Microsoft Recall Privacy Risks 2026: Disable Snapshots, Audit Sensitive Data, Lock Down Copilot+ PCs

Disclaimer: This guide is for educational and defensive purposes. Microsoft Recall settings, registry keys, and Group Policy paths change between Windows builds. Verify each step against current Microsoft documentation before applying it to a production machine. Disabling Recall does not retroactively delete data that has already been screenshotted unless you also purge the snapshot database. Consult your IT/security team before changing policies on a managed device.

When I started auditing Windows 11 Copilot+ laptops we had ordered for two client onboarding kits in late 2025, I found something that genuinely worried me: a workstation had been silently building a searchable database of screenshots — including a session where one of our developers had a client API key open in VS Code. The feature responsible is Microsoft Recall, and even after Microsoft's re-release with encryption and opt-in defaults, the privacy implications for anyone who handles sensitive data (financial records, health info, client credentials, legal documents) are still material in 2026.

This guide walks through what Recall actually captures, how I verified what was on those laptops, and the exact steps I now run on every Copilot+ PC we deploy at Warung Digital Teknologi before it touches a client project. It also covers what to do if you suspect snapshots already contain sensitive material.

What Microsoft Recall captures (and why YMYL users should care)

Recall is a Windows 11 feature exclusive to Copilot+ PCs (devices with a Neural Processing Unit, typically Qualcomm Snapdragon X, Intel Core Ultra Series 2, or AMD Ryzen AI 300 series). It takes a screenshot of your active screen every few seconds, runs on-device optical character recognition (OCR), and stores the extracted text plus the image in an encrypted SQLite-style database under your user profile. A natural-language search bar then lets you find "that PDF invoice from March" or "the recipe with paprika I saw last week."

The privacy concern is not that Microsoft uploads these snapshots — by current design they stay local. The concern is what local actually means:

• Anything on screen is fair game. Banking dashboards, telehealth video consultations, two-factor codes flashed on screen, password manager fields that were briefly revealed, encrypted-messaging app windows, tax forms, legal contracts — Recall does not know what is sensitive.
• "InPrivate" and similar protections are inconsistent. Recall is supposed to skip InPrivate browsing in Edge and DRM-protected video. Independent testing in 2025 found edge cases where the filter failed: visiting a normally-skipped site in a non-Edge browser, or alt-tabbing during a protected video.
• Encryption protects data at rest, not from a logged-in user. Microsoft uses Windows Hello-bound keys and VBS (Virtualization-Based Security) to encrypt the database. That is genuinely strong against an offline laptop thief. It is not strong against malware running under your account, against a roommate or coworker who already has your PIN, or against forensic tools used by an abusive partner who knows your password.
• Snapshots persist long after the source is gone. Closing a banking tab does not delete its screenshot. Deleting an email does not delete the snapshot of the email. By default Recall keeps snapshots until the allocated disk quota fills, which on a 1 TB SSD can mean months of history.

For our context — agencies and freelancers handling client financial data, health-content publishers managing reader PII, anyone running a small business with HIPAA or GDPR exposure — that retention window is the part that should not be ignored.

Step 1: Check whether Recall is on your device at all

Recall only runs on Copilot+ PCs. If you have a standard Windows 11 laptop with an Intel 12th-gen CPU and no NPU, Recall is not installed and you can skip ahead to the defense-in-depth section. To check definitively:

1. Press Win + I to open Settings.
2. Go to Privacy & security > Recall & snapshots. If this menu does not exist, your device does not support Recall.
3. If the menu exists, note the toggle state for "Save snapshots." On post-November 2024 builds this defaults to off and requires explicit opt-in, but I have seen pre-configured retail units where a setup partner enabled it during OOBE. Always verify.

For an admin verifying a fleet, you can also check via PowerShell. Open an elevated PowerShell prompt and run:

Get-WindowsOptionalFeature -Online -FeatureName Recall

If the state returns Enabled, the feature itself is installed (not necessarily collecting). On our Snapdragon X Copilot+ test unit, this matched what Settings showed.

Step 2: Disable Recall for a single user (the safe default)

For most home users and freelancers, the cleanest action is to disable snapshot saving at the user level and delete any existing snapshots.

1. In Settings > Privacy & security > Recall & snapshots, switch Save snapshots to Off.
2. Below that toggle, click Delete all snapshots. You will be prompted to confirm with Windows Hello. This is the only way to purge the existing on-disk database; toggling off without deleting leaves the snapshot file in place.
3. Close all apps and reboot. Recall's background processes (Recall.exe, AIHost.exe) should not appear in Task Manager after the next sign-in.

