{"id":2941,"date":"2026-04-25T06:55:32","date_gmt":"2026-04-25T06:55:32","guid":{"rendered":"https:\/\/aiopsschool.com\/blog\/?p=2941"},"modified":"2026-04-25T06:55:32","modified_gmt":"2026-04-25T06:55:32","slug":"what-your-employer-can-see-on-claude-enterprise-a-complete-transparency-guide","status":"publish","type":"post","link":"https:\/\/aiopsschool.com\/blog\/what-your-employer-can-see-on-claude-enterprise-a-complete-transparency-guide\/","title":{"rendered":"What Your Employer Can See on Claude Enterprise: A Complete Transparency Guide"},"content":{"rendered":"\n<p>I&#8217;ll research this thoroughly for you. This is an important transparency question &#8211; understanding what your employer can see when you use Claude on an Enterprise plan is crucial for making informed decisions about how you use it.I have the pricing overview. Now let me dig into the actual admin\/visibility documentation &#8211; this is what really matters for your question.Excellent. I have very strong information. Let me get a few more critical details &#8211; specifically about the Compliance API and what data exports actually contain (this is the most important part for your transparency question).This is the key finding. Let me get one more critical piece &#8211; the Compliance API specifics and incognito chat behavior.This confirms the most important detail: the Compliance API allows pulling <strong>chat data and file content<\/strong> programmatically. Let me check on incognito chats and Claude for Work data privacy specifics.I now have a comprehensive picture. I have everything needed to give you a thorough, transparent answer. Let me put this together as a well-structured guide.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Complete Guide: What Your Employer Can See on Claude Enterprise<\/h1>\n\n\n\n<p>This is an important question, and the honest answer is: <strong>more than most employees realize<\/strong>. Here&#8217;s a complete breakdown so you can make informed decisions.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">The Bottom Line First<\/h2>\n\n\n\n<p>On the Claude Enterprise plan, your organization&#8217;s <strong>Primary Owner can access the full content of your chats, uploaded files, and projects<\/strong> \u2014 not just metadata. They can do this in three ways: data exports, audit logs (metadata only), and the Compliance API (full content, programmatically). Importantly, <strong>incognito chats are NOT hidden from your employer<\/strong> on Enterprise plans.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">What Features the Enterprise Plan Includes (Admin Side)<\/h2>\n\n\n\n<p>The Enterprise plan includes everything in Team plus the following admin\/security capabilities:<\/p>\n\n\n\n<p><strong>Identity &amp; access:<\/strong> SSO, SCIM provisioning, role-based access with fine-grained permissions, domain capture, IP allowlisting, and network-level access control.<\/p>\n\n\n\n<p><strong>Visibility &amp; monitoring:<\/strong> Usage analytics dashboard, audit logs, Compliance API, and the Analytics API.<\/p>\n\n\n\n<p><strong>Data control:<\/strong> Custom data retention controls, organization-wide skills deployment, Google Docs cataloging, admin controls for connectors, and HIPAA-ready offering.<\/p>\n\n\n\n<p><strong>Billing\/limits:<\/strong> User-level and org-level spend limits.<\/p>\n\n\n\n<p>By default on Team and Enterprise plans, <strong>your content is not used to train Claude&#8217;s models<\/strong> \u2014 that&#8217;s an important protection.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">The Three Levels of Visibility Your Employer Has<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Level 1: Aggregated Analytics (Always On)<\/h3>\n\n\n\n<p>Through the <strong>Analytics dashboard<\/strong> and <strong>Analytics API<\/strong>, admins automatically see:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Daily\/weekly\/monthly active users (WAU\/MAU)<\/li>\n\n\n\n<li>Per-user message counts, conversation counts, projects created, files uploaded, artifacts created<\/li>\n\n\n\n<li>Which skills and connectors each user uses<\/li>\n\n\n\n<li>Claude Code metrics (commits, pull requests, lines of code)<\/li>\n\n\n\n<li>Token consumption per user<\/li>\n\n\n\n<li>A &#8220;leaderboard&#8221; of top users by engagement<\/li>\n\n\n\n<li>Models being used<\/li>\n<\/ul>\n\n\n\n<p>This is <strong>per-user but content-free<\/strong>. Your manager can see <em>that<\/em> you sent 200 messages last week and used the Slack connector \u2014 not <em>what<\/em> you wrote. Administrators export per-user breakdowns including individual request counts, token consumption, and the primary model being utilized.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Level 2: Audit Logs (Enterprise Only)<\/h3>\n\n\n\n<p>Audit logs are available for Enterprise organizations only. Organization Owners and Primary Owners can export logs covering the past 180 days. Importantly, the title and content of chats and projects are NOT available in audit log exports \u2014 only their unique identifiers.