The Core Principle (Read This First)

Regardless of which surface you use — browser, desktop app, mobile, CLI, or browser extension — as long as you’re signed into your company’s Enterprise account, the data flows into your company’s organizational scope. The interface is just the door; the data lives in the same Anthropic infrastructure tied to your employer’s tenant.

What changes between surfaces is what data gets sent in the first place — not who can see it once it’s sent.

---

Master Table: Surface-by-Surface Visibility

Surface	What Gets Sent to Anthropic (and visible to employer)	What Stays Local (NOT visible to employer)
🌐 Browser (claude.ai)	Every prompt you type, every Claude response, every file you upload, every project you create, chat titles, artifacts, web search queries, connector data fetched (Slack/GDrive content), memory summaries, incognito chats (yes — included in exports)	Other browser tabs, your bookmarks, your browser history outside Claude, files on your computer that you didn’t upload
💻 Desktop App (Mac/Windows)	Same as browser — all prompts, responses, files, projects. Plus any Desktop Extensions you use.	Files on your local disk you didn’t share with Claude, other desktop apps, system-level activity
📱 Mobile App (iOS/Android)	All prompts, responses, photos you upload, voice mode transcripts, mobile-specific platform info (iOS/Android), device ID	Other apps on your phone, photos you didn’t upload, location (unless shared), contacts
⌨️ Claude Code (CLI in terminal)	Every file Claude reads (full contents), every prompt you type, every command Claude runs, every command’s output, every code edit/diff, full session transcripts, git context Claude sees, environment variables Claude reads (⚠️ including .env secrets if exposed)	Files Claude didn’t read, your local shell history, other terminal windows, processes Claude didn’t touch, databases/APIs Claude didn’t connect to
🌐 Claude Code on the Web	Everything CLI sends + the cloned repo runs in Anthropic-managed VM, so even more is exposed (entire repo accessible to the sandbox)	GitHub credentials (handled via secure proxy, never enter the sandbox)
🧩 Claude for Chrome (browser extension)	Pages Claude reads/acts on, prompts, what Claude does on websites, form data Claude fills in or extracts	Pages you visit when extension is not active, your other browsing
💼 Claude for Slack	Slack messages Claude is asked to process, prompts you send, channels Claude accesses	Slack DMs/channels Claude wasn’t invited to or asked about
📊 Claude for Excel / PowerPoint / Word	The spreadsheet/doc/deck content sent to Claude, your prompts, Claude’s edits	Other files on your computer, files you didn’t open with Claude
🔌 Connectors (GDrive, Gmail, Jira, etc.)	The specific data Claude pulled via the connector for your prompt, the prompt itself, Claude’s response using that data	Connector data Claude didn’t fetch for a specific request

---

What Employer Can See — By Mechanism (All Surfaces)

These three mechanisms apply across every surface above:

Mechanism	Available To	What It Reveals	Available On
Analytics Dashboard / API	Owners & Admins	Per-user message counts, conversations created, files uploaded, projects, models used, connectors used, Claude Code commits/PRs/lines of code — no content	Team & Enterprise
Audit Logs	Owners & Primary Owners	Every login (with IP, device, user agent), every chat created/deleted, every file upload, every project action, conversation rename labels — metadata + IPs, no chat content	Enterprise only
Data Exports	Primary Owner only	Full chat content, full file contents, all prompts and responses across all surfaces, including incognito chats	Team & Enterprise
Compliance API	Primary Owner only	Real-time programmatic access to chat data, file content, and Claude Code session logs — pipes into Splunk/Datadog/SIEM	Enterprise only

---

Detailed Surface Breakdowns

🌐 Browser (claude.ai)

Visible to employer: Every message, every uploaded file, project knowledge bases, chat titles, artifacts you create, web search queries, results from connectors, memory summaries, voice transcripts, incognito chats (yes), login IPs/devices.

NOT visible: Your other browser activity. The employer doesn’t see what other tabs you have open or what you’re searching on Google.

💻 Desktop App

Same data flow as the browser — desktop is just a packaged web view. No extra privacy from using the desktop app vs. browser. Treat them as identical for visibility purposes.

📱 Mobile App

Same data flow as browser/desktop, plus the audit log specifically captures client_platform (iOS or Android), so employer can tell you used Claude from a phone vs. a computer.

⌨️ Claude Code (Command Line) — The Highest-Risk Surface

This is where developers most often misunderstand. The CLI is local; the AI is not.

