Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

We understand the need for secure data storage and compliance. You can find details about data storage and the overall compliance of  Microsoft To Do here.

Since Microsoft To Do uses Exchange Online for data storage and synchronization, customers benefit from the reliability, security and compliance they've come to expect from Exchange. When you use Microsoft To Do , your to dos are stored as tasks in your Exchange Online mailbox, which also hosts data from other Exchange modules such as mails, events, contacts and/or notes.

Exchange Online has thousands of servers across the globe, and they are widely distributed to ensure users experience not only the best performance, but also confidence that their data isn't leaving their region. Exchange also takes legal requirements into account when routing traffic. European data, for example, will not leave the EU region by default, in order to comply with standards such as the EU Model Clauses. To learn more about where your Microsoft 365 data resides, please visit the Data Center Map.

Data is encrypted at rest on Exchange servers and in transit to and from the To Do app on your
browser or device. Depending on your configuration, your device itself might also have additional encryption locally or remote wipe capabilities to supplement this.

All data transmission, processing and storage happens in Exchange Online. As such, customer
content and other data input into Microsoft To Do can be considered as secure as similar data input by customers into apps such as Outlook, which also uses Exchange as its backend.

Since the Microsoft To Do web app hosted on https://to-do.microsoft.com is considered a service from a compliance perspective, it is developed according to industry compliance standards and has thus been through audits, such as the SOC 2 (Service Organization Controls) Type 1 Audit.

Though Microsoft To Do is not explicitly mentioned in the Online Service Terms or HIPAA Business Associate Agreements agreed to between Microsoft and Microsoft 365 customers, these additions are in progress. In the meantime, it is important to keep in mind that the underlying service (Exchange Online) is represented in both documents and is the sole backend for Microsoft To Do.

Facebook LinkedIn Email

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×