<\/p>\n\n\n\n<p>So audit logs show events like: &#8220;User X created chat ID abc123 at 2:14pm&#8221; \u2014 but not the chat title or what&#8217;s inside it. Audit logs cover sign-ins, session events, file uploads\/downloads\/deletions, and similar metadata.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Level 3: Full Content Access \u2014 Data Exports &amp; Compliance API \u26a0\ufe0f<\/h3>\n\n\n\n<p><strong>This is the level most employees don&#8217;t know about.<\/strong><\/p>\n\n\n\n<p><strong>Data Exports:<\/strong> Primary Owners of Team and Enterprise plans can export organization data from Organization settings. Data exports include conversation data and the user data for the account.<\/p>\n\n\n\n<p>Your organization&#8217;s designated Primary Owner manages your Work account and all associated data. This includes the ability to request access to your user data through data exports, which may contain your conversations with Claude, uploaded files, and usage patterns.<\/p>\n\n\n\n<p><strong>Compliance API:<\/strong> Enterprise plan Primary Owners can enable the Compliance API. Creating a compliance access key allows pulling activity logs, chat data, and file content programmatically.<\/p>\n\n\n\n<p>This means a Primary Owner can build automated systems that continuously feed every chat and file into the company&#8217;s security\/compliance tools (Splunk, Datadog, etc.) in real time.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">The Incognito Chat Trap \u2014 Read This Carefully<\/h2>\n\n\n\n<p>Many employees assume incognito = private from the employer. <strong>It does not.<\/strong><\/p>\n\n\n\n<p>If you&#8217;re using incognito chats on a Team or Enterprise plan: Incognito chats are included in organizational data exports available to account Owners. While incognito chats aren&#8217;t saved to your chat history, they are retained for 30 days, or longer in accordance with your organization&#8217;s custom data retention setting.<\/p>\n\n\n\n<p>Incognito chats don&#8217;t contribute to memory and aren&#8217;t visible in users&#8217; chat histories, but they remain available to Owners through data export features and are subject to your existing data retention policies.<\/p>\n\n\n\n<p>What incognito <em>does<\/em> do:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Hides the chat from <strong>your own<\/strong> sidebar\/history<\/li>\n\n\n\n<li>Prevents the chat from feeding Claude&#8217;s memory feature<\/li>\n\n\n\n<li>Won&#8217;t appear when Claude searches your past conversations<\/li>\n<\/ul>\n\n\n\n<p>What incognito does <strong>NOT<\/strong> do on Enterprise:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Hide content from your employer&#8217;s exports<\/li>\n\n\n\n<li>Hide content from the Compliance API<\/li>\n\n\n\n<li>Delete the chat immediately (it&#8217;s retained at least 30 days)<\/li>\n<\/ul>\n\n\n\n<p>Think of incognito as &#8220;hidden from me,&#8221; not &#8220;hidden from my company.&#8221;<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">What This Means for Your Day-to-Day Decisions<\/h2>\n\n\n\n<p>Here&#8217;s a practical framework for what to consider before typing things into Claude on your work account:<\/p>\n\n\n\n<p><strong>Generally safe to use Claude for at work:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Any work-related task within your normal job responsibilities<\/li>\n\n\n\n<li>Drafting work documents, code, emails, analyses<\/li>\n\n\n\n<li>Research on work-related topics<\/li>\n\n\n\n<li>Brainstorming work projects<\/li>\n\n\n\n<li>Learning skills relevant to your role<\/li>\n<\/ul>\n\n\n\n<p><strong>Think carefully before using Claude at work for:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Personal matters (resume drafts for new jobs, personal finances, medical questions, relationship issues, legal matters)<\/li>\n\n\n\n<li>Venting or complaints about colleagues, managers, or the company<\/li>\n\n\n\n<li>Anything you wouldn&#8217;t want surfaced in an HR or legal investigation<\/li>\n\n\n\n<li>Confidential information about <em>other<\/em> people (their salaries, performance, personal details)<\/li>\n\n\n\n<li>Side projects, freelance work, or anything outside scope of employment<\/li>\n\n\n\n<li>Job hunting, interview prep, negotiation strategies<\/li>\n<\/ul>\n\n\n\n<p><strong>Never assume privacy for:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Incognito chats (still visible to admins)<\/li>\n\n\n\n<li>&#8220;Deleted&#8221; chats (may already be in exports\/Compliance API stream; deletions only affect exports initiated <em>after<\/em> the deletion)<\/li>\n\n\n\n<li>Conversations you think are too small to matter (the export captures everything)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Key Principles to Remember<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Treat Claude Enterprise like work email.