Security & Privacy

Last verified: 13 February 2026 | Applies to: All plans

In 30 seconds

Claude handles data differently depending on which feature you use. Chat conversations are processed on Anthropic’s servers. Cowork runs in a sandboxed environment on your computer. Connectors authenticate via OAuth — no passwords are shared with Claude. Understanding what goes where is essential before connecting business tools or processing sensitive data.

How data flows by feature

Feature	Where it runs	What data leaves your machine	What stays local
Chat	Anthropic’s servers	Your messages and Claude’s responses	Nothing — it’s cloud-based
Cowork	Sandboxed environment on your computer	Task instructions sent to Anthropic for processing	Files in your selected folder stay local
Plugins	Within Cowork (your computer)	Same as Cowork — instructions processed by Anthropic	Plugin files, your data files
Connectors	Anthropic’s servers (MCP protocol)	OAuth tokens, tool queries and responses	Nothing — cloud-based
Claude in Chrome	Your browser + Anthropic’s servers	Page content Claude reads, actions Claude takes	Browser data itself
Code tab	Your computer + Anthropic’s servers	Code and instructions sent for processing	Your codebase files

What operators need to know

Chat conversations: Your messages are sent to Anthropic’s servers for processing. On paid plans, Anthropic states that your conversations are not used to train models. On the Free plan, conversations may be used for training unless you opt out.

Cowork data handling: Cowork gives Claude access to a specific folder on your computer. Files stay on your machine — Claude reads them locally in the sandbox. However, the instructions and context are sent to Anthropic’s servers for processing. This means Claude needs to send information about your files to generate responses, but the files themselves aren’t uploaded or stored.

Connector authentication: Connectors use OAuth — the standard “Sign in with…” flow. You authenticate directly with each tool (Slack, Asana, etc.). Your passwords are never shared with Claude. Claude receives scoped access tokens that can be revoked at any time.

Enterprise gap — Cowork audit trail: Cowork conversation history is stored locally on your machine. It is not captured in Audit Logs, the Compliance API, or Data Exports. This is a significant gap for operators in regulated industries or organisations that require comprehensive audit trails. If compliance requires a record of all AI interactions, be aware that Cowork sessions fall outside the enterprise logging perimeter.

Key security features by plan

Feature	Free/Pro/Max	Team	Enterprise
Conversations not used for training	Paid plans only	✓	✓
Admin controls	—	✓	✓
SSO / SCIM	—	—	✓
Audit logs	—	—	✓
Compliance API	—	—	✓
Data exports	—	—	✓
Custom data retention	—	—	✓

Practical recommendations

Before connecting business tools:

Review what permissions each connector requests (read-only vs read-write)
Start with read-only access until you’re comfortable
Use a test account or sandbox environment for initial setup if available

For sensitive data processing:

Prefer Cowork over Chat for sensitive documents — files stay on your machine
Be mindful that instructions and context still travel to Anthropic’s servers
If full data residency is required, discuss options with Anthropic’s Enterprise team

For team deployments:

Team plan provides admin controls but not full audit logging
Enterprise plan is required for SSO, SCIM, audit logs, and compliance API
Cowork sessions are not captured by enterprise logging regardless of plan — factor this into your compliance assessment

Enterprise Security & Compliance — enterprise-specific security controls
Connectors — how MCP handles authentication
Audit & Compliance — enterprise logging and compliance tools
Cowork — understanding the sandboxed environment

Something wrong or outdated? Let us know →

Get weekly workflows — subscribe to the newsletter.