Claude ZDR: Zero Data Retention for Enterprise and Claude Code
Is Claude ZDR available?
Yes, but only on qualified enterprise paths. Claude ZDR is available for eligible Anthropic API usage and for Claude Code on Claude Enterprise when ZDR is enabled for the organization. It does not apply to standard Claude Team or Claude Enterprise chat interfaces.
- Claude ZDR covers eligible API usage and Claude Code on qualified Enterprise organizations.
- Standard Claude Team and Claude Enterprise product interfaces are not ZDR-eligible.
- Commercial Claude Code defaults to 30-day retention unless your organization is separately approved for ZDR.
- ZDR reduces storage risk, but it does not replace the DPA, SCCs, or EU hosting analysis.
Claude ZDR is available, but only on qualified enterprise paths. The short procurement answer is this: Claude Zero Data Retention applies to eligible Anthropic API usage and to Claude Code on Claude Enterprise when ZDR is enabled for the organization. It does not apply to the standard Claude Team or Claude Enterprise chat interfaces, and it is not included automatically just because a company bought an Enterprise plan.
That distinction matters for German buyers searching claude zdr, anthropic zdr, or claude zero data retention. In most real reviews, the question is not “Does Anthropic mention ZDR somewhere?” but which exact product path gets it, what remains excluded, and what other GDPR controls still have to be in place. This page answers that question directly and keeps the broader privacy analysis secondary.
This article is general information, not legal advice for a specific deployment. For the contract layer, start with our Anthropic DPA. For the location question, see Claude EU hosting. For the broader rollout review, see Claude Enterprise GDPR, Claude Code GDPR, and our Claude Enterprise guide.
Short verdict: who can get Claude ZDR and who cannot
The cleanest way to read Claude ZDR in 2026 is to separate the product path from the contract label.
| Product path | Claude ZDR available? | What matters |
|---|---|---|
| Claude API with eligible commercial organization API keys | Yes | ZDR applies only to eligible APIs and qualified organizations |
| Claude Code on Claude Enterprise | Yes, if enabled | ZDR must be enabled for the organization; not standard by default |
| Claude Enterprise chat interface | No | Standard product interface is not ZDR-eligible |
| Claude Team interface | No | Team is commercial, but the interface is not ZDR-eligible |
| claude.ai Pro / Free / Max | No | Consumer plans are outside ZDR scope |
That table is the answer most searchers want. If your company is using the direct Claude chat product, buying Claude Enterprise does not by itself create a ZDR deployment. If your company is using Claude Code or the Anthropic API on an approved enterprise path, ZDR may be available.
This is also why the search terms anthropic zdr and claude enterprise zdr can be misleading. The decisive point is not the vendor name or plan name alone. The decisive point is which interface or API path you are actually using.
Does Claude ZDR apply to Claude Enterprise, Claude Code, or only the API?
The official Anthropic documentation now makes this split much clearer than many older explainers did.
For the API: ZDR applies to eligible Claude APIs. Anthropic’s current platform documentation specifically lists the Messages API and Token Counting API as covered.
For Claude Code: ZDR can apply, but only on the qualified enterprise path. Anthropic’s current privacy and Claude Code documentation say ZDR is available for Claude Code on Enterprise plans and is enabled per organization after eligibility review. That means a company should confirm the scope in writing during procurement, especially if multiple Anthropic organizations exist internally.
For the standard Enterprise chat product: No. Anthropic says the Claude Team and Claude Enterprise product interfaces are not ZDR-eligible, except for Claude Code when used through Claude Enterprise with ZDR enabled for the organization.
This creates the most important extractable answer on the page:
Does Claude ZDR apply to Claude Code? Yes, if your Claude Enterprise organization is separately approved and configured for ZDR. Does it apply to the ordinary Claude Enterprise chat interface? No.
That answer should drive both search snippet copy and internal procurement notes.
What Claude ZDR covers and what Anthropic may still retain
Zero Data Retention means Anthropic does not store covered customer data at rest after the API response is returned, except where retention is needed for legal compliance or misuse prevention. For German privacy teams, that is useful because it narrows the storage footprint substantially. But it is not the same as “nothing is ever kept anywhere under any circumstance.”
Three boundaries matter:
- ZDR is feature-scoped. It applies only to the eligible product paths described above.
- ZDR is organization-scoped. Anthropic applies it per organization, not as a universal account toggle across every setup you might have.
- ZDR is not absolute. Anthropic states that data may still be retained where needed to comply with law or combat misuse or harm, and that User Safety classifier results are still retained.
Anthropic’s platform docs also add an important nuance that procurement teams should not miss: some model or feature combinations still require retention. Anthropic documents model-specific retention requirements for certain covered models, and organizations with a ZDR arrangement may need workspace-level configuration if they want to use those models while keeping ZDR elsewhere.
That is why the right legal question is not “Do we have ZDR, yes or no?” The better question is:
- Which interfaces are in scope?
- Which models are in scope?
- Which organizations are in scope?
- What exceptions remain?
If a buyer does not document those four answers, the internal understanding of claude zdr is usually too vague to support a real data-protection sign-off.