<\/strong> Same expectation of privacy. Your employer paid for it, owns the account, and has legal\/contractual rights to the data.<\/li>\n\n\n\n<li><strong>The risk is not active surveillance \u2014 it&#8217;s discoverability.<\/strong> Your manager can&#8217;t peek at your chats during lunch. But if your company&#8217;s Primary Owner submits an export request, your conversation history and any files you uploaded could be included in that data package. The danger is when something triggers a review (legal hold, investigation, departure, audit), everything becomes accessible.<\/li>\n\n\n\n<li><strong>Personal accounts exist for a reason.<\/strong> For any non-work use case, use a personal Free, Pro, or Max plan logged into a personal email. Keep work and personal strictly separated.<\/li>\n\n\n\n<li><strong>Ask your Primary Owner for the actual policy.<\/strong> The use of your Claude for Work plan account is governed by the agreement between Anthropic and your organization. Please contact your Primary Owner for details of this agreement. Companies vary widely \u2014 some have permissive personal-use policies, some don&#8217;t. Knowing your specific company&#8217;s stance matters.<\/li>\n\n\n\n<li><strong>Custom retention can extend exposure.<\/strong> Default retention is 30 days for incognito and standard org policies, but Enterprise admins can configure custom retention \u2014 possibly years. Ask what your company&#8217;s retention setting is.<\/li>\n\n\n\n<li><strong>The Compliance API enables real-time monitoring.<\/strong> If your company has enabled it and integrated with their SIEM, your conversations could be flowing into security monitoring tools as you type, with automated keyword\/pattern detection on top.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">The Honest Summary<\/h2>\n\n\n\n<p>The Claude Enterprise plan is built to give your employer the same level of oversight they have over corporate email, Slack, and Google Workspace \u2014 which is significant. Anthropic doesn&#8217;t hide this; it&#8217;s a selling point to enterprise buyers. The protections you <em>do<\/em> get on Enterprise are real but pointed at <em>Anthropic<\/em> (no model training, retention controls, security certifications) \u2014 not at your employer.<\/p>\n\n\n\n<p><strong>Use it freely for work. Use a personal account for everything else.<\/strong> That single rule will keep you safe from virtually every scenario where employer visibility could become a problem.<\/p>\n\n\n\n<p>Good question \u2014 &#8220;audit logs&#8221; is a specific technical term and it&#8217;s narrower than people often assume. Let me get you the precise list of what&#8217;s actually captured.I have the official, definitive list straight from Anthropic&#8217;s documentation. Let me lay this out clearly for you.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">What Audit Logs Actually Capture on Claude Enterprise<\/h1>\n\n\n\n<p>This is the <strong>official, complete list<\/strong> from Anthropic&#8217;s documentation. Audit logs are an <strong>Enterprise-only<\/strong> feature that Owners and Primary Owners can export from Admin settings, covering the past 180 days.<\/p>\n\n\n\n<p>Critically, before going through the events: title and content of chats and projects are not available to be exported in audit logs (only their unique identifiers will be exported). However, chat inputs\/outputs will be exportable by Primary Owners via data exports.<\/p>\n\n\n\n<p>So audit logs = <strong>metadata only<\/strong>. Content lives in data exports \/ Compliance API (separate mechanism).<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">What Each Log Entry Contains<\/h2>\n\n\n\n<p>Every audit log row includes these fields:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Field<\/th><th>What It Reveals<\/th><\/tr><\/thead><tbody><tr><td><code>created_at<\/code><\/td><td>Exact timestamp of the event<\/td><\/tr><tr><td><code>actor_info<\/code><\/td><td>Who did it (user account info)<\/td><\/tr><tr><td><code>event<\/code><\/td><td>The type of event (see lists below)<\/td><\/tr><tr><td><code>event_info<\/code><\/td><td>Event-specific details<\/td><\/tr><tr><td><code>entity_info<\/code><\/td><td>What was affected (chat, project, file, etc.)<\/td><\/tr><tr><td><code>ip_address<\/code><\/td><td>Your IP address<\/td><\/tr><tr><td><code>device_id<\/code><\/td><td>Device identifier<\/td><\/tr><tr><td><code>user_agent<\/code><\/td><td>Browser\/app info<\/td><\/tr><tr><td><code>client_platform<\/code><\/td><td>iOS or Android, if mobile<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>Translation:<\/strong> every logged event ties an action to <em>you<\/em> (account), <em>your IP<\/em>, <em>your device<\/em>, and <em>the moment it happened<\/em>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">The Complete List of Logged Events<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Authentication &amp; Login Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>user_signed_in_sso<\/code> \u2014 SSO login (records the SSO domain)<\/li>\n\n\n\n<li><code>user_signed_in_google<\/code> \u2014 Google login (records the email used)<\/li>\n\n\n\n<li><code>user_signed_in_apple<\/code> \u2014 Apple login (records the email used)<\/li>\n\n\n\n<li><code>user_signed_out<\/code> \u2014 Sign-out<\/li>\n\n\n\n<li><code>user_requested_magic_link<\/code> \u2014 Magic link requested (records email)<\/li>\n\n\n\n<li><code>user_attempted_magic_link_verification<\/code> \u2014 Records success\/failure<\/li>\n\n\n\n<li><code>user_sent_phone_code<\/code> \u2014 Phone code sent (records phone number, SMS or call)<\/li>\n\n\n\n<li><code>user_verified_phone_code<\/code> \u2014 Phone code verified<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Account Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>user_name_changed<\/code> \u2014 Captures old name and new name<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Chat Conversation Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>conversation_created<\/code> \u2014 A new chat was started<\/li>\n\n\n\n<li><code>conversation_renamed<\/code> \u2014 Records the new name (note: the <em>name<\/em> of a renamed conversation IS captured, even though chat content isn&#8217;t)<\/li>\n\n\n\n<li><code>conversation_deleted<\/code> \u2014 A chat was deleted<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Project Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>project_created<\/code> \u2014 New project created<\/li>\n\n\n\n<li><code>project_renamed<\/code> \u2014 Project renamed<\/li>\n\n\n\n<li><code>project_deleted<\/code> \u2014 Project deleted<\/li>\n\n\n\n<li><code>project_visibility_changed<\/code> \u2014 Records new privacy setting (private\/shared)<\/li>\n\n\n\n<li><code>project_document_created<\/code> \u2014 Document added to project knowledge base<\/li>\n\n\n\n<li><code>project_document_deleted<\/code> \u2014 Document removed from project knowledge base<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">File Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>file_uploaded<\/code> \u2014 A file was uploaded<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Organization Membership Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>org_user_invite_sent<\/code> \/ <code>re_sent<\/code> \/ <code>accepted<\/code> \/ <code>rejected<\/code> \/ <code>deleted<\/code><\/li>\n\n\n\n<li><code>org_user_deleted<\/code> \u2014 User removed from organization<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">SSO &amp; Security Configuration Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>org_sso_toggled<\/code> \u2014 Records whether SSO is enforced<\/li>\n\n\n\n<li><code>org_sso_connection_activated<\/code> \/ <code>deactivated<\/code> \/ <code>deleted<\/code><\/li>\n\n\n\n<li><code>org_sso_add_initiated<\/code><\/li>\n\n\n\n<li><code>org_jit_toggled<\/code> \u2014 Just-In-Time provisioning toggled<\/li>\n\n\n\n<li><code>org_domain_verified<\/code> \/ <code>org_domain_add_initiated<\/code> \u2014 Domain capture events<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Data Export Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>org_data_export_started<\/code> \u2014 When an export was triggered<\/li>\n\n\n\n<li><code>org_data_export_completed<\/code> \u2014 When it finished (and whether Anthropic initiated it)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">What Audit Logs CAN Tell Your Employer<\/h2>\n\n\n\n<p>From the metadata alone, an admin reviewing logs can determine:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>When you logged in and from where<\/strong> (IP address, device, user agent)<\/li>\n\n\n\n<li><strong>How often you use Claude<\/strong> and at what times of day<\/li>\n\n\n\n<li><strong>How many conversations you create<\/strong>, when, and from which device<\/li>\n\n\n\n<li><strong>When you delete chats<\/strong> (deletions are logged \u2014 deleting doesn&#8217;t hide that you did something)<\/li>\n\n\n\n<li><strong>Every file you uploaded<\/strong> (timestamp + file entity ID, though not the filename in the audit log itself)<\/li>\n\n\n\n<li><strong>Every project you created<\/strong>, renamed, or deleted<\/li>\n\n\n\n<li><strong>Whether you renamed a chat<\/strong> \u2014 and the new name (so don&#8217;t rename a chat to something incriminating)<\/li>\n\n\n\n<li><strong>Authentication anomalies<\/strong> (logins from unusual IPs, magic link attempts, etc.)