Microsoft Copilot is not one product, which is exactly why the question "is Copilot private" has no single answer. The Copilot you get free in Windows, Edge, and the mobile app runs on very different data terms from Microsoft 365 Copilot, the paid enterprise assistant that reads your work email and files. Both run in Microsoft's cloud, so neither is private in the on-device sense, but the gap between the two tiers is large. This breakdown applies the same audit framework we used for our full ChatGPT privacy breakdown and our Google Gemini breakdown, so you can compare like for like.
Want the short version? Jump to the summary table. Want chats that never leave your device at all? PocketLLM runs the model fully on-device with zero telemetry, join the launch list.
Microsoft 365 Copilot and work or school sign-ins covered by Commercial Data Protection are reasonably private for a cloud service: as of July 2026 Microsoft states those prompts and responses are not used to train the foundation models and are kept inside the enterprise compliance boundary. Consumer Copilot, signed in with a personal Microsoft account, has weaker defaults and can use interaction data to improve Microsoft's products depending on your region and settings. Either way, your data still travels to Microsoft's cloud. For chats that cannot be transmitted or reviewed, you need an on-device model like the one in PocketLLM.
PocketLLM is launching soon. Private, on-device AI, starting on iPhone and iPad with more platforms planned. No account, no tracking, no cloud. Join the launch list and be first in.
Join the launch listOur audit framework
For each assistant we check the same five things against the company's currently published policy, and we date the verification because these documents change. We separate the consumer tier from the commercial and enterprise tiers, because with Copilot those terms diverge sharply. Everything below reflects Microsoft's published privacy statement, Copilot documentation, and Commercial Data Protection guidance as we read them in July 2026, so confirm the live versions first.
- Where your data goes is it processed locally or in the cloud?
- Training are your prompts and responses used to improve the models, and can you opt out?
- Retention how long is your data kept, and what happens when you delete it?
- Human review can a person read your conversations, and under what conditions?
- Tier differences how do consumer, Microsoft 365, and enterprise terms diverge?
Where your Copilot data goes
Every prompt you send to Copilot, whether through Windows, Edge, the mobile app, Word, or Teams, is transmitted to Microsoft's cloud, processed by a large language model there, and returned. It is built on Azure OpenAI, and the model is far too large to run on your laptop or phone. Privacy with any cloud assistant is a matter of policy and trust, not architecture: Microsoft can write strong commitments, but the data still leaves your control the moment you press send. Our guide on on-device versus cloud AI covers the wider trade-off.
Does Microsoft train Copilot on your chats?
This is where the tier you use matters most. For Microsoft 365 Copilot and for chat covered by Commercial Data Protection, Microsoft's published position as of July 2026 is that your prompts, responses, and Microsoft Graph data are not used to train the underlying foundation models. For consumer Copilot the picture is less absolute: Microsoft's consumer terms allow interaction data to be used to improve and personalize its products, and whether a model-training opt-out is offered can depend on your region and settings. On a work or school account you generally have a strong no-training commitment; on a personal account, open your privacy settings and confirm what is on.
Commercial Data Protection explained
Commercial Data Protection is the safeguard that kicks in when you use Copilot signed in with an eligible Microsoft Entra (work or school) account. Per Microsoft's documentation, under it the covered, web-grounded chat prompts and responses are not retained, Microsoft has no eyes-on access to that data, and the content is not used to train the foundation models. It is the successor to what Microsoft previously branded Bing Chat Enterprise. Two caveats: the processing still happens in Microsoft's cloud, and the scope depends on your license and admin configuration, so verify what is enabled for your account.
Microsoft Graph grounding and Microsoft 365 Copilot
Microsoft 365 Copilot is the paid tier that does more than chat: it grounds answers in your organization's content through the Microsoft Graph, which spans your emails, documents, calendar, and Teams messages. Microsoft states this grounding respects your existing permissions, so Copilot only surfaces content you already have access to, and that the prompts, responses, and Graph data stay within the Microsoft 365 compliance boundary and are not used to train the foundation models. The upside is that your tenant data does not leak out to improve a public model. An assistant that reads across your whole mailbox and file store is powerful, so those no-training and permission-respecting commitments matter.
Retention and human review
Retention differs by tier and is not always published as a single fixed number, so treat specifics cautiously. For consumer Copilot, Microsoft may retain interaction and history data tied to your account, which you can review and delete through your privacy dashboard; for Commercial Data Protection chat, the stated design is that prompts and responses are not retained. On human review, Microsoft states there is no eyes-on access to covered commercial content for product improvement, while consumer-account access is permitted in limited cases such as investigating abuse or meeting legal obligations. Routine human reading is not the norm, but for consumer accounts it is not fully excluded.
