81 Total
14 High severity
50 Medium severity
17 Low severity
Summary

This is Anthropic's consumer Privacy Policy covering how the company collects and uses personal data when individuals use Claude.ai, the Anthropic website, and related consumer services. The policy discloses that Anthropic may use user Inputs and Outputs to train its AI models unless users opt out through account settings, though opt-out does not apply when conversations are flagged for safety review or when users have explicitly submitted feedback about the content. The policy also discloses that in some identity verification contexts, Anthropic collects biometric data including facial geometry templates, which the document acknowledges may be classified as biometric data under applicable law in certain jurisdictions.

Technical / Legal Breakdown

This Privacy Policy, effective July 8, 2026, governs Anthropic's collection, use, disclosure, and processing of personal data for users of its website, Claude.ai, and other consumer-facing services; it expressly excludes data processed on behalf of Enterprise customers, which is governed by separate customer agreements. The agreement states that Anthropic collects identity and contact data, payment information, user Inputs and Outputs, feedback, verification data (including biometric facial geometry templates in some contexts), device and connection information, and usage and log data; and the terms authorize use of Inputs and Outputs for AI model training unless users opt out, with carve-outs permitting such use regardless of opt-out status where content is flagged for safety review or explicitly reported via feedback mechanisms. The policy discloses that verification data may include biometric facial geometry templates, which the document acknowledges may qualify as biometric data in some jurisdictions, and that de-identified Inputs and Outputs may be re-identified to enforce Terms of Service or Usage Policy against specific users when necessary. The document engages GDPR and UK GDPR (with Anthropic Ireland, Limited designated as EEA and UK data controller), CCPA and US state consumer health data laws, Brazil's LGPD, Canada's PIPEDA framework, and the Republic of Korea's Personal Information Protection Act (PIPA) and Act on Promotion of Information and Communications Network Utilization; regional supplemental disclosures are provided for Canada, Brazil, and South Korea, and a separate Consumer Health Data Privacy Policy applies to Washington State and similar jurisdictions. Compliance teams should note the layered opt-out architecture for model training, the re-identification carve-out for policy enforcement, the biometric data collection disclosure, and the cross-border transfer mechanisms relying on Standard Contractual Clauses and adequacy decisions, each of which may require jurisdiction-specific evaluation.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Get Compliance

2 important changes detected

4 versions captured · Last updated: July 2026

What changed Anthropic's privacy policy was updated on July 9, 2026 to add a single introductory sentence describing the company as 'an AI safety and research company working to build reliable, interpretable, and steerable AI systems.' This sentence was removed from its previous location and then reinserted in the document header. The change is editorial and does not alter any substantive privacy rights, data practices, or user obligations.
Why this matters This change has no material impact on consumer privacy rights, data collection practices, or obligations. The updated policy now includes a single introductory sentence identifying Anthropic as an AI safety and research company. This is a purely editorial modification with no changes to how personal data is handled, retained, or shared.
View full change record →
What changed Anthropic updated its Privacy Policy on June 9, 2026, with an effective date of July 8, 2026. The revised policy narrows its scope to clarify that it applies when Anthropic acts as a data controller for consumer services (Claude.ai, Claude Team), but not when it processes data on behalf of enterprise customers whose own data governance controls how their data is handled. The policy also expands the definition of 'Inputs' to explicitly include content submitted through third-party integrations and connected services, and clarifies that personal data or external references in Inputs may be reproduced in Outputs.
Why this matters The updated policy clarifies that it applies when you use Anthropic's consumer services like Claude.ai or Claude Team, but does not govern your data when you access Anthropic products through your employer or an enterprise account. In that case, your employer's or enterprise customer's own data governance policies control how your data is handled. The policy also now explicitly states that personal data or external references included in your inputs to the service may be reproduced in the outputs generated in response.
View full change record →

Featured — High severity
Featured — Medium severity

Complete Provision Index

Every distinct legal provision identified in this document. Featured provisions appear above with analysis.

81 provisions
12 featured
13 clause types
14 high severity
privacy_rights 22
data_sharing 18
data_collection 12
data_usage 8
data_retention 5
acceptable_use 3
liability_limitation 3
ai_automated 2
disclosure_requirements 2
enforcement_actions 2
other 2
contract_terms 1
policy_changes 1

Monitoring

Anthropic has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Get Compliance

Cross-platform context

See how other platforms handle Agentic outputs may affect third-party services and similar clauses.

Compare across platforms →

Mapped Governance Frameworks

CCPA/CPRA
California, USA
View official text ↗
FTC Act Section 5
United States Federal
View official text ↗
GDPR
European Union
View official text ↗
UK GDPR
United Kingdom
View official text ↗

Related Analysis

Privacy · April 14, 2026
Deleted Claude Conversations Aren't Gone for 30 Days

Anthropic is more transparent than most AI companies about data retention. Here's exactly what happens when you delete your data, and how t…

Archival ProvenanceSource & Archival Record
Last Captured July 9, 2026 00:07 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000012
Version ID CA-V-004624
SHA-256 e91b78d120f18b8a635385fb036a9ad6b0135fe530a2e4aadcc4d575da32fca0
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans