Does Anthropic Train on My API Data?
No. Anthropic's default policy is that it does not train its models on data submitted through the API. This applies to Claude API customers, including businesses using Claude via AWS Bedrock or direct API access, unless you've explicitly opted in to data sharing.
Why businesses ask this before deploying Claude
If you're sending customer records, intake forms, support tickets, or any sensitive business data through the Claude API, you need to know whether that data feeds back into Anthropic's training pipeline. This isn't a paranoid question. It's a reasonable due-diligence question with real compliance implications, especially for healthcare, finance, and legal use cases.
The concern is valid because consumer-facing products (like Claude.ai) do use conversations to improve models by default. API usage is a different track with different rules, and the distinction matters.
What Anthropic's policy actually says
Anthropic's usage policy states clearly that it does not train on API inputs and outputs by default. If you're a paying API customer sending prompts and receiving completions, that data is not used to retrain Claude unless you've explicitly agreed to a data-sharing arrangement.
AWS Bedrock adds another layer of separation. When you access Claude through Bedrock, AWS's infrastructure handles the request, and Amazon's own data protection terms apply on top of Anthropic's. Neither Amazon nor Anthropic trains on your Bedrock prompts by default.
That said, 'by default' is doing real work in that sentence. Anthropic retains API data for a limited period for trust, safety, and abuse monitoring. They can review conversations flagged by automated systems. This is standard practice across every major AI provider, and it's not training, but it does mean your data isn't in a sealed vault either.
When the answer changes
If you use Claude.ai (the consumer product) rather than the API, the default flips. Claude.ai conversations can be used to improve Anthropic's models unless you turn off that setting in your account preferences. Many businesses accidentally use Claude.ai instead of the API, which is a meaningful policy difference.
For HIPAA-regulated work, the data retention question becomes more pointed. Anthropic does offer a Business Associate Agreement for qualifying customers, but 'qualifying' involves contract terms worth reading carefully. If you're handling PHI and need a signed BAA with confirmed zero-retention commitments, a fully private deployment on your own infrastructure is the safer path.
How we handle this at Usmart
For clients in healthcare, finance, or any sector where data residency matters, we don't build on top of public API endpoints. We deploy private LLM instances using models like Llama 3.1 on the client's own cloud environment. Your data never leaves your infrastructure, there's no shared training pipeline to worry about, and we sign BAAs as part of the engagement for HIPAA-covered clients.
If the Claude API is the right fit for your use case and compliance posture, we'll tell you that directly. But 'Anthropic says they don't train on it by default' is a different level of assurance than 'the model runs on your servers and the data never leaves.' For clients where the distinction matters, we build the latter.
Ready to see it working for your business?
Book a free 30-minute strategy call. We will scope your use case and give you honest numbers on timeline, cost, and ROI.