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">What Audit Logs CANNOT Tell Your Employer<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The <strong>content<\/strong> of any message you sent or Claude sent back<\/li>\n\n\n\n<li>The <strong>titles<\/strong> of your chats or projects (only UUIDs)<\/li>\n\n\n\n<li>The <strong>content<\/strong> of files you uploaded<\/li>\n\n\n\n<li>What you talked to Claude <em>about<\/em><\/li>\n<\/ul>\n\n\n\n<p><strong>But<\/strong> \u2014 and this is the crucial caveat \u2014 <strong>everything audit logs hide is visible through the other two mechanisms:<\/strong> Data Exports and the Compliance API. Audit logs are the &#8220;lightweight&#8221; surveillance layer; the heavy layer is content-level.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Practical Implications<\/h2>\n\n\n\n<p>A few non-obvious things worth knowing:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Deleting a chat is logged.<\/strong> If you delete a conversation right before leaving the company, that deletion event itself sits in the audit log with a timestamp, your IP, and your device. The content may also already be sitting in a prior data export or Compliance API stream.<\/li>\n\n\n\n<li><strong>Renamed conversation titles are captured in audit logs.<\/strong> Most other metadata is just UUIDs, but <code>conversation_renamed<\/code> events capture the new name in <code>event_info<\/code>. So if you rename a chat to something descriptive, that label is in the log.<\/li>\n\n\n\n<li><strong>Logins are heavily tracked.<\/strong> Every sign-in method, IP, and device is captured. Admins can see when you accessed Claude on a personal device versus a corporate one.<\/li>\n\n\n\n<li><strong>180-day window for audit logs specifically.<\/strong> Audit log exports cover the past 180 days. But this is separate from the content retention policy your org configures \u2014 content can be retained much longer through the Compliance API and data export pipeline.<\/li>\n\n\n\n<li><strong>Audit log events also flow through the Compliance API.<\/strong> So if your org has the Compliance API enabled and integrated with a SIEM, all of these events stream into security tools in near real-time, not just on manual export.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">How This Connects to the Three Layers<\/h2>\n\n\n\n<p>To put audit logs in context with the other visibility mechanisms:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Layer<\/th><th>What It Sees<\/th><th>Who Can Access<\/th><\/tr><\/thead><tbody><tr><td><strong>Analytics dashboard \/ API<\/strong><\/td><td>Per-user counts, frequency, models, connectors used<\/td><td>Admins &amp; Owners<\/td><\/tr><tr><td><strong>Audit logs<\/strong><\/td><td>Every action with timestamp, IP, device \u2014 but no content<\/td><td>Owners &amp; Primary Owners<\/td><\/tr><tr><td><strong>Data exports \/ Compliance API<\/strong><\/td><td>Full chat content, file contents, inputs\/outputs<\/td><td>Primary Owner only<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Audit logs are the &#8220;who did what when&#8221; layer. They&#8217;re powerful for security investigations and compliance \u2014 and they make clear that even if content were somehow protected, the <em>pattern<\/em> of your usage is fully visible to the company.<\/p>\n\n\n\n<p>I already pulled this directly from Anthropic&#8217;s official audit log documentation in the previous response. Here&#8217;s the consolidated answer to exactly what you&#8217;re asking:<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Audit Logs on Claude Enterprise \u2014 What Admins Can Fetch<\/h1>\n\n\n\n<p>Audit logs are available only for Enterprise organizations. Organization Owners and Primary Owners can export data within Admin settings &gt; Data and Privacy and clicking the &#8220;Export logs&#8221; button. Upon triggering this export, all audit logs for the organization within the past 180 days will be aggregated.<\/p>\n\n\n\n<p><strong>Important boundary:<\/strong> title and content of chats and projects are not available to be exported in audit logs (only their unique identifiers will be exported). However, chat inputs\/outputs will be exportable by Primary Owners via data exports.<\/p>\n\n\n\n<p>So audit logs = <strong>metadata and event tracking only<\/strong>. Actual conversation content lives in a separate mechanism (data exports \/ Compliance API).<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Metadata Captured With Every Single Logged Event<\/h2>\n\n\n\n<p>Every single audit log entry includes these fields:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Field<\/th><th>What It Reveals About You<\/th><\/tr><\/thead><tbody><tr><td><code>created_at<\/code><\/td><td>Exact timestamp<\/td><\/tr><tr><td><code>actor_info<\/code><\/td><td>Your account info<\/td><\/tr><tr><td><code>event<\/code><\/td><td>The action type<\/td><\/tr><tr><td><code>event_info<\/code><\/td><td>Event-specific details<\/td><\/tr><tr><td><code>entity_info<\/code><\/td><td>Object affected (chat ID, project ID, file ID)<\/td><\/tr><tr><td><code>ip_address<\/code><\/td><td>Your IP at the time<\/td><\/tr><tr><td><code>device_id<\/code><\/td><td>Your device identifier<\/td><\/tr><tr><td><code>user_agent<\/code><\/td><td>Browser\/app\/OS<\/td><\/tr><tr><td><code>client_platform<\/code><\/td><td>iOS or Android (mobile only)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>So even without content, every event is tied to <strong>you, your IP, your device, and the exact second it happened.