Advertising

Skip to main content
Advertising

Reach the right people and grow your business. Sign up for Microsoft Advertising >

Microsoft Advertising policies

Legal, privacy and security

February 14, 2022

Binding arbitration agreement and class action waiver

If your principal place of business is in the United States, the class action waiver and binding arbitration agreement applies to your participation in Microsoft Advertising.

Compliance with trade laws

You and we each acknowledge that the services and related technology (“Items”) may be subject to U.S. and other countries' export jurisdictions. We will each comply with all laws and regulations applicable to the import or export of the Items, including but not limited to trade laws such as the U.S. Export Administration Regulations and International Traffic in Arms Regulations, and sanctions regulations administered by the U.S. Office of Foreign Assets Control (“OFAC”) (“trade laws”).

You will not take any action that causes Microsoft to violate U.S. or other applicable trade laws. In the event that you learn of a potential violation of trade laws relating to the performance of this agreement, or a potential violation of the terms in this subsection, you will alert Microsoft as soon as possible, but in no event more than 14 days after acquiring this knowledge. Microsoft may suspend or terminate your participation in Microsoft Advertising to the extent that Microsoft reasonably concludes that performance would cause it to violate U.S. or other applicable trade laws, including those described above, or put it at risk of becoming the subject of economic sanctions under such laws.

For additional information, see http://www.microsoft.com/exporting.

Online Behavioral Advertising self-regulation requirement for display and native (USA, Canada, and Europe)

Advertisers that are participating in Online Behavioral Advertising (OBA) practices are responsible for complying with the OBA self-regulation principles. It is assumed that if you are participating in OBA practices you are following the self-regulation principles.

Canada

(Effective Date: October 2013)

Europe

(Effective Date: April 2012)

United States

(Effective date: November 2011)

  • What is AdChoices? Cross industry self-regulatory program for online behavioral advertising was developed by IAB, 4As, ANA, DMA, BBB, and others to create principles across online advertising ecosystem. The self-regulatory program is based on seven self-regulatory principles for online behavioral advertising. The Transparency principle was created to provide more disclosure to end users using an AdChoices notification in or around an online advertisement. The OBA self-regulation principles can be found here:  http://www.aboutads.info/principles/
  • Policy Rationale: Microsoft supports these Principles to support enhanced transparency and consumer control for end users. IAB, 4As, NAI, DMA, BBB, AAF and ANA recommend that their members comply with these Principles. If you are using Microsoft as a first party ad server to serve your creative, Microsoft will overlay the AdChoices icon on your creative and/or display AdChoices icon around ad placements on Microsoft’s own sites.

Privacy and data protection policies

  • Advertising is not allowed for websites whose main or sole purpose is the collection of personal data, intended as any information that can be used — either alone or in combination with others — to locate an individual, to be used for consumer or promotional marketing, or actions related to such purposes. This includes advertising for pages that link or redirect to such sites.
  • As an advertiser, you must have a valid basis to collect personal information on your site(s) (e.g., user notice and consent).
  • Collection of sensitive information, such as financial, healthcare, government issued IDs, etc., must be performed on a site hosted on a secure server, such as SSL (https) and only when strictly necessary.
  • As an advertiser, it is your responsibility to comply with all applicable laws and regulations related to your collection and use of personal data. If you collect personal data, you must do so securely.

Privacy policy

You must provide a prominent link from your landing page — or include within the landing
page — a privacy policy that is applicable to the information being collected. This privacy policy must:

  • Clearly and prominently include the name of the company that is collecting the personal information.
  • Clearly state the purpose of the information being collected.
  • Provide opt-out instructions, as applicable.
  • Other information, as required by applicable laws and regulations.

