I doubt that OCR (optical character recognition) is done on device so it likely being sent to some server for processing.
As a software engineer, in any of our corporate applications when a user hits delete we toggle an archived flag, but the data is still there. So I wouldn’t trust any application to do what it actually says.
There are so many technical barriers for recall to ever be able to not snipe your private data that I wouldn’t go anywhere near the thing.
Edit: Furthermore, what happens when MS inevitably gets hacked again and someone steals all the data it has and then starts using that to commit fraud.
As a software engineer, in any of our corporate applications when a user hits delete we toggle an archived flag, but the data is still there.
What many people don’t realize is that this is how some low level data stores work as well. Even regular ol’ file systems do this (basically).