<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">The Full List of Events That Get Logged<\/h2>\n\n\n\n<p>These are the <strong>official event types<\/strong> straight from Anthropic&#8217;s documentation:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd10 Authentication Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>user_signed_in_sso<\/code> \u2014 SSO login (logs which domain)<\/li>\n\n\n\n<li><code>user_signed_in_google<\/code> \u2014 Google login (logs email used)<\/li>\n\n\n\n<li><code>user_signed_in_apple<\/code> \u2014 Apple login (logs email used)<\/li>\n\n\n\n<li><code>user_signed_out<\/code> \u2014 Sign-out<\/li>\n\n\n\n<li><code>user_requested_magic_link<\/code> \u2014 Magic link requested (logs email, success\/fail)<\/li>\n\n\n\n<li><code>user_attempted_magic_link_verification<\/code> \u2014 Verification attempt<\/li>\n\n\n\n<li><code>user_sent_phone_code<\/code> \u2014 Phone code sent (logs number + SMS\/call)<\/li>\n\n\n\n<li><code>user_verified_phone_code<\/code> \u2014 Phone code verification<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udc64 Account Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>user_name_changed<\/code> \u2014 Logs old name \u2192 new name<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udcac Chat Conversation Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>conversation_created<\/code> \u2014 New chat started<\/li>\n\n\n\n<li><code>conversation_renamed<\/code> \u2014 \u26a0\ufe0f <strong>Logs the new name in plain text<\/strong><\/li>\n\n\n\n<li><code>conversation_deleted<\/code> \u2014 Chat deleted (deletion itself is logged)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udcc2 Project Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>project_created<\/code><\/li>\n\n\n\n<li><code>project_renamed<\/code><\/li>\n\n\n\n<li><code>project_deleted<\/code><\/li>\n\n\n\n<li><code>project_visibility_changed<\/code> \u2014 Logs new privacy setting<\/li>\n\n\n\n<li><code>project_document_created<\/code> \u2014 Document added to project knowledge base<\/li>\n\n\n\n<li><code>project_document_deleted<\/code> \u2014 Document removed<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udcce File Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>file_uploaded<\/code> \u2014 Every file you upload is logged<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udc65 Organization Membership Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>org_user_invite_sent<\/code><\/li>\n\n\n\n<li><code>org_user_invite_re_sent<\/code><\/li>\n\n\n\n<li><code>org_user_invite_accepted<\/code><\/li>\n\n\n\n<li><code>org_user_invite_rejected<\/code><\/li>\n\n\n\n<li><code>org_user_invite_deleted<\/code><\/li>\n\n\n\n<li><code>org_user_deleted<\/code> \u2014 User removed from org<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd12 SSO &amp; Security Configuration Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>org_sso_toggled<\/code> \u2014 Logs if SSO is enforced<\/li>\n\n\n\n<li><code>org_sso_connection_activated<\/code><\/li>\n\n\n\n<li><code>org_sso_connection_deactivated<\/code><\/li>\n\n\n\n<li><code>org_sso_connection_deleted<\/code><\/li>\n\n\n\n<li><code>org_sso_add_initiated<\/code><\/li>\n\n\n\n<li><code>org_jit_toggled<\/code> \u2014 Just-In-Time provisioning toggle<\/li>\n\n\n\n<li><code>org_domain_verified<\/code><\/li>\n\n\n\n<li><code>org_domain_add_initiated<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udce4 Data Export Events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>org_data_export_started<\/code> \u2014 Logs whether Anthropic or admin started it<\/li>\n\n\n\n<li><code>org_data_export_completed<\/code><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Quick Reference: Visible vs. Hidden in Audit Logs<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>\u2705 Admins CAN see from audit logs<\/th><th>\u274c Admins CANNOT see from audit logs<\/th><\/tr><\/thead><tbody><tr><td>When you logged in and from where (IP)<\/td><td>The content of your messages<\/td><\/tr><tr><td>Which device\/browser you used<\/td><td>Claude&#8217;s responses to you<\/td><\/tr><tr><td>How often you use Claude<\/td><td>Chat titles (only UUIDs)<\/td><\/tr><tr><td>Every chat created or deleted<\/td><td>Project titles (only UUIDs)<\/td><\/tr><tr><td>Every file uploaded (with timestamp)<\/td><td>File contents<\/td><\/tr><tr><td>Every project action<\/td><td>File names (only UUIDs)<\/td><\/tr><tr><td><strong>Renamed conversation labels<\/strong> \u26a0\ufe0f<\/td><td>What you talked about<\/td><\/tr><tr><td>Project visibility changes<\/td><td><\/td><\/tr><tr><td>Authentication patterns<\/td><td><\/td><\/tr><tr><td>Login anomalies<\/td><td><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Three Things Worth Highlighting<\/h2>\n\n\n\n<p><strong>1. Renamed conversations leak text into audit logs.