Privacy for Azure Functions
Microsoft is committed to protecting the privacy of your data when you use Azure Functions. This page outlines how data is collected, used, and protected in the context of serverless compute.
Data Collection
- Telemetry: Usage data is collected to improve the service, including function execution metrics, error logs, and performance counters.
- Customer Data: Any data you store or process in your functions remains under your control and is not accessed by Microsoft unless you explicitly grant access.
- Diagnostics: Optional diagnostics (Application Insights) can capture request and response payloads if configured.
Data Usage
Collected data is used solely for service operation, debugging, analytics, and to provide updates or security patches. Microsoft does not sell or share your data with third parties for marketing purposes.
Data Retention
| Data Type | Retention Period |
|---|---|
| Telemetry (aggregated) | 30 days |
| Diagnostic logs (if enabled) | 90 days (configurable) |
| Customer function code & storage | Indefinite (until deleted) |
Compliance
Azure Functions complies with major standards, including:
- ISO/IEC 27001
- ISO/IEC 27018 (Privacy)
- HIPAA
- GDPR
- SOC 1, 2, & 3
Security Measures
All data in transit is protected with TLS 1.2+. At rest, data is encrypted using Azure Storage encryption and customer-managed keys where available.
Control & Transparency
You can control data collection via the Function App settings or the Application Insights configuration. Detailed activity logs are available in the Azure portal.
Contact & Support
For privacy-related inquiries, use the privacy@microsoft.com address or visit our Support Center.