microsoft Trust Center Microsoft describes data residency choices, where data is stored at res", "start_offset": 48, "end_offset": 55, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched privacy evidence for Footer Cross-links via Some(\"privacy_policy\")", "matched_terms": [ "privacy" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup" } ] }, { "artifact_id": "sitemap", "detector_id": "surface:sitemap", "human_label": "Sitemap", "category": "surface", "present": false, "public_safe": true, "confidence": 15, "evidence_strength": "weak", "visibility": "public_safe", "reason": "Keep trust pages reachable from a sitemap or index page.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "public_surface" ], "remediation_motion": "trust_center_cleanup", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] }, { "artifact_id": "navigation", "detector_id": "surface:navigation", "human_label": "Navigation", "category": "surface", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Navigation was observed in the public surface.", "matched_terms": [ "trust", "trust_center" ], "score_dimensions": [ "public_surface" ], "remediation_motion": "trust_center_cleanup", "urls": [ "https://www.microsoft.com/trust-center", "https://www.microsoft.com/trust-center/privacy", "https://www.microsoft.com/trust-center/privacy/data-access", "https://www.microsoft.com/trust-center/privacy/data-location" ], "evidence_spans": [ { "artifact_id": "navigation", "detector_id": "surface:navigation", "page_role": "trust_center", "url": "https://www.microsoft.com/trust-center", "title": "Microsoft Trust Center | Data Security, Privacy, and Compliance", "snippet": "Microsoft trust center home Microsoft Trust Center | Data Security, Privacy, and Compliance Microsoft Trust Center provides guidan", "start_offset": 10, "end_offset": 15, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched trust evidence for Navigation via Some(\"trust_center\")", "matched_terms": [ "trust" ], "score_dimensions": [ "public_surface" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "navigation", "detector_id": "surface:navigation", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft privacy principles Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, may access modify or delete it, and receive transparency about", "start_offset": 70, "end_offset": 75, "confidence": 84, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched trust evidence for Navigation via Some(\"privacy_policy\")", "matched_terms": [ "trust" ], "score_dimensions": [ "public_surface" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "navigation", "detector_id": "surface:navigation", "page_role": "security_practices", "url": "https://www.microsoft.com/trust-center/privacy/data-access", "title": "Microsoft Data Access | Microsoft Trust Center", "snippet": "Microsoft data access guidance Microsoft Data Access | Microsoft Trust Center Microsoft limits access by personnel and subcontractors, logs access, defines response requirements for gov", "start_offset": 65, "end_offset": 70, "confidence": 84, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched trust evidence for Navigation via Some(\"security_practices\")", "matched_terms": [ "trust" ], "score_dimensions": [ "public_surface" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "navigation", "detector_id": "surface:navigation", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "Microsoft data location and residency Microsoft Privacy - Data Location | Microsoft Trust Center Microsoft describes data residency choices, where data is stored at rest, and regional storage controls for", "start_offset": 84, "end_offset": 89, "confidence": 84, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched trust evidence for Navigation via Some(\"privacy_policy\")", "matched_terms": [ "trust" ], "score_dimensions": [ "public_surface" ], "remediation_motion": "trust_center_cleanup" } ] }, { "artifact_id": "responsible_disclosure_contact", "detector_id": "contact:responsible_disclosure_contact", "human_label": "Responsible Disclosure Contact", "category": "surface", "present": true, "public_safe": true, "confidence": 90, "evidence_strength": "explicit", "visibility": "public_safe", "reason": "Responsible Disclosure Contact was observed in the public surface.", "matched_terms": [ "trust_center" ], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "contact_routing", "urls": [ "https://www.microsoft.com/trust-center" ], "evidence_spans": [] } ], "evidence_spans": [ { "artifact_id": "privacy_policy", "detector_id": "legal:privacy_policy", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft privacy principles Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, ma", "start_offset": 10, "end_offset": 17, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched privacy evidence for Privacy Policy via Some(\"privacy_policy\")", "matched_terms": [ "privacy" ], "score_dimensions": [ "public_surface", "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "privacy_policy", "detector_id": "legal:privacy_policy", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "Microsoft data location and residency Microsoft Privacy - Data Location | Microsoft Trust Center Microsoft describes data residency choices, where data is stored at res", "start_offset": 48, "end_offset": 55, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched privacy evidence for Privacy Policy via Some(\"privacy_policy\")", "matched_terms": [ "privacy" ], "score_dimensions": [ "public_surface", "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "privacy_center", "detector_id": "legal:privacy_center", "page_role": "trust_center", "url": "https://www.microsoft.com/trust-center", "title": "Microsoft Trust Center | Data Security, Privacy, and Compliance", "snippet": "Microsoft trust center home Microsoft Trust Center | Data Security, Privacy, and Compliance Microsoft Trust Center provides guidance on", "start_offset": 16, "end_offset": 22, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched center evidence for Privacy Center via Some(\"trust_center\")", "matched_terms": [ "center" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "privacy_center", "detector_id": "legal:privacy_center", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft privacy principles Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, may access modify or delete it, and receive transparency about the p", "start_offset": 76, "end_offset": 82, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched center evidence for Privacy Center via Some(\"privacy_policy\")", "matched_terms": [ "center" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "privacy_center", "detector_id": "legal:privacy_center", "page_role": "security_practices", "url": "https://www.microsoft.com/trust-center/privacy/data-access", "title": "Microsoft Data Access | Microsoft Trust Center", "snippet": "Microsoft data access guidance Microsoft Data Access | Microsoft Trust Center Microsoft limits access by personnel and subcontractors, logs access, defines response requirements for governmen", "start_offset": 71, "end_offset": 77, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched center evidence for Privacy Center via Some(\"security_practices\")", "matched_terms": [ "center" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "privacy_center", "detector_id": "legal:privacy_center", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "Microsoft data location and residency Microsoft Privacy - Data Location | Microsoft Trust Center Microsoft describes data residency choices, where data is stored at rest, and regional storage controls for Azure", "start_offset": 90, "end_offset": 96, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched center evidence for Privacy Center via Some(\"privacy_policy\")", "matched_terms": [ "center" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "data_subject_request_portal", "detector_id": "legal:data_subject_request_portal", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, may access modify or delete it, and receive transparency about the policies and technologies that support privacy in commercial cloud service", "start_offset": 149, "end_offset": 155, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched delete evidence for Data Subject Request Portal via Some(\"privacy_policy\")", "matched_terms": [ "delete" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "data_subject_request_portal", "detector_id": "legal:data_subject_request_portal", "page_role": "security_practices", "url": "https://www.microsoft.com/trust-center/privacy/data-access", "title": "Microsoft Data Access | Microsoft Trust Center", "snippet": "Microsoft data access guidance Microsoft Data Access | Microsoft Trust Center Microsoft limits access by personnel and subcontractors,", "start_offset": 15, "end_offset": 21, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched access evidence for Data Subject Request Portal via Some(\"security_practices\")", "matched_terms": [ "access" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "data_subject_request_portal", "detector_id": "legal:data_subject_request_portal", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "Microsoft data location and residency Microsoft Privacy - Data Location | Microsoft Trust Center Microsoft describes data residency choices, where data is stored at res", "start_offset": 48, "end_offset": 55, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched privacy evidence for Data Subject Request Portal