<\/strong> Most chat metadata is hidden behind UUIDs, but the <code>conversation_renamed<\/code> event captures the new name. If you (or Claude) rename a chat to something descriptive, that text <em>is<\/em> in the audit log even though chat content isn&#8217;t.<\/p>\n\n\n\n<p><strong>2. Deletion is logged.<\/strong> Deleting a chat doesn&#8217;t erase your tracks \u2014 the deletion event itself is recorded with your IP, device, and timestamp.<\/p>\n\n\n\n<p><strong>3. Audit logs are content-free, but they&#8217;re not the only mechanism.<\/strong> Audit logs alone won&#8217;t expose what you wrote. But on Enterprise, <strong>Primary Owners can also pull full conversation content via data exports and the Compliance API.<\/strong> Audit logs are just the lightweight surveillance layer; full content access exists separately.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>If you want, I can break down what&#8217;s in <strong>data exports<\/strong> specifically (the layer that actually contains your conversation content) \u2014 that&#8217;s the bigger privacy lever to understand.<\/p>\n\n\n\n<p>Yes. Short answer: <strong>your Enterprise Primary Owner can read your code, your prompts, and Claude&#8217;s responses from Claude Code sessions.<\/strong> Let me explain clearly why, because I think the confusion is around <em>how<\/em> command-line usage connects to your company&#8217;s admin visibility.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How Claude Code Actually Works (The Key Insight)<\/h2>\n\n\n\n<p>When you run Claude Code in your terminal, it <strong>feels<\/strong> local \u2014 you&#8217;re typing in your own command line, on your own laptop, in your own repo. But here&#8217;s what&#8217;s actually happening under the hood:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Your terminal  \u2192  &#91;code + prompts sent over internet]  \u2192  Anthropic's servers\n                                                              \u2193\n                                                       Claude processes it\n                                                              \u2193\nYour terminal  \u2190  &#91;response sent back]  \u2190  Anthropic's servers\n<\/code><\/pre>\n\n\n\n<p>Claude Code is <strong>not<\/strong> a local AI model. The Claude model lives on Anthropic&#8217;s servers. So every time you ask Claude Code to do something, your code and prompts <strong>leave your machine and travel to Anthropic<\/strong> to be processed.<\/p>\n\n\n\n<p>The terminal is just the <em>interface<\/em>. The actual work happens on Anthropic&#8217;s cloud \u2014 under your <strong>company&#8217;s Enterprise account<\/strong> that you&#8217;re authenticated against.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">What Specifically Gets Sent to Anthropic&#8217;s Servers<\/h2>\n\n\n\n<p>Every Claude Code session transmits:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>What you do locally<\/th><th>What gets sent to Anthropic<\/th><\/tr><\/thead><tbody><tr><td>You type a prompt<\/td><td>The full prompt text<\/td><\/tr><tr><td>Claude reads <code>auth.py<\/code><\/td><td>The complete contents of <code>auth.py<\/code><\/td><\/tr><tr><td>Claude reads 20 files to understand context<\/td><td>All 20 files&#8217; contents<\/td><\/tr><tr><td>Claude runs <code>git log<\/code><\/td><td>The git log output<\/td><\/tr><tr><td>Claude runs <code>cat .env<\/code><\/td><td>Your environment variables (yes, including secrets if exposed)<\/td><\/tr><tr><td>Claude proposes a code edit<\/td><td>The full diff<\/td><\/tr><tr><td>Claude runs tests<\/td><td>The test output<\/td><\/tr><tr><td>You have a 2-hour debugging session<\/td><td>The entire session transcript<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>All of it sits on Anthropic&#8217;s infrastructure, tagged to your user account inside your company&#8217;s Enterprise organization.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Why Your Enterprise Owner Can Access It<\/h2>\n\n\n\n<p>Because your account belongs to the company&#8217;s Enterprise organization, <strong>everything your account does flows into your company&#8217;s data scope.<\/strong> The Primary Owner has two mechanisms to retrieve it:<\/p>\n\n\n\n<p><strong>1. Data Export<\/strong> \u2014 Primary Owner clicks a button, gets a download containing conversation data and uploaded files for the org, including Claude Code sessions.<\/p>\n\n\n\n<p><strong>2. Compliance API<\/strong> \u2014 Primary Owner enables programmatic, real-time access. The Compliance API explicitly provides real-time, automated access to Claude Code&#8217;s usage data and conversation logs. Companies often pipe this directly into security tools (Splunk, Datadog) so it&#8217;s monitored continuously, not just on demand.