Security & Privacy Deep Dive

Your Claude Account Setup

⚠️ FIRST: Review your data privacy controls

Go to claude.ai/settings/data-privacy-controls
Choose whether your data can be used to improve Claude models (this applies to Claude Code when you sign in)

Consumer accounts (Free, Pro, and Max) per Claude Code data usage docs:

If you allow data use for model improvement, retention can be up to 5 years
If you do not allow it, retention is 30 days

Commercial accounts (Team, Enterprise, API) have different policies and typically are not used for training unless you opt in. See Claude Code data usage for details.

Plan details vary: Usage limits and features depend on your plan; check your account settings for current limits.

Understanding the Data Flow

┌─────────────────────────────────────────┐
│ YOUR COMPUTER (macOS)                   │
│                                         │
│  Terminal → Claude CLI                  │
│       ↓                                 │
│  Reads your files locally               │
│       ↓                                 │
│  Sends context to →                     │
└─────────────────────┬───────────────────┘
                      │
                      ↓ (HTTPS - encrypted)
         ┌────────────────────────┐
         │ ANTHROPIC'S SERVERS    │
         │                        │
         │ Claude processes       │
         │ Returns response       │
         └────────────────────────┘
                      ↓
         ┌────────────────────────┐
         │ BACK TO YOUR COMPUTER  │
         │                        │
         │ Creates/modifies files │
         │ ALL LOCAL              │
        └────────────────────────┘

Important detail from the data usage docs: Claude Code runs locally, but prompts and model outputs are sent over the network to Anthropic services. Data is encrypted in transit via TLS and is not encrypted at rest.

The trade-off:

Cloud dependency: Needs internet, sends your code to Anthropic’s API
Privacy level: Governed by your plan and data privacy controls (see data usage docs)
Alternative: Some tools (e.g., Cursor) offer privacy modes; verify their current policies

Sandboxing & Safeguards

What is sandboxing?

Think of it like giving someone keys to ONE room in your house, not the whole house:

They can rearrange furniture in that room (modify project files)
They can’t wander into your bedroom (access personal files elsewhere)
They definitely can’t knock down walls (mess with system files)

The program runs in a restricted environment where it can’t:

Delete your entire hard drive
Access files outside its designated area
Install malware
Mess with system files

Claude Code’s approach:

1. **Working directory:** It operates in folders you explicitly navigate to

2. **Permission model:** macOS security prompts when accessing sensitive areas

3. **Git integration:** Version control = undo button for any changes

4. **You're always in the loop:** It shows you what it's doing before executing

Best practices:

# Create a sandbox folder for experiments
mkdir ~/claude-projects
cd ~/claude-projects

# Or use version control
git init my-new-project
cd my-new-project
claude

Pro tip: Start projects in a dedicated folder. If things go sideways, you can delete the whole folder. Your real files elsewhere stay safe.