Remarketing and personalization

Microsoft is committed to creating a trustworthy, safe, and fair online environment.  Accordingly, we strive to provide the highest quality online experience for both advertisers and consumers. In addition to these policies, advertisers are required to comply with all applicable laws and regulations, including those intended to ensure fair access to credit. Advertisers may not target advertisements to users or exclude users from the population receiving advertisements based upon prohibited categories (including any applicable variables of such categories) under applicable law. It is your obligation to understand and comply with any such prohibitions applicable in the market(s) where you operate. Your use of remarketing or personalization to discriminate or engage in illegal activities such as predatory lending, for example, is not allowed.

SEARCH


Remarketing

At Microsoft Advertising, we value the privacy rights of our end users and you, our customers, and we strive to uphold the highest data management standards and privacy best practices.

Remarketing is a way for you to engage an audience that has previously visited your website(s). To participate in remarketing, we require you to instrument your website with a Universal Event Tracking (UET) tag, enabling Microsoft to identify end user visits to your site. Microsoft Advertising allows you to segment your audiences by creating remarketing lists based on end user activity on your site(s) and then to optimize your campaigns based on those segments.

Your remarketing lists will be solely used for your paid search campaigns, not shared with any third parties or any other advertisers or partners, and not otherwise used by Microsoft for any purpose not described in this policy.

If you elect to enable remarketing, please be aware of the following policy requirements that apply to your remarketing campaigns. These requirements are in addition to the general requirements put forth in the Microsoft Advertising privacy and data protection policies and Microsoft Advertising Agreement.

  • Privacy policy. Your website must prominently feature a privacy policy to inform users of your data collection and usage practices. If you decide to enable the UET tag and to leverage capabilities offered by Remarketing in paid search, your privacy policy must disclose that individual end user tracking and data sharing with third parties for advertising and marketing purposes is taking place on your web properties. Please review the Microsoft Advertising privacy and data protection policies and Microsoft Advertising Agreement to learn more.
  • Behavioral targeting opt-out. In accordance with accepted industry best practices, we require you to instruct your end users about opting out of Interest-Based Advertising. You must include a section in your privacy policy to inform your users on how to exercise their opt out rights by pointing them to resources like the NAI consumer opt-out page or the DAA opt-out page. These resources are also available under “Your Choices” in the Microsoft Online Advertising Privacy Statement.
  • You must not use sensitive data or categories that are otherwise prohibited under applicable laws in creating your remarketing lists. Sensitive data may include, but is not limited to, political affiliation, religion, sexual orientation, gender identity, sexually transmitted diseases, mental health conditions such as anxiety or depression, terminal illness, and other diseases.
  • Remarketing is not allowed for disallowed content, products, or services.
  • Underage users. You must not create a remarketing list, retarget or otherwise profile any individuals under the age of 18, or other applicable age restrictions in the market(s) where you operate. Additionally, you must not target individuals under the minimum age required for the product advertised. For example, you may not target alcohol advertisements to individuals under the applicable minimum drinking age.
    • Web properties directed to children. Audience remarketing must not be implemented on sites or applications directed to children under the age of 18, or other applicable age limitations in the market(s) where you operate.
  • Tracking tag misuse. Modifying, changing or otherwise tampering with the UET tracking tag and tag script is strictly forbidden, other than for uses expressly authorized by Microsoft. Learn more about UET implementation and usage.
  • Precise geo-location on mobile devices. If you elect to pass to Microsoft the precise location of an end user, you must do so only with the end user’s express consent.
  • Association of additional personal data. Other than provided above, you may not associate any additional personal data with your remarketing lists or UET tags, or attempt to send this information to Microsoft by any means.
  • Third party data providers. Microsoft may elect, from time to time, to work with third party data providers in order to enable the use of third party data in remarketing campaigns for its advertisers. The exchange of personal data between advertisers and data providers, if any, will be handled in accordance to the respective privacy practices of each, as well as the applicable individual agreements which those parties may enter into. Microsoft will not receive any personal data or other inputs as a part of these relationships unless as otherwise provided in this or other applicable policies, or as otherwise necessary to enable the performance of advertising campaigns and the use of this remarketing in paid search feature. Microsoft is not responsible for any data loss, data breach, misuse of personal information or any other liability which may result from the relationships between advertisers and data providers.
Personalization

Advertising personalization through the use of ad targeting settings on our platform helps you focus a campaign or ad group on potential audiences who meet specific criteria, so you can increase the chance that they see your ads. Personalization options can help maximize your ad's exposure to audiences who are likely to be interested in your products or services.