<\/p>\n\n\n\n<p>So when you run Claude Code, you should mentally picture:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;I am sending this code and these prompts to my company, with a copy going through Anthropic, and they can both review it whenever they want.&#8221;<\/p>\n<\/blockquote>\n\n\n\n<p>That&#8217;s not paranoia \u2014 that&#8217;s literally the architecture.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">The Common Misconception<\/h2>\n\n\n\n<p>Many developers assume: <em>&#8220;It&#8217;s my terminal, it&#8217;s my laptop, it&#8217;s my local repo \u2014 so this is private.&#8221;<\/em><\/p>\n\n\n\n<p>That intuition is wrong for <strong>any<\/strong> cloud-based AI coding agent (Claude Code, Cursor, Copilot, Codex, Cody \u2014 all of them work this way). The local interface is just a window into a cloud service. The moment Claude Code reads a file, that file&#8217;s contents are on someone else&#8217;s server.<\/p>\n\n\n\n<p>The only AI coding tools that are actually private from cloud providers are <strong>fully local models<\/strong> (running on your own GPU, like Ollama with a local LLM) \u2014 and those aren&#8217;t what Claude Code is.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">What This Means for Your Daily Use<\/h2>\n\n\n\n<p><strong>For company repos and company work:<\/strong> Use Claude Code freely. Your company already owns the code, and they&#8217;re paying for visibility into how their AI tools are used. This is the intended use case.<\/p>\n\n\n\n<p><strong>For anything else, do not use your company Claude Code account:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u274c Don&#8217;t <code>cd<\/code> into your personal side project and run Claude Code \u2014 your personal code is now in your company&#8217;s Enterprise data<\/li>\n\n\n\n<li>\u274c Don&#8217;t use it on a freelance client&#8217;s repo \u2014 you&#8217;ve leaked their IP into your employer&#8217;s audit trail<\/li>\n\n\n\n<li>\u274c Don&#8217;t use it on code from a previous employer \u2014 same problem<\/li>\n\n\n\n<li>\u274c Don&#8217;t paste API keys, passwords, or secrets into prompts \u2014 they&#8217;re now permanently logged<\/li>\n\n\n\n<li>\u274c Don&#8217;t use it to prepare for job interviews (e.g., &#8220;help me solve this LeetCode problem for my Google interview tomorrow&#8221;) \u2014 visible to your current employer<\/li>\n\n\n\n<li>\u274c Don&#8217;t run it in directories with personal files (tax documents, journals, medical info) \u2014 Claude might read those files<\/li>\n<\/ul>\n\n\n\n<p><strong>The clean rule:<\/strong> When you launch Claude Code, you should only be in directories containing code your employer is allowed to see. If you wouldn&#8217;t <code>git push<\/code> it to the company GitHub, don&#8217;t open Claude Code in that folder.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">The Right Mental Model<\/h2>\n\n\n\n<p>Treat Claude Code on your Enterprise account exactly like:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>A company-owned laptop with screen recording enabled.<\/strong><\/p>\n<\/blockquote>\n\n\n\n<p>Everything you do is technically usable by you, and most of it will never be reviewed \u2014 but <strong>all of it is retrievable<\/strong> if your company ever needs to look. That single mental model will keep you safe.<\/p>\n\n\n\n<p>For personal coding, side projects, learning, and anything outside work scope: get a <strong>personal<\/strong> Claude Pro or Max subscription on a personal email. That&#8217;s a separate account, separate data scope, and your employer cannot see anything in it.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ll research this thoroughly for you. This is an important transparency question &#8211; understanding what your employer can see when [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2941","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/aiopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/2941","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aiopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aiopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aiopsschool.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/aiopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=2941"}],"version-history":[{"count":1,"href":"https:\/\/aiopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/2941\/revisions"}],"predecessor-version":[{"id":2942,"href":"https:\/\/aiopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/2941\/revisions\/2942"}],"wp:attachment":[{"href":"https:\/\/aiopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=2941"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aiopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=2941"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aiopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=2941"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}