Anthropic Privacy Reversal
On August 28, 2025, at 2:17 PM Pacific, a machine learning engineer at a Seattle healthcare startup opened an email from Anthropic. The subject line read: “Updates to Consumer Terms and Privacy Policy.” She had built the company’s entire patient data analysis pipeline around Claude specifically because Anthropic promised never to train AI models on user conversations.
The email contained 247 words. Anthropic was extending data retention from 30 days to five years for users who opted into model training. The deadline to opt out is September 28. Exactly 30 days. After that deadline, every conversation about patient data patterns, algorithmic approaches to diagnosis prediction, and proprietary healthcare analytics would become part of Anthropic’s training data unless she actively disabled the setting.
She had built eight months of technical infrastructure around a privacy guarantee that would vanish in 30 days.
Anthropic built its market position on a promise that separated it from OpenAI and Google: consumer chat data would never train AI models. The March 2023 privacy policy stated conversations would be deleted within 30 days unless flagged for policy violations. This commitment attracted developers, healthcare organizations, and financial services firms who needed AI assistance without converting proprietary information into training datasets.
The August 2025 reversal eliminated that distinction. If users do not opt out by September 28, Claude will retain their conversations for five years and incorporate them into future models. The change applied to Claude Free, Pro, and Max accounts, affecting millions of users. Enterprise customers using Claude for Work, government accounts, and API access remained exempt—the same protection OpenAI provides business clients while training on consumer data.
The implications extended beyond individual privacy. Anthropic’s founders, former OpenAI executives Dario and Daniela Amodei, had built their reputation on principled AI development and safety research. The policy reversal raised questions about whether those positions reflected genuine commitment or a marketing strategy that could be reversed when commercial pressure demanded it.
The Business Pressure
The timing clarified the incentives. Anthropic’s run-rate revenue grew from $1 billion in January 2025 to over $5 billion by August. Two weeks after announcing the policy change, the company closed a $13 billion Series F at a $183 billion valuation. Amazon holds $8 billion in Anthropic stock. Google invested $3 billion across multiple rounds.
| Metric | Early 2025 | August 2025 | Change |
|---|---|---|---|
| Run-rate Revenue | ~$1B | $5B+ | 400% growth in 8 months |
| Data Retention (opted in) | 30 days | 5 years | 6,000% increase |
| Opt-out Deadline | N/A | Sept 28 | 30 days’ notice |
| Enterprise Protection | Yes | Yes | No change |
Training frontier AI models requires vast quantities of conversational data. Academic datasets and web scrapes provide breadth but lack the authenticity of real user interactions where people ask genuine questions, iterate on complex problems, and engage in extended reasoning. OpenAI has trained on user conversations since ChatGPT’s launch. Google extracts data from Gmail, Search, and YouTube. Anthropic’s self-imposed restriction left it attempting to match competitors while handicapped by its founding privacy commitment.
Investor presentations for the September funding round likely included projections showing how conversation data would accelerate model improvement and close capability gaps with OpenAI. The policy reversal appears to have been a prerequisite to the funding round rather than a consequence of it.
Anthropic framed the change as a user choice, stating in its announcement that users who allow data sharing would help improve model safety and coding capabilities. The company did not explain why reversing its core privacy commitment was necessary or why the opt-out window lasted only 30 days.
The Interface Design
When users logged into Claude after August 28, they encountered a pop-up with “Updates to Consumer Terms and Privacy Policy” in large text. A prominent black “Accept” button dominated the interface. Below it, in smaller text, appeared a toggle labeled “Allow Anthropic to use my chats to train its AI models.”
The toggle was set to “On” by default.
Privacy regulations globally prohibit preselected consent boxes. The European Data Protection Board’s guidelines state that consent requiring users to deselect a pre-ticked box violates GDPR. California’s Consumer Privacy Act prohibits interfaces that substantially subvert user autonomy through design choices.
The text accompanying the toggle used positive framing: “You can help make our models safer and more capable.” The phrasing positioned declining as refusing to contribute to the collective benefit rather than protecting personal data. A faint “Not now” button offered postponement rather than permanent refusal. Later, in small print, there were instructions on how to change the setting.
Goldfarb Gross Seligman, a law firm specializing in data privacy compliance, issued a client advisory noting the design would likely attract regulatory scrutiny because valid consent requires choices be unambiguous and freely given. The preselected default, visual hierarchy favoring acceptance, and compressed timeline combined to engineer high opt-in rates regardless of users’ actual preferences.
Anthropic’s implementation differed from OpenAI’s approach. OpenAI established its training data policy from launch, requiring users to navigate settings to opt out. Anthropic, having marketed itself on the opposite promise, needed affirmative agreement from existing users when reversing that commitment. The company chose an interface that exploited user inertia and visual hierarchy to maximize opt-in rates.
The September Rush
On September 15, 2025, thirteen days before the deadline, a compliance officer at a financial services firm in New York discovered the policy change. The firm had standardized on Claude six months earlier after evaluating alternatives. The deciding factor: Anthropic’s explicit commitment not to train on user data.
Developers had used Claude for discussions about trading algorithms, risk assessment models, client data analysis approaches, and regulatory compliance strategies. The material disclosed competitive intelligence about the firm’s quantitative trading infrastructure.
She had thirteen days to opt out of 89 developer accounts, verify the settings propagated correctly, and brief the legal team on whether previously shared information created competitive exposure. There was no mechanism to delete conversations already stored in Anthropic’s systems—those would remain for up to five years regardless of opt-out decisions.
