Hello Anonymous an Alec,
Concerning “Is it possible using settings to make sure that the temporary unencrypted file is created on the user’s local PC so that it is never on Google drive in clear?“: This is exactly how AxCrypt works. It never decrypts any file in the original location (and it doesn’t work directly with Google Drive either, it only works on the local hard drive synchronized/streamed copy). It always decrypts the file temporarily to a local temporary folder, and then re-encrypts it to the original location.
In the case of synchronized/streamed cloud service folders, the plain text file can only hit the remote cloud server if the file is created there in plain text. And then only if the time window between creation and initial encryption is long enough. To be 100% safe – always encrypt a new file before actually making it available for sharing via a cloud service provider. Once it’s encrypted, it’ll never be decrypted so the cloud service provider sees it, unless of course you actually decrypt it in place. But just opening the file via AxCrypt is 100% safe in this regard.