If your team uses a commercial Claude plan (Team, Enterprise, Work, or the API), Anthropic does not train its models on your business content, you own what you put in and what comes out, and it is written into the contract. The one thing that changes the answer is the account type: a personal Claude account follows different, weaker rules.
I was in a room full of business leaders this week at the Anthropic community event, and one question came up before any other. Not what AI can do, not what it costs, just this: if I put our real company work into Claude, where does it go, and who gets to keep it?
It is the right question to ask first. And it deserves a straight answer instead of a marketing slide.
So here is the straight answer, and then I will show you how to check every piece of it yourself, because you should never take a vendor's word on this, including a vendor as careful as Anthropic.
The short version
If your team is on a commercial Claude plan, your data carries the protections leaders ask about first. Anthropic does not train its models on your inputs or outputs by default, the data is encrypted in transit and at rest, your organization controls what its users submit, you get deletion controls, and outside firms certify the security setup. Most of that is written into a contract you can open and read today.
If your team is typing company work into personal Claude accounts, the answer is different, and that is the piece worth checking before you go any further.
That split is the whole ballgame, so start there.
First question: which Claude are you actually using?
Anthropic runs two worlds with two sets of rules.
Commercial Claude covers Claude for Work (the Team and Enterprise plans), Claude for Education, Claude for Government, and API access (including through Amazon Bedrock and Google Cloud's Vertex AI). This is the business side, governed by Anthropic's Commercial Terms.
Consumer Claude covers the personal accounts: Claude Free, Pro, and Max that a person signs up for with their own email. This is governed by the Consumer Terms, and the rules there are not the same.
The difference is real. In August 2025, Anthropic changed the consumer rules for Free, Pro, and Max accounts. Consumer users are now asked whether to let their chats and coding sessions help improve Claude. If that setting is on, Anthropic can use new or resumed chats and coding sessions for training, and the related retention can run up to five years. The commercial side was explicitly left out of that change.
How long Anthropic can retain a consumer user's chats for training if a personal Free, Pro, or Max account has model improvement turned on. The commercial plans were left out of that 2025 change.
Source: Anthropic Consumer Terms, 2025So when someone asks "is my business data safe with Claude," the honest reply is a question back: which plan are you on? Get that right and the rest falls into place.
Claim 1: Anthropic does not train on your business content
This was the first card on Anthropic's own slide, and it holds up.
Open the Commercial Terms of Service and you find this line in Section B: "Anthropic may not train models on Customer Content from Services." The same section settles ownership in plain words: "Customer retains all rights to its Inputs, and owns its Outputs." Anthropic even assigns you its own rights to the outputs. What you put in is yours. What comes out is yours.
Anthropic may not train models on Customer Content from Services.
Anthropic's privacy center says the same thing in everyday language: "By default, we will not use your inputs or outputs from our commercial products to train our models."
Two honest footnotes, because a guide gives you the whole picture:
First, there is one way to opt in on the commercial side. If a user clicks the thumbs up or thumbs down on a response, or files a bug report, Anthropic can keep that specific conversation for up to five years and use it to improve the model. They strip your user and customer IDs off it first. If you would rather none of that happen, an admin can switch off the rating feature in your organization's settings.
Second, the no-training promise lives on the commercial plans. On a personal Free, Pro, or Max account, the rules are different. If the user has allowed model improvement, Anthropic can use new or resumed chats and coding sessions for training, and those sessions may be retained for up to five years. Anyone should check their data privacy settings before putting company work into a personal account. Same company, same Claude, different contract.
How to verify it yourself: read Section B of the Commercial Terms at anthropic.com/legal/commercial-terms. It is one paragraph. You do not need a lawyer to follow it.
Claim 2: your data is encrypted, isolated, and yours to delete
The second card said "encrypted and isolated, never sold, deletable on request." Each part checks out.
Encrypted. Anthropic's privacy center states your data is encrypted in transit using TLS and at rest using 256-bit AES encryption. For the API, prompts and outputs travel over TLS 1.2 or higher. That is the same class of protection a bank uses.
Isolated. Your organization controls the data its users submit, and Anthropic says it processes that data on your behalf to provide the service. By default its employees cannot read your conversations. Access requires either your explicit permission or a review flagged under the Usage Policy.
Never sold. Anthropic states plainly that it does not sell your data to third parties.
Deletable, with the details depending on the product. API inputs and outputs are generally deleted from backend systems within 30 days. Claude for Work and Enterprise keep your chats so you can continue conversations, and when you delete one, Anthropic says it leaves your visible history right away and backend storage within 30 days. Exceptions apply for legal holds, Usage Policy enforcement, and any feedback you submitted.
There is also a stronger tier for sensitive work. Some Claude API and Claude Code Enterprise customers can request a Zero Data Retention arrangement, subject to Anthropic's approval. Where it applies, your conversations are not stored after the request is processed. Approval is required, and it still leaves room for a few retention exceptions, such as legal, misuse, harm, and safety-classifier requirements.
How to verify it yourself: the encryption and protection details are written up at Anthropic's privacy center under "How does Anthropic protect the personal data of Claude users." If you need Zero Data Retention, your Anthropic contact can walk you through the addendum.
Claim 3: outside firms certify all of this
The third card said "SOC 2 and ISO 27001, audited yearly." This one holds up, and Anthropic actually undersold itself on the slide.
