Install command
Not provided
The Claude Code data-handling controls that matter for teams working near PHI: no-training commercial policy, retention windows, Zero Data Retention, encryption, local transcript handling, telemetry opt-outs, and security model.
Open the source and read safety notes before installing.
Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.
Decision playbook
Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.
0
78
—
No baseline selected
No major trust-signal divergence detected in the current selection.
Confirm ownership and provenance before trusting install instructions.
Source link availableRequired
Open the canonical repository and verify ownership.
Source provenance statusRequired
Marked as source-backed.
Metadata reviewed
Registry metadata indicates a reviewed listing.
Validate risk disclosures before installation or API wiring.
Safety notes presentRequired
Review the listed safety guidance before running commands.
Privacy notes presentRequired
Review data handling notes before connecting accounts or secrets.
Trust level risk gateRequired
Trust level does not block evaluation.
Check package metadata and artifact integrity signals.
Install payload available
Install or copy payload is available for review.
Package verification flag
No package verification flag provided.
Checksum metadata
No checksum provided for downloaded artifact.
Use compare context to validate trade-offs before adoption.
Compare tray has multiple entries
Add at least one more entry to compare trust differences.
Baseline comparison available
No baseline peer selected yet.
Diverging trust signals identified
No major trust-signal divergence found.
Setup at a glance
Copy-ready — paste the snippet to get started.
Install command
Not provided
Config snippet
Not provided
Copy snippet
Provided
Prerequisites
3 to clear
Platforms
1 listed
Difficulty
60/100
Adoption plan
Current risk score 16/100. Use staged verification before broader rollout.
Validate source and review signals before any execution.
Confirm source provenanceRequired
Source URL/provenance metadata is present.
Confirm metadata review state
Listing has review metadata.
Verify install payload
Install/config payload exists and can be inspected.
Confirm safety, privacy, and package integrity signals.
Review safety notesRequired
Safety notes are present.
Review privacy notesRequired
Privacy notes are present.
Verify package integrity metadata
No package verification/checksum metadata.
Adopt in controlled steps based on the selected plan.
Run in isolated sandbox firstRequired
Use a constrained sandbox and observe behavior across multiple tasks.
Roll out graduallyRequired
Roll out to a small cohort before wider usage.
Set monitoring and fallback
Define rollback path and monitor errors after adoption.
Evidence readiness
Required evidence gates are covered (5/6 signals complete).
Source repository/provenance is listed.
Required in this preset
Review metadata is present.
Required in this preset
Safety notes are present.
Required in this preset
Privacy notes are present.
Optional in this preset
Package integrity metadata is missing.
Optional in this preset
Install payload is available.
Required in this preset
Required evidence gates are covered for this preset.
Decision timeline
5/6 steps complete with no blocking gaps for this preset.
triage
Source/provenance metadata is available.
triage
Review metadata is available.
verify
Safety notes are available.
verify
Privacy notes are available.
verify
Package integrity metadata is missing.
rollout
Install payload is available.
No required blockers for this timeline preset.
Prerequisite readiness
3 prerequisites to line up before setup. Have accounts and credentials ready first. Includes a review or approval gate.
Safety & privacy surface
3 safety and 3 privacy notes across 5 risk areas. Review closely: credentials & tokens.
## TL;DR
If your team works near protected health information (PHI), the questions that matter for adopting Claude Code are concrete and answerable from Anthropic's own documentation: Does Anthropic train on your prompts? How long is data kept? What does Zero Data Retention actually turn off? How is data encrypted? Where do transcripts live on disk, and how do you control them? What telemetry leaves the machine, and how do you stop it?
This guide answers those questions from the published Claude Code data-usage, Zero Data Retention, and security docs. It does **not** establish HIPAA compliance and does not claim Claude Code is "HIPAA certified."
