What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This policy engages GDPR (European Parliament and Council Regulation 2016/679), enforced by EU Member State supervisory authorities; CCPA and CPRA, enforced by the California Privacy Protection Agency and California AG; Brazilian LGPD, enforced by the ANPD; Canadian PIPEDA and provincial equivalents; South Korean PIPA; and Washington State My Health MY Data Act for health data integrations. The opt-out carve-out permitting continued model training use of safety-flagged…

How does Anthropic's Anthropic Privacy Policy affect users?

The policy states that Inputs (your messages to Claude) and Outputs (Claude's responses) may be used to train Anthropic's AI models, and that this use continues even after opting out if the conversation is flagged for safety review or if you have explicitly submitted feedback about it. Device identifiers, IP address-derived location data, browsing activity, and usage information are also collected automatically. You can opt out of conversation use for model training by accessing your account se…

How often is Anthropic's Anthropic Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Anthropic updates this document?

Yes. Watcher subscribers ($9.99/month) can add Anthropic to their watchlist and receive same-day email alerts whenever this document or any other Anthropic document changes.

CA-D-000012

Anthropic Privacy Policy

Anthropic

Last change detected March 11, 2026 Privacy policy

SHA-256: ee8bf5f00852036a0be… 2 versions captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Anthropic ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

0 High severity

4 Medium severity

6 Low severity

Summary

This is Anthropic's Privacy Policy for users of Claude.ai and related consumer products, explaining what personal data Anthropic collects and how it is used. When you use Claude, Anthropic collects your chat messages (Inputs and Outputs), device identifiers, IP address, browsing activity within the service, and payment information, and the policy states these may be used to train AI models unless you opt out in your account settings. You can opt out of having your conversations used for model training by visiting your Claude.ai account settings, though conversations flagged for safety review may still be used for training regardless of your opt-out preference.

Technical / Legal Breakdown

This Privacy Policy, effective January 12, 2026, governs Anthropic's collection, use, disclosure, and processing of personal data when Anthropic acts as a data controller across its consumer-facing Services (including Claude.ai) and Commercial Services (including Claude Team plan); it expressly excludes scenarios where Anthropic acts as a data processor on behalf of commercial customers. The policy states that Inputs (prompts), Outputs (AI responses), device identifiers, browsing activity, IP address-derived location data, and usage information are collected; the terms authorize use of Inputs and Outputs to train AI models unless users opt out, with a carve-out permitting training use even after opt-out when conversations are flagged for safety review or explicitly reported via feedback mechanisms. The opt-out carve-out for safety-flagged conversations is operationally distinct in that it permits continued model training use of user content without user consent in circumstances defined unilaterally by Anthropic, which may require evaluation under GDPR lawful basis requirements and CCPA-equivalent frameworks depending on jurisdiction. The policy engages GDPR (for EEA users), CCPA and California privacy statutes, Brazilian LGPD, Canadian PIPEDA or provincial equivalents, South Korean PIPA, and Washington State consumer health data law; regional supplemental disclosures are provided for Canada, Brazil, and the Republic of Korea, and a separate Consumer Health Data Privacy Policy applies to Washington State users who integrate third-party health applications.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

Medium — 4 provisions

Model Training Opt-Out with Safety-Flagging Carve-Out Compare →

Anthropic may use your chat messages to train its AI, but you can turn this off in settings. However, even after opting out, if a conversation gets flagged for safety reasons or you reported it yourself, it can still be used for training.

Added May 12, 2026 Common Seen across 104 platforms
Controller vs Processor Scope Limitation Compare →

If your employer or a third-party app gave you access to Claude, this privacy policy may not apply to you; instead, your employer's or that app's privacy policy governs how your data is handled.

Added May 10, 2026 Standard Seen across 189 platforms
Automatic Collection of Device and Location Data Compare →

When you use Claude, Anthropic automatically receives technical details about your device, your approximate location (derived from your IP address), advertising identifiers, and how you use the service.

Added May 12, 2026 Standard Seen across 251 platforms
Training Data Collection from Third-Party Sources Including Internet Scraping Compare →

Anthropic uses publicly available internet data, commercially licensed datasets, and user conversations to train its AI models. This means information about you that exists online could potentially be part of the training data even if you have never used Anthropic's products.

Added May 12, 2026 Standard Seen across 251 platforms

Low — 6 provisions

Feedback Triggers Full Conversation Storage Compare →

When you click the thumbs up or thumbs down button on a Claude response, Anthropic stores your entire conversation, not just the message you rated.

Added April 4, 2026 Standard Seen across 223 platforms
Conversation Deletion with 30-Day Back-End Retention Compare →

When you delete a conversation in Claude, it disappears from your view right away, but Anthropic's systems retain it for up to 30 more days before it is fully deleted.

Added May 12, 2026 Standard Seen across 223 platforms
Corporate Transaction Data Transfer Compare →

If Anthropic is sold, merges with another company, or goes through bankruptcy, your personal data may be transferred to the new owner or involved parties as part of that transaction.

Added May 12, 2026 Standard Seen across 246 platforms
Age Restriction and Children's Data Compare →

Anthropic's services are for users 18 and older. If a user under 18 provides personal data, Anthropic states it will delete that information once it becomes aware of it.

Added May 12, 2026 Standard Seen across 262 platforms
User Rights and Exercising Deletion, Access, and Correction Compare →

You can request access to, deletion of, or correction of your personal data by emailing privacy@anthropic.com. Anthropic will verify your identity before processing the request and states it will not penalize you for exercising these rights.

Added May 12, 2026 Standard Seen across 223 platforms
No Sale of Personal Data and Targeted Advertising Limitation Compare →

Anthropic states it does not sell your personal data as defined under privacy laws. You can opt out of having your data used to show you targeted ads for Anthropic's own products.

Added May 12, 2026 Standard Seen across 189 platforms