Anthropic updated its Privacy Policy on June 9, 2026, with an effective date of July 8, 2026. The revised policy narrows its scope to clarify that it applies when Anthropic acts as a data controller for consumer services (Claude.ai, Claude Team), but not when it processes data on behalf of enterprise customers whose own data governance controls how their data is handled. The policy also expands the definition of 'Inputs' to explicitly include content submitted through third-party integrations and connected services, and clarifies that personal data or external references in Inputs may be reproduced in Outputs.
The updated policy clarifies that it applies when you use Anthropic's consumer services like Claude.ai or Claude Team, but does not govern your data when you access Anthropic products through your employer or an enterprise account. In that case, your employer's or enterprise customer's own data governance policies control how your data is handled. The policy also now explicitly states that personal data or external references included in your inputs to the service may be reproduced in the outputs generated in response.
The updated policy clarifies an important boundary: Anthropic's stated data practices apply only when you use consumer services directly, not when your organization provisions access through an enterprise account. This helps users and enterprise customers understand which governance framework applies to their data.
Policy explicitly states it does not apply to data Anthropic processes on behalf of business customers; their customer agreements govern.
Inputs now explicitly include content submitted through third-party applications, services, and integrations.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
The updated policy clarifies scope boundaries by distinguishing between consumer services (where Anthropic is the data controller) and enterprise/business offerings (where the customer is the controller). This does not create new obligations but rather clarifies the existing allocation of responsibility. Organizations providing Anthropic access to their employees should confirm their own data governance documentation references this allocation and that it is reflected in their privacy notices to end users. No new regulatory exposure is created by this clarification.
GDPR, CCPA, UK GDPR, regulations requiring clear allocation of data controller responsibility
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002757.
On July 9, 2026, Anthropic modified its Privacy Policy by removing a sentence that described the company as 'an AI …
Anthropic's privacy policy was updated on July 9, 2026 to add a single introductory sentence describing the company as 'an …
Anthropic updated its Privacy Policy effective July 8, 2026 with revisions to the scope of coverage and data categories. The …
Anthropic is more transparent than most AI companies about data retention. Here's exactly what happens when you delete your data, and how t…
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them t…
ConductAtlas tracked the restructuring, new disclosures, and entity changes that followed the largest privacy fine in EU history.
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 352+ platforms every Sunday.