Claude Code Is Safe to Use. Here's How.
We read every Anthropic policy document and security disclosure so you don't have to. One toggle, two settings, and you're good.
If you've read our CLI guide, you know we think Claude Code is what business professionals should be using right now. The question we keep getting is: "What happens to my data?"
We read every policy document, privacy center page, and security disclosure Anthropic publishes. Here's what we found.
What Claude Code sends
Claude Code runs on your machine. When it talks to the AI model, your prompts, Claude's responses, and the contents of files Claude reads go to Anthropic's servers. All of it is encrypted in transit.
It does not send your entire hard drive. Only files Claude reads during your session get transmitted. Your databases, running apps, and environment stay local unless you bring them into the conversation yourself.
Every cloud AI tool works this way. The real question is what happens to your data once it gets there.
The one setting that matters
On the Max plan, Anthropic lets you choose whether your data gets used to train future models.
Go to claude.ai/settings. Click Privacy in the left sidebar. At the bottom: "Help improve Claude", described as Allow the use of your chats and coding sessions to train and improve Anthropic AI models.
If it's on (blue), your Claude Code sessions, including file contents, can sit in Anthropic's training pipeline for up to five years.
Turn it off and retention drops to 30 days. Your data is not used for training.
Five-year footprint vs. 30-day footprint. Turn it off.
One caveat: even with it off, Anthropic's privacy policy allows exceptions for safety reviews and feedback you explicitly submit. OpenAI, Google, and Amazon have similar carve-outs. This is industry-standard, not a Claude-specific problem.
Two more things
First: don't use the /bug command during sensitive sessions. It sends your full conversation history to Anthropic, retained for five years. Disable it with DISABLE_BUG_COMMAND=1.
Second: Claude Code connects to Statsig (metrics) and Sentry (error logging) by default. Neither captures code or file paths, but if you want to shut off all non-essential network traffic:
CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1
One toggle, two environment variables. That's the whole list.
"I'm a lawyer. Can I use this?"
Yes. Here's why.
With training turned off on Max, your data is encrypted in transit, retained for 30 days, then deleted. Anthropic staff can't see it unless it gets flagged in a safety review.
Compare that to the tools you already use. Google Workspace retains your data. So does Microsoft 365. Dropbox, iCloud, Zoom, all of them, often longer than 30 days, under similar terms. Lawyers send privileged communications over Gmail every day.
The 30-day retention on Claude Code with training off is no worse than the cloud services your firm already runs on. If you're comfortable emailing a client document through Google Workspace, Claude Code with training disabled is comparable.
The one hard exception is HIPAA. If you handle protected health information, you need a Business Associate Agreement. Anthropic offers BAAs through their Enterprise plan, not consumer plans. That's a regulatory requirement.
For attorney-client privilege, there is no equivalent contractual requirement. Privilege protects the substance of the communication, not the hosting provider. Courts haven't treated AI tools differently from any other SaaS platform.
If you want commercial terms
Anthropic's Team plan has commercial data protections: no training by default, contractual terms available. "Premium" seats include Claude Code at $100/month (annual) or $125/month (monthly).
Two catches. Team requires a minimum of five seats, so $500/month minimum for Claude Code access. And the usage matches the Max $100 tier, not the $200 tier. To get $200-level throughput with commercial protections, you'd need Enterprise or Team with extra usage billed at API rates.
Most professionals are better off on Max at $200/month with training off.
Claude Code asks before it acts
Claude Code does not run unsupervised. It is read-only by default. It asks before editing files or running commands. Every bash command and file write requires your approval. On macOS and Linux, you can lock it to specific directories and network domains.
Use "Ask" or "Plan" mode. Claude Code shows you what it wants to do before doing it. Nothing runs without your approval.
Bottom line
Turn off "Help improve Claude." Set two environment variables. That's the security setup.
Your data is encrypted, kept for 30 days, not used for training, and Claude Code asks permission before it touches anything. That's better than most of the SaaS tools you already pay for.