> **This is not legal or compliance advice.**
>
> Whether any tool can lawfully process PHI depends on your contracts (including any Business Associate Agreement), your configuration, and your obligations under HIPAA. Consult official [HHS HIPAA guidance](https://www.hhs.gov/hipaa/index.html) and your own compliance and legal team before processing PHI with Claude Code or any AI tool. Nothing below is a representation that Claude Code is HIPAA compliant.
**Key points (all grounded in Claude Code docs):**
- Under commercial terms (Team, Enterprise, API), Anthropic does not train generative models on Claude Code code or prompts unless you opt in.
- Standard commercial retention is 30 days; Zero Data Retention (ZDR) is available only to qualified Claude for Enterprise accounts and must be enabled by Anthropic.
- Data is encrypted in transit via TLS 1.2+; encryption at rest depends on your model provider.
- Claude Code stores transcripts locally in plaintext for 30 days by default, controllable with `cleanupPeriodDays`.
## Why "HIPAA mapping" is the wrong frame here
HIPAA safeguards are legal obligations on *covered entities and business associates*—they are satisfied by contracts, policies, risk analyses, and your overall environment, not by a single developer tool. A documentation tool cannot "be HIPAA compliant" on its own. What a tool *can* do is give you verifiable, documented data-handling controls that your compliance program can build on.
So this guide does the verifiable part: it catalogs the data controls Claude Code actually documents and points to where each is described. Treat HIPAA only as the general reason these controls matter ("teams handling PHI must minimize data exposure and retention")—and take the legal mapping to HHS guidance and your compliance team.
## Claude Code data controls reference
Every row below traces to the official Claude Code documentation. Use it as the starting checklist for a PHI-sensitive review.
| Control | What it does | Where it's documented |
| --- | --- | --- |
| Commercial no-training policy | Under Team, Enterprise, API, and Gov terms, Anthropic does not train generative models on code or prompts sent to Claude Code, unless the customer opts in (e.g., Development Partner Program). | [Data usage → Data training policy](https://code.claude.com/docs/en/data-usage) |
| Consumer training choice | On Free/Pro/Max, data may be used to train future models when the setting is on; changeable anytime in privacy settings. | [Data usage → Data training policy](https://code.claude.com/docs/en/data-usage) |
| Standard retention (commercial) | Team, Enterprise, and API: 30-day retention period. | [Data usage → Data retention](https://code.claude.com/docs/en/data-usage) |
| Consumer retention | 30 days if training is off; 5 years if the training setting is on. | [Data usage → Data retention](https://code.claude.com/docs/en/data-usage) |
| `/feedback` retention | Transcripts shared via `/feedback` are retained for 5 years; transcripts shared via the session-quality follow-up are retained up to 6 months. | [Data usage → Feedback / Data retention](https://code.claude.com/docs/en/data-usage) |
| Zero Data Retention (ZDR) | Prompts and responses processed in real time and not stored after the response returns (except where required by law or to address misuse). Available only to qualified Claude for Enterprise accounts; enabled per-organization by Anthropic. | [Zero data retention](https://code.claude.com/docs/en/zero-data-retention) |
| Encryption in transit | All prompts and outputs encrypted in transit via TLS 1.2+. | [Data usage → Local data flow](https://code.claude.com/docs/en/data-usage) |
| Encryption at rest | Provider-dependent: Anthropic API uses AES-256 disk encryption; Bedrock AES-256 (AWS-managed, CMK via KMS); Vertex AI Google-managed keys (CMEK available); Foundry routes to Anthropic AES-256. | [Data usage → Local data flow table](https://code.claude.com/docs/en/data-usage) |
| Local transcript storage | Session transcripts stored locally in plaintext under `~/.claude/projects/` for 30 days by default to enable resumption. | [Data usage → Data retention (local caching)](https://code.claude.com/docs/en/data-usage) |
| `cleanupPeriodDays` | Adjusts how long local transcripts are kept before cleanup. | [Data usage → Data retention](https://code.claude.com/docs/en/data-usage) |
