Ask an Australian business owner what stops them rolling out AI tools and data privacy comes up before cost. The question we hear most in discovery calls is a simple one: if my team puts client information into Claude, does Anthropic use it to train the model? The answer is clear, but it depends entirely on which kind of Claude account you're using, and the difference deserves five minutes of your attention before any client data goes near it.
The short answer
On Claude's business products, no. Anthropic's Commercial Terms prohibit the use of your data for model training. That covers the Claude API, Claude Team and Enterprise plans, and Claude deployed through Amazon Bedrock, Google Vertex AI or Microsoft Foundry. Your prompts and Claude's responses are defined as your Customer Content: you own them, and Anthropic acts as a data processor on your instructions.
On consumer accounts, meaning the Free, Pro and Max plans individuals sign up for, the answer is: only if you allow it. Since late 2025, consumer users make an explicit choice about whether their chats can be used to improve future models. If you allow it, data retention extends to five years. If you decline, the standard 30-day retention applies. Deleted conversations are excluded from training either way.
Consumer vs commercial: the distinction that matters
This split catches out a lot of Australian small businesses, because many of them start exactly the same way: someone signs up for a personal Pro subscription, it proves useful, and within a month three staff are pasting client work into it. Nothing sinister has happened, but the business is now running client data through accounts governed by consumer terms rather than commercial ones. Which plan you buy is a data governance decision, not just a billing one.
Claude API, Team and Enterprise: your data is never used for training. This is a contractual commitment, not a setting someone can flick off.
Bedrock, Vertex AI and Foundry deployments: covered by the same commercial protections, with the added benefit that traffic stays inside your own cloud account boundary.
Consumer Free, Pro and Max: training happens only if the account holder switches on the model improvement setting. Check it, because every user was asked to make the choice.
Deleted chats: excluded from training on every plan, though data already incorporated into a trained model cannot be pulled back out.
If your team is doing client work on personal accounts today, the immediate fix is to check that setting on each account. The durable fix is moving to a Team plan, where the question is answered by contract and you get centralised billing and admin controls in the same move.
What happens to your data on business plans
Not being trained on is only half the story; the other half is retention and access. By default, API inputs and outputs are retained for 30 days for operational and abuse-detection purposes, then deleted. Enterprise customers can go further with Zero Data Retention for eligible API features. Content flagged by Anthropic's safety classifiers can be held longer for abuse prevention, which is standard practice across the major providers.
On the security side, data is encrypted in transit with TLS 1.3 and at rest with AES-256. Anthropic holds SOC 2 Type II, ISO/IEC 27001 and ISO/IEC 42001 certifications, and its staff cannot read customer conversations outside narrow, audited circumstances such as explicit feedback consent or safety enforcement.
Where the data lives: the Australian angle
Anthropic's direct API processes data primarily in the United States. For many Australian businesses that's workable under the Privacy Act, provided APP 8's cross-border disclosure requirements are handled properly in your privacy policy and contracts. But if you're in health, legal or financial services, or you sell to enterprise and government clients who ask hard questions, there's a local option: Claude runs on Amazon Bedrock in Sydney (ap-southeast-2), keeping inference in-region on AWS's IRAP-assessed infrastructure.
The residency decision deserves to be made early because it shapes everything downstream: which surface you build on, how logging works and what your client-facing privacy wording says. Retrofitting it later is possible but tedious.
A five-minute checklist before you commit
Identify every Claude account your business actually uses, including the personal ones nobody mentioned.
On any consumer account touching work data, review the model improvement setting and switch it off if that's your policy.
Decide whether you need Australian data residency, and if so plan for Bedrock in Sydney rather than the direct API.
Update your privacy policy and client engagement terms to reflect AI tool usage, which the Privacy Act expects of you anyway.
Nominate one person to own AI account admin: onboarding, off-boarding and the settings above.
What getting this right costs
Less than most owners expect. For a small Australian firm, a properly configured Claude Team setup, with the data-handling settings verified, permissions scoped and staff briefed on what can and can't go into which account, is a fixed-fee engagement. We charge $3,500 for a standard setup and the governance configuration described in this article is part of the job, not an add-on. Compare that with the cost of explaining to a client, or to the OAIC, why their files went through a personal account with training enabled.
If you want a straight answer on whether your current Claude usage is configured safely, book a short call with us and we'll walk through it together.



