The story told in stalled approval meetings is that AI vendors hide the ball on data. For Claude, the reverse is true. Anthropic's enterprise data retention policy, its training commitments, and its zero-data-retention terms are published pages with URLs. The questions your review keeps circling, where does our code go, who trains on it, how long is it kept, all have answers you can read in an afternoon. Deloitte's 2026 enterprise AI survey of 3,235 senior leaders found only one in five companies has a mature governance model for autonomous AI agents. That gap is organizational. At the vendor-diligence layer, the quarter your team is about to spend debating Claude is a process failure, not a vendor mystery.

One scope note before the checklist. This post covers vendor diligence for one vendor. The broader regulatory picture, the laws and frameworks your organization answers to regardless of which AI you buy, is its own five-layer problem, and I've mapped it separately in the AI compliance stack. Here: one vendor, four questions, and the documents that answer them.

Why a Claude data retention review takes a quarter

The stall is well documented. Cloud Security Alliance research from December 2025 ranks sensitive-data exposure as the leading AI security concern, and found the majority of organizations working from partial guidelines or policies still in development. A Cloudera survey of 1,500 senior IT leaders across 14 countries, fielded in early 2025, reported 53% naming data privacy their biggest AI adoption obstacle. And in an IBM study conducted with Oxford Economics, 59% of 2,000 technology executives called security and compliance the top barrier to scaling AI agents, while 77% say adoption is already outpacing governance.

0 % of companies have a mature governance model for autonomous AI agents (Deloitte, 3,235 leaders)
0 % of IT leaders call data privacy their biggest AI adoption obstacle (Cloudera survey, 1,500 leaders)
0 % of technology executives cite security and compliance as the top barrier to scaling AI agents (IBM)

Notice what none of those numbers measure: vendor secrecy. They measure organizational readiness. None of them is about Claude specifically, either; they describe the climate around your review meeting while saying nothing about the difficulty of the questions on its agenda. The reviews I've watched stall share a shape, and it is not "we asked Anthropic and got silence." It is a recurring meeting with no owner, no question set, no definition of done, where each session surfaces a fresh hypothetical and the safest available decision is to keep deliberating. The root cause is the same one behind the AI rollout that never gets off the ground: nobody designed the process. Once the baseline risks are named, a structured filter beats another open round of what-ifs.

I have some skin in this observation. Hundreds of engineers at the roughly thousand-person enterprise org where I work use Claude Code for daily development, and the same org routes Jira tickets and Confluence pages through Claude all day via its MCP integrations, the connectors that plug Claude into approved internal systems. A ticket-context assembly that took me about two hours by hand takes about two minutes through those connectors. Tools do not reach that footprint with the data questions unanswered. They reach it when someone converts the debate into a checklist and walks it.

So here is the checklist. Scope it first: name the surfaces in play (API, Team, Enterprise, Claude Code) and the data classes that will touch them, because the published answers differ by surface. Then four questions. Each one has a published answer.

Does Anthropic train on your data?

Questions one and two: training use, and retention. As of early June 2026, the published record reads like this.

For commercial surfaces, meaning the Claude API, Team, and Enterprise plans, Anthropic does not use your inputs and outputs to train its models by default. The exclusion is written into the commercial terms. Note the category, though: a contract term binds the vendor legally, while nothing about it can be technically verified from outside. That weakens it as technical proof, not as contractual evidence. If your policy requires technical assurance, pair the term with the SOC 2 report and the ZDR scope below; otherwise it lands where contract terms always land, with counsel, who evaluates them every week. The training question your review is worried about lives on the consumer side: since an August 2025 update to Anthropic's consumer terms, Free, Pro, and Max users choose whether their chats may be used for training. Opting in carries a five-year retention window. Staying out keeps a 30-day default. Commercial accounts were explicitly excluded from that change.

Retention is question two, and it is answered in two short documents. Anthropic's API data-retention documentation maps which features carry which retention treatment, and the commercial retention policy states the default: API inputs and outputs are automatically deleted within 30 days, with named exceptions for longer-retention features you control, zero-data-retention agreements, usage-policy enforcement, and legal holds. Stored or deleted, commercial data stays excluded from training either way.

Before

Consumer: Free, Pro, Max

  • Training is a user choice since August 2025
  • Opted-in chats carry five-year retention
  • Opted-out accounts keep a 30-day default
  • Consumer terms: no DPA, no BAA
After

Commercial: API, Team, Enterprise

  • Inputs and outputs excluded from training by default
  • API inputs and outputs auto-deleted within 30 days
  • DPA available for commercial customers
  • BAA available for Enterprise and the first-party API (not Team)

This is also where the most common misbelief dies. The line I hear in approval meetings, "if our engineers use Claude, Anthropic trains on our code," has been false on the commercial tier the entire time the meeting has been recurring. It survives because the consumer-side headlines from August 2025 were loud and the commercial carve-out was a footnote. Your review can settle it with two documents and a paragraph in the memo.

What zero data retention covers, and the paper trail

Question three is zero data retention, and it deserves a careful read, because it is both better and narrower than the name suggests.

A ZDR agreement means eligible API traffic is not retained at rest. Prompts go in, outputs come out, nothing is stored once the request completes, with one published carve-out I'll come back to: content flagged by safety systems. Two scope notes matter. First, ZDR is an agreement, not a dashboard toggle: Anthropic enables it per organization, through a sales conversation, and the same page lists which products it does and does not apply to. Second, coverage is feature-scoped rather than blanket, so the workloads your team runs need checking against that list, not assuming. Claude Code has its own ZDR documentation for organizations on the API-key or Enterprise path. Reading those two pages is the work. It takes minutes, not meetings.