| Telemetry opt-out | Operational metrics (latency, reliability, usage—no code or file paths) sent by default on the Anthropic API; disable with `DISABLE_TELEMETRY`. | [Data usage → Telemetry services](https://code.claude.com/docs/en/data-usage) |
| Error-reporting opt-out | Sentry error logging on by default on the Anthropic API; disable with `DISABLE_ERROR_REPORTING`. | [Data usage → Telemetry services](https://code.claude.com/docs/en/data-usage) |
| Feedback opt-out | Disable the `/feedback` command with `DISABLE_FEEDBACK_COMMAND=1`; disable session-quality surveys with `CLAUDE_CODE_DISABLE_FEEDBACK_SURVEY=1`. | [Data usage → Feedback / surveys](https://code.claude.com/docs/en/data-usage) |
| Nonessential-traffic kill switch | `CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC` opts out of all non-essential traffic at once (does not affect the WebFetch safety check). | [Data usage → Default behaviors](https://code.claude.com/docs/en/data-usage) |
| Provider defaults | On Bedrock, Vertex, Foundry, and Claude Platform on AWS, error reporting, telemetry, and bug reporting are off by default. | [Data usage → Default behaviors by API provider](https://code.claude.com/docs/en/data-usage) |
| Permission-based architecture | Read-only by default; modifying actions require explicit approval; read-only commands like `ls`, `cat`, `git status` run without a prompt. | [Security → Permission-based architecture](https://code.claude.com/docs/en/security) |
| Write-access restriction | Claude Code can only write within the startup folder and subfolders; parent-directory writes need explicit permission. | [Security → Built-in protections](https://code.claude.com/docs/en/security) |
| Sandboxing | `/sandbox` provides filesystem and network isolation for Bash commands. | [Security → Built-in protections](https://code.claude.com/docs/en/security) |
| Secure credential storage | API keys/tokens stored in the macOS Keychain when available; protected by file permissions on Windows and Linux. | [Security → Privacy safeguards](https://code.claude.com/docs/en/security) |
| Network-command approval | Web-fetching commands such as `curl`/`wget` are not auto-approved; can be blocked via `permissions.deny`. | [Security → Protect against prompt injection](https://code.claude.com/docs/en/security) |
| Trust verification | First-time codebases and new MCP servers require trust verification. | [Security → Additional safeguards](https://code.claude.com/docs/en/security) |
| Managed settings / OTel auditing | Organizations enforce standards via managed settings; activity can be monitored through OpenTelemetry metrics. | [Security → Team security](https://code.claude.com/docs/en/security) |
## Data training policy: what commercial terms guarantee
Per the [data-usage docs](https://code.claude.com/docs/en/data-usage), commercial users—Team, Enterprise, API, third-party platforms, and Claude Gov—are covered by a policy where **Anthropic does not train generative models using code or prompts sent to Claude Code under commercial terms**, unless the customer explicitly opts in (for example, via the Development Partner Program, which an org admin must enable and which is first-party API only).
Consumer plans (Free, Pro, Max) are different: data may be used to improve future models when the setting is on, including when Claude Code is used from those accounts. For PHI-sensitive work, that distinction is decisive—account type drives both training and retention behavior.
## Retention windows
From the same docs:
- **Commercial (Team, Enterprise, API):** standard 30-day retention.
- **Consumer:** 30 days if training is off; 5 years if the training setting is on.
- **`/feedback` transcripts:** retained for 5 years.
- **Session-quality follow-up transcripts (only if you select "Yes"):** retained up to 6 months.
- **Local caching:** transcripts kept locally in plaintext under `~/.claude/projects/` for 30 days by default, adjustable with `cleanupPeriodDays`.
## Zero Data Retention (ZDR)
The [Zero Data Retention docs](https://code.claude.com/docs/en/zero-data-retention) describe ZDR precisely:
- **What it is:** prompts and model responses are processed in real time and **not stored** by Anthropic after the response returns, except where required by law or to combat misuse.