The episode demonstrated asymmetric power in privacy policy changes. Users who built processes around explicit privacy commitments had days to respond when those commitments reversed. The companies making changes faced no equivalent pressure or accountability.
How Training Data Works
A privacy researcher at a European digital rights organization spent late September analyzing opt-out rates. Her method was to write down every step needed to turn off training, measure the time and attention needed, and compare it to other designs that give real choices.
The analysis revealed friction points at each stage. Users needed to notice the email notification, read beyond the subject line to identify the change, understand the toggle defaulted to “On” despite the previous privacy stance, locate the toggle among other settings if they clicked “Not now,” and verify the change saved correctly.
Based on research into user behavior with privacy settings, she estimated fewer than 5 percent of affected users would successfully opt out before the deadline. The preselected default, positive framing, visual hierarchy, and compressed timeline combined to engineer high opt-in rates.
Her conclusion: Anthropic designed an interface to maximize data acquisition while maintaining the appearance of choice. The company could have sent targeted notifications, extended the deadline, used neutral defaults, or provided equal visual weight to options. It chose none of these approaches.
California’s Consumer Privacy Act mandates symmetry in choice—the path to exercise privacy-protective options cannot be longer or more difficult than less protective alternatives. Anthropic’s interface violated that principle through visual weight, default selection, and cognitive load distribution.
No regulatory action materialized in the months following the deadline. Four months after the deadline, in January 2026, Anthropic’s privacy policy continues to retain user conversations for up to five years for those who did not opt out or who signed up after September 28.
What Changed
Four months after the deadline, in January 2026, Anthropic’s privacy policy continues to retain user conversations for up to five years for those who did not opt out or who signed up after September 28. The company’s marketing materials emphasize safety research and responsible AI development. The website features enterprise case studies highlighting security and privacy benefits applying only to business accounts, not the consumer plans where policies changed.
The reversal established precedent. AI companies can market on privacy commitments, build user bases trusting those commitments, and then reverse policies when competitive pressure demands training data access. The consequences appear minimal: no significant user exodus, no regulatory enforcement, and no reputational damage affecting the company’s $183 billion valuation.
For users who selected Claude because Anthropic promised not to train on conversations, the choice is to accept new terms or find an alternative making the same promise—and hope that the company maintains it longer.
A compliance officer who spent September protecting proprietary conversations noted the implication: every AI company will eventually claim they need user data for safety, improvement, and collective benefit. The ones promising not to take it simply held out longer. No AI company permanently sacrifices competitive advantage to maintain privacy commitments when billions in funding and market position are at stake.
Dario Amodei has not publicly addressed why Anthropic reversed its founding privacy principle. The official announcement contains 247 words. It does not acknowledge the reversal and abandons the commitment, differentiating Claude from ChatGPT. It does not explain why 30 days constituted sufficient notice. It does not address why the company deployed an interface design that regulators have spent years attempting to ban.
The conversations developers had about proprietary algorithms, the strategic discussions users assumed would remain private, and the technical information shared with an AI system marketed as avoiding the use of that data for training—all of it now feeds the models. Extracting what Claude learned from any specific conversation remains technically unsolved. The knowledge is incorporated, distributed across billions of parameters, and irretrievable as distinct information.
Thirty days were insufficient to audit months of technical conversations, uncover potential competitive intelligence, or establish alternative processes. The deadline passed. The data stays. The training continues.
Frequently Asked Questions
Can I still opt out of Anthropic’s data training?
New users can set preferences during signup. Existing users who missed the September 28, 2025, deadline can still change settings, but the new policy applies to all conversations after opt-out. If you didn’t opt out before the deadline, Anthropic’s privacy documentation states that you may retain previous conversations for up to five years.
Does deleting conversations stop their use for training?
Yes, but with limitations. Anthropic states that deleted conversations will not be used for future model training. However, data already incorporated into training before deletion cannot be extracted from existing models.
Are paid Claude subscriptions exempt from training data policies?
No. The training data policy applies to Claude Free, Pro, and Max consumer accounts. Only Claude for Work (Team and Enterprise plans), Claude Gov, Claude for Education, and API users under commercial terms are exempt. TechCrunch reported this distinction surprised many paid subscribers who assumed premium accounts excluded data from training.
How does this provision compare to OpenAI’s ChatGPT policies?
OpenAI has trained on consumer conversations since ChatGPT’s launch, with users required to opt out through settings. The key difference: OpenAI never promised not to train on data, while Anthropic built its market position on that explicit commitment before reversing it in August 2025.
What should companies do if they shared proprietary information with Claude?
Privacy compliance experts recommend companies immediately verify opt-out settings for all accounts, conduct risk assessments of information shared, update internal AI usage policies, and consider whether historical conversations created competitive exposure that requires mitigation.
How can I verify my training data settings?
Go to Settings → Privacy in your Claude account. Look for the “Allow Anthropic to use my chats to train its AI models” toggle. Verify that it shows “OFF” if you want to opt out. The setting only applies to new and resumed conversations after you change it.
Primary Sources:
- Anthropic official policy announcement
- TechCrunch coverage by Connie Loizos
- Goldfarb Gross Seligman legal analysis
- Anthropic Series F funding announcement
- CNBC funding coverage
- Dark patterns compliance guide
- Anthropic privacy center documentation
