Every time you paste a document into Claude, you're making a decision about where that data goes. For casual queries, it might not matter. But organizations processing contracts, financial statements, or customer records need to understand exactly what happens to their information.
Anthropic, the company behind Claude, has built different products with substantially different data handling. The free version that millions use daily operates under different rules than the enterprise deployment a Fortune 500 company might run. Understanding these differences is essential before sensitive documents touch any AI system.
The short version: If you need to redact sensitive documents before they reach AI systems, PaperVeil handles that layer. The rest of this article explains where it fits in the broader governance architecture.
The Quick Answer: Does Claude Use Your Data for Training?
It depends on which Claude you're using.
Free Claude (claude.ai): Yes, by default. Anthropic may use your conversations to improve Claude's models. Human reviewers may read conversations flagged by safety systems. You can opt out in settings, but the default is participation in training.
Claude Pro: Same data handling as Free, with priority access and higher limits. Training participation remains the default unless you explicitly opt out.
Claude for Work/Enterprise: No. Data is not used for model training by default. Anthropic provides enterprise-grade protections including Single Sign-On, admin controls, and Data Processing Agreements.
Claude API: No. Customer data is not used for training. Seven-day default log retention as of September 2025. Zero Data Retention (ZDR) addendum available for organizations requiring maximum data isolation.
The difference isn't subtle. A document uploaded to free Claude might contribute to future model improvements. The same document processed through enterprise Claude or the API with ZDR leaves no persistent trace.
How Free Claude Handles Your Data
When you use Claude's free tier at claude.ai, here's what happens:
Conversation storage: Your prompts and Claude's responses are stored on Anthropic's servers. This storage is indefinite unless you manually delete conversations through your account settings.
Training participation: By default, Anthropic may use your conversations to train and improve Claude. This means patterns, phrasing, and information from your prompts could influence future model behavior. Anthropic states they strip identifying information before training use, but the substance of your queries enters their improvement pipeline.
Human review: Conversations flagged by Anthropic's safety and abuse systems may be reviewed by human employees. This is intended to prevent misuse, but it means a person could read your prompts and Claude's responses if something triggers their detection systems.
Opt-out available: You can disable training participation in your account settings. When opted out, Anthropic states they won't use your conversations to improve models. However, conversations may still be stored for abuse monitoring purposes.
No contractual protections: Free users operate under Anthropic's consumer Terms of Service, not a Data Processing Agreement. There's no contractual framework addressing how your data is used as a business input.
For personal queries, research questions, or creative projects, these terms are often acceptable. For business documents, client information, or regulated data, free Claude creates compliance exposure.
How Claude Pro Handles Your Data
Claude Pro costs $20/month and provides priority access, higher usage limits, and early feature access. But the data handling is essentially the same as the free tier.
Training default: Your conversations may be used for training unless you opt out.
Human review: Flagged conversations may be reviewed by Anthropic employees.
No DPA: Pro subscriptions don't include Data Processing Agreements or enterprise contractual terms.
Same storage: Indefinite retention unless manually deleted.
The $20 fee buys capacity and features, not privacy upgrades. Organizations using Pro for business purposes should understand they're operating under consumer-grade data handling.
How Claude Enterprise Handles Your Data
Claude for Work and Claude Enterprise represent a different product category with different data commitments.
No training use: Data is not used for model training by default. This is a firm commitment, not an opt-out setting. Your documents don't influence future Claude versions.
No routine human review: Enterprise conversations aren't reviewed by Anthropic employees for quality improvement. Limited review may occur for serious abuse or safety concerns, but normal business use remains private.
Data Processing Agreement: Organizations can execute a DPA establishing Anthropic as a data processor operating under your instructions. This provides the contractual framework required for regulated industries.
SSO and access controls: Integration with identity providers like Okta, Azure AD, and others. Administrators control who can access Claude and what they can do.
SCIM provisioning: Automated user lifecycle management. When employees join or leave, their Claude access updates automatically.
Audit logging: Enterprise deployments include visibility into who used Claude, when, and for what. This supports compliance requirements and security monitoring.
Custom retention: Organizations can configure how long conversation data is retained, aligned with their own data governance policies.
Security certifications: Anthropic holds SOC 2 Type II certification, ISO 27001:2022, and ISO/IEC 42001:2023 for AI management systems.
The enterprise tier addresses most business requirements for AI data handling. Documents processed through Claude Enterprise stay under organizational control within Anthropic's secured infrastructure.
How the Claude API Handles Your Data
Developers accessing Claude through the API receive the strongest default protections.
No training use: Customer data submitted through the API is not used for training. This is the default behavior without requiring any opt-out.
7-day log retention: As of September 2025, API request logs are retained for 7 days for debugging and abuse prevention, then automatically deleted. This is substantially shorter than indefinite consumer retention.
Zero Data Retention option: Organizations with stringent requirements can execute a ZDR addendum. With ZDR, prompts and responses are not retained beyond the immediate API interaction. No logs, no persistent storage, no retention window.
Programmatic control: API access allows organizations to implement their own preprocessing, filtering, and data handling before anything reaches Anthropic's systems.
Enterprise agreements: API customers can negotiate enterprise terms including DPAs, SLAs, and custom configurations.
For organizations building AI into products or workflows, the API provides the control needed to maintain compliance with data protection requirements.