- **Who qualifies:** available only to **qualified accounts on Claude for Enterprise**. It is *not* part of the standard Enterprise plan and *cannot* be enabled from admin settings—Anthropic enables it per-organization after confirming eligibility (contact sales/your account team). It does not auto-apply to newly created organizations.
- **What it disables:** features that require storing prompts or completions are turned off at the backend, including **Claude Code on the web**, **Cloud sessions** from the Desktop app, and **`/feedback`** submission.
- **What it does not cover:** chat on claude.ai, Cowork, analytics metadata (account emails, usage stats), user/seat management data, and third-party integrations/MCP servers—these follow standard retention.
- **Model caveat:** some models that require retention are unavailable under ZDR (e.g., Claude Fable 5); the `best` alias resolves to Opus for ZDR organizations.
- **Policy-violation exception:** flagged sessions may have inputs/outputs retained up to 2 years.
For Bedrock, Vertex AI, or Foundry deployments, ZDR on Claude for Enterprise does not apply—those platforms' own retention policies govern.
## Encryption
Per the data-usage docs, **all prompts and outputs are encrypted in transit via TLS 1.2+**, and Claude Code is compatible with most popular VPNs and LLM proxies. **Encryption at rest depends on the model provider:**
- **Anthropic API:** infrastructure-level disk encryption (AES-256); enable ZDR for no server-side persistence.
- **Amazon Bedrock:** AES-256 with AWS-managed keys; customer-managed keys via AWS KMS.
- **Google Cloud Vertex AI:** Google-managed keys; CMEK available.
- **Microsoft Foundry:** routes to Anthropic infrastructure with AES-256 disk encryption.
## Local transcripts and on-disk data
This is often the most overlooked exposure point for PHI-sensitive teams. The docs state Claude Code clients **store session transcripts locally in plaintext** under `~/.claude/projects/` for 30 days by default to support session resumption. Control retention with the `cleanupPeriodDays` setting, and apply your own disk-level protections (full-disk encryption, access controls) to those paths. If prompts or pasted content could contain PHI, the local cache must be part of your data-handling plan.
## Telemetry, error reporting, and feedback
On the Anthropic API, several non-essential flows are **on by default** and send data off-machine:
- **Telemetry** (operational metrics only—no code or file paths): `DISABLE_TELEMETRY` to opt out.
- **Sentry error reporting:** `DISABLE_ERROR_REPORTING` to opt out.
- **`/feedback`** (sends conversation history, including code, to Anthropic): `DISABLE_FEEDBACK_COMMAND=1` to opt out.
- **Session-quality surveys:** `CLAUDE_CODE_DISABLE_FEEDBACK_SURVEY=1` to opt out.
A single switch, `CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC`, opts out of all non-essential traffic at once (it does not affect the WebFetch domain safety check, which has its own `skipWebFetchPreflight` opt-out). On Bedrock, Vertex, Foundry, and Claude Platform on AWS, error reporting, telemetry, and bug reporting are **off by default**. All of these variables can be committed to `settings.json` to enforce them across a team.
## Network, proxy, and credentials
- Claude Code works with most popular VPNs and LLM proxies (data-usage docs).
- API keys and tokens are stored in the **macOS Keychain** when available, and protected by file permissions on Windows and Linux ([Security → credential management](https://code.claude.com/docs/en/security)).
- Web-fetching commands (`curl`, `wget`) are not auto-approved and can be blocked entirely via `permissions.deny`.
- For Claude Code on the web, outbound traffic routes through a security proxy with audit logging, GitHub credentials never enter the sandbox, and each session runs in an isolated, auto-terminated VM with branch-restricted pushes.
## Access controls and the security model
From the [security docs](https://code.claude.com/docs/en/security):
- **Permission-based architecture:** read-only by default; modifying actions require explicit approval.
- **Write-access restriction:** writes confined to the startup folder and subfolders.
- **Sandboxing:** `/sandbox` adds filesystem and network isolation for Bash commands.
- **Prompt-injection safeguards:** context-aware analysis, input sanitization, isolated web-fetch context, command-injection detection, fail-closed matching, and trust verification for new codebases and MCP servers.