via Some(\"privacy_policy\")", "matched_terms": [ "privacy" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "consent_management", "detector_id": "legal:consent_management", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft privacy principles Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, ma", "start_offset": 10, "end_offset": 17, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched privacy evidence for Consent Management via Some(\"privacy_policy\")", "matched_terms": [ "privacy" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "consent_management", "detector_id": "legal:consent_management", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "Microsoft data location and residency Microsoft Privacy - Data Location | Microsoft Trust Center Microsoft describes data residency choices, where data is stored at res", "start_offset": 48, "end_offset": 55, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched privacy evidence for Consent Management via Some(\"privacy_policy\")", "matched_terms": [ "privacy" ], "score_dimensions": [ "public_surface", "legal_clarity" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "data_retention_policy", "detector_id": "legal:data_retention_policy", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, may access modify or delete it, and receive transparency about the policies and technologies that support privacy in commercial cloud service", "start_offset": 149, "end_offset": 155, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched delete evidence for Data Retention Policy via Some(\"privacy_policy\")", "matched_terms": [ "delete" ], "score_dimensions": [ "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "data_residency_policy", "detector_id": "legal:data_residency_policy", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "Microsoft data location and residency Microsoft Privacy - Data Location | Microsoft Trust Center Microsoft describes data residenc", "start_offset": 10, "end_offset": 23, "confidence": 98, "evidence_strength": "strong", "visibility": "public_safe", "public_safe": true, "reason": "Matched data location evidence for Data Residency Policy via Some(\"privacy_policy\")", "matched_terms": [ "data location" ], "score_dimensions": [ "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "data_processing_addendum", "detector_id": "legal:data_processing_addendum", "page_role": "security_practices", "url": "https://www.microsoft.com/trust-center/privacy/data-access", "title": "Microsoft Data Access | Microsoft Trust Center", "snippet": "s by personnel and subcontractors, logs access, defines response requirements for government requests, and publishes subprocessor information for online services.", "start_offset": 220, "end_offset": 229, "confidence": 85, "evidence_strength": "strong", "visibility": "public_safe", "public_safe": true, "reason": "Matched processor evidence for Data Processing Addendum via Some(\"security_practices\")", "matched_terms": [ "processor" ], "score_dimensions": [ "legal_clarity", "consistency" ], "remediation_motion": "privacy_legal_review" }, { "artifact_id": "responsible_ai_principles", "detector_id": "ai-governance:responsible_ai_principles", "page_role": "trust_center", "url": "https://www.microsoft.com/trust-center", "title": "Microsoft Trust Center | Data Security, Privacy, and Compliance", "snippet": "Microsoft Trust Center provides guidance on data security, privacy, compliance, and trustworthy AI. The site emphasizes transparency, customer control, and security practices across Microsoft cloud services.", "start_offset": 212, "end_offset": 224, "confidence": 85, "evidence_strength": "strong", "visibility": "public_safe", "public_safe": true, "reason": "Matched transparency evidence for Responsible AI Principles via Some(\"trust_center\")", "matched_terms": [ "transparency" ], "score_dimensions": [ "ai_language", "consistency" ], "remediation_motion": "ai_policy_review" }, { "artifact_id": "responsible_ai_principles", "detector_id": "ai-governance:responsible_ai_principles", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "iples | Microsoft Trust Center Microsoft says customers control their data, may access modify or delete it, and receive transparency about the policies and technologies that support privacy in commercial cloud services.", "start_offset": 172, "end_offset": 184, "confidence": 85, "evidence_strength": "strong", "visibility": "public_safe", "public_safe": true, "reason": "Matched transparency evidence for Responsible AI Principles via Some(\"privacy_policy\")", "matched_terms": [ "transparency" ], "score_dimensions": [ "ai_language", "consistency" ], "remediation_motion": "ai_policy_review" }, { "artifact_id": "prompt_logging_policy", "detector_id": "ai-governance:prompt_logging_policy", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "ays