Anthropic has updated its privacy guidance for business customers, clarifying how long it stores data and which commercial products may qualify for zero data retention arrangements.
The company says some customers on its Claude Platform and Claude Code for Enterprise plans may, subject to approval, have agreements under which Anthropic does not store inputs or outputs except when required to comply with law or address misuse and harm. Even in those cases, Anthropic says it continues to keep user safety classifier results to support enforcement of its usage policy.
Anthropic said zero data retention applies only to certain commercial offerings. Those include eligible Anthropic APIs, products that use a customer’s Commercial organization API key, including Claude Code accessed through the API, and Claude Code for Enterprise plans.
The company drew a clear line between those business services and its consumer products. Claude Free, Pro and Max are not included under the business zero-retention arrangements, and the same is true when accounts from those consumer plans use Claude Code.
Anthropic also noted that some models have separate safety-related retention requirements. For so-called Covered Models, the company says limited data retention and review are required as part of its safety work.
Anthropic said zero data retention requests are handled on a per-organization basis and must be reviewed and applied by its sales team. That means companies with multiple organizations need to make sure each one is identified when asking for the setting.
Current and prospective Claude Platform and Claude Code for Enterprise customers can contact Anthropic’s sales team to ask about eligibility. Claude Platform users can also check whether the feature is enabled in their account settings under Privacy Controls and Data retention period.
The company framed the policy as distinct from its default data retention practices, which are described separately in its privacy center. While the new guidance focuses on zero-retention arrangements, it signals that business customers should not assume the same storage terms apply across every Anthropic product.
Anthropic also pointed customers to its business associate agreement, or BAA, for HIPAA-eligible services. The company said the agreement is available only to customers using those services, including customers who qualify for zero data retention.
The BAA comes with configuration requirements and limits on certain features and integrations. Anthropic gave web search as one example of a feature that would not fall under the BAA’s coverage.
The update adds more detail to Anthropic’s handling of business customer data at a time when enterprise AI buyers are paying close attention to storage, privacy and regulatory obligations. For companies evaluating Claude for internal or regulated use cases, the policy makes clear that zero data retention is not automatic. It must be approved, tied to specific eligible products and applied organization by organization.
Anthropic’s privacy center says the arrangement is intended for commercial customers under specific terms, while some categories of data may still be kept for safety and compliance purposes. That distinction is likely to matter for enterprise users weighing privacy requirements against the operational benefits of using Anthropic’s models and developer tools.