Your "private" shooting spreadsheet probably isn't private. Here's why.

There’s a quiet assumption that runs through most “I keep my shooting log in a spreadsheet” stories. The assumption is: the file is on my laptop, so the file is private.

It’s the right instinct. It’s also, in most cases, wrong.

If your shooting spreadsheet lives in your Documents folder on a Mac, in your Documents folder on Windows, or in the default location of any modern office app, the file is almost certainly being replicated to a third-party server right now. Apple, Microsoft, or Google has a copy. They’re allowed to have it because you said yes — usually years ago, when the operating system asked, “Sign in to enable iCloud / OneDrive / Google Drive?”

Most shooters don’t remember saying yes. Most never check.

This article walks through what’s actually happening, how to verify it on your specific machine, and what to do about it if the privacy reason was the whole point of the spreadsheet in the first place.

(For the rest of the trade-offs around shooting log spreadsheets — formulas, multi-barrel handling, mobile entry — see Shooting log spreadsheet templates: what works, what breaks.)

What “private” usually means to people

The mental model is something like:

• My file lives on my laptop.
• Nobody else has a copy.
• If someone wanted to read it, they would need physical access to my machine.

This is a coherent definition. It’s also a much higher bar than what most laptops actually deliver out of the box.

Why it usually isn’t private

Modern operating systems and office suites are built to assume cloud sync. The defaults reflect that.

On a Mac. macOS prompts you to enable iCloud Drive at first sign-in. If you said yes, your Desktop and Documents folders are part of iCloud Drive by default. Files saved there are uploaded to Apple’s servers. The local copy you see is a cache of the cloud version, not the only copy.

On Windows. Windows 10 and 11 prompt you to enable OneDrive at first sign-in, and the default “Backup” setting moves your Desktop, Documents, and Pictures folders into OneDrive. Files saved there are uploaded to Microsoft’s servers.

With Microsoft Office. Recent versions of Word, Excel, and PowerPoint default to “Save to OneDrive” for new files. Even when you save locally, the AutoSave feature will offer to upload.

With Google Sheets. Google Sheets is, by definition, on Google’s servers. There is no local-only mode.

With Google Drive desktop sync. If you installed Google Drive’s desktop app and pointed it at any folder on your machine, files in that folder go to Google’s servers.

The pattern is consistent: the default is to sync. The exception is to opt out.

For most shooters who set up their machine years ago and didn’t pay close attention to the dialogs, the spreadsheet they consider their private shooting log has been quietly syncing to a third-party server the whole time.

Where the data actually goes

Once a file lands in iCloud, OneDrive, or Google Drive, it’s on the vendor’s infrastructure under the vendor’s terms of service. A few things that are true of every major vendor:

• Vendor employees can technically access the data, gated by internal access controls. The strength of those controls varies, and they have failed in the past.
• The vendor can be served a subpoena or warrant for the data. Most major vendors publish transparency reports about how often this happens. The number is not zero.
• The terms of service include broad license language. Most modern cloud agreements grant the vendor license to use customer data for “service improvement.” What that includes today is not what it included five years ago.
• Some vendors use customer content to train AI models under specific conditions. The exact rules vary and change. The default for any individual file may not match what you assume.
• Policies change. The terms you agreed to in 2019 are not the terms in force today. Most vendors reserve the right to update unilaterally.

None of this is malicious. It’s the normal operation of large cloud businesses. But “my file is on my laptop” and “my file is in iCloud” describe two very different threat models, and most spreadsheet shooters are running on the first model’s assumptions while their data lives in the second model’s reality.

How to check on your machine

Concrete steps. Find your shooting spreadsheet, then verify where it actually lives.

On a Mac.

1. Open System Settings → Apple ID → iCloud → Drive.
2. Check whether “Desktop & Documents Folders” is on. If yes, anything in those folders is in iCloud.
3. Click “Apps using iCloud” to see which apps sync data automatically. Excel, Numbers, and others may be on the list if you’ve used them.

On Windows.

1. Look for the OneDrive cloud icon in the system tray (bottom right).
2. Click it → Settings (gear icon) → “Sync and backup” tab.
3. Check the “Manage backup” section to see whether your Documents folder is part of OneDrive.

For Google Sheets.

If your spreadsheet is a Google Sheet, it’s on Google’s servers. There’s no further checking — that’s the design. Exporting to local Excel format and opening it on a non-synced laptop is the only way to leave Google’s environment with that file.

For Google Drive desktop.

Open the Google Drive app from the system tray (Windows) or menu bar (Mac) and check whether any folder on your machine is being synced.

How to actually make it private

If you’ve checked and the answer was “yes, my shooting spreadsheet is in someone’s cloud,” and the privacy was the point, you have a few options:

• Disable cloud sync for that file specifically. On a Mac, move the file out of Desktop / Documents and into a folder that isn’t part of iCloud. On Windows, exclude the folder from OneDrive backup or move the file to a non-synced location.
• Disable cloud sync entirely. A heavier option, but cleaner: turn off iCloud Drive (Mac) or OneDrive backup (Windows) entirely. Make what gets uploaded a deliberate decision rather than a default.
• Move to a non-cloud spreadsheet tool. Open the file with LibreOffice or another local-only spreadsheet app and save it somewhere genuinely local. Recheck the new save location.
• Encrypt your local backup. If the file matters enough that you want a backup but don’t want it in the cloud, an encrypted external drive is the right answer. Time Machine to an external drive on Mac. File History or another local backup tool on Windows.
• Accept the trade-off explicitly. Decide that the convenience of cloud sync is worth it, and update your mental model accordingly. There’s nothing wrong with this answer if it’s the answer you actually picked.

The wrong answer is the one most people are at right now: assuming it’s private without having checked.

The honest question

If privacy was the whole reason you chose a spreadsheet, and the spreadsheet has been quietly syncing to someone else’s servers for years, the spreadsheet may not be the right tool for the job.

A tool whose threat model is built around “your data stays on the smallest possible list of servers” is a different kind of tool. That’s not the spreadsheet’s job. The spreadsheet was designed for collaboration and convenience; the cloud sync isn’t a bug, it’s a feature.

Shooting Log Pro is built around the threat model the spreadsheet doesn’t serve. Your data is on our servers — only on our servers. No third-party analytics, no error tracking with user data, no AI services, no ad networks. US-hosted on DigitalOcean. Hard delete on account close. Full CSV export anytime, so you can leave with your data intact. The full posture is in What I do — and don’t do — with your firearms data.

Indie. Bootstrapped. One person — me — runs it. No outside investors making decisions about your data in a board meeting you weren’t invited to. No exit plan eyeing the data.

If the “private” in “private spreadsheet” was the whole reason for you, the 14-day trial is the next step. No credit card to start. Two minutes to log your first session somewhere that’s actually private.