customers control their data, may access modify or delete it, and receive transparency about the policies and technologies that support privacy in commercial cloud services.", "start_offset": 214, "end_offset": 217, "confidence": 66, "evidence_strength": "weak", "visibility": "public_safe", "public_safe": true, "reason": "Matched log evidence for Prompt Logging Policy via Some(\"privacy_policy\")", "matched_terms": [ "log" ], "score_dimensions": [ "ai_language", "legal_clarity" ], "remediation_motion": "ai_policy_review" }, { "artifact_id": "prompt_logging_policy", "detector_id": "ai-governance:prompt_logging_policy", "page_role": "security_practices", "url": "https://www.microsoft.com/trust-center/privacy/data-access", "title": "Microsoft Data Access | Microsoft Trust Center", "snippet": "access guidance Microsoft Data Access | Microsoft Trust Center Microsoft limits access by personnel and subcontractors, logs access, defines response requirements for government requests, and publishes subprocessor information for online se", "start_offset": 135, "end_offset": 138, "confidence": 66, "evidence_strength": "weak", "visibility": "public_safe", "public_safe": true, "reason": "Matched log evidence for Prompt Logging Policy via Some(\"security_practices\")", "matched_terms": [ "log" ], "score_dimensions": [ "ai_language", "legal_clarity" ], "remediation_motion": "ai_policy_review" }, { "artifact_id": "security_practices_page", "detector_id": "security:security_practices_page", "page_role": "trust_center", "url": "https://www.microsoft.com/trust-center", "title": "Microsoft Trust Center | Data Security, Privacy, and Compliance", "snippet": "Microsoft trust center home Microsoft Trust Center | Data Security, Privacy, and Compliance Microsoft Trust Center provides guidance on data security, privacy, compliance, and tr", "start_offset": 58, "end_offset": 66, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched security evidence for Security Practices via Some(\"trust_center\")", "matched_terms": [ "security" ], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "security_evidence_review" }, { "artifact_id": "security_practices_page", "detector_id": "security:security_practices_page", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "| Microsoft Trust Center Microsoft describes data residency choices, where data is stored at rest, and regional storage controls for Azure and Microsoft 365 customers.", "start_offset": 192, "end_offset": 200, "confidence": 96, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched controls evidence for Security Practices via Some(\"privacy_policy\")", "matched_terms": [ "controls" ], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "security_evidence_review" }, { "artifact_id": "security_whitepaper", "detector_id": "security:security_whitepaper", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "| Microsoft Trust Center Microsoft describes data residency choices, where data is stored at rest, and regional storage controls for Azure and Microsoft 365 customers.", "start_offset": 192, "end_offset": 200, "confidence": 70, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched controls evidence for Security Whitepaper via Some(\"privacy_policy\")", "matched_terms": [ "controls" ], "score_dimensions": [ "security_trust", "public_surface" ], "remediation_motion": "security_evidence_review" }, { "artifact_id": "mfa_sso", "detector_id": "security:mfa_sso", "page_role": "security_practices", "url": "https://www.microsoft.com/trust-center/privacy/data-access", "title": "Microsoft Data Access | Microsoft Trust Center", "snippet": "personnel and subcontractors, logs access, defines response requirements for government requests, and publishes subprocessor information for online services.", "start_offset": 225, "end_offset": 228, "confidence": 96, "evidence_strength": "weak", "visibility": "public_safe", "public_safe": true, "reason": "Matched sso evidence for MFA and SSO via Some(\"security_practices\")", "matched_terms": [ "sso" ], "score_dimensions": [ "security_trust", "consistency" ], "remediation_motion": "security_evidence_review" }, { "artifact_id": "customer_logos", "detector_id": "claims:customer_logos", "page_role": "trust_center", "url": "https://www.microsoft.com/trust-center", "title": "Microsoft Trust Center | Data Security, Privacy, and Compliance", "snippet": "t Center provides guidance on data security, privacy, compliance, and trustworthy AI. The site emphasizes transparency, customer control, and security practices across Microsoft cloud services.", "start_offset": 226, "end_offset": 234, "confidence": 84, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched