top of page
Search

Claude: data retention policies, storage rules, and compliance overview

ree

Anthropic has refined Claude’s data retention framework to address privacy expectations, regulatory compliance, and enterprise requirements. As of August-September 2025, Claude offers a layered policy approach covering consumer web apps, API usage, enterprise deployments, and third-party integrations such as AWS Bedrock and Google Vertex AI. These policies define how long data is stored, how it can be deleted, and how customer information is protected from being used in model training. An upcoming policy update, effective 15 September 2025, will further reduce API log retention, enhancing Claude’s compliance stance.



Standard Claude web applications follow a 30-day retention window.

For Free, Pro, Max, and Claude Work accounts, Anthropic retains interaction logs temporarily to improve platform stability while giving users full control over their chat history.

  • Retention period:

    • Prompts and responses are stored for up to 30 days in back-end logs.

    • If a user deletes a chat, it is immediately removed from the interface and automatically purged from back-end storage within the same 30-day window.

  • Training policy:

    • User data is never used for model training unless there is explicit, opt-in consent — which Anthropic currently does not request.

  • Trust-and-safety retention:

    • Prompts flagged for potential policy violations may be stored for up to 2 years.

    • Associated classifier scores may be retained for up to 7 years to improve abuse detection systems.

This approach balances user privacy with system reliability, ensuring personal conversations are not retained longer than necessary unless compliance or safety regulations require it.


Claude API log retention is being shortened.

Anthropic’s API retention policy has undergone significant changes in 2025. For customers using Claude through the commercial API key — either directly or via Claude Code — an upcoming update will reduce retention windows for even greater privacy.

  • Current retention:

    • Until 14 September 2025, Claude API logs are retained for 30 days.

  • Updated retention (effective 15 September 2025):

    • API logs will be stored for only 7 days before being automatically deleted.

  • Training usage:

    • API data is never used for model training.

  • Enterprise flexibility:

    • Organizations that require longer retention periods for auditing purposes can opt in to keep the 30-day window by updating their Data Processing Addendum (DPA).

This shorter retention policy aligns Claude with stricter privacy frameworks, including GDPR and the EU Digital Services Act (DSA), while preserving optional flexibility for regulated enterprises.



Zero-data-retention (ZDR) mode offers full control for enterprises.

For organizations with stringent compliance requirements, Anthropic offers an optional Zero-Data-Retention (ZDR) addendum that ensures maximum data isolation.

  • Retention policy under ZDR:

    • Logs are processed for real-time abuse detection only, then immediately discarded.

    • No chat content, metadata, or request details are persisted beyond initial processing.

  • Scope of coverage:

    • Applies exclusively to traffic sent using an Enterprise or Team API key.

    • Web sessions, Claude Work UI, and beta products are not covered unless explicitly added by contract.

  • Limitations:

    • ZDR does not override memory-enabled features or apply retroactively to historical logs.

    • A signed contract is required, along with an updated security addendum.

ZDR mode is increasingly adopted by enterprises in healthcare, finance, and regulated industries where data residency and audit compliance are business-critical.


Claude on AWS Bedrock and Google Vertex AI inherits provider-level controls.

Claude integrates with third-party platforms such as AWS Bedrock and Google Vertex AI, where data governance is managed jointly between Anthropic and the hosting provider.

  • Default retention:

    • Logs are stored by the provider for approximately 30 days by default.

  • Custom retention options:

    • Customers can configure shorter logging periods using AWS CloudTrail or Google Cloud Logging to meet internal compliance mandates.

  • Privacy guarantees:

    • Regardless of hosting environment, Claude never uses customer data from Bedrock or Vertex for training.

  • Region locking:

    • Both platforms allow Private Service Connect (PSC) for routing requests securely and enforcing regional data residency policies.

These integrations make Claude compatible with enterprise security frameworks where infrastructure controls must remain under customer management.


Memory and personalization data require user action for deletion.

Claude’s Memory feature — available in beta for select Pro, Max, and Work users — allows users to store personalized preferences and conversation context for ongoing interactions.

  • Storage duration:

    • Memory objects persist indefinitely unless explicitly deleted by the user.

    • Once deleted, the associated data is fully removed from Anthropic’s systems within 30 days.

  • Opt-in requirements:

    • Memory is disabled by default and requires explicit user activation.

    • Users can toggle memory per conversation or globally through settings.

  • Training policy:

    • Memory data is never used for training unless users provide direct consent.

By design, Claude places full control of personalization data in the user’s hands, ensuring compliance while improving usability for ongoing projects.


Long-term storage rules for safety and compliance.

While standard chat data is ephemeral, some information is stored for extended periods when required by trust-and-safety regulations.

Data type

Maximum retention

Purpose

Flagged prompts & outputs

Up to 2 years

Enables retrospective investigations

Classifier metadata & abuse scores

Up to 7 years

Improves moderation systems

Deleted conversations

Up to 30 days

Required for complete back-end purging

Zero-data-retention traffic

0 days

Real-time validation only

These rules primarily affect edge cases involving policy enforcement and compliance frameworks rather than everyday user activity.


Comparing Claude’s data retention policies.

Feature / plan

Default retention

ZDR-enabled retention

Training opt-out

Customization

Claude Web Apps (Free / Pro / Max / Work)

30 days

Not available

Yes, default

Delete chats anytime

Claude API (default)

30 days → 7 days after 15 Sep

0 days

Yes, default

DPA controls allow 30-day retention

Zero-Data-Retention Addendum

0 days

0 days

Yes, default

Contract required

Claude on AWS Bedrock / Vertex AI

30 days

Configurable by customer

Yes, default

Uses provider logging policies

Memory data

Indefinite until deletion

N/A

Yes, default

User-managed deletion cycle


Key takeaways.

  • Default retention is 30 days across most Claude products, but API logs shrink to 7 days starting 15 September 2025.

  • Anthropic does not use customer data for training unless there is explicit opt-in consent.

  • Zero-Data-Retention (ZDR) mode provides enterprise-grade privacy, instantly deleting logs after abuse checks.

  • Integrations with AWS Bedrock and Google Vertex AI inherit provider logging defaults but remain fully configurable.

  • Memory features give users direct control over persistent data while keeping deletion processes transparent.

  • Long-term storage (2 to 7 years) applies only for policy-flagged prompts and compliance analytics.


Claude’s retention policies now offer granular controls designed to meet consumer expectations, enterprise security needs, and international regulatory frameworks. The upcoming September changes make Claude one of the most privacy-aligned AI platforms available.



____________

FOLLOW US FOR MORE.


DATA STUDIOS


bottom of page