Privacy and control over your Recall experience
Applies To
Windows 11Recall is an upcoming preview experience exclusive to Copilot+ PCs that will help you easily find and remember things you've seen using natural language. To help provide you with that “photographic” memory, you can opt in to have Windows save snapshots of your screen periodically. You can quickly search your snapshots to find things on your Copilot+ PC. For example, you can search for content you've seen in apps, websites, images, and documents. Recall doesn't record audio or save continuous video.
You're always in control of what’s saved as a snapshot. You can disable saving snapshots, pause temporarily, filter applications, and delete your snapshots at any time.
To help maintain your privacy, Recall processes your content locally on the Copilot+ PC and securely stores it on your device. This page will help you understand how you can control your Recall experience.
Note: Recall is coming soon through a post-launch Windows update. See aka.ms/copilotpluspcs.
User choice from the start
During setup of your new Copilot+ PC, and for each new user, the user can opt into saving snapshots using Recall. If you don’t choose to opt in, it will be off by default and snapshots will not be taken or saved. You can also remove Recall entirely by using the optional features settings in Windows.
If there are multiple users that sign in on the PC with different accounts, each user needs to make their own decision if they choose to save snapshots when they use the device. Other users can do this by either:
-
Launching Recall and going through the setup
-
By moving the toggle switch to On for the Save snapshots option under Windows Settings > Privacy & security > Recall & snapshots.
Each user will see Recall pinned to the taskbar when they reach their desktop. Each user will have a Recall snapshot icon on the system tray letting them know when snapshots are being saved.
You can turn on or off saving snapshots at any time by going to Settings > Privacy & security > Recall & snapshots. You can also pause snapshots temporarily by selecting the Recall icon in the system tray on your PC and selecting the pause option.
Filtering apps and websites from your snapshots
You can filter out apps and websites from being saved as snapshots. You can add apps and websites at any time by going to Settings > Privacy & security > Recall & snapshots on your PC. For sensitive information, you can use the Sensitive Information Filtering setting, which is enabled by default, helps filter out snapshots when potentially sensitive information is detected—for example, passwords, credit cards, and more.
Notes:
-
Filtering out specific websites will only work in supported browsers such as Microsoft Edge, Firefox, Opera, and Google Chrome. You always have the option to filter out all browsing activity by adding an app filter for a browser. To add support for website filtering, developers need to implement Recall activity APIs.
-
Your private browsing activity will not be saved as snapshots when you're using Microsoft Edge, Firefox, Opera, Google Chrome, or other Chromium-based browsers.
-
Windows treats material protected with digital rights management (DRM) similarly; like other Windows apps such as the Snipping Tool, Recall will not store DRM content.
-
To help you access text and images currently on your screen, you can select the Now button, and your current screen will be displayed in Recall. This is saved as a snapshot only if you have saving snapshots enabled.
-
Sensitive information filtering is on by default and helps reduce passwords, national ID numbers, and credit card numbers from being stored in Recall.
-
Your sensitive information remains on your device at all times, regardless of whether the Sensitive Information Filtering setting is on or off. For examples of the data that’s being filtered, see Sensitive information type definitions.
Snapshot storage: content stays local
We built privacy and security into Recall's design from the ground up. With Copilot+ PCs, you get powerful AI that runs locally on your device. No internet or cloud connections are required or used to save and analyze snapshots. Your snapshots aren't sent to Microsoft. Recall AI processing occurs locally, and your snapshots are securely stored on your local device only.
Recall doesn't share snapshots with other users that are signed into Windows on the same device. Microsoft can't access or view the snapshots. Recall requires you to confirm your identity before it launches and before you can access your snapshots, so you’ll also need to enroll into Windows Hello if you haven’t already enrolled. You must have at least one biometric sign-in option enabled for Windows Hello, either facial recognition or a fingerprint, to launch and use Recall. Before snapshots start getting saved to your device, you’ll need to open Recall and authenticate. Recall takes advantage of just in time decryption protected by Windows Hello Enhanced Sign-in Security (ESS). Snapshots and any associated information in the vector database are always encrypted. Encryption keys are protected via Trusted Platform Module (TPM), which is tied to your Windows Hello ESS identity, and can be used by operations within a secure environment called a Virtualization-based Security Enclave (VBS Enclave). This means that other users cannot access these keys and thus cannot decrypt this information. Device Encryption or BitLocker are enabled by default on Windows 11. For more information, see Recall security and privacy architecture in the Windows Experience Blog.
You can delete your snapshots at any time by going to Settings > Privacy & security > Recall & snapshots on your PC. Windows sets a maximum storage size to use for snapshots, which you can change at any time. Once that maximum is reached, the oldest snapshots are deleted automatically.
Built-in security
The security protecting your Recall content is the same for any content you have on your device. Microsoft provides many built-in security features from the chip to the cloud to protect Recall content alongside other files and apps on your Windows device.
-
Secured-core PC: all Copilot+ PCs will be Secured-core PCs. This feature is the highest security standard for Windows 11 devices to be included on consumer PCs. For more information, see Secured-core PCs.
-
Microsoft Pluton security processor will be included by default on Copilot+ PCs. For more information, see Microsoft Pluton.
-
Copilot+ PC devices with compatible hardware will ship with Windows Hello Enhanced Sign-in Security (ESS), which enables more secure sign-in using biometric data or a device-specific PIN. For more information, see Windows Hello Enhanced Sign-in Security (ESS).
Our goal remains simple: make it easy to stay safe and have trust in Windows. The Windows Security Book is available to help you learn more about what makes it easy for users to stay secure with Windows.
Related articles
-
Update on Recall security and privacy architecture | Windows Experience Blog
-
Manage Recall (for IT admins)
Note: Recall is currently in preview status. During this phase, we'll listen to customer feedback, develop more controls for enterprise customers to manage and govern Recall content, and improve the overall experience for users.