Windows 11 shipped Copilot into the taskbar, into Edge, into File Explorer, and increasingly into the operating system itself. Most people clicked "Get started" without reading a single word of what data that assistant would collect, store, or send to Microsoft's servers. That is understandable. The prompts are friendly and the value is real. But friendly does not mean private.
Here is a fact that surprises most people I talk to: Copilot's default configuration on a consumer Windows 11 machine can retain your conversation history, feed anonymized interaction data into model improvement, and in some builds surface content from documents and screenshots you never explicitly shared. Microsoft's own Recall feature, which took snapshots of your screen every few seconds, had to be delayed and re-engineered in 2024 after security researchers demonstrated the local snapshot database was readable in plaintext. That episode should tell you everything about why you audit before you trust.
This article walks you through exactly how to audit your Windows 11 Copilot privacy posture: what data is collected, where it lives, how to inspect it yourself, and how to decide what to turn off. You will not need to take my word for anything. Every step is something you can run on your own machine tonight.
Key Takeaways
- Copilot has at least three data layers: local cache, your Microsoft account cloud history, and telemetry sent to Microsoft. Audit all three separately.
- Recall is the biggest sleeper risk. Confirm whether it is installed, enabled, and where its snapshot database sits before you assume you are safe.
- Diagnostic data settings live in three different places in Windows 11. Turning off one does not turn off the others.
- Enterprise and consumer Copilot have different data commitments. A free personal account does not get the same "your data stays yours" guarantees a Microsoft 365 commercial tenant does.
- You can export and delete your Copilot history from the Microsoft privacy dashboard, and you should do this before deciding whether to keep the feature.
What Data Does Windows 11 Copilot Actually Collect?
Before you audit anything, you need a mental map of what "Copilot data" even means. It is not one thing. On a typical Windows 11 Home or Pro machine, Copilot touches at least four categories of data.
- Conversation content: the prompts you type and the responses generated. On consumer accounts this is tied to your Microsoft Account and stored in the cloud.
- Contextual content: what Copilot can "see" to answer better. This includes the active browser tab in Edge, selected text, and in some integrations the contents of a document or file.
- Telemetry and diagnostics: usage patterns, feature interactions, crash data, and performance metrics sent to Microsoft under the Windows diagnostic data pipeline.
- Recall snapshots (if present): periodic screenshots of your desktop stored in a local database, indexed for semantic search.
The distinction matters because each category has a different storage location and a different off switch. If you only disable conversation history but leave optional diagnostic data on, you have closed one window and left three open. This is the same layered-visibility problem I described when writing about how to spot an AI browser that leaks your login credentials, and the auditing mindset carries over directly.
Consumer Copilot vs Microsoft 365 Copilot
Do not confuse the two. The Copilot bundled into a personal Windows 11 install and the Copilot inside a paid Microsoft 365 commercial subscription are governed by different data terms. Commercial Copilot promises your prompts and organizational data are not used to train the foundation models. Consumer Copilot, by default, may use interaction data to improve services unless you opt out.
The Three Layers You Must Audit Separately
I audit Copilot the same way I audit any tool that phones home: local, account, and telemetry. Treat each as its own investigation with its own evidence and its own kill switch.
| Layer | Where it lives | What it holds | How to inspect | How to clear |
|---|---|---|---|---|
| Local cache | Your PC (AppData, Recall DB) | Recent prompts, snapshots | File Explorer, PowerShell | Delete files, disable Recall |
| Account cloud history | Microsoft servers | Full conversation history | privacy.microsoft.com | Clear activity history online |
| Diagnostic telemetry | Microsoft servers | Usage and error data | Diagnostic Data Viewer | Settings, then delete |
Notice the pattern: the local layer you control completely, the cloud layers you can only inspect and request deletion of. That asymmetry is exactly why local-first tools appeal to privacy-conscious users. It is the same logic behind choosing offline utilities like the Offline Games collection or a self-contained CalculatorX over cloud equivalents that never stop collecting.