One observation from doing this on three different machines: the "Delete all snapshots" action can take 30 to 90 seconds on a busy disk, and the progress dialog does not always close cleanly. If it appears frozen for less than two minutes, wait. Force-closing it has produced an orphaned partially-encrypted database file in my testing.

Step 3: Remove Recall entirely as a Windows optional feature

Disabling is not the same as uninstalling. If you want the binaries gone (which I recommend for any machine that will handle client credentials), remove Recall as an optional feature.

From an elevated PowerShell prompt:

Disable-WindowsOptionalFeature -Online -FeatureName Recall -Remove

The -Remove flag deletes the payload from the side-by-side store, not just the active install. A reboot is required. After reboot, the Recall menu in Settings disappears, and the optional feature listing shows it as DisabledWithPayloadRemoved.

Caveat: a future Windows feature update (annual H2 release) can re-stage the payload. I have added a monthly cron-like check on our managed devices that re-runs this command if the feature reappears. The same applies to the Group Policy approach below.

Step 4: Block Recall via Group Policy for managed devices

For business-managed machines, Microsoft added a dedicated Group Policy in 2024 to disable Recall fleet-wide. This is what I now apply to every client-handling workstation we deploy.

1. Open gpedit.msc (Pro/Enterprise editions only — Home requires a registry edit, shown below).
2. Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows AI.
3. Find "Turn off saving snapshots for Windows" and set it to Enabled.
4. Run gpupdate /force from an elevated prompt.

The equivalent registry value for Windows 11 Home or for scripting:

HKLM\Software\Policies\Microsoft\Windows\WindowsAI
Value name: DisableAIDataAnalysis
Type: REG_DWORD
Data: 1

From PowerShell, the one-liner is:

New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\WindowsAI" -Name "DisableAIDataAnalysis" -Value 1 -PropertyType DWORD -Force

After this is applied, even a user with local admin rights cannot re-enable Recall through Settings — the toggle is greyed out with a "managed by your organization" notice.

Step 5: If Recall was on, audit what was captured before you delete

This is the step most guides skip, and the one that mattered most in my client laptop incident.

If Recall has been running for any length of time before you discovered it, you should assume sensitive material was captured before purging the database. The reason: if the device has already been touched by an infostealer, an abusive household member, or simply backed up to OneDrive Personal Vault, the snapshots may already exist somewhere else.

Quick audit path:

1. Before disabling, open Recall via the taskbar icon and search for high-risk terms: your bank's name, "password", "API key", "OTP", "verification code", your medical provider's portal name, "tax ID", "SSN" (or local equivalent).
2. If matches return, note which apps and time ranges they came from. This tells you what credentials to consider compromised.
3. Rotate every credential that appeared. Treat them as potentially exposed even if the database was never accessed externally — defense-in-depth assumes the worst.
4. Only then run the "Delete all snapshots" action.

On the client laptop I mentioned at the start, the searchable history included clear screenshots of a developer authentication panel. We rotated those API keys within an hour. The "did anyone exfiltrate it" question was unanswerable in the negative, so we treated the keys as burned. That cost about 90 minutes of cleanup work; it would have cost a great deal more if we had only learned about it after an actual misuse.

Step 6: Exclude apps and sites that must stay on the device

If you genuinely want Recall on (some users find it useful for research workflows), at least configure exclusions for the apps and websites that handle sensitive data.

Go to Settings > Privacy & security > Recall & snapshots > Apps to filter and Websites to filter. At minimum I would add:

• Every password manager you use (1Password, Bitwarden, KeePassXC, Apple Passwords, Proton Pass).
• Banking and brokerage portals (full domain — e.g., chase.com, wellsfargo.com, your local bank).
• Healthcare portals (MyChart, Kaiser, NHS app, BPJS, etc.).
• Government tax portals (irs.gov, gov.uk, pajak.go.id, etc.).
• Crypto exchange dashboards and wallet web interfaces.
• Encrypted-messaging desktop clients (Signal Desktop, Element, WhatsApp Web).
• Telehealth and video-call platforms used for medical/legal sessions.
• Internal admin panels for any service you operate (cPanel, AWS console, Vercel dashboard, etc.).

Two practical notes from my own configuration: the filter applies prospectively only — pre-existing snapshots of these apps are not purged. And the website filter relies on the browser reporting the domain to Recall via an API; in 2026 only Edge and Chrome support the integration. Firefox-based browsers (Firefox, LibreWolf) are still filtered by window-title heuristics, which is not as reliable.