Advertising for housing, employment, and credit services may not utilize zip code, gender, or age targeting.


Targeting children / minors

  • Advertisers must comply with all applicable law’s regulations and other requirements.
  • In the US content must adhere to the COPPA (The Children’s Online Privacy Protection Act) requirements at https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrensonlineprivacyprotection-rule.
  • Content must adhere to the CARU (Children’s Advertising Review Unit) advertising guidelines (U.S. only) at http://www.caru.org.
  • In California, U.S., content must adhere to the California Online Privacy Protection Act (CalOPPA).
  • In Delaware, U.S., content must adhere to the Delaware Online Privacy and Protection Act.
  • Note:
    • The aforementioned Acts/Policies are subject to change. Please always review these laws to ensure that you have the most current information.  
    • CalOPPA. Advertisers cannot serve advertisements in the following categories to California, U.S. residents under the age of 18. If demographic and/or location targeting information is not available, you cannot show the following categories of advertisements. If only location targeting is available, but not demographic targeting to limit the target audience to individuals over the age of 18, an advertiser should refrain from serving these advertisements to anyone in California.
      • Aerosol container of paint that is capable of defacing property; Etching cream that is capable of defacing property.
      • Rules/laws for advertisements geared towards children differ between markets. Please work with your local LCA contact to determine if a specific advertisement is approved to run.
      • Ads prompting for personally identifiable information are not allowed.

Tracking metrics and data usage

DISPLAY

  • Advertiser/Agency and third parties are responsible for ensuring any third party with whom they engage also complies with this policy.
  • Cookies may only be set by parties with a third-party ad serving agreement who are in compliance with all other policies and market specific regulations.
  • Some conversion or tracking tags such as performance data or action tags for example, may be allowed in creative and on landing pages with restrictions:
    • Modification of allowed tags or appending of additional tags or tracking technologies to allowed tags is not allowed.
    • Performance Data: cannot be tied to any site data or IO (insertion order) details.
    • Site Data
      • May be used only to report campaign performance for the advertiser identified in the IO; for example, to validate campaign performance (e.g., conversions) as detailed in the IO, unless such campaign is purchased on a blind basis.
      • May not be used to repurpose or otherwise alter user segments.
    • May be used for frequency management purposes limited to the advertiser specified in the IO.
    • May be used for ad creative rotation for the advertiser specified in the IO.
    • May not be used to discover or disclose a blind site (any site on the network not disclosed by Microsoft)
    • May not reconcile billing or third-party reporting unless specifically permitted by Microsoft.
    • May not collect or disclose PII.
  • Required Privacy Policy Disclosures:
    • When Advertiser/Agency inserts an action tag on landing page or within the ad itself.
    • Advertiser/Agency is responsible for disclosing the collection, use and sharing of data via the tag in Advertiser/Agency’s privacy policy or other prominent location where end users may encounter such tags.
    • Tracking by third parties that provide services to Agency/Advertiser (such as tracking responses and conversion) are permitted, provided the third party in question clearly discloses its collection and use of such data in their privacy policy statement on their web site.

Online tracking technologies
  • The inclusion of any online tracking technologies, such as web beacons, pixels, LSOs etc. is strictly disallowed.
  • Compliance with online privacy regulations and industry standards is required; this may include, among others, functional opt-out, privacy statement and other data collection and usage disclaimers, and limits to third party data sharing. It would always be entirely your responsibility as an advertiser to ensure compliance thereof.

