agentsSource-backedReview first Safety ✓ Privacy ✓
Zero Data Retention Compliance Agent
Community reusable agent prompt for mapping Claude Code deployments to zero data retention requirements using official ZDR docs: logging boundaries, MCP data flows, session storage, and compliance evidence checklists for security review.
HarnessClaude Code
Review first — review before installing
Open the source and read safety notes before installing.
Safety notes
- ZDR compliance is organizational; this agent produces checklists, not legal determinations.
- Third-party MCP servers may retain data outside Anthropic ZDR scope—flag each connector.
- Session storage plugins and custom loggers can violate ZDR if misconfigured.
- Do not mark compliant until human security review signs off with evidence.
Privacy notes
- Compliance packets may summarize data categories but should not attach raw customer prompts.
- MCP vendor DPAs and subprocessors must be cited for regulated workloads.
- Evidence repositories need access controls separate from general engineering drives.
Prerequisites
- Contractual ZDR or equivalent requirements from legal or security stakeholders.
- Deployment architecture for Claude Code, Agent SDK hosts, logging, and MCP connectors.
- Current observability configuration including content logging flags.
- Inventory of MCP servers and what data each tool transmits externally.
Schema details
- Install type
- copy
- Troubleshooting
- No
Source repository stats
- Scope
- Source repo
Full copyable content
## Content
Zero Data Retention Compliance Agent is a community-authored reusable prompt for aligning
Claude Code deployments with zero data retention programs. It applies official Claude Code
zero data retention documentation—not legal advice or an official Anthropic compliance agent.
## Scope Note
This prompt operationalizes documented ZDR expectations from code.claude.com. Legal and
contract interpretation remains with your counsel and security teams.
## Agent Prompt
You are a zero data retention compliance reviewer for Claude Code deployments. Map technical
controls to stated ZDR requirements using official Anthropic documentation only.
Workflow:
1. **Requirements intake.** Capture contractual ZDR scope, regulated data types, and retention prohibitions.
2. **Anthropic surfaces.** Identify which Claude Code features are in scope and what official ZDR docs say about retention behavior.
3. **Logging audit.** Find application logs, hooks, CI artifacts, and support exports that might store prompts or outputs.
4. **Observability.** Verify tracing and APM configs disable or redact prompt content per policy.
5. **MCP inventory.** For each connector, document data sent, vendor retention claims, and DPA coverage gaps.
6. **Session storage.** Review external session stores, checkpoints, and cloud runs for persisted transcripts.
7. **Evidence pack.** Produce checklist with pass/fail, owners, and remediation tasks for security sign-off.
Output contract:
- Control matrix mapped to requirements.
- MCP and logging findings with severity.
- Remediation backlog with owners.
- Explicit non-compliance gaps requiring legal or vendor follow-up.
## Features
- Applies official ZDR documentation to practical deployment checks.
- Treats MCP connectors as separate retention boundaries.
- Highlights observability misconfiguration as a common ZDR failure mode.
- Outputs security-review-ready evidence structures.
## Use Cases
- Enterprise security review before Claude Code team rollout.
- Agent SDK production launch in regulated industries.
- Annual re-certification of logging and MCP connector policies.
- Vendor due diligence when adding new remote MCP tools.
## Source Notes
Verified against Claude Code zero data retention documentation on **2026-06-16**:
- Official docs describe zero data retention expectations and configuration considerations
for Claude Code enterprise deployments.
- Documentation distinguishes Anthropic-controlled retention from third-party MCP and
logging systems teams must evaluate separately.
- Network, session, and connector choices documented elsewhere must align with ZDR
commitments stated in the ZDR guide.
## Duplicate Check
Checked content/agents and content/skills for ZDR workflows.
ai-workflow-privacy-compliance-review-agent covers broader privacy topics.
claude-code-zero-data-retention-review-capability-pack is a skills pack checklist.
No agents entry applies official ZDR documentation to deployment compliance review with MCP inventory steps.
## Editorial Disclosure
Submitted as an independent community agent entry by kiannidev, based on public Claude
Code zero data retention documentation and the public anthropics/claude-code repository.
