Last verified: June 13, 2026
Anthropic publishes a defined compliance posture for Claude: it holds SOC 2 Type I and Type II, ISO 27001:2022, and ISO/IEC 42001:2023 credentials; it will sign a Business Associate Agreement (BAA) covering HIPAA-ready services such as the first-party API and Enterprise plans; by default it does not train models on data sent under its commercial terms; and it offers a zero-data-retention (ZDR) arrangement on the Messages and Token Counting APIs. The hard part for buyers is the per-surface boundary — what the BAA covers, which features are blocked under ZDR or HIPAA, how long data is kept, and where it can be processed. Every figure below is drawn from Anthropic’s own trust, privacy, and developer documentation, with sources at the bottom. Eligibility, feature lists, and durations change; treat your signed contract and the live Trust Center as the controlling sources.
Certifications and attestations
Anthropic’s help center lists the following compliance credentials for its commercial products (Claude for Work and the Anthropic API). It directs customers to the Trust Portal at trust.anthropic.com to request copies of the underlying reports and certificates.
| Credential | Status as described by Anthropic | Scope |
|---|---|---|
| SOC 2 Type I & Type II | Listed as held | Commercial products (Claude for Work, Anthropic API) |
| ISO 27001:2022 | Certified | Information Security Management |
| ISO/IEC 42001:2023 | Certified (issued by Schellman Compliance, LLC, accredited by the ANSI National Accreditation Board) | AI Management Systems |
| HIPAA | “HIPAA-ready configuration (BAA available)” | See BAA section |
Anthropic describes itself as “one of the first frontier AI labs” to achieve ISO/IEC 42001:2023 certification, in an announcement dated January 13, 2025. The help-center certifications list does not mention ISO 27017, ISO 27018, FedRAMP, or CSA STAR; those are left out here rather than asserted. GDPR and CCPA are handled through Anthropic’s privacy program and customer agreements rather than as line-item “certifications” (see GDPR section).
HIPAA and the BAA: covered by product surface
Anthropic states it “provides a Business Associate Agreement (BAA) covering our HIPAA-ready services, such as use of our first-party API or Enterprise plans.” HIPAA readiness is enforced at the organization level: Anthropic provisions a dedicated HIPAA-enabled organization that automatically blocks non-eligible features. To process protected health information (PHI) on the API, an administrator must sign the BAA and contact sales to enable it; for Enterprise, an admin activates HIPAA compliance in the Claude Enterprise admin settings under “Data & Privacy” and signs the BAA there.
| Surface | BAA / HIPAA-ready coverage |
|---|---|
| First-party Claude API (Messages API) | Covered as an Eligible Service (admin signs BAA, then contact sales) |
| Claude Enterprise | Covered once an admin activates HIPAA compliance and signs the BAA |
| Workbench and Console | Not covered |
| Claude Free, Pro, Max, Team | Not covered |
| Cowork | Not covered |
| Claude Code | Not covered under HIPAA readiness |
| Amazon Bedrock / Vertex AI | Not covered (cloud provider is the data processor; see those platforms) |
| Claude Platform on AWS / Microsoft Foundry | HIPAA readiness not available |
| Beta features (e.g., Claude in Office, Claude Design) | Generally not covered unless explicitly listed as eligible |
Within the API, only a subset of features is HIPAA-eligible. Anthropic enforces this in code: a HIPAA-enabled organization that sends a non-eligible feature gets a 400 invalid_request_error naming the blocked feature. Anthropic states your signed BAA is the official source of truth for what is covered.
| API feature | HIPAA-eligible |
|---|---|
Messages API (/v1/messages) |
Yes |
| Token counting | Yes |
| Web search | Yes (dynamic filtering not eligible) |
| Prompt caching, structured outputs, extended/adaptive thinking, citations, 1M context, PDF (inline), data residency, effort, fast mode, bash & text-editor tools, memory tool | Yes |
| Web fetch, computer use, advisor tool, context management (compaction / editing), tool search, cache diagnostics | No |
| Code execution, programmatic tool calling | No |
| Batch API, Files API, Agent Skills, MCP connector, Claude Managed Agents, MCP tunnels | No |
PHI must appear only in message content, attached files, or related file names/metadata — never in JSON schema definitions (property names, enum/const values, or pattern regexes), because compiled schemas are cached separately and do not receive the same PHI protections. Anthropic notes workspace names, user contact details, billing data, and support tickets are not expected to contain PHI under the BAA.
Data retention (commercial default)
Under Anthropic’s commercial data retention policy, conversation content is not retained by default for the API, and API inputs and outputs are automatically deleted on the backend within 30 days of receipt or generation. For interface products such as Claude for Work, data persists until you delete it, after which it is removed from backend storage within 30 days. Two exceptions extend retention regardless of arrangement.
| Data type / event | Retention |
|---|---|
| API inputs and outputs (default) | Auto-deleted within 30 days |
| Deleted conversation content (Claude for Work) | Removed from backend within 30 days |
| Inputs/outputs for a chat flagged as a Usage Policy violation | Up to 2 years |
| Trust & safety classification scores (flagged chat) | Up to 7 years |
| Data tied to feedback you submit (thumbs up/down, bug report) | 5 years |
Zero data retention (ZDR)
With a ZDR arrangement, customer data is not stored at rest after the API response is returned, except where needed to comply with law or combat misuse. ZDR is requested through Anthropic sales and enabled per organization — it does not carry over automatically to new organizations under the same account. Even under ZDR, Anthropic retains User Safety classifier results, and may retain inputs and outputs for up to 2 years if a chat or session is flagged for a Usage Policy violation. CORS is not supported for ZDR organizations, so browser apps must call through a backend proxy.