- **Org enforcement:** managed settings enforce standards across a team; OpenTelemetry metrics enable activity monitoring and auditing; `ConfigChange` hooks can audit or block settings changes mid-session.
- **Compliance artifacts:** SOC 2 Type 2 and ISO 27001 are available via the Anthropic Trust Center (linked from the security docs).
## A practical pre-adoption checklist for PHI-sensitive teams
1. **Confirm account type.** Use commercial terms (Team/Enterprise/API) so the no-training policy applies; avoid consumer plans for any work that could touch PHI.
2. **Decide on ZDR.** If your risk posture requires no server-side persistence, pursue ZDR on Claude for Enterprise through your account team, and accept the disabled features (web, cloud sessions, `/feedback`).
3. **Pin telemetry opt-outs in `settings.json`.** Set `CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC` (or the granular variables) so no non-essential data leaves the machine.
4. **Manage local transcripts.** Set an appropriate `cleanupPeriodDays`, and ensure `~/.claude/projects/` sits on encrypted, access-controlled storage.
5. **Lock down the security model.** Use managed settings, sandboxing, and `permissions.deny` for network commands; monitor via OpenTelemetry.
6. **Do the legal work separately.** Map controls above to your HIPAA obligations with your compliance/legal team and current HHS guidance—this guide does not do that for you.
## Frequently asked questions
**Is Claude Code "HIPAA compliant" or "HIPAA certified"?**
The Claude Code docs do not make that claim, and neither does this guide. Compliance depends on your contracts, configuration, and obligations—consult your compliance/legal team and HHS guidance.
**Does Anthropic train on my prompts?**
Under commercial terms (Team, Enterprise, API), no—unless you opt in (e.g., Development Partner Program). On consumer plans, data may be used to train future models when the setting is on.
**What is kept, and for how long?**
Commercial standard retention is 30 days; consumer is 30 days or 5 years depending on the training setting; `/feedback` transcripts 5 years; local transcripts 30 days by default (`cleanupPeriodDays`).
**How do I stop data from leaving my machine?**
Set `CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC` (or the granular `DISABLE_TELEMETRY`, `DISABLE_ERROR_REPORTING`, `DISABLE_FEEDBACK_COMMAND`, `CLAUDE_CODE_DISABLE_FEEDBACK_SURVEY` variables). Note prompts/outputs still flow to your model provider over TLS to get responses.
**What does Zero Data Retention turn off?**
At minimum: Claude Code on the web, Desktop cloud sessions, and `/feedback`. It also limits model availability and excludes analytics metadata, claude.ai chat, and third-party integrations.
_Last reviewed: June 2026. All claims sourced from the official Claude Code data-usage, Zero Data Retention, and security documentation._If your team works near protected health information (PHI), the questions that matter for adopting Claude Code are concrete and answerable from Anthropic's own documentation: Does Anthropic train on your prompts? How long is data kept? What does Zero Data Retention actually turn off? How is data encrypted? Where do transcripts live on disk, and how do you control them? What telemetry leaves the machine, and how do you stop it?
This guide answers those questions from the published Claude Code data-usage, Zero Data Retention, and security docs. It does not establish HIPAA compliance and does not claim Claude Code is "HIPAA certified."
This is not legal or compliance advice.
Whether any tool can lawfully process PHI depends on your contracts (including any Business Associate Agreement), your configuration, and your obligations under HIPAA. Consult official HHS HIPAA guidance and your own compliance and legal team before processing PHI with Claude Code or any AI tool. Nothing below is a representation that Claude Code is HIPAA compliant.
Key points (all grounded in Claude Code docs):
cleanupPeriodDays.HIPAA safeguards are legal obligations on covered entities and business associates—they are satisfied by contracts, policies, risk analyses, and your overall environment, not by a single developer tool. A documentation tool cannot "be HIPAA compliant" on its own. What a tool can do is give you verifiable, documented data-handling controls that your compliance program can build on.
