In August 2025, Microsoft announced(nové okno) that Word for Windows will automatically save all new documents to OneDrive by default. Right now, this feature is only available to those in the Microsoft 365 Insider Program — an early access channel where Microsoft tests new features before releasing them to everyone. But Microsoft has already confirmed it will expand the default cloud-save model to all Word users, followed by Excel and PowerPoint for Windows users later in the year.
Once this feature rolls out to all Microsoft 365 users, new Word documents will no longer save to the desktop by default. Instead, they’ll be created directly in cloud storage such as OneDrive or SharePoint. Microsoft frames this shift as a win for security, compliance, collaboration, and AI-powered Copilot and Agent features.
But there are serious privacy concerns: If you use Microsoft Word, you’ll lose control over what happens to your personal documents, how they’re secured, and who gets to see them.
Privacy risks of saving Word docs to OneDrive
What Microsoft doesn’t say in its announcement is just as important as what it does. Automatically saving your documents to OneDrive means your work documents, legal agreements, or other sensitive data are uploaded straight to Microsoft’s servers. When that happens, you lose control of how your data is stored, who has access, and whether it’s used for other purposes like targeted ads or AI training.
No end-to-end encryption
OneDrive encrypts your documents while they’re being transferred (in transit) and stored (at rest). But it doesn’t use end-to-end encryption, which means that Microsoft can read your data, analyze it, and share it with third parties, which is allowed under Microsoft’s privacy policy(nové okno). Historically, when a company has this level of access, mistakes and account suspensions(nové okno) have occurred that can have real consequences.
US jurisdiction risks
As a US company without end-to-end encryption in place, Microsoft can access your files and is legally obligated to hand them over to the government or law enforcement if compelled — even without a warrant. Unlike companies based in Europe, Microsoft is required to adhere to laws and policies hostile to privacy.
AI ecosystem integration
Microsoft says(nové okno) Copilot doesn’t train on your documents, but it acknowledges(nové okno) that your personal data may be used to improve its large language models (LLMs). This inconsistency leaves serious ambiguity about which of your data is being used for training and how: If you’re using Microsoft products as an organization, your documents might not feed Copilot directly (yet), but Microsoft’s broader privacy policy is clear that it may use your data to train AI systems.
Add to this Microsoft’s multibillion-dollar investment in OpenAI(nové okno) — the maker of ChatGPT — and the lines between “productivity features” and “AI data pipelines” become less clear, raising questions(nové okno) for users who care about what happens to their data and where it ends up.
Ad targeting ambiguity
Microsoft doesn’t explicitly rule out using OneDrive data for advertising. And that risk can’t be dismissed, as OneDrive is deeply integrated into Windows — an operating system that already shows ads — and the privacy policy(nové okno) permits sharing data with affiliates, vendors, and third parties for personalized advertising. Microsoft’s email platform, Outlook, shares users’ private data with hundreds of third parties, including advertising partners. It’s part of an effort by the company to compete with Google and Facebook for advertising revenue.
Closed source software
Unlike open-source platforms, Microsoft’s code isn’t available publicly for independent audits. You can’t verify what protections really exist but have to trust Microsoft’s promises instead.
What you can do to stay in control
The change only affects Microsoft 365 Insiders for now — but Microsoft has made it clear that it’s coming to everyone else soon. That means it’s worth deciding now how comfortable you are with your documents being injected automatically in Microsoft’s cloud.
If you’re not comfortable with that privacy risk, here’s what you can do:
Change the default setting in Word
You can disable Microsoft’s automatic cloud saving by going to Word Options → Save and unchecking Create new files in the cloud automatically. Since Microsoft hasn’t said exactly when this feature will reach all users, it’s a good idea to review your default save settings after each Word update to make sure your documents are still being stored locally.
Be deliberate about what you store in OneDrive
If you decide to keep using OneDrive or SharePoint, think carefully about what kinds of documents you’re comfortable putting there. For example, you may want to avoid uploading sensitive files like medical records, financial statements, or legal agreements.
Switch to an end-to-end encrypted alternative
If you still rely on Word but don’t want your documents living in OneDrive, consider switching to Proton Drive. Our cloud storage gives you a safe place to store all your files and share them securely with friends or colleagues. Because we protect your documents with end-to-end encryption, no one else — not even Proton — can see them but you and the people you choose to share with. And as a company supported 100% by our subscribers, we don’t monetize your data through ads or tracking.
And if you’re ready to move beyond Microsoft entirely, Proton’s ecosystem offers privacy-first alternatives built from the ground up. Proton Docs is the first ever online encrypted document editor, giving you real-time collaboration and editing tools without exposing your data to Big Tech. You can also use Lumo, our private AI writing assistant(nové okno) that doesn’t keep any logs of your conversations — so you can confidently draft personal notes, legal documents, or sensitive reports with AI assistance, knowing your information stays private and under your control.
