During the initial setup and configuration, your Ledger device generates a cryptographic root secret that is displayed to you in the form of a human-readable, 24-word Secret Recovery Phrase.
To do so, Ledger's operating system leverages the Random Generator of the Secure Element. Every time you're signing a transaction, the associated root secret is used to compute the key, which in turn is used to compute a transaction signature.
This approach ensures that only you have access to your Secret Recovery Phrase. Why is that important? Because the Secret Recovery Phrase unlocks access to your crypto. Lose track of it, and you’ve lost access to your funds.
What about Ledger Recover?
The same principle is applied in the context of Ledger Recover: only you can access the backup for your Secret Recovery Phrase.
If you subscribe to the service, your Secret Recovery Phrase will be fragmented into three pieces, with each part being sent end-to-end encrypted between your Ledger device and the backup providers' secure Hardware Security Module (HSMs).
The backup can only be created after you have approved it directly on your Ledger device, just as you would when signing a secure transaction—anything to do with your private keys can only happen with your confirmation through your Ledger device.
Access to these fragments is restricted by your identity, ensuring that only you can unlock it. The security and cryptography protocol enabling this feature has been designed at Ledger, battle-tested by a team of world-class security experts at Donjon, and validated by a third-party security laboratory.
Ledger Recover is an optional subscription service, which needs to be manually enabled by you. If you believe you don't need the service, you can continue using your Ledger device just like you did before.
If you choose to pay for a subscription, you're still the only one with access to your Secret Recovery Phrase, and you will also have a backup that will be created and accessible only to you. You remain the only one able to pass the identity verification check that is required to fetch back the encrypted fragments and rebuild your Secret Recovery Phrase into another Ledger device—should you need to do so in the future.
To sum up
Ledger doesn't have access to users' Secret Recovery Phrases, whether or not they subscribe to Ledger Recover. The OS update runs on the Secure Element. Downloading the latest OS update for your Ledger Nano X does not mean that your Secret Recovery Phrase can be extracted. Your security is paramount to Ledger and that will not change.