What Anthropic Can and Cannot Access
Understanding Anthropic's access helps assess risk for different data types.
What Anthropic can access:
- Your prompts and Claude's responses (all tiers)
- Account information and usage metadata
- Conversations flagged by safety systems (subject to human review)
- System logs for debugging and security
What Anthropic commits not to do (Enterprise/API):
- Use your data for model training
- Share your data with third parties (except as required by law)
- Allow routine employee access to conversation content
- Retain data beyond configured periods (with ZDR)
What remains your responsibility:
- Determining whether data is appropriate for AI processing
- Configuring retention and access controls
- Meeting your own regulatory obligations
- Ensuring data entered into Claude is authorized for that use
Anthropic's commitments provide infrastructure-level protection. Compliance with specific regulations like HIPAA, GDPR, or industry requirements remains the customer's responsibility.
Data Residency and Storage Location
As of late 2025, Anthropic's primary infrastructure operates in the United States. Conversations and data are processed and stored in US-based data centers.
For organizations with strict data residency requirements, this is a relevant consideration. European data protection authorities have varying interpretations of whether US-based AI processing is permissible under GDPR. Similar considerations apply under other jurisdictions' data protection laws.
Anthropic has expanded infrastructure presence, but specific data residency guarantees should be confirmed directly based on current offerings.
Retention Periods Across Tiers
| Tier | Default Retention | Training Use | Human Review |
|---|---|---|---|
| Free | Indefinite | Yes (opt-out available) | Flagged conversations |
| Pro | Indefinite | Yes (opt-out available) | Flagged conversations |
| Enterprise | Configurable | No | Limited to abuse |
| API | 7 days | No | Limited to abuse |
| API + ZDR | None | No | Limited to abuse |
The retention difference between indefinite (Free/Pro) and 7 days (API) is significant for organizations managing data lifecycle requirements.
Practical Implications for Different Data Types
Personal documents: Free or Pro tiers are generally appropriate for personal correspondence, creative writing, and general research. Training opt-out recommended if privacy is a concern.
Business documents without PII: Enterprise tier recommended. Protects against training use and provides audit capabilities for compliance.
Documents with customer information: Enterprise with DPA required. Ensure your use case aligns with customer consent and data processing agreements.
Regulated data (healthcare, finance): Enterprise with DPA plus careful evaluation of whether AI processing is permitted under applicable regulations. Consider redaction before processing.
Highly sensitive documents: API with ZDR provides maximum protection. Better approach: redact sensitive content before any AI processing.
The Safest Approach: Remove Sensitive Data First
Regardless of tier, the strongest privacy posture removes sensitive information before it reaches Claude.
Original document with sensitive data
↓
Automated detection of PII, confidential info, trade secrets
↓
Redaction replaces sensitive content with placeholders
↓
Sanitized document processed by Claude
↓
Sensitive information never leaves your control
This approach works across all Claude tiers and addresses the fundamental concern: once data reaches any external system, you're relying on that system's commitments and security. With pre-processing redaction, your sensitive data never leaves your environment.
The workflow enables AI productivity without creating external data exposure. Claude processes the sanitized version, providing value from the document's structure and non-sensitive content. Actual sensitive data stays where you control it.
Questions to Ask Before Processing Documents
Before uploading documents to Claude, consider:
-
What tier am I using? Free/Pro have different handling than Enterprise/API.
-
Is this data appropriate for AI processing? Some information may be restricted by regulation, contract, or policy regardless of Claude's protections.
-
Have I opted out of training? If using Free/Pro with sensitive content, training opt-out is essential.
-
Do I have authorization? Is uploading this data authorized under applicable agreements and policies?
-
What's the retention impact? How long will this data exist on Anthropic's systems?
-
Should I redact first? Could sensitive elements be removed while preserving the document's utility for AI assistance?
Answering these questions before each upload creates a disciplined approach to AI data handling.
Comparing Claude to Alternatives
Claude's data handling is competitive with other major AI providers, but differences exist:
ChatGPT/OpenAI: Similar tiered model. Free versions may train on conversations. Enterprise tiers provide no-training commitments and DPAs.
Google Gemini: Enterprise versions don't train on business data. Consumer versions have training participation similar to Claude.
Microsoft Copilot: Enterprise Copilot doesn't train foundation models on your data. Operates within Microsoft 365 security boundary.
No major AI provider offers no-training-ever commitments at the free tier. The business model of consumer AI depends on data access for improvement. Enterprise tiers across providers converge on similar protections: no training, audit capabilities, contractual frameworks.
Your Next Step
Claude's privacy practices are strong at the enterprise level. For organizations willing to pay for Enterprise or API access, Anthropic provides the infrastructure-level protections that business use requires.
For everyone else, understanding the tier differences is essential. Free and Pro tiers serve millions of users, but they operate under different rules than enterprise products. Using consumer Claude with business data creates compliance exposure that organizations should consciously accept or address.
The safest approach combines appropriate tier selection with pre-processing redaction. Enterprise Claude for the AI capabilities, automated redaction for the sensitive content. This delivers productivity without data exposure.
PaperVeil lets you redact all your sensitive information from PDFs in a simple drag and drop flow. Detect and remove PII, match custom patterns, strip metadata, and generate audit trails. The redaction layer that makes AI document processing actually safe.