API and data retention

Anthropic's approach to data retention

Different APIs and features have different storage and retention needs. Where an API or feature doesn't require storage of customer prompts or responses, it may be eligible for ZDR. Where an API or feature necessarily requires storage of customer prompts or responses, Anthropic designs for the smallest possible retention footprint. For these features:

• Retained data is never used for model training without your express permission.
• Only what is technically necessary for the API and feature to work is retained. Conversation content (your prompts and Claude's outputs) is never retained unless explicitly noted.
• Data is purged on the shortest practical TTL, and Anthropic aims to give customers control over how long data is retained. What is held, and the retention duration where a specific TTL applies, is documented on each feature's page.

In the feature eligibility table, some features are marked "Yes (qualified)" in the ZDR eligible column. If your organization has a ZDR arrangement, you can use these features with confidence that what Anthropic retains is narrow and is required for optimal performance.

Zero data retention (ZDR) scope

What ZDR covers

• Certain Claude APIs: ZDR applies to the Claude Messages and Token Counting APIs
• Claude Code: ZDR applies when used with Commercial organization API keys or through Claude Enterprise (see Claude Code ZDR docs)

What ZDR does NOT cover

• Console and Workbench: Any usage on Console or Workbench
• Claude consumer products: Claude Free, Pro, or Max plans, including when customers on those plans use Claude's web, desktop, or mobile apps or Claude Code
• Claude Teams and Claude Enterprise: Claude Teams and Claude Enterprise product interfaces are not ZDR-eligible, except for Claude Code when used through Claude Enterprise with ZDR enabled for the organization. For other product interfaces, only Commercial organization API keys are eligible for ZDR.
• Third-party integrations: Data processed by third-party websites, tools, or other integrations is not ZDR-eligible, though some may have similar offerings. When using external services in conjunction with the Claude API, make sure to review those services' data handling practices.

HIPAA readiness

The Claude API supports HIPAA-ready integrations for organizations that handle protected health information (PHI). With a signed BAA and a HIPAA-enabled organization, you can use supported API features to process PHI while supporting your organization's HIPAA compliance.

Previously, organizations that required HIPAA readiness for the Claude API needed to enable ZDR. HIPAA-ready API access removes this requirement and provides a foundation for Anthropic to progressively enable additional features as they are audited for HIPAA readiness.

Getting started

To set up HIPAA-ready API access:

HIPAA readiness scope

What HIPAA readiness covers

• Claude API: HIPAA readiness applies to the Claude API (api.anthropic.com) for eligible features listed in the feature eligibility table.

What HIPAA readiness does NOT cover

• Claude consumer products: Claude Free, Pro, or Max plans
• Console and Workbench: Usage through the Claude Console interface
• Third-party platforms: Claude on AWS Bedrock or Google Cloud Vertex AI (refer to those platforms' compliance documentation)
• Third-party integrations: Data processed by external tools or services connected to your application
• Claude Code: Claude Code is not covered under HIPAA readiness
• Beta features: Features in beta are generally not covered under the BAA unless explicitly listed as eligible in the feature eligibility table

PHI handling guidelines

Protected health information (PHI) includes any individually identifiable health information. In the context of the Claude API, PHI typically appears in:

• Message content (prompts and responses from Claude)
• Attached files (images, PDFs)
• File names and metadata associated with message content

The following fields are not expected to contain PHI under the BAA: workspace names, user information (name, email, phone number), billing data, and support tickets.

Schema and tool definition restrictions

When using structured outputs or tools with strict: true, the API compiles JSON schemas into grammars that are cached separately from message content. These cached schemas do not receive the same PHI protections as prompts and responses.

Do not include PHI in JSON schema definitions. This restriction applies to:

• Schema property names
• enum values
• const values
• pattern regular expressions

Patient-specific information should only appear in message content, where it is protected under HIPAA safeguards.

HIPAA error handling

Your signed BAA is the official source of truth for which features are covered. The API also enforces these restrictions automatically: when a HIPAA-enabled organization sends a request that includes a non-eligible feature, the API returns a 400 error to prevent accidental use of features not covered by your BAA:

{
  "type": "error",
  "error": {
    "type": "invalid_request_error",
    "message": "The requested features are not available for HIPAA-regulated organizations without Zero Data Retention: code_execution."
  }
}

The error message lists the non-eligible features detected in the request. Remove these features from your request and retry.

Feature eligibility

The following table lists which Claude API features are eligible for ZDR and HIPAA readiness arrangements. For HIPAA-enabled organizations, features marked "No" in the HIPAA column are automatically blocked, and requests that include them return a 400 error.

¹ Dynamic filtering is not eligible for ZDR or HIPAA.

² While web fetch is ZDR-eligible, website publishers may retain request data (such as fetched URLs and request metadata) according to their own policies.

³ PHI must not be included in JSON schema definitions. See PHI handling guidelines.

Limitations and exclusions

CORS not supported for ZDR

Cross-Origin Resource Sharing (CORS) is not supported for organizations with ZDR arrangements. If you need to make API calls from browser-based applications, you must:

• Use a backend proxy server to make API calls on behalf of your front end
• Implement your own CORS handling on the proxy server
• Never expose API keys directly in browser JavaScript

Data retention for policy violations and where required by law

Even with ZDR or HIPAA arrangements in place, Anthropic may retain data where required by law or to combat Usage Policy violations and malicious uses of Anthropic's platform. As a result, if a chat or session is flagged for such a violation, Anthropic may retain inputs and outputs for up to 2 years.

Frequently asked questions

Related resources

• Privacy Policy
• Structured outputs
• Prompt caching
• Batch processing
• Files API
• Trust Center