claude cowork Privacy Policy - How We Handle Your Data

Last updated: June 6, 2026  | Effective date: June 6, 2026

This Privacy Policy describes how claude cowork ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use the claude cowork desktop application and related services (the "Service"). claude cowork is a desktop AI assistant built on Anthropic's Claude AI engine. By downloading, installing, or using claude cowork, you agree to the practices described in this policy.

1. Information We Collect

1.1 Personal Information You Provide

When you create a claude cowork account, upgrade to a paid plan, or contact our support team, we may collect the following personal information:

  • Full name and email address
  • Billing information (processed securely via Stripe - we do not store credit card numbers directly)
  • Organization name (for Team and Enterprise plans)
  • Support correspondence and feedback submissions

1.2 Usage Data and Telemetry

claude cowork collects anonymized usage data to improve the Service. This telemetry includes:

  • Application version and operating system type (Windows or macOS)
  • Feature usage frequency (which tools and skills are invoked)
  • Performance metrics (response latency, error rates, memory usage)
  • Crash reports and diagnostic logs (automatically stripped of personal content)

You may disable telemetry collection at any time via Settings > Privacy > Disable Analytics within the claude cowork application.

1.3 Device Information

We collect basic device information necessary for delivering the Service:

  • Operating system version and architecture (64-bit, ARM64)
  • Display resolution and scale factor
  • Available memory and disk space (for compatibility checks only)
  • Unique device identifier (generated locally, not linked to hardware IDs)

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve the claude cowork desktop application
  • Account Management: To process registrations, manage subscriptions, and handle billing
  • Customer Support: To respond to support requests and resolve technical issues
  • Product Improvement: To analyze usage patterns and optimize features, performance, and stability
  • Security: To detect, prevent, and address fraud, abuse, and security vulnerabilities
  • Communications: To send critical service updates, security notices, and (with your consent) product announcements

3. Anthropic API Data Flows

claude cowork processes your AI requests by sending prompts to Anthropic's Claude API. It is important to understand how your data flows during AI processing:

  • What is sent: The text of your prompt, relevant file content you've shared with claude cowork, and screen context (if you've enabled screen awareness) are transmitted to Anthropic's servers for processing
  • What is NOT sent: Your full file system is never transmitted. Only content you explicitly invoke claude cowork on is included in API requests
  • Anthropic's data policy: Anthropic does not use API inputs or outputs to train their models. Refer to Anthropic's Privacy Policy for their complete data handling practices
  • Retention: API request logs are retained by Anthropic for up to 30 days for abuse detection, then permanently deleted
  • Encryption: All data in transit between claude cowork and Anthropic's API is encrypted via TLS 1.3

4. Data Retention Schedule

We retain your data according to the following schedule:

  • Account data: Retained for the duration of your account, plus 90 days after deletion request
  • Billing records: Retained for 7 years to comply with tax and accounting regulations
  • Usage telemetry: Anonymized and aggregated after 12 months; raw telemetry deleted after 24 months
  • Support correspondence: Retained for 3 years after last interaction
  • Crash reports: Deleted after 6 months
  • Local application data: Stored exclusively on your device; never uploaded unless you explicitly share it

5. Your Rights Under GDPR and CCPA

Depending on your jurisdiction, you may have the following rights regarding your personal data:

5.1 Rights Under GDPR (European Economic Area)

  • Right of Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Restrict Processing: Limit how we use your data
  • Right to Object: Object to processing based on legitimate interests or direct marketing

5.2 Rights Under CCPA (California Residents)

  • Right to Know: Request information about what personal data we collect, use, and disclose
  • Right to Delete: Request deletion of personal data we have collected
  • Right to Non-Discrimination: Exercise your privacy rights without receiving discriminatory treatment
  • Right to Opt-Out: Opt out of the sale or sharing of personal information (note: we do not sell personal data)

To exercise any of these rights, contact us at privacy@thecoworkai.com or visit the contact page. We will respond to all requests within 30 days.

6. Cookie Policy

The claude cowork desktop application does not use cookies. Our website (thecoworkai.com) uses the following cookies:

  • Essential cookies: Required for website functionality, session management, and security
  • Analytics cookies: Used by Vercel Analytics and Microsoft Clarity to understand website usage patterns (anonymized)
  • Preference cookies: Store your language and theme preferences

We do not use advertising cookies or share cookie data with third-party advertisers. You can manage cookie preferences through your browser settings at any time.

7. Third-Party Services

claude cowork integrates with or uses the following third-party services:

  • Anthropic: AI model inference and API processing (Privacy Policy)
  • Stripe: Payment processing for paid subscriptions
  • Vercel: Website hosting and analytics
  • Microsoft Clarity: Website heatmap and behavior analytics (anonymized)

Each third-party service has its own privacy policy governing their data practices. We recommend reviewing these policies independently.

8. Data Security

We implement industry-standard security measures to protect your data:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for stored credentials and sensitive configuration data
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance for our infrastructure
  • Role-based access controls for employee access to user data

9. Children's Privacy

claude cowork is not intended for use by individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@thecoworkai.com.

10. International Data Transfers

Your data may be processed in the United States, where Anthropic's servers are located. For users in the European Economic Area, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for such transfers. We ensure that all international transfers of personal data comply with applicable data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on this page with a revised "Last updated" date
  • Sending an in-app notification within claude cowork
  • Emailing registered users for significant policy changes

We encourage you to review this page periodically for the latest information on our privacy practices.

12. Contact Information

If you have questions about this Privacy Policy or wish to exercise your data protection rights, you can reach us at:

For EU-specific inquiries, you may also lodge a complaint with your local supervisory authority.