TL;DR
- Verify whether model-improvement training is opt-in or default for Claude Code.
- Confirm retention for deleted chats or logs and whether data can be used for training.
- Ensure your access path is officially supported for this plan.
Scope
This page covers terms you should verify for Claude Code. It is a snapshot checklist, not legal advice.
How to use this page
- Confirm you are using Claude Code via an official install.
- Work through the checklist and capture the current policy date.
- Re-check monthly or after any policy update.
- Return to the Claude terms hub for plan comparisons.
What changed recently
- February 2026: Anthropic published
code.claude.com/docs/en/legal-and-complianceformally documenting OAuth restrictions. The Agent SDK is explicitly named — consumer tokens cannot be used even with Anthropic’s own agentic tooling. “Without prior notice” enforcement is now a written contractual right. - January 9, 2026: Technical enforcement blocked third-party OAuth harnesses (OpenCode, Roo Code, etc.).
See Anthropic’s OAuth Policy, Now in Writing for full analysis of the February documentation, and /posts/anthropic-tos-changes-2025/ for the January enforcement timeline.
Terms snapshot checklist (as of Feb 2026)
Training use: Model-improvement is pre-checked by default for Claude Code sessions. Users must disable training in account settings to opt out.
Retention:
- If training enabled: Up to 5 years retention in de-identified form
- If training disabled: Logs removed within 30 days
- Incognito mode: Excluded from training
Third-party access (formally documented Feb 2026):
- OAuth tokens are personal-use only. Explicitly prohibited in any third-party tool, service, or product — including Anthropic’s own Agent SDK.
- The exact policy language: “Using OAuth tokens obtained through Claude Free, Pro, or Max accounts in any other product, tool, or service — including the Agent SDK — is not permitted and constitutes a violation of the Consumer Terms of Service.”
- Enforcement is unilateral and contractually without required prior notice.
- Safe path: Official Claude Code CLI + Claude.ai only (OAuth); or API keys from Claude Console (commercial, developer use)
- Blocked: OpenCode, Roo Code, Cursor in harness configuration, or any tool routing consumer OAuth tokens
Data export/deletion: Conversation export via Claude.ai interface covers Claude Code sessions.
Enterprise/DPA: Available for organizations using Claude Code via commercial API or enterprise plans.
Evidence / signals
- Official Terms of Service and Privacy Policy.
- Claude Code documentation defining supported access paths.
- Account settings that show model-improvement toggles.
How to verify
- Read the current Privacy Policy and Terms of Service.
- Check account settings for model-improvement toggles.
- Confirm official client lists and API documentation.
If you already shared data
- Review current settings and disable training if needed.
- Rotate keys or revoke access for unofficial tools.
- Document what data was shared and when.
What would invalidate this
Any new policy effective date, plan change, or terms update should replace this checklist.
Terms deltas (auto)
Verified deltas vs baseline
No verified deltas yet.
Potential deltas to verify
No pending deltas detected.
Terms snapshot
| Field | Value | Status | Source |
|---|---|---|---|
| Training use | Consumer plans: model-improvement setting controls training (verify current policy). | needs_verification | /posts/anthropic-tos-changes-2025/ |
| Retention (deleted data) | Consumer plans: deleted chats removed within ~30 days when training is disabled (verify). | needs_verification | /posts/anthropic-tos-changes-2025/ |
| Retention (training data) | Consumer plans: training data may be retained up to 5 years if enabled (verify). | needs_verification | /posts/anthropic-tos-changes-2025/ |
| Third-party access | Official clients only; unofficial access may be blocked (verify). | needs_verification | /posts/anthropic-tos-changes-2025/ |
| Official clients | Claude app/web, Claude Code, Anthropic API (verify current list). | needs_verification | /posts/anthropic-tos-changes-2025/ |
| Enterprise DPA | Ask sales/support if you require a DPA; availability unconfirmed. | unknown |
Related links
- Verification methodology
- Claude terms overview
- Anthropic policy claims
- Anthropic API client analysis
- Third-party access risk
- Anthropic TOS changes timeline
- Anthropic’s OAuth Policy, Now in Writing (Feb 2026)
- Claude vs OpenAI pricing
- /value/smart-spend/
Sources
- Anthropic Claude Code Legal and Compliance — primary source (Feb 2026): formal OAuth policy, Agent SDK carve-out, enforcement rights
- Anthropic Consumer Terms of Service — referenced by compliance page
- Claude Code Documentation
- Anthropic Privacy Center: Data retention
- VentureBeat: Anthropic cracks down on unauthorized usage