Claude ZDR vs DPA / AVV vs SCCs vs EU data residency
Companies often collapse four separate controls into one. That is a mistake.
| Control | What it answers | Why it still matters with ZDR |
|---|---|---|
| ZDR | Is covered data stored after the response? | Helps with storage limitation and data minimization |
| DPA / AVV | What is the processor contract under Article 28 GDPR? | Still required for processor use cases |
| SCCs | What is the transfer mechanism for third-country processing? | Still relevant if data reaches US-based infrastructure |
| EU data residency | Where is the processing and storage geographically anchored? | Still relevant if your contracts or sector rules require EU-only handling |
ZDR does not replace the DPA or AVV. If Anthropic processes personal data on your behalf, you still need the Article 28 GDPR contract layer. Review our Anthropic DPA guide for that question.
ZDR does not replace SCCs. If the deployment still involves processing through US-based infrastructure, the Chapter V transfer analysis remains relevant.
ZDR does not create EU hosting. A company that needs EU-only architecture must still work through the deployment path separately. That is the topic of our Claude EU hosting guide.
For German buyers, this distinction is often the practical difference between a defensible internal memo and a confused one.
How to request Claude ZDR during procurement
Anthropic does not present Claude ZDR as a generic self-serve setting for every plan. The current documentation points to an account-team or sales process and says requests are reviewed per organization.
In practice, a serious procurement workflow should do at least these six things:
- State the requirement early. Tell Anthropic that
Claude ZDRis a formal procurement requirement, not just a nice-to-have privacy feature. - Name the intended path. Clarify whether the company needs ZDR for the Anthropic API, for Claude Code on Enterprise, or both.
- Confirm organizational scope. If your company has multiple Anthropic organizations, confirm which ones are covered.
- Confirm feature and model scope. Ask which APIs, models, and product surfaces are in scope and which require exceptions or retained-data overrides.
- Check the fallback retention position. If ZDR is not approved for a workflow, document the default retention rule that will apply instead.
- Mirror the answer internally. Update your RoPA, rollout memo, and internal AI policy so engineering, privacy, and procurement teams work from the same assumptions.
If the deployment includes Claude Code, ask the question in extractable terms: “Is ZDR enabled for Claude Code in our organization, and if so, does that change server-side retention only, or are there local client artifacts we still need to manage?” That matters because Anthropic’s current Claude Code documentation separately states that commercial users otherwise have 30-day retention and that Claude Code clients keep local plaintext session transcripts for 30 days by default unless the cleanup period is changed.
When ZDR is the wrong question and EU hosting matters more
Some buyers over-focus on the term zero data retention because it sounds like the strongest possible privacy control. In many German and DACH workflows, the first decisive question is actually where processing occurs, not only whether prompts are stored afterward.
ZDR is usually the right lead question when the concern is:
- storage limitation under Article 5(1)(e) GDPR
- minimizing vendor-side retention of prompts and outputs
- highly confidential but not EU-localization-mandated workflows
- internal policy rules against persistent vendor storage
EU hosting is usually the more important lead question when the concern is:
- contractual EU-only data handling requirements
- public-sector or regulated-industry procurement
- professional-secrecy workflows where third-country exposure is the central issue
- customer commitments tied to geography rather than only retention
The two controls can be combined. A company may want ZDR for storage minimization and a separate EU-hosted architecture for localization. But they should not be treated as interchangeable.
If your real question is location rather than retention, start with Claude EU hosting. If your real question is the broader controller-processor and rollout analysis, go to Claude Enterprise GDPR. If the workflow is developer-facing, review Claude Code GDPR together with this page because the local transcript cache changes the practical risk picture.
Frequently asked questions
Is Claude ZDR available?
Yes, but only on qualified enterprise paths. Anthropic’s current docs say ZDR applies to eligible Anthropic APIs and to Claude Code when used with commercial organization API keys or through Claude Enterprise with ZDR enabled for the organization.
Does Claude ZDR apply to Claude Enterprise?
Not to the standard Claude Enterprise chat interface. Anthropic says Team and Enterprise product interfaces are not ZDR-eligible, except for Claude Code when the Enterprise organization has ZDR enabled.
Does Claude ZDR apply to Claude Code?
Yes, on the qualified enterprise path. Anthropic’s current Claude Code docs say commercial users otherwise have standard 30-day retention, while ZDR for Claude Code is enabled on a per-organization basis after eligibility confirmation.
What does Claude ZDR still not cover?
It does not cover Console or Workbench usage, consumer plans such as Free, Pro, or Max, or the standard Team and Enterprise product interfaces. Anthropic also documents model-specific cases where limited retention is still required.
Does Claude ZDR replace the DPA or AVV?
No. ZDR narrows retention; it does not create the Article 28 GDPR processor contract. Companies still need the DPA or AVV, transfer review, and internal governance.
Can Claude ZDR be combined with EU hosting?
Yes. ZDR addresses storage after response; EU hosting addresses geography. Many regulated buyers need both answers documented separately.
How do we request Claude ZDR?
Through Anthropic’s enterprise process. Anthropic says requests are reviewed and applied on a per-organization basis, so companies should confirm the exact scope before rollout.
Need a Claude ZDR procurement review?
Compound Law advises companies, startups, and legal teams in Germany on AI procurement, GDPR, commercial contracts, employment law, and AI governance. If your organization needs a deployment-specific review of Claude ZDR, the Anthropic DPA, or the split between retention, transfer, and hosting controls, contact us.