Step 7: Defense-in-depth for any user, regardless of Recall

Recall is one specific implementation of a broader trend: more on-device AI features that index your activity for "helpful" search. Whether it is Apple's similar features, Google's screen-content analysis on Android, or third-party tools like Rewind.ai, the threat model is similar. A few measures help across all of them:

• Use a guest or standard user account for daily work. Admin separation means malware that runs under your account cannot trivially install new AI/indexing tools without prompting.
• Enable BitLocker (or device encryption on Home). This protects the snapshot database from offline attacks if the device is stolen. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommends full-disk encryption on any device that handles personal or financial data (CISA Secure Our World guidance).
• Use a hardware security key (YubiKey, Titan, Feitian) for primary accounts. Even if a snapshot captures the username field of your Gmail login, a FIDO2 key blocks reuse. The U.S. National Institute of Standards and Technology (NIST) SP 800-63B treats phishing-resistant authenticators as the gold standard for sensitive accounts.
• Audit OneDrive Personal Vault. Some Recall snapshots can sync via user-initiated backup. Open OneDrive > Settings > Backup and confirm "Pictures" backup does not pick up the Recall folder. As of my testing in early 2026 Microsoft excludes the Recall database by default, but custom folder backups can capture it if mis-configured.
• Treat any borrowed or shared device as compromised. If you ever sign into your accounts on a colleague's Copilot+ laptop, assume Recall captured your session and rotate credentials.

For developers and admins managing client devices

Across the 50+ projects we have shipped at Warung Digital Teknologi, I have moved to a baseline checklist for any Windows 11 Copilot+ device that will handle client work: disable Recall via Group Policy, remove the optional feature payload, audit OneDrive backup scope, and confirm BitLocker is on with a recovery key escrowed in our 1Password Business vault rather than tied only to a Microsoft Account.

The bigger picture is that the line between "personal productivity feature" and "client data processor" has moved. If you are a freelancer or agency owner, your client engagement contract probably did not anticipate a screenshot index of your work session. Until contracts catch up, the conservative posture is to assume Recall is in scope of any confidentiality clause you have signed, and to disable it accordingly.

Frequently Asked Questions

Does disabling Recall break Copilot+ features I actually use? No. Recall is a discrete feature. Cocreator in Paint, Live Captions, Studio Effects, and Click to Do (where available) continue to function with Recall disabled.

Can I disable Recall on a personal device while keeping it on a separate work account? Yes — the user-level toggle (Step 2) is per-user. Group Policy (Step 4) is per-device. If you genuinely need separation, use distinct local accounts and apply the user-level disable to the sensitive one.

Is Recall ever sent to Microsoft servers? Per Microsoft's documentation, snapshots and the OCR index remain on-device. Telemetry about feature usage (counts, error reports) does go to Microsoft if standard diagnostic data is enabled. To minimize even that, set Settings > Privacy & security > Diagnostics & feedback > Diagnostic data to "Required only."

Are there third-party tools that do the same indexing? Yes. Rewind.ai (macOS/Windows), Reor, and several open-source projects build local searchable activity indexes. The same hardening principles apply: audit what is being indexed, exclude sensitive applications, and confirm where the data is stored.

What if I am a domestic abuse survivor worried that an abuser has access to my device? Beyond disabling Recall, please review resources from the U.S. Federal Trade Commission (FTC Stalking Safety Tips) and consider replacing the device entirely. A re-enabled-by-someone-else Recall instance is exactly the kind of evidence collection abusers use; technical fixes alone are not always enough.

Bottom line

Microsoft Recall is technically well-engineered for the threat model Microsoft chose to defend against (laptop theft, casual snooping). It is not a good fit for the threat model that most YMYL users actually face (malware under their own account, household coercion, contractual confidentiality with clients). On every Copilot+ PC I touch professionally, the answer has been to turn it off, remove the payload, audit what was captured, and add the policy to prevent re-enablement.

If you only do one thing today: open Settings, check whether your device has the Recall menu, and confirm the snapshot toggle is off. That five-minute check is the difference between "I know what is on my device" and "I am guessing."

Authoritative sources

• Microsoft Learn — Manage Recall
• U.S. Cybersecurity and Infrastructure Security Agency (CISA) — Secure Our World
• U.S. National Institute of Standards and Technology — NIST SP 800-63B Digital Identity Guidelines
• U.S. Federal Trade Commission — Safety Tips for Stalking Victims
• UK National Cyber Security Centre — Device Security Guidance