customer evidence for Customer Logos via Some(\"trust_center\")", "matched_terms": [ "customer" ], "score_dimensions": [ "consistency", "public_surface" ], "remediation_motion": "claims_grounding" }, { "artifact_id": "customer_logos", "detector_id": "claims:customer_logos", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft privacy principles Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, may access modify or delete it, and receive transparency about the policies and technologi", "start_offset": 98, "end_offset": 106, "confidence": 70, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched customer evidence for Customer Logos via Some(\"privacy_policy\")", "matched_terms": [ "customer" ], "score_dimensions": [ "consistency", "public_surface" ], "remediation_motion": "claims_grounding" }, { "artifact_id": "customer_logos", "detector_id": "claims:customer_logos", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "scribes data residency choices, where data is stored at rest, and regional storage controls for Azure and Microsoft 365 customers.", "start_offset": 229, "end_offset": 237, "confidence": 70, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched customer evidence for Customer Logos via Some(\"privacy_policy\")", "matched_terms": [ "customer" ], "score_dimensions": [ "consistency", "public_surface" ], "remediation_motion": "claims_grounding" }, { "artifact_id": "trust_center", "detector_id": "surface:trust_center_discoverability", "page_role": "trust_center", "url": "https://www.microsoft.com/trust-center", "title": "Microsoft Trust Center | Data Security, Privacy, and Compliance", "snippet": "Microsoft trust center home Microsoft Trust Center | Data Security, Privacy, and Compliance Microsoft Trust Center provides guidance on data security, privacy, compliance, and trustworthy AI. The site", "start_offset": 81, "end_offset": 91, "confidence": 98, "evidence_strength": "strong", "visibility": "public_safe", "public_safe": true, "reason": "Matched compliance evidence for Trust Center Discoverability via Some(\"trust_center\")", "matched_terms": [ "compliance" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "trust_center", "detector_id": "surface:trust_center_discoverability", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft privacy principles Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, may access modify or delete it, and receive transparency about", "start_offset": 70, "end_offset": 75, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched trust evidence for Trust Center Discoverability via Some(\"privacy_policy\")", "matched_terms": [ "trust" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "trust_center", "detector_id": "surface:trust_center_discoverability", "page_role": "security_practices", "url": "https://www.microsoft.com/trust-center/privacy/data-access", "title": "Microsoft Data Access | Microsoft Trust Center", "snippet": "Microsoft data access guidance Microsoft Data Access | Microsoft Trust Center Microsoft limits access by personnel and subcontractors, logs access, defines response requirements for gov", "start_offset": 65, "end_offset": 70, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched trust evidence for Trust Center Discoverability via Some(\"security_practices\")", "matched_terms": [ "trust" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "trust_center", "detector_id": "surface:trust_center_discoverability", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "Microsoft data location and residency Microsoft Privacy - Data Location | Microsoft Trust Center Microsoft describes data residency choices, where data is stored at rest, and regional storage controls for", "start_offset": 84, "end_offset": 89, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched trust evidence for Trust Center Discoverability via Some(\"privacy_policy\")", "matched_terms": [ "trust" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "footer_crosslinks", "detector_id": "surface:footer_crosslinks", "page_role": "trust_center", "url": "https://www.microsoft.com/trust-center", "title": "Microsoft Trust Center | Data Security, Privacy, and Compliance", "snippet": "Microsoft trust center home Microsoft Trust Center | Data Security, Privacy, and Compliance Microsoft Trust Center provides guidance on data security, privacy, compliance, and trustworthy", "start_offset": 68, "end_offset": 75, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched privacy evidence for Footer Cross-links via Some(\"trust_center\")", "matched_terms": [ "privacy" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "footer_crosslinks", "detector_id": "surface:footer_crosslinks", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft privacy