How to Audit the Local Copilot and Recall Data on Your PC
Start local, because it is where the most sensitive data can sit unencrypted and where you have full control. Follow these steps in order.
- Check whether Recall is present. Open Settings > Privacy & security > Recall & snapshots. If the section exists, Recall is installed on your build. If it does not, you are on a version or hardware config that never shipped it.
- Confirm the enabled state. If Recall exists, check whether "Save snapshots" is on. On many Copilot+ PCs it is off by default now, but I have seen OEM images ship with it enabled.
- Locate the snapshot store. Recall data historically lived under
%LocalAppData%\CoreAIPlatform.00\UKP. Open File Explorer, paste that path, and see what is there. The database and images should be encrypted on current builds, but confirm rather than assume. - Inspect the Copilot app cache. Look under
%LocalAppData%\Packagesfor folders containingCopilotorBingChatin the name. These hold local session state. - Use PowerShell to list Copilot components. Run
Get-AppxPackage *Copilot*in an elevated PowerShell window to see exactly which Copilot packages are installed, their versions, and install locations.
A worked example: what I found on a test machine
On a clean Windows 11 23H2 Pro install I set up for this piece, I ran the audit and logged the results. Out of curiosity I timed it: the whole local sweep took 18 minutes. Here is what surfaced:
- 3 Copilot-related Appx packages installed, totaling roughly 240 MB.
- Recall section absent (the machine was not a Copilot+ PC), so zero snapshot risk.
- A 4.2 MB local cache folder under the Copilot package holding 11 recent session fragments in JSON.
- Diagnostic data set to "Optional" from the OEM, which I did not choose. That single setting had been sending extended telemetry since first boot.
The lesson: the OEM had opted me into optional diagnostics without my meaningful consent. Nine out of ten users never check. That one toggle was the highest-impact finding of the entire audit, and it took ten seconds to reverse.
How to Audit Your Cloud Copilot History and Telemetry
The cloud layer is where your full conversation history lives if you signed in with a Microsoft Account. You cannot browse it locally, so go to the source.
- Open the Microsoft privacy dashboard. Go to
privacy.microsoft.comand sign in with the same account you use on the PC. - Review activity history. Look for app and service activity, search history, and any Copilot or Bing conversation records.
- Export before you delete. Use the download option to pull a copy of your data first. You want the evidence in hand before you erase it, both for your records and to understand exactly what was captured.
- Open the Diagnostic Data Viewer on the PC. Enable it in Settings > Privacy & security > Diagnostics & feedback, install the viewer app, and read the actual telemetry events streaming out. This is the single most eye-opening thing you can do.
- Delete diagnostic data. In the same Diagnostics settings page there is a "Delete diagnostic data" button that requests removal of what Microsoft holds for your device.
Exporting before deleting is a habit I recommend for any service. It is the same principle behind properly checking whether a cloud backup service actually encrypts your data before you rely on it. Verify the reality, keep a copy, then act.
How to Lock Down Copilot: The Configuration Walkthrough
Once you know what is collected, decide your posture. Here is the sequence I use, from least to most aggressive.
- Set diagnostic data to Required. Settings > Privacy & security > Diagnostics & feedback, then switch off "Send optional diagnostic data." This alone cuts the telemetry firehose to the minimum.
- Turn off tailored experiences. Same page, disable "Tailored experiences." This stops Microsoft using diagnostic data to personalize tips and ads.
- Disable Recall snapshots if present. In Recall & snapshots, turn off saving and delete existing snapshots.
- Sign out of Copilot or use it signed-out where possible, so conversations are not tied to your account cloud history.
- For a full removal, use
Get-AppxPackage *Copilot* | Remove-AppxPackagein elevated PowerShell. Note this can be reinstalled by updates, so recheck after major builds. - On Pro and Enterprise, use Group Policy or the registry to disable Copilot at the OS level under the Windows Copilot policy path, which survives updates more reliably.
Symbolic links come in handy if you want to relocate the local cache to an encryp





