Retention questions arrive from two directions at once: privacy teams asking "why are we still holding this?" and audit teams asking "why can't we produce that?" Answering both requires separating what the platform retains — governed by its documented policies and your contract — from what you retain in your own logs and traces, which is entirely your decision. This article covers the platform side with documented figures and the your-side with recommended practice. Jurisdiction-specific obligations are for your legal team; nothing here is a regulatory conclusion.
What Anthropic retains on the Claude API
Anthropic's stated default for the Claude API is to "automatically delete inputs and outputs on our backend within 30 days of receipt or generation," and its documentation states that conversation content is not retained by default for API features — where a feature requires storage, data is purged on the shortest practical TTL. Retained data is never used for model training without your express permission. The documented exceptions are worth knowing verbatim-adjacent:
| Data | Documented retention |
|---|---|
| API inputs and outputs (default) | Deleted within 30 days |
| Content flagged as a Usage Policy violation | Up to 2 years; trust-and-safety classification scores up to 7 years |
| Explicitly submitted feedback | Up to 5 years |
| Message Batches API data | 29 days |
| Code execution container data | Up to 30 days |
| Files API files | Until explicitly deleted |
| Managed Agents session transcripts | Persist until you delete them |
| Compliance API Activity Feed | 6 years |
Two rows deserve a highlight: Files API files and Managed Agents transcripts do not age out — deletion is an action you must take. If you use those features, put their cleanup in your offboarding and decommissioning checklists.
Zero data retention, and its documented edges
For stricter needs, Anthropic offers zero data retention (ZDR): customer data is not stored at rest after the API response is returned, except where needed to comply with law or combat misuse. ZDR is a contractual arrangement made through your Anthropic account team, not a console toggle, and it has documented edges. It covers the Messages and Token Counting APIs (and Claude Code under qualifying setups), but not Console/Workbench usage, Managed Agents, consumer plans, or third-party integrations. Fundamentally stateful features — the Batch API, Files API, code execution, skills, the MCP connector, Managed Agents — are ZDR-ineligible; using one is, in the documentation's words, "a choice to step outside your ZDR arrangement for that specific data." Prompt caching, by contrast, is ZDR-eligible. And even under ZDR, content flagged for a Usage Policy violation may be retained up to 2 years.
Model choice interacts with retention too: Claude Fable 5 and Claude Mythos 5 are designated Covered Models requiring 30-day retention — ZDR is not available for them, and requests from a non-conforming organization return a 400 invalid_request_error. ZDR organizations can enable 30-day retention on a single workspace (Console > Settings > Workspaces > Privacy controls) to use those models there while other workspaces keep ZDR.
The 3P difference
Claude Platform on AWS is documented as following the same retention policy as the first-party Claude API, with ZDR available on request. On Amazon Bedrock and Google Cloud, however, the cloud provider is the data processor — you consult those platforms' retention and compliance documentation for their equivalent controls, and retained data (including the 30-day requirement for Covered Models) stays within your cloud provider's environment. Practically: your retention register should record, per integration, which platform it uses and whose policy therefore governs.
Your own logs: decide, document, delete
None of the above touches the copies you make yourself — application logs, traces, analytics events. Recommended practice: set an explicit retention period per log class (full prompt/response content shortest; content-free metadata longest), separate content from metadata so audit needs don't force you to keep payloads, automate deletion with your storage platform's lifecycle rules rather than relying on manual cleanup, and document the schedule so you can show it to an auditor. Managing prompt and response logs covers the design in depth.
Where to go next
See data classification for deciding what enters prompts at all, and compliance inheritance for how the cloud platforms' postures apply.