fix wording

PatrickFarley · PatrickFarley · commit 2fccf32e5720 · 2025-08-20T14:56:55.000-04:00
diff --git a/articles/ai-foundry/responsible-ai/content-understanding/data-privacy.md b/articles/ai-foundry/responsible-ai/content-understanding/data-privacy.md
@@ -36,7 +36,10 @@ All Azure AI services endpoints use HTTPS URLs for encrypting data during transi
 
 ### Encrypts input data for processing 
 
-The incoming data is processed in the same region where the Content Understanding resource was created. When you submit your files to a Content Understanding operation, it starts the process of analyzing the input. Your data and results are then temporarily encrypted and stored in Azure Storage before it is sent to Azure OpenAI for further processing. While compute resources are not dedicated per customer, requests are processed in logically isolated, sandboxed containers to ensure workload separation and prevent cross-tenant data exposure. All customer data in transit and at rest is encrypted using Microsoft-managed keys (MMK) by default, with the option to enable additional encryption with customer-managed keys (CMK). 
+The incoming data is processed in the same region where the Content Understanding resource was created. When you submit your files to a Content Understanding operation, it starts the process of analyzing the input. Your data and results are then temporarily encrypted and stored in Azure Storage before it is sent to Azure OpenAI for further processing. While compute resources are not dedicated per customer, requests are processed in logically isolated, sandboxed containers to ensure workload separation and prevent cross-tenant data exposure. 
+
+Customer data is always encrypted at rest with Microsoft’s AES-256-encryption by default, with the option of using a customer managed key (certain preview features may not support customer-managed keys). Microsoft-managed keys are always used to ensure baseline encryption for all stored data.
+
 
  
 
@@ -48,7 +51,7 @@ The "Get Result" operation is authenticated against the same API key that was us
 
 ### Data retention 
 
-Input documents and intermediate representations are written to secure Microsoft-managed storage only for the duration of processing and are deleted once the operation completes.  Output results are retained for up to 24 hours to support asynchronous retrieval, after which they are automatically deleted. The name of the analyzers will be logged for reporting and debugging. 
+Input documents and intermediate representations are written to secure Microsoft-managed storage only for the duration of processing and are deleted once the operation completes.  Output results are retained for up to 24 hours to support asynchronous retrieval, after which they are automatically deleted. The analyzer name will be logged for reporting and debugging.
 
  
 