principles Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, ma", "start_offset": 10, "end_offset": 17, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched privacy evidence for Footer Cross-links via Some(\"privacy_policy\")", "matched_terms": [ "privacy" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "footer_crosslinks", "detector_id": "surface:footer_crosslinks", "page_role": "security_practices", "url": "https://www.microsoft.com/trust-center/privacy/data-access", "title": "Microsoft Data Access | Microsoft Trust Center", "snippet": "Microsoft data access guidance Microsoft Data Access | Microsoft Trust Center Microsoft limits access by personnel and subcontractors, logs access, defines response requirements for gov", "start_offset": 65, "end_offset": 70, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched trust evidence for Footer Cross-links via Some(\"security_practices\")", "matched_terms": [ "trust" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "footer_crosslinks", "detector_id": "surface:footer_crosslinks", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "Microsoft data location and residency Microsoft Privacy - Data Location | Microsoft Trust Center Microsoft describes data residency choices, where data is stored at res", "start_offset": 48, "end_offset": 55, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched privacy evidence for Footer Cross-links via Some(\"privacy_policy\")", "matched_terms": [ "privacy" ], "score_dimensions": [ "public_surface", "consistency" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "navigation", "detector_id": "surface:navigation", "page_role": "trust_center", "url": "https://www.microsoft.com/trust-center", "title": "Microsoft Trust Center | Data Security, Privacy, and Compliance", "snippet": "Microsoft trust center home Microsoft Trust Center | Data Security, Privacy, and Compliance Microsoft Trust Center provides guidan", "start_offset": 10, "end_offset": 15, "confidence": 98, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched trust evidence for Navigation via Some(\"trust_center\")", "matched_terms": [ "trust" ], "score_dimensions": [ "public_surface" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "navigation", "detector_id": "surface:navigation", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy", "title": "Microsoft Privacy Principles | Microsoft Trust Center", "snippet": "Microsoft privacy principles Microsoft Privacy Principles | Microsoft Trust Center Microsoft says customers control their data, may access modify or delete it, and receive transparency about", "start_offset": 70, "end_offset": 75, "confidence": 84, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched trust evidence for Navigation via Some(\"privacy_policy\")", "matched_terms": [ "trust" ], "score_dimensions": [ "public_surface" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "navigation", "detector_id": "surface:navigation", "page_role": "security_practices", "url": "https://www.microsoft.com/trust-center/privacy/data-access", "title": "Microsoft Data Access | Microsoft Trust Center", "snippet": "Microsoft data access guidance Microsoft Data Access | Microsoft Trust Center Microsoft limits access by personnel and subcontractors, logs access, defines response requirements for gov", "start_offset": 65, "end_offset": 70, "confidence": 84, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched trust evidence for Navigation via Some(\"security_practices\")", "matched_terms": [ "trust" ], "score_dimensions": [ "public_surface" ], "remediation_motion": "trust_center_cleanup" }, { "artifact_id": "navigation", "detector_id": "surface:navigation", "page_role": "privacy_policy", "url": "https://www.microsoft.com/trust-center/privacy/data-location", "title": "Microsoft Privacy - Data Location | Microsoft Trust Center", "snippet": "Microsoft data location and residency Microsoft Privacy - Data Location | Microsoft Trust Center Microsoft describes data residency choices, where data is stored at rest, and regional storage controls for", "start_offset": 84, "end_offset": 89, "confidence": 84, "evidence_strength": "moderate", "visibility": "public_safe", "public_safe": true, "reason": "Matched trust evidence for Navigation via Some(\"privacy_policy\")", "matched_terms": [ "trust" ], "score_dimensions": [ "public_surface" ], "remediation_motion": "trust_center_cleanup" } ], "page_roles": [ { "url": "https://www.microsoft.com/trust-center", "role": "trust_center", "confidence": 94, "signals": [ "privacy signals", "role_hint", "meta:description:Microsoft trust center home", "meta:trust_center", "footer_link:https://www.microsoft.com/trust-center/privacy", "footer_link:https://www.microsoft.com/trust-center/privacy/data-access" ] }, { "url": "https://www.microsoft.com/trust-center/privacy", "role": "privacy_policy", "confidence": 