Thanks for your interest in Microsoft Bot Framework!
We would like to ask for your help in protecting the users of your Microsoft Bot Framework-enabled bot and related services by doing the following:
Consent
People who use your bot must have the consent of the people whose data (i.e. images, voice, text) your bot will process. We ask that you include a prominent notice on the website associated with your bot or service so your users know that consent is required and that you adhere to all applicable laws and regulations. For example, in certain jurisdictions, collecting personal information from children under a certain age triggers obligations under privacy laws that exceed those applicable to collecting information from adults.
Privacy
You'll need to have a privacy policy if your bot handles users’ personal data and in accordance with all applicable laws and regulations and policy requirements. This policy should cover what data you are collecting, what you will be doing with that data, and (if applicable) who you'll be sharing it with. You'll need to include a prominent link to your privacy policy in your bot or related service page. If you don’t have a privacy statement, here are some third party resources* that might be of some assistance:
OECD - Privacy Statement Generator
Future of Privacy Forum – Application Privacy Policy Generator
Iubenda – Privacy Policy Generator
*You agree to assume all risk and liability arising from your use of these third party resources and that Microsoft is not responsible for any issues arising out of your use of them.
Since you are using the Microsoft Bot Framework, you'll also need to include this blurb in your privacy policy:
“Our <<insert bot/service name here>> is enabled by Microsoft Bot Framework. The Microsoft Bot Framework is a set of web-services that enable intelligent services and connections using conversation channels you authorize. As a service provider, Microsoft will transmit content you provide to our bot/service in order to enable the service. For more information about Microsoft privacy policies please see their privacy statement here: http://go.microsoft.com/fwlink/?LinkId=521839. In addition, your interactions with this bot/service are also subject to the conversational channel's applicable terms of use, privacy and data collection policies. To report abuse when using a bot that uses the Microsoft Bot Framework to Microsoft, please visit the Microsoft Bot Framework website at https://www.botframework.com and use the “Report Abuse” link in the menu to contact Microsoft.”
Include a “Welcome” message that provides notice to the user that your Bot uses the Microsoft Bot Framework with a pointer to your Bot’s terms and conditions which include links to the Microsoft Privacy Statement, as described above. For Skype Bots, notice to the user can be provided through the display of links to your Bot’s terms and conditions and privacy policy in your Bot profile.
If your Bot is Published in the Bot Directory:
“Hi I’m <<insert bot/service name here>>. Click here <<link to bot about page on Microsoft Bot Framework site>> to find out more about me and my policies.”
If your Bot is Not Published in the Bot Directory:
“Hi I’m <<insert bot/service name here>>. Click here <<link to your bot’s terms of use and privacy policy >> to find out more about me and my policies.”
You may not publish bots on Skype that are directed to children under fourteen.
If your bot could be used in a group conversation on a given channel, you will need to provide a welcome message to new users as they are added to a conversation. For Skype Bots, the platform will auto-generate this message for you.
If your bot includes human interaction (e.g. customer service or user support) with end users, you must provide notice to users of your bot prior to the bot’s first interaction with the end user.
Reporting abuse & requests to access or delete personal information:
You must have a way for your users to report abuse to you, and for you to handle access and deletion requests (e.g. someone deletes their account and would like to have all of their data deleted as well).
Don’t build or publish any bot with the following intent:
To invade anyone's privacy by attempting to discover, harvest, collect, store, or publish private or personally identifiable information without their knowledge and consent;
To harm or exploit minors in any way; or
To defame, abuse, harass, stalk, threaten, or otherwise violate the legal rights of others.
If this Developer Code of Conduct is not followed, Microsoft reserves the right, at its sole discretion and without any obligation to do so, to review and remove content and to terminate your bot’s access to the Bot Framework enabled features.
Further Information