NATIVE

  • Advertiser/Agency and third parties are responsible for ensuring any third party with whom they engage also complies with this policy.
  • Cookies may only be set by parties with a third-party ad serving agreement who are in compliance with all other policies and market specific regulations.
  • Some conversion or tracking tags such as performance data or action tags for example, may be allowed in creative and on landing pages with restrictions:
    • Modification of allowed tags or appending of additional tags or tracking technologies to allowed tags is not allowed.
    • Performance Data: cannot be tied to any site data or IO (insertion order) details.
    • Site Data
      • May be used only to report campaign performance for the advertiser identified in the IO; for example, to validate campaign performance (e.g., conversions) as detailed in the IO, unless such campaign is purchased on a blind basis.
      • May not be used to repurpose or otherwise alter user segments.
    • May be used for frequency management purposes limited to the advertiser specified in the IO.
    • May be used for ad creative rotation for the advertiser specified in the IO.
    • May not be used to discover or disclose a blind site (any site on the network not disclosed by Microsoft)
    • May not reconcile billing or third-party reporting unless specifically permitted by Microsoft.
    • May not collect or disclose PII.
  • Required Privacy Policy Disclosures:
    • When Advertiser/Agency inserts an action tag on landing page or within the ad itself.
    • Advertiser/Agency is responsible for disclosing the collection, use and sharing of data via the tag in Advertiser/Agency’s privacy policy or other prominent location where end users may encounter such tags.
    • Tracking by third parties that provide services to Agency/Advertiser (such as tracking responses and conversion) are permitted, provided the third party in question clearly discloses its collection and use of such data in their privacy policy statement on their web site.

Online tracking technologies
  • The inclusion of any online tracking technologies, such as web beacons, pixels, LSOs etc. is strictly disallowed.
  • Compliance with online privacy regulations and industry standards is required; this may include, among others, functional opt-out, privacy statement and other data collection and usage disclaimers, and limits to third party data sharing. It would always be entirely your responsibility as an advertiser to ensure compliance thereof.

Malware and security

Microsoft does not allow malware or security threats to exist on our publisher pages and will remove the offending ads immediately, without warning, and may take further action to remove advertisers, buyers, or brands if they are determined to present a security risk to Microsoft or its end users. The following is a non-exhaustive list of definitions and activities of malware and security threats that will be subject to immediate removal:

  • The Ads and/or their landing pages contain viruses, worms, corrupted files, cracks, or other material that is intended to or may damage or render inoperable software, hardware or security measures of Microsoft, any user of a Microsoft product or service, or any third party.
  • The ads contain any script intended to mine the user’s personal data.
  • Ads that auto-redirect to any location or take a user out of an app or browser.
  • Ads that create a pop-up of any kind.
  • Ads that include fake virus warnings or other “scareware” tactics, software updates or phishing content.
  • Direct links to executable files, reinstalls or apps that alter installed software.
  • Ads that click to, or event-tracker links to malicious domains. 
  • Ads that use any script intended to mine cryptocurrency.
  • Ads that initiate auto dialing a phone number.
  • Ads that alter the content or page layout of the publisher site.
  • Ads that have a general impact on performance, reliability, and quality of the user’s computing experience (e.g., slow computer performance, reduced productivity, corruption of the operating system, or other issues).
  • Ads that have a negative impact on the security of the user’s computer or attempt to circumvent or disable security, including but not limited to evidence of malicious behaviors. 
  • Ads that use any form of cloaking technology intended to obfuscate any portion of an ad from scanning, audits, or any user segment.

Phishing

Phishing sites that try to trick visitors into sharing personal data for fraudulent purposes, such as stealing one’s identity, for example, are prohibited.

For more information on compliant collection of personal data, please see the Relevance and quality policies.

To report a site suspected of phishing, please use the Low-quality ad submission & escalation form.