| Surface | ZDR coverage |
|---|---|
| Claude Messages API & Token Counting API | Eligible |
| Claude Code (Commercial org API keys, or via Claude Enterprise with ZDR enabled) | Eligible |
| Console and Workbench | Not eligible |
| Claude Teams & Claude Enterprise interfaces | Not eligible (except Claude Code via Enterprise with ZDR on) |
| Claude Free, Pro, Max | Not eligible |
| Claude Managed Agents | Not eligible (stateful; delete transcripts manually) |
| Batch API, Files API, code execution, Agent Skills, MCP connector | Not eligible |
| Third-party integrations | Not eligible |
A handful of ZDR-eligible features are marked “Yes (qualified)” — structured outputs and cache diagnostics — meaning Anthropic retains a narrow, documented set of technical data (for example, a cached JSON schema for up to 24 hours since last use) rather than your prompts or Claude’s outputs.
Model-training policy and Covered Models
Anthropic’s Privacy Policy states it does not apply to content processed on behalf of business customers; that data is governed by the customer agreement. For the API specifically, Anthropic states retained data is never used for model training without your express permission. Anthropic’s consumer-terms update confirms the data-use changes “do not apply to services under our Commercial Terms,” including Claude for Work, Claude for Government, Claude for Education, and API use (including via Amazon Bedrock and Google Cloud’s Vertex AI). Training on commercial data happens only if a customer explicitly opts in (for example, the Development Partner Program).
One model-specific exception affects retention, not training: Claude Fable 5 and Claude Mythos 5 are designated Covered Models and require 30-day data retention. ZDR is not available for these two models; a request to either from an organization whose retention configuration doesn’t meet the requirement returns a 400 invalid_request_error. Organizations with ZDR can turn on 30-day retention for a single workspace (Console > Settings > Workspaces > Privacy controls) to use those models there while keeping ZDR elsewhere. On Bedrock, Vertex AI, and Microsoft Foundry, retention requirements for these models are set by each platform.
GDPR, data residency, and international transfers
For users in the EEA, UK, or Switzerland, the data controller is Anthropic Ireland, Limited; elsewhere it is Anthropic PBC. Where the EU or UK GDPR applies, Anthropic responds to verifiable data-subject requests within one calendar month. For transfers to countries without an adequacy decision, Anthropic relies on standard contractual clauses, and publishes its subprocessors at anthropic.com/subprocessors.
On data residency, the Claude API exposes two independent controls. inference_geo sets where inference runs per request — values are "global" (default) or "us" — and is supported on Claude Opus 4.6, Sonnet 4.6, and later (older models return a 400). Workspace geo controls where data is stored at rest and where endpoint processing happens; it is set at workspace creation and cannot be changed afterward. Per Anthropic’s documentation, "us" is currently the only available workspace geo, and only "us" and "global" inference geos are available — so there is currently no EU-resident storage option at the workspace level. US-only inference is priced at 1.1x the standard rate on supported models. Data residency is available on the Claude API (first-party) and Claude Platform on AWS; on Bedrock and Vertex AI the region is set by the endpoint or inference profile.
Does Anthropic train its models on my API or commercial data?
No, not by default. Anthropic’s Privacy Policy excludes business-customer content (governed by your customer agreement), and for the API it states retained data is never used for training without your express permission. The consumer data-use changes explicitly do not apply to Commercial Terms services. Training on commercial data requires an explicit opt-in.
Will Anthropic sign a BAA, and for what?
Yes. Anthropic signs a BAA covering HIPAA-ready services such as the first-party API and Enterprise plans. The Messages API is covered as an Eligible Service. It does not cover Workbench/Console, Free/Pro/Max/Team, Cowork, Claude Code, or beta features unless explicitly listed. An admin must sign the BAA and enable HIPAA readiness; the organization then auto-blocks non-eligible features.
What’s the difference between ZDR and HIPAA readiness?
Per Anthropic, ZDR prevents customer data from being stored at rest after the API response. HIPAA readiness is a broader set of safeguards (encryption, access controls, audit logging) that protect PHI throughout its lifecycle and lets data be retained with safeguards rather than deleted immediately. Anthropic states you do not also need ZDR if you have HIPAA readiness.
How long does Anthropic keep my data?
By default, API inputs and outputs are auto-deleted within 30 days. If a chat is flagged as a Usage Policy violation, inputs/outputs may be retained up to 2 years and trust & safety classification scores up to 7 years. Data tied to feedback you submit is kept 5 years. ZDR removes the default at-rest storage but does not remove the law/misuse exceptions.
Can I keep Claude inference and data in the EU?
Not at rest currently. The API’s inference_geo can pin inference to "us" or run "global", but Anthropic’s documentation lists "us" as the only available workspace geo (storage region). EU/UK data-subject rights and standard contractual clauses apply regardless, but an EU storage-residency option is not currently offered at the workspace level per the docs verified here.
Leave a Reply