Does Windows 10's telemetry include sending *.doc files if Word crashed?

Here is what they spy on, finally officially admitted after being proved again and again by different independent sources. That should make a pretty good idea on what actually is transmitted.

To actually see what's being reported you can give yourself permissions for %ProgramData%\Microsoft\Diagnosis directory and look what's in there, but the file are encrypted which is a very suspicious thing.

What you can look at in the newer version is the Diagnostic Data Viewer. But that does NOT guarantee or prove that there is documents privacy in any way.

At this point my guess is that they will transmit parts of files that generated crashes, or if they consider proper to do so and definitely can transmit any type of document via the encrypted content in \Diagnosis and https as the transmission way.

Their EULA states:

Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2. protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3. operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4. protect the rights or property of Microsoft, including enforcing the terms governing the use of the services - however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer's private content ourselves, but we may refer the matter to law enforcement.

Conclusion: they can and will do it at will.


Memory dumps often have document contents

It's worth noting that if you're sending a memory dump of a crashed application at the moment of its crash (which is a reasonable way of analyzing crashes) then that memory dump is very likely to include the contents of whatever document(s) were opened in that app at the time. So if you're "just" sending app crash debug information, then that by necessity means that sometimes you're also sending confidential user documents in it.