What gets sent:

• Every file Claude reads is transmitted in full to Anthropic’s servers
• Every prompt you type
• Every bash command Claude runs (and its output)
• Every code change (diffs, commits Claude touches)
• Full session transcripts (locally cached for 30 days at ~/.claude/projects/ AND on Anthropic’s servers)
• Environment variables Claude reads — including .env files (Claude Code has been documented to auto-load .env files, potentially exposing secrets)

What stays local:

• Files Claude didn’t read. Claude Code uses selective file reading — only files explicitly opened/read are transmitted, not your entire disk.
• Your shell history outside Claude Code
• Local databases, running processes, network services — unless Claude was told to interact with them

Practical implication for repos: If you cd into a repo and ask Claude Code to “understand this codebase,” Claude will read many files. Each file it reads = sent to Anthropic = retrievable by your Primary Owner via Compliance API.

🌐 Claude Code on the Web (Cloud Sandbox)

Even more exposed than CLI. Your entire repo gets cloned into an Anthropic-managed VM. Everything in that VM is in Anthropic’s infrastructure under your company’s account.

🧩 Claude for Chrome

The browser extension only sees what you direct it to see, but anything it processes (pages, form data) is sent to Anthropic. Pages you browse without invoking Claude are not sent.

🔌 Connectors (Slack, Google Drive, Gmail, Jira, etc.)

Connectors fetch specific data per prompt. So when you ask Claude “summarize my recent emails,” the relevant emails get pulled to Anthropic to process — those email contents are now in your company’s Claude data scope. Connector data Claude didn’t fetch stays where it was.

---

What’s Visible / Not Visible — Quick Reference

✅ Your Employer CAN See

• Full content of every prompt you typed (any surface)
• Full content of every Claude response (any surface)
• Every file you uploaded or Claude read
• Code Claude read in your repos via Claude Code
• Commands Claude executed via Claude Code
• Every login: time, IP, device, browser
• Every chat creation, rename, deletion
• Every project you create, share, delete
• Connector data Claude pulled (Slack messages, Drive files, etc.)
• Voice mode transcripts
• Incognito chat contents (via data export, not from UI)
• Memory summaries
• Artifacts you created
• Web searches Claude performed for you
• Usage frequency and patterns per user

❌ Your Employer CANNOT See

• Your activity in other apps/tabs/windows (anything outside Claude)
• Files on your local disk Claude never read
• Personal account activity if you also have a personal Claude account on a different email
• Your local shell history outside Claude Code sessions
• Other people’s prompts (they can only see their own org’s data)
• The Claude model’s “thinking” beyond what’s transmitted as output
• Anything you typed before signing in / on a personal device with personal credentials
• Activity on local AI tools that aren’t Claude (Ollama, etc.)

⚠️ Common Misconceptions

• “Incognito chats are hidden from my employer” — False. They’re hidden from your sidebar, but included in data exports.
• “Deleting a chat erases it” — Partial. The deletion is logged. Content may already be in earlier exports/Compliance API streams.
• “Claude Code is local because I run it in my terminal” — False. Code and prompts go to Anthropic’s cloud.
• “My company doesn’t have Compliance API enabled, so I’m safe” — Maybe today, not necessarily forever. Data exports work without Compliance API and capture the same content.
• “My personal Pro account is mixed with work” — Only if you signed in with the same email. Different emails = different scopes. Verify which account you’re signed into.

---

The Decision Framework

Use your work Claude account (any surface) for:

• Work tasks within your job scope
• Company codebases you’re authorized to access
• Work documents, work emails, work projects

Switch to a personal Claude account (separate email) for:

• Personal coding projects
• Job hunting / resume / interview prep
• Personal finances, health, relationships, legal
• Side gigs / freelance work
• Learning unrelated to your role
• Anything you’d not be comfortable explaining to HR

Never put into any Claude surface (work OR personal):

• Production credentials, API keys, passwords
• Other people’s confidential data without authorization
• Code from previous employers or competitors

---

The One-Sentence Rule

If you’re signed into your work Claude account, assume your employer can read every prompt, every response, every file, and every line of code that touches Claude — across all surfaces.

That single rule is conservative, accurate, and will keep you safe in 100% of situations.

S.No	Article Title	Reference Link
1	What Your Employer Can See on Claude Enterprise – A Complete Transparency Guide	https://aiopsschool.com/blog/what-your-employer-can-see-on-claude-enterprise-a-complete-transparency-guide/
2	Claude Enterprise Transparency Guide for Employees	https://www.rajeshkumar.xyz/blog/claude-enterprise-transparency-guide-for-employees/