The company I work for wouldn't want internal documents stored on third-party servers either. I don't use my web-based system to do that. It's simply a task list and there is nothing in it that divulges sensitive information. Tasks can still be quite descriptive yet pose no risk of exposure.
If that's not something you think you can do then I guess you're stuck with having two systems, which is not ideal.