So this guide does the verifiable part: it catalogs the data controls Claude Code actually documents and points to where each is described. Treat HIPAA only as the general reason these controls matter ("teams handling PHI must minimize data exposure and retention")—and take the legal mapping to HHS guidance and your compliance team.
Every row below traces to the official Claude Code documentation. Use it as the starting checklist for a PHI-sensitive review.
| Control | What it does | Where it's documented |
|---|---|---|
| Commercial no-training policy | Under Team, Enterprise, API, and Gov terms, Anthropic does not train generative models on code or prompts sent to Claude Code, unless the customer opts in (e.g., Development Partner Program). | Data usage → Data training policy |
| Consumer training choice | On Free/Pro/Max, data may be used to train future models when the setting is on; changeable anytime in privacy settings. | Data usage → Data training policy |
| Standard retention (commercial) | Team, Enterprise, and API: 30-day retention period. | Data usage → Data retention |
| Consumer retention | 30 days if training is off; 5 years if the training setting is on. | Data usage → Data retention |
/feedback retention |
Transcripts shared via /feedback are retained for 5 years; transcripts shared via the session-quality follow-up are retained up to 6 months. |
Data usage → Feedback / Data retention |
| Zero Data Retention (ZDR) | Prompts and responses processed in real time and not stored after the response returns (except where required by law or to address misuse). Available only to qualified Claude for Enterprise accounts; enabled per-organization by Anthropic. | Zero data retention |
| Encryption in transit | All prompts and outputs encrypted in transit via TLS 1.2+. | Data usage → Local data flow |
| Encryption at rest | Provider-dependent: Anthropic API uses AES-256 disk encryption; Bedrock AES-256 (AWS-managed, CMK via KMS); Vertex AI Google-managed keys (CMEK available); Foundry routes to Anthropic AES-256. | Data usage → Local data flow table |
| Local transcript storage | Session transcripts stored locally in plaintext under ~/.claude/projects/ for 30 days by default to enable resumption. |
Data usage → Data retention (local caching) |
cleanupPeriodDays |
Adjusts how long local transcripts are kept before cleanup. | Data usage → Data retention |
| Telemetry opt-out | Operational metrics (latency, reliability, usage—no code or file paths) sent by default on the Anthropic API; disable with DISABLE_TELEMETRY. |
Data usage → Telemetry services |
| Error-reporting opt-out | Sentry error logging on by default on the Anthropic API; disable with DISABLE_ERROR_REPORTING. |
Data usage → Telemetry services |
| Feedback opt-out | Disable the /feedback command with DISABLE_FEEDBACK_COMMAND=1; disable session-quality surveys with CLAUDE_CODE_DISABLE_FEEDBACK_SURVEY=1. |
Data usage → Feedback / surveys |
| Nonessential-traffic kill switch | CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC opts out of all non-essential traffic at once (does not affect the WebFetch safety check). |
Data usage → Default behaviors |
| Provider defaults | On Bedrock, Vertex, Foundry, and Claude Platform on AWS, error reporting, telemetry, and bug reporting are off by default. | Data usage → Default behaviors by API provider |
| Permission-based architecture | Read-only by default; modifying actions require explicit approval; read-only commands like ls, cat, git status run without a prompt. |
Security → Permission-based architecture |
| Write-access restriction | Claude Code can only write within the startup folder and subfolders; parent-directory writes need explicit permission. | Security → Built-in protections |
| Sandboxing | /sandbox provides filesystem and network isolation for Bash commands. |
Security → Built-in protections |
| Secure credential storage | API keys/tokens stored in the macOS Keychain when available; protected by file permissions on Windows and Linux. | Security → Privacy safeguards |
| Network-command approval | Web-fetching commands such as curl/wget are not auto-approved; can be blocked via permissions.deny. |
Security → Protect against prompt injection |
| Trust verification | First-time codebases and new MCP servers require trust verification. | Security → Additional safeguards |
| Managed settings / OTel auditing | Organizations enforce standards via managed settings; activity can be monitored through OpenTelemetry metrics. | Security → Team security |
Per the data-usage docs, commercial users—Team, Enterprise, API, third-party platforms, and Claude Gov—are covered by a policy where Anthropic does not train generative models using code or prompts sent to Claude Code under commercial terms, unless the customer explicitly opts in (for example, via the Development Partner Program, which an org admin must enable and which is first-party API only).