Consumer vs Microsoft 365 and enterprise
The free consumer Copilot is governed by Microsoft's consumer privacy statement, can use interaction data to improve products depending on region and settings, and stores history against your personal account. Microsoft 365 Copilot and Entra-signed-in chat with Commercial Data Protection carry no-training commitments, no eyes-on access for product improvement, tenant-boundary handling, and administrative controls. For sensitive material, a business or enterprise account is materially safer than the free personal app, though even the strongest Copilot tier still processes your data on Microsoft's infrastructure. For the broader field, see our roundup of the most private AI chatbots of 2026.
The summary table
| Question | Copilot (consumer) | Microsoft 365 Copilot | PocketLLM |
|---|---|---|---|
| Data processed | Microsoft cloud | Microsoft cloud | On your device |
| Trains on your chats | Possible, region and settings dependent | No (per policy) | Never |
| Eyes-on human access | Limited exceptions | None for product improvement | Not possible |
| Retention | History on your account | Not retained (covered chat) | You hold the only copy |
| Account required | Yes | Yes | No |
How to use Copilot more privately
If you stay on Copilot, you can narrow your exposure. Prefer a work or school sign-in with Commercial Data Protection over a personal account for anything sensitive, and confirm with your admins that it is in effect. On a consumer account, review any model-training or personalization toggles available in your region and delete history you do not want kept. Avoid pasting secrets, credentials, or other people's personal data into any cloud assistant. None of this changes the fact that the model runs in Microsoft's cloud; it only reduces what lingers there.
So, is Copilot private enough for you?
The honest answer to "is Copilot private" is: for enterprise use under Commercial Data Protection, reasonably so by cloud standards; for the free consumer app, less so by default. Both remain cloud services, so privacy rests on policy and trust rather than architecture. But if your requirement is that a conversation is never transmitted, retained, or reviewed by anyone, no cloud tier can promise that, because the data has to leave your device to be processed. Our private AI for business in 2026 guide compares team options.
When you want true privacy
The only way to guarantee a conversation never leaves your device is to run the model on the device itself. That is the design choice behind PocketLLM: the model runs locally on your iPhone, iPad, or Mac, there is no account, and we collect zero telemetry on your prompts or responses. The trade-off is capability. An on-device model in the comfortable phone-class range of roughly 1B to 3B parameters is not as strong as Microsoft's cloud models on the hardest reasoning. For everyday chat, drafting, and summarizing, though, it is genuinely useful and private by construction. Join the PocketLLM launch list to be first in.
Frequently asked questions
Is Copilot private?
It depends on which Copilot you use. Consumer Copilot (the free app and Copilot Pro, on a personal Microsoft account) is a cloud service under Microsoft's consumer privacy statement, and by default your interactions can be retained and, in some regions and settings, used to improve Microsoft's products. Microsoft 365 Copilot and eligible work or school sign-ins get Commercial Data Protection, under which Microsoft states prompts and responses are not used to train the foundation models. Either way the model runs in Microsoft's cloud, not on your device, so for truly private chats you need an on-device model.
Does Microsoft train Copilot on my conversations?
For work and school accounts covered by Commercial Data Protection, and for Microsoft 365 Copilot, Microsoft's published position as of July 2026 is that your prompts, responses, and Microsoft Graph data are not used to train the underlying foundation models. For consumer Copilot the answer is less absolute: Microsoft's consumer terms allow interaction data to be used to improve its products, and whether a model-training opt-out is available can depend on your region and settings. Check the privacy controls in your Microsoft account first.
What is Commercial Data Protection in Copilot?
Commercial Data Protection is the enterprise safeguard that applies when you use Copilot signed in with an eligible Microsoft Entra (work or school) account. Per Microsoft's documentation as of July 2026, under it your chat prompts and responses are not retained for those covered web-grounded experiences, Microsoft has no eyes-on access to that chat data, and the content is not used to train the foundation models. It is the successor to what Microsoft previously called Bing Chat Enterprise. The processing still happens in Microsoft's cloud, and the scope depends on your license, so verify what your organization has enabled.
Can Microsoft employees read my Copilot chats?
Under Commercial Data Protection and Microsoft 365 Copilot, Microsoft states there is no eyes-on access to your covered prompts and responses for product improvement. For consumer Copilot, Microsoft's terms permit access in limited circumstances, such as investigating abuse, meeting legal obligations, or improving services. Routine human reading is not the norm, but for consumer accounts it is not fully excluded. An on-device model removes the question entirely, because there is no server-side copy for anyone to read.
Is Copilot or PocketLLM more private?
PocketLLM is more private by architecture. Microsoft 365 Copilot with Commercial Data Protection is a reasonable enterprise option, but your prompts still travel to and are processed in Microsoft's cloud, and consumer Copilot carries weaker defaults. PocketLLM runs the language model entirely on your device, with no account, no servers, and zero telemetry on your conversations, so your chats cannot be transmitted, retained, or reviewed by anyone. The trade-off is capability: on-device models are smaller, so for the hardest reasoning or for answers grounded in your whole Microsoft 365 tenant, Copilot is more powerful.