Question four is the paper trail, the part of diligence your auditors will ask about by name. Anthropic's certification roster and its BAA terms are short documents, current as of this writing:

DocumentWhat it tells youWhere it lives
SOC 2 Type IISecurity controls audited over a monitoring periodTrust Center (trust.anthropic.com)
ISO 27001:2022Certified information-security management systemTrust Center
ISO/IEC 42001:2023AI-specific management standard, certified January 2025Anthropic announcement
HIPAA BAASigned for Enterprise and first-party API, feature-scopedPrivacy Center
DPAData-processing terms for commercial customersPrivacy Center

The principle here is one I apply to AI diligence work generally: the artifact carries the evidence. A signed SOC 2 report answers a question no amount of meeting discussion can. Collect the artifacts, attach them to the memo, and the open-ended debate loses its fuel.

Where an afternoon honestly isn't enough

Now the strongest objection, because the fine print is the part your counsel is paid to find, and on this topic the fine print is genuine.

The afternoon closes the internal debate. It does not finish every workflow. Four limits are documented in the same sources I just cited. ZDR is sales-gated, so if your organization needs it, the afternoon produces a request, not a signed agreement. The retention page that defines ZDR also reserves a carve-out: content flagged by Anthropic's safety systems can be retained for up to two years, ZDR or not, and you cannot audit from outside when that triggers. For a zero-tolerance data policy, that carve-out is a legitimate question for counsel. Third, the BAA. The signing path depends on your plan: a Claude Enterprise admin can sign the BAA directly in admin settings, while self-managed accounts and API use go through sales, which adds calendar time. And Anthropic's BAA terms scope the coverage tightly: the Console and beta features sit outside it, and Claude Code's CLI qualifies only with zero data retention enabled, with the web, remote, and beta variants not covered at all. Fourth, jurisdiction. European data-protection counsel reads the same published documents and still requires an organization-specific transfer impact assessment, because Anthropic is not certified under the EU-U.S. Data Privacy Framework.

And one exposure no vendor document covers: the personal Pro or Max account an employee expenses and quietly points at company material. Those accounts sit on consumer terms. Your afternoon of diligence on the API does nothing for them. That is an internal-policy problem, and it belongs on the memo too.

Here's the honest restatement of the thesis, then. The afternoon of reading does not finish the work. It converts an unbounded debate into a short list of scoped, ownable steps: request ZDR, route the carve-out language to legal, start the BAA clock, commission the transfer impact assessment if you're in the EU, write the personal-account policy. Scoped contract work measured in days and weeks. What it replaces is the quarter of unscoped deliberation, and that trade is the whole argument.

The afternoon agenda

Four questions, four published answers, one page in the memo:

  1. Does Anthropic train on our data? Not on commercial surfaces, by default. Consumer accounts choose.
  2. How long is our data kept? The API data-retention page answers it surface by surface.
  3. Can we get zero data retention? Yes, per organization, through sales, with feature-level scope and a safety carve-out to route past legal.
  4. What's the paper trail? SOC 2 Type II, ISO 27001, ISO 42001, DPA, and a BAA path for Enterprise and the API, collected at the Trust Center.

Your reviewer's template has more rows than these four, and most of them are answered in the same sitting from the same paper trail: the subprocessor list and change-notice rights live in the DPA, data-residency controls in the API docs, breach-notification timing in the DPA, output ownership and indemnity in the commercial terms. Two rows need your own answers rather than Anthropic's: which connectors move data beyond Anthropic (every MCP integration carries its own terms), and which admin controls (single sign-on, audit logs, seat management) will enforce the approved boundary after rollout.

Assign one owner, block one afternoon, and have the memo end with the scoped follow-ups instead of a meeting invite. Once the approval lands, the harder and more interesting work begins, and that work is governing what your teams build with the access.

If the review has already been open for a quarter and you want it scoped by someone who has walked it, a one-hour consultation gets the checklist and the memo skeleton onto your desk in a week. For a wider look at where your organization stands, the AI readiness assessment takes about 15 minutes, and teams that assess early move faster when it's time to build. Or book a fifteen-minute slot and bring the stalled memo.

FAQ

Does Anthropic train on my company's data?

Not on commercial surfaces. For the Claude API, Team, and Enterprise plans, inputs and outputs are excluded from model training by default. The training question lives on the consumer side: since the August 2025 terms update, Free, Pro, and Max users choose whether their chats can be used for training.

What is zero data retention and who can get it?

A zero data retention agreement means eligible Claude API traffic is not retained at rest: prompts and outputs are not stored after the request completes. It is enabled per organization through Anthropic sales rather than a self-serve toggle, coverage is feature-scoped, and content flagged by safety systems can still be retained for up to two years.

Is Claude HIPAA compliant?

Anthropic signs Business Associate Agreements for Claude Enterprise and the first-party API. Consumer plans and Teams are excluded, coverage is feature-scoped (Claude Code's CLI qualifies only with zero data retention enabled), and while a Claude Enterprise admin can sign the BAA in admin settings, self-managed and API paths run through sales.

What certifications does Anthropic hold?

SOC 2 Type I and Type II, ISO 27001:2022, and ISO/IEC 42001:2023, the AI-specific management standard added to the roster in January 2025. The audit reports and compliance documents are collected at Anthropic's Trust Center.

Glossary terms used
Zero data retention