Consumer plans (Free, Pro, Max) are different: data may be used to improve future models when the setting is on, including when Claude Code is used from those accounts. For PHI-sensitive work, that distinction is decisive—account type drives both training and retention behavior.
From the same docs:
/feedback transcripts: retained for 5 years.~/.claude/projects/ for 30 days by default, adjustable with cleanupPeriodDays.The Zero Data Retention docs describe ZDR precisely:
/feedback submission.best alias resolves to Opus for ZDR organizations.For Bedrock, Vertex AI, or Foundry deployments, ZDR on Claude for Enterprise does not apply—those platforms' own retention policies govern.
Per the data-usage docs, all prompts and outputs are encrypted in transit via TLS 1.2+, and Claude Code is compatible with most popular VPNs and LLM proxies. Encryption at rest depends on the model provider:
This is often the most overlooked exposure point for PHI-sensitive teams. The docs state Claude Code clients store session transcripts locally in plaintext under ~/.claude/projects/ for 30 days by default to support session resumption. Control retention with the cleanupPeriodDays setting, and apply your own disk-level protections (full-disk encryption, access controls) to those paths. If prompts or pasted content could contain PHI, the local cache must be part of your data-handling plan.
On the Anthropic API, several non-essential flows are on by default and send data off-machine:
DISABLE_TELEMETRY to opt out.DISABLE_ERROR_REPORTING to opt out./feedback (sends conversation history, including code, to Anthropic): DISABLE_FEEDBACK_COMMAND=1 to opt out.CLAUDE_CODE_DISABLE_FEEDBACK_SURVEY=1 to opt out.A single switch, CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC, opts out of all non-essential traffic at once (it does not affect the WebFetch domain safety check, which has its own skipWebFetchPreflight opt-out). On Bedrock, Vertex, Foundry, and Claude Platform on AWS, error reporting, telemetry, and bug reporting are off by default. All of these variables can be committed to settings.json to enforce them across a team.
curl, wget) are not auto-approved and can be blocked entirely via permissions.deny.From the security docs:
/sandbox adds filesystem and network isolation for Bash commands.ConfigChange hooks can audit or block settings changes mid-session./feedback).settings.json. Set CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC (or the granular variables) so no non-essential data leaves the machine.cleanupPeriodDays, and ensure ~/.claude/projects/ sits on encrypted, access-controlled storage.permissions.deny for network commands; monitor via OpenTelemetry.Is Claude Code "HIPAA compliant" or "HIPAA certified"? The Claude Code docs do not make that claim, and neither does this guide. Compliance depends on your contracts, configuration, and obligations—consult your compliance/legal team and HHS guidance.
Does Anthropic train on my prompts? Under commercial terms (Team, Enterprise, API), no—unless you opt in (e.g., Development Partner Program). On consumer plans, data may be used to train future models when the setting is on.
What is kept, and for how long?
Commercial standard retention is 30 days; consumer is 30 days or 5 years depending on the training setting; /feedback transcripts 5 years; local transcripts 30 days by default (cleanupPeriodDays).
How do I stop data from leaving my machine?
Set CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC (or the granular DISABLE_TELEMETRY, DISABLE_ERROR_REPORTING, DISABLE_FEEDBACK_COMMAND, CLAUDE_CODE_DISABLE_FEEDBACK_SURVEY variables). Note prompts/outputs still flow to your model provider over TLS to get responses.
What does Zero Data Retention turn off?