Here is the full list of what Anthropic maintains, straight from its own certifications page:
- SOC 2 Type I and Type II. The Type II is the meaningful one. It means an outside firm watched the controls operate over a stretch of time, not just on a single day.
- ISO 27001:2022, the international standard for information security management.
- ISO/IEC 42001:2023, the newer standard built specifically for managing AI systems. This is the one the slide left off, and it is the most interesting of the set, because it speaks to how the AI itself is governed, not just the servers it runs on.
- HIPAA-ready configuration, with a Business Associate Agreement available for healthcare work.
An audit you cannot see is just another promise. So the useful part is this: the certifications live at trust.anthropic.com, and the full SOC 2 report is available to enterprise customers under a non-disclosure agreement. You can ask for it.
How to verify it yourself: go to trust.anthropic.com. If your security team wants the SOC 2 report before you sign, request it through your Anthropic contact. A vendor that hands it over is telling you something. A vendor that stalls is telling you something too.
The real risk hides in Shadow AI
Good companies get caught by this one.
You can put your business on a locked-down Enterprise plan, sign the contract, file the SOC 2 report, and still have your data sitting under the weaker consumer rules. How? Because someone on your team got impatient, opened a personal Claude Pro account, and started pasting client work into it to get through a deadline.
The industry has a name for this now: Shadow AI. It is employees using personal AI accounts for company work, outside whatever protections the business set up. And it is common, because the tools are good and the friction to sign up is almost zero.
The fix is not a crackdown. People reach for personal accounts when the sanctioned option is slow or missing. The fix is to make the safe path the easy path: put your team on a commercial plan, tell them which account to use, and tell them why. People walk through the protected door once they know where it is.
What to do this week
You do not need a committee for this. Three steps, and you will know exactly where you stand.
- Find out which plan your team is actually on. Commercial means Team, Enterprise, Claude for Work, or API. Consumer means a personal Free, Pro, or Max account. If you are not sure, you are probably mixed, and that is worth knowing.
- Move company work onto a commercial plan. If anyone is using a personal account for real work, that is the first thing to fix. As a stopgap until they switch, have them turn off "Help improve Claude" in their privacy settings so their chats stop feeding training.
- Pull the receipts. Spend ten minutes at trust.anthropic.com and read Section B of the Commercial Terms. If your security team wants the SOC 2 report, request it. Now your answer to the data question is based on what you read, not what a slide told you.
The skill underneath the answer
Notice what we just did. We did not trust the slide, and we did not dismiss it either. We took each claim and traced it back to a contract, a certification, a primary source you can open in a browser. That habit, questioning the claim and checking it at the root, is the difference between someone who merely uses AI and someone a company can trust to run it.
In The 7 Levels of AI Proficiency, that skill shows up early and never leaves. It is the same instinct whether you are reading a vendor's data policy or checking an AI's answer before you send it to a client. The tools will keep changing. The habit of verifying the source is what keeps you safe through all of it.
Your business data can be safe with Claude. On the right plan, it already is, and you can prove it to yourself in an afternoon. The only real work is making sure your whole team is walking through the protected door, not the personal one.
Sources
- Anthropic, Commercial Terms of Service (Section B: training restriction and ownership of Inputs and Outputs; destruction clause)
- Anthropic Privacy Center, "Is my data used for model training?" (commercial default; feedback opt-in and five-year retention)
- Anthropic, "Updates to our Consumer Terms and Privacy Policy" (August 2025 consumer training change; commercial products excluded)
- Anthropic Privacy Center, "I have a Zero Data Retention agreement. What products does it apply to?" (ZDR eligibility and exceptions)
- Anthropic Privacy Center, "How does Anthropic protect the personal data of Claude users?" (TLS in transit, 256-bit AES at rest, access controls)
- Anthropic Privacy Center, "What certifications has Anthropic obtained?" (SOC 2 Type I and II, ISO 27001:2022, ISO/IEC 42001:2023, HIPAA)
- Anthropic Trust Center (certifications and compliance documentation, SOC 2 report on request)
Related reading: Level 3: The Lieutenant (Critical Thinker).
Frequently Asked Questions
Is my business data safe with Claude?
Yes, on a commercial plan. Anthropic does not train on your business content by default, encrypts your data in transit (TLS) and at rest (256-bit AES), processes it on your behalf as your data processor, does not sell it, and gives you deletion controls. The protections are backed by SOC 2 Type II, ISO 27001, and ISO 42001 certifications, and they are written into the Commercial Terms.
Does Claude train on my data?
It depends on your account type. On commercial plans (Team, Enterprise, Claude for Work, and the API), Anthropic does not train on your inputs or outputs by default, and its Commercial Terms state that "Anthropic may not train models on Customer Content from Services." On personal accounts (Free, Pro, Max), Anthropic may use your chats and coding sessions for training if you have allowed model improvement, if a conversation is flagged for safety review, or if you otherwise opt in.
Can companies use Claude securely?
Yes. Commercial Claude is built for it: no default training on your data, encryption, data-processor handling, deletion controls, and independent certifications (SOC 2 Type II, ISO 27001, ISO 42001). Some Claude API and Claude Code Enterprise customers can also request Zero Data Retention, subject to approval. The biggest risk is Shadow AI, where employees use personal accounts for company work and fall under the weaker consumer rules.
Find your AI Proficiency level
The free 7 Levels assessment places you across seven stages of AI capability. Under ten minutes. Research-backed scoring.