94, "signals": [ "privacy signals", "role_hint", "meta:description:Microsoft privacy principles", "meta:trust_center", "footer_link:https://www.microsoft.com/trust-center/privacy/data-access", "footer_link:https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "url": "https://www.microsoft.com/trust-center/privacy/data-access", "role": "security_practices", "confidence": 94, "signals": [ "privacy signals", "role_hint", "meta:description:Microsoft data access guidance", "meta:trust_center", "footer_link:https://www.microsoft.com/trust-center/privacy", "footer_link:https://www.microsoft.com/trust-center/privacy/data-location" ] }, { "url": "https://www.microsoft.com/trust-center/privacy/data-location", "role": "privacy_policy", "confidence": 94, "signals": [ "privacy signals", "role_hint", "meta:data_residency", "meta:description:Microsoft data location and residency", "meta:trust_center", "footer_link:https://www.microsoft.com/trust-center/privacy", "footer_link:https://www.microsoft.com/trust-center/privacy/data-access" ] } ], "missing_artifacts": [ "privacy_policy", "cookie_policy", "data_retention_policy", "data_sharing_notice", "cross_border_transfers", "data_breach_notice", "data_residency_policy", "data_processing_addendum", "subprocessors_list", "acceptable_use_policy", "model_provider_disclosure", "human_review_policy", "evals_and_red_teaming", "prohibited_uses", "model_card_or_system_card", "ai_evaluation_or_safety_report", "transparency_report", "model_limitations", "output_moderation_policy", "feedback_training_policy", "incident_communication", "encryption_at_rest", "methodology_page", "scoring_rubric", "score_caveat", "data_sources", "confidence_labels", "unsupported_maturity", "docs_hub", "public_status_page", "sitemap" ], "evidence_summary": [ "AI usage policy: AI usage policy is publicly documented.", "Responsible AI principles: Responsible AI principles is publicly documented.", "Customer data training policy: Customer data training policy is publicly documented.", "Prompt logging policy: Prompt logging policy is publicly documented.", "Security practices: Security practices is publicly documented.", "Security overview: Security overview is publicly documented.", "Secure SDLC: Secure SDLC is publicly documented.", "Vulnerability disclosure: Vulnerability disclosure is publicly documented.", "Security contact: Security contact is publicly documented.", "Incident response: Incident response is publicly documented.", "Bug bounty: Bug bounty is publicly documented.", "Certifications: Certifications is publicly documented.", "Backup and recovery: Backup and recovery is publicly documented.", "MFA and SSO: MFA and SSO is publicly documented.", "Status page: Status page is publicly documented.", "Endorsement and certification claims: Certification, trust-badge, or endorsement language was observed and should be checked against evidence.", "Sponsor separation language: Checks whether sponsor or sponsorship language appears in the public trust surface.", "Customer logos: Customer-logo or customer-name trust language was observed.", "Testimonials: Testimonial or quote-style endorsement language was observed.", "Third-party validation: Third-party, analyst, or press validation language was observed.", "Awards: Awards, rankings, or recognition language was observed.", "Claim consistency: Cross-page trust language appears coherent.", "Trust center discoverability: A trust-center style public surface is visible.", "Surface coverage: Observed 3 distinct trust-relevant page roles and 9 trust links.", "Footer cross-links: Trust-relevant footer cross-links were observed.", "Navigation: The site appears to expose navigable trust or policy entry points.", "Public contact paths: 4 pages expose public contact or trust-contact language.", "Public output redaction: Public output does not surface obvious secrets, credentials, or private keys.", "Privacy Center: Privacy Center was observed in the public surface.", "Data Subject Request Portal: Data Subject Request Portal was observed in the public surface.", "Cookie Preferences: Cookie Preferences was observed in the public surface.", "Consent Management: Consent Management was observed in the public surface.", "Incident History: Incident History was observed in the public surface.", "Postmortems: Postmortems was observed in the public surface.", "security.txt: security.txt was observed in the public surface.", "Security Whitepaper: Security Whitepaper was observed in the public surface.", "Attestation Summary: Attestation Summary was observed in the public surface.", "Responsible Disclosure Contact: Responsible Disclosure Contact was observed in the public surface." ] }