At minimum: Claude Code on the web, Desktop cloud sessions, and /feedback. It also limits model availability and excludes analytics metadata, claude.ai chat, and third-party integrations.
Last reviewed: June 2026. All claims sourced from the official Claude Code data-usage, Zero Data Retention, and security documentation.
Show that Using Claude Code in Healthcare and PHI-Sensitive Environments is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/guides/healthcare-hipaa-guide)Using Claude Code in Healthcare and PHI-Sensitive Environments side by side with 2 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
2 trust signals differ across this comparison (Source provenance, Submitter).
| Field | The Claude Code data-handling controls that matter for teams working near PHI: no-training commercial policy, retention windows, Zero Data Retention, encryption, local transcript handling, telemetry opt-outs, and security model. Open dossier | How to deploy Claude Code in a security- and compliance-sensitive financial-services environment, using its documented data-handling, ZDR, network, IAM, and sandboxing controls. Open dossier | Enterprise guide to zero data retention planning for Claude Code: contractual ZDR scope, logging boundaries, MCP data paths, and verification checkpoints. Open dossier |
|---|---|---|---|
| Next steps | |||
| Trust | |||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trust | Package not verified | Package not verified | Package not verified |
| Source provenanceDiffers | Source-backed | Source-backed | Submission linkedSource submission |
| SubmitterDiffers | — | — | kiannidev |
| Install risk | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | — | — | — |
| Category | guides | guides | guides |
| Source | source-backed | source-backed | source-backed |
| Author | JSONbored | JSONbored | kiannidev |
| Added | 2025-10-27 | 2025-10-27 | 2026-06-14 |
| Platforms | Claude Code | Claude Code | Claude Code |
| Source repo | — | — | — |
| Safety notes | ✓Claude Code stores session transcripts locally in plaintext under `~/.claude/projects/` for 30 days by default; tune retention with `cleanupPeriodDays`. Telemetry, error reporting, and `/feedback` send data off-machine on the Anthropic API by default; disable with `DISABLE_TELEMETRY`, `DISABLE_ERROR_REPORTING`, `DISABLE_FEEDBACK_COMMAND`, or `CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC`. Zero Data Retention is not part of the standard Enterprise plan—it requires separate Anthropic enablement and disables features such as Claude Code on the web and `/feedback`. | ✓Claude Code runs agentic Bash and file edits in your environment; it requests permission for non-read-only actions, but you are responsible for reviewing proposed commands and code before approval. In regulated environments, run it in sandboxed or containerized contexts and avoid granting blanket allowlists. | ✓ZDR policy does not eliminate local repository risk—developers can still commit secrets; pair ZDR with secret scanning and MCP review. Third-party MCP servers may retain data outside Claude Code ZDR guarantees; block or review them explicitly. Do not assume analytics dashboards are ZDR-compatible without verifying their data collection scope. |
| Privacy notes | ✓PHI-sensitive: transcripts saved locally in plaintext may contain prompt and file content; control them via `cleanupPeriodDays` and disk-level protections. Under commercial terms (Team/Enterprise/API) Anthropic does not train models on Claude Code prompts unless you opt in to the Development Partner Program; consumer plans may be used for training when the setting is on. `/feedback` transcripts are retained for up to 5 years; standard commercial retention is 30 days; consumer retention is 30 days or 5 years depending on the training setting. | ✓Financial-data prompts and outputs leave the machine over TLS to your model provider. Standard commercial retention is 30 days; Zero Data Retention is a separate per-org enablement. Transcripts also cache locally in plaintext under ~/.claude/projects/. Confirm provider, retention, and telemetry settings first. | ✓Document which subsystems may temporarily process prompts for abuse prevention versus training exclusions under ZDR. Map cross-border data flows if developers connect from multiple regions. Maintain records of ZDR verification dates and responsible owners for audits. |
| Prerequisites |
| — none listed |
|
| Install | — | — | — |
| Config | — | — | — |
| Citations | |||
| Claim | Unclaimed | Unclaimed | Unclaimed |
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.