Module 09 · Lesson 04

Data, Confidentiality, and What Never Goes Into Claude

Reading time: 17 minutes Track: Claude Fluency for Teams · Required for all learners

The data question every team needs to answer first

Before your team starts using Claude productively, you need a shared answer to one question: what data is and isn't appropriate to share with Claude?

Without a clear answer, you get one of two outcomes: people under-use Claude out of vague fear, or someone pastes something they shouldn't and you have a problem. Neither is acceptable. A clear policy removes the uncertainty.

The three-tier classification

Tier 1 — Never in Claude

Personal data subject to privacy law: names + contact details of individuals, health records, financial account data, social security numbers, government IDs. In most jurisdictions, processing this data with a third-party AI tool has specific legal requirements your organization needs to assess before allowing it.

Credentials and secrets: API keys, passwords, private keys, access tokens. These should never appear in any chat interface or prompt, full stop.

Highly sensitive IP: unreleased product roadmaps, M&A details pre-announcement, trade secrets where exposure would cause material harm.

Tier 2 — Use with judgment

Internal business data that isn't individually personal: revenue figures, headcount, internal strategy documents, customer names (company level, not individual). The question here is: what's your organization's risk tolerance for this data appearing in AI training or being accessed in a breach of the AI provider? Review your organization's AI usage policy and the provider's data handling terms.

Tier 3 — Freely usable

Public information: anything already public. Your own drafted documents before they contain sensitive specifics. Code that doesn't contain secrets. General business questions that don't reference specific confidential details.

The anonymization pattern

For cases where you need Claude's help but the data contains sensitive specifics, anonymize before pasting. Replace real names with placeholders ("Customer A," "Candidate 1"), replace specific numbers with rough ranges or dummy figures, strip contact details.

Example:

• Before: "Help me draft a follow-up to John Smith at Acme Corp who said our pricing at $47K was too high and mentioned they're also talking to Competitor X."
• After: "Help me draft a follow-up to a prospect who said our pricing was too high and mentioned they're evaluating a competitor. Our goal is to understand their budget constraints and keep the conversation open."

The anonymized version gets you equally useful output with zero data risk.

Claude.ai data handling basics

Claude.ai (Anthropic's consumer and team product) has specific data handling terms. As of this writing:

• Conversations on Claude.ai are not used to train models for paid API customers by default
• Anthropic employees may review conversations for safety and trust purposes
• Enterprise plans have enhanced data handling commitments

Always check your organization's current agreement with Anthropic and apply your internal data classification policy. This lesson provides a framework, not legal advice.

A practical decision rule

Before pasting anything into Claude, ask: "Would I be comfortable if this text appeared in a case study about a data handling failure?"

If yes, paste it. If no, either anonymize it first or reformulate the question without the sensitive specifics. In most cases, you can get 90% of the value without the sensitive data.