Skip to main content

← Back to Library

Claude and Data Safety

This note tackles the data-safety and privacy questions around AI use, with a focus on Claude (Anthropic). I reference it in the classes I teach, and it is the baseline I work from on these matters. One caveat first: this area changes fast. The details below are current to June 2026 and are revised often.

What happens to your data when you prompt Claude

What happens depends on which plan you are on and how it is set up. The line that matters is not free versus paid. On the personal plans, free and paid are treated the same way for data. The real divide is between personal plans, organisational plans, and the developer API.

  • Personal plans (Free, Pro, Max). By default, Anthropic may use your conversations to train its models, and may keep them for up to several years. You can switch model training off in the privacy settings, and this option is available on Free, Pro and Max alike. Anthropic declares that with training off, your data is kept for about thirty days and then deleted. What you cannot get on a personal plan is a "nothing kept" mode, or a formal data-processing agreement covering your data. Paying for Pro or Max buys faster models and higher limits, not stronger privacy. (ChatGPT works the same way: training is on by default on every personal tier, the opt-out is open to all of them, and there is no zero-retention option.)
  • Team or Enterprise. Your data is not used for training, a data-processing agreement is in place, and on Enterprise a genuine no-retention mode is available. This is the safest setup, but these are organisational contracts that need high financial institutional backing, so they are currently out of reach for most researchers.
  • The developer API. This is the pay as you go model. The same high protections apply as for team or enterprise (no training, a data-processing agreement, and a true no-retention mode available on request), and it is accessible to anyone with a credit card. The catch is cost: you pay per use, which for heavy work runs many times more expensive than a flat subscription (heavily subsidised). For the kind of use that I teach, this could amount to thousands of euros a month.

What can be done to mitigate the risks

There is a list of good practices that a researcher can do to mitigate risk:

  • On a personal plan, switch the training setting off.
  • If you can reach the API, or a Team or Enterprise plan through your institution, use it, and turn on no-retention where it is offered.
  • Make a conscious choice about what data you put into the tool. It is strongly advised to keep clearly sensitive or personal data out of it.
  • Anonymise or pseudonymise sensitive data before it goes in.
  • Check your institution's data-classification rules.

Keeping your data portable and local

Beyond any one provider's settings, the most durable protection is to keep your own data in your own hands. The way I work, and what I teach, is to store research data locally in simple, future-proof formats (plain text and Markdown) that any later model or system can still read, rather than locked inside one provider's app. That way your work does not depend on, and cannot be trapped by, whichever AI company you happen to use this year. If this does not stop your data from having to pass through Anthropic's servers, it at least ensures that it stays forever yours, and that in a (hopefully) near future, overall better (because safer, more powerful or cheaper) solutions could be deployed for agentic research.

What cannot be controlled

Some risks cannot be mitigated. Anthropic (like OpenAI) is a US company, so under US law (the CLOUD Act) it can be compelled to hand data to US authorities wherever its servers sit. This is not particular to Claude: the same holds for the US tools most people already use, such as Gmail, Outlook, OneDrive and iCloud.

On European (GDPR) and Swiss (revDSG) law, the honest picture has two layers. At the Enterprise or API level, a compliant setup is available from the major providers, with a data-processing agreement and, where offered, EU or Swiss data residency. It is personal-plan use that stays legally doubtful: regulators have raised concerns, and the only finalised European fine on this (against OpenAI, in Italy) was later annulled by a court, so there is no settled precedent yet. In short, compliance is safer with the right contract, and genuinely unsettled for everyday consumer use.

Why I use Claude Code

Right now, for advanced research and knowledge work, Claude Code (and to a degree Codex from OpenAI) is by far the best tool available. Without it, the kind of AI-assisted research I teach would simply not be possible, or affordable, for most individual researchers. The reasons for that are twofold:

  • The AI models from Claude (Opus) still lead by far the safer alternatives for the most demanding work, whether European providers such as Mistral (French, hosted in the EU) or Infomaniak (Swiss, with data kept in Switzerland), or local models run on your own computer.
  • At least half of the strength of Claude for our use cases is not the models themselves but the harness: the software around the model that constrains and shapes it for your use, lets it read your files, write and produce files for you, write code to help with your tasks, run tools, do online research, and act on your computer for you. The model is the engine; the harness is the rest of the car. Claude Code is that harness.

This may change in the coming years, as local models improve and committed groups build open-source harnesses, or as European sovereign solutions may appear. But for now, it is unfortunately not the case.

Have a question about Sergueï's work? Ask me.

Ask about my services

Answers come from an AI model. Please don't include personal or confidential information.

Hello! I can help you learn about Sergueï's AI services for academics. What would you like to know?