No paid placement, referral, or affiliate relationship.
## Sources
- Claude Code zero data retention - https://code.claude.com/docs/en/zero-data-retention
- Claude Code MCP - https://code.claude.com/docs/en/mcp
- Claude Code repository - https://github.com/anthropics/claude-codeAbout this resource
Content
Zero Data Retention Compliance Agent is a community-authored reusable prompt for aligning Claude Code deployments with zero data retention programs. It applies official Claude Code zero data retention documentation—not legal advice or an official Anthropic compliance agent.
Scope Note
This prompt operationalizes documented ZDR expectations from code.claude.com. Legal and contract interpretation remains with your counsel and security teams.
Agent Prompt
You are a zero data retention compliance reviewer for Claude Code deployments. Map technical controls to stated ZDR requirements using official Anthropic documentation only.
Workflow:
- Requirements intake. Capture contractual ZDR scope, regulated data types, and retention prohibitions.
- Anthropic surfaces. Identify which Claude Code features are in scope and what official ZDR docs say about retention behavior.
- Logging audit. Find application logs, hooks, CI artifacts, and support exports that might store prompts or outputs.
- Observability. Verify tracing and APM configs disable or redact prompt content per policy.
- MCP inventory. For each connector, document data sent, vendor retention claims, and DPA coverage gaps.
- Session storage. Review external session stores, checkpoints, and cloud runs for persisted transcripts.
- Evidence pack. Produce checklist with pass/fail, owners, and remediation tasks for security sign-off.
Output contract:
- Control matrix mapped to requirements.
- MCP and logging findings with severity.
- Remediation backlog with owners.
- Explicit non-compliance gaps requiring legal or vendor follow-up.
Features
- Applies official ZDR documentation to practical deployment checks.
- Treats MCP connectors as separate retention boundaries.
- Highlights observability misconfiguration as a common ZDR failure mode.
- Outputs security-review-ready evidence structures.
Use Cases
- Enterprise security review before Claude Code team rollout.
- Agent SDK production launch in regulated industries.
- Annual re-certification of logging and MCP connector policies.
- Vendor due diligence when adding new remote MCP tools.
Source Notes
Verified against Claude Code zero data retention documentation on 2026-06-16:
- Official docs describe zero data retention expectations and configuration considerations for Claude Code enterprise deployments.
- Documentation distinguishes Anthropic-controlled retention from third-party MCP and logging systems teams must evaluate separately.
- Network, session, and connector choices documented elsewhere must align with ZDR commitments stated in the ZDR guide.
Duplicate Check
Checked content/agents and content/skills for ZDR workflows. ai-workflow-privacy-compliance-review-agent covers broader privacy topics. claude-code-zero-data-retention-review-capability-pack is a skills pack checklist. No agents entry applies official ZDR documentation to deployment compliance review with MCP inventory steps.
Editorial Disclosure
Submitted as an independent community agent entry by kiannidev, based on public Claude Code zero data retention documentation and the public anthropics/claude-code repository. No paid placement, referral, or affiliate relationship.
Sources
- Claude Code zero data retention - https://code.claude.com/docs/en/zero-data-retention
- Claude Code MCP - https://code.claude.com/docs/en/mcp
- Claude Code repository - https://github.com/anthropics/claude-code
Source citations
Add this badge to your README
Show that Zero Data Retention Compliance Agent is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/agents/zero-data-retention-compliance-agent)How it compares
Zero Data Retention Compliance Agent side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | Zero Data Retention Compliance Agent Community reusable agent prompt for mapping Claude Code deployments to zero data retention requirements using official ZDR docs: logging boundaries, MCP data flows, session storage, and compliance evidence checklists for security review. Open dossier | Claude Code Zero Data Retention Review Capability Pack Skill Expert Claude Code zero data retention review capability pack for auditing ZDR scope on Claude for Enterprise, disabled features, model availability, analytics limits, and third-party integration gaps before rollout. Open dossier | Claude Code Analytics Adoption Capability Pack Skill Expert Claude Code analytics adoption capability pack for enabling team and enterprise dashboards, GitHub contribution metrics, adoption tracking, ROI reporting, and OpenTelemetry complements with source-backed rollout steps. Open dossier | Claude Code Communications Kit Capability Pack Skill Expert Claude Code communications kit capability pack for planning internal launch campaigns, message calendars, manager talking points, and FAQ updates aligned to official communications kit documentation. Open dossier |
|---|---|---|---|---|
| Trust | ||||
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Category | agents | skills | skills | skills |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | kiannidev | kiannidev | kiannidev | kiannidev |
| Added | 2026-06-16 | 2026-06-13 | 2026-06-13 | 2026-06-15 |
| Platforms | Claude Code | Claude CodeCodexWindsurfGeminiCursorCLI | Claude CodeCodexWindsurfGeminiCursorCLI | Claude CodeCodexWindsurfGeminiCursorCLI |
| Source repo | — | — | — | — |
| Safety notes | ✓ZDR compliance is organizational; this agent produces checklists, not legal determinations. Third-party MCP servers may retain data outside Anthropic ZDR scope—flag each connector. Session storage plugins and custom loggers can violate ZDR if misconfigured. Do not mark compliant until human security review signs off with evidence. | ✓This skill summarizes official ZDR scope; it must not claim ZDR covers chat on claude.ai, Cowork, third-party MCP servers, or Bedrock, Vertex, or Foundry routes. ZDR is enabled per organization; new organizations require separate enablement by the Anthropic account team. Disabled features such as Claude Code on the Web, Desktop cloud sessions, and `/feedback` are blocked at the backend regardless of client UI. Claude Fable 5 is unavailable under ZDR; the `best` alias resolves to Opus for ZDR organizations instead. Policy-violation sessions may still be retained for up to two years even when ZDR is enabled. | ✓This skill recommends analytics enablement steps; it must not toggle admin settings or install GitHub apps without explicit owner approval. Contribution metrics are conservative underestimates and should not be treated as exact productivity scores for individuals. Leaderboards and CSV exports can create unintended performance pressure; align rollout with HR and management policy first. Zero Data Retention organizations cannot use GitHub contribution metrics; usage metrics only. Console spend figures are estimates; use billing pages for actual costs. | ✓This skill plans communications; it must not enable Claude Code org settings or install apps without admin approval. Avoid productivity guarantees or compensation claims in launch messaging; stick to documented capabilities. Do not share embargoed security findings or unreleased product details in pre-launch teasers. Manager talking points should not pressure individual leaderboard rankings without HR alignment. |
| Privacy notes | ✓Compliance packets may summarize data categories but should not attach raw customer prompts. MCP vendor DPAs and subprocessors must be cited for regulated workloads. Evidence repositories need access controls separate from general engineering drives. | ✓ZDR review discussions often involve account emails, organization names, contract terms, and security architecture details that should stay in internal channels. Claude Code Analytics under ZDR does not store prompts or model responses but still collects productivity metadata such as account emails and usage statistics. Administrative data such as seat assignments and audit logs follow standard retention policies and remain in scope for compliance review. Third-party MCP servers, local logs, hooks, and customer-managed observability stacks are outside Anthropic ZDR and need separate review. | ✓Analytics dashboards expose account emails, usage patterns, leaderboard rankings, and per-user spend or line counts depending on plan. GitHub contribution metrics analyze merged PR diffs and Claude Code session activity within attribution windows; confirm code and identity visibility with security review. CSV exports include all users, not just the top ten shown in the dashboard UI. OpenTelemetry exports can replicate usage events into customer observability systems and need retention and access-control review. | ✓Launch plans may reference internal team names, adoption targets, and security exceptions; redact for external audiences. FAQ drafts can expose ZDR limitations, proxy requirements, and data handling policies sensitive outside the org. Communications calendars may include executive quotes or customer examples requiring approval before send. Analytics mentions in launch copy should avoid naming individual contributors unless policy allows. |
| Prerequisites |
|
|
|
|
| Install | — | — | — | — |
| Config | — | — | — | — |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Signals
Loading live community signals…
More like this, weekly
A short, calm digest of reviewed Claude resources. Unsubscribe any time.