Regardless of which surface you use \u2014 browser, desktop app, mobile, CLI, or browser extension \u2014 as long as you’re signed into your company’s Enterprise account, the data flows into your company’s organizational scope.<\/strong> The interface is just the door; the data lives in the same Anthropic infrastructure tied to your employer’s tenant.<\/p>\n\n\n\n What changes between surfaces is what data gets sent in the first place<\/strong> \u2014 not who can see it once it’s sent.<\/p>\n\n\n\n These three mechanisms apply across every surface<\/strong> above:<\/p>\n\n\n\n Visible to employer:<\/strong> Every message, every uploaded file, project knowledge bases, chat titles, artifacts you create, web search queries, results from connectors, memory summaries, voice transcripts, incognito chats (yes), login IPs\/devices.<\/p>\n\n\n\n NOT visible:<\/strong> Your other browser activity. The employer doesn’t see what other tabs you have open or what you’re searching on Google.<\/p>\n\n\n\n Same data flow as the browser \u2014 desktop is just a packaged web view. No extra privacy<\/strong> from using the desktop app vs. browser. Treat them as identical for visibility purposes.<\/p>\n\n\n\n Same data flow as browser\/desktop, plus the audit log specifically captures This is where developers most often misunderstand. The CLI is local; the AI is not.<\/strong><\/p>\n\n\n\n What gets sent:<\/p>\n\n\n\n What stays local:<\/p>\n\n\n\n Practical implication for repos:<\/strong> If you Even more exposed than CLI. Your entire repo gets cloned into an Anthropic-managed VM<\/strong>. Everything in that VM is in Anthropic’s infrastructure under your company’s account.<\/p>\n\n\n\n The browser extension only sees what you direct it to see, but anything it processes (pages, form data) is sent to Anthropic. Pages you browse without invoking Claude are not sent.<\/p>\n\n\n\n Connectors fetch specific data per prompt. So when you ask Claude “summarize my recent emails,” the relevant emails get pulled to Anthropic to process \u2014 those email contents are now in your company’s Claude data scope. Connector data Claude didn’t fetch stays where it was.<\/p>\n\n\n\n Use your work Claude account (any surface) for:<\/strong><\/p>\n\n\n\n Switch to a personal Claude account (separate email) for:<\/strong><\/p>\n\n\n\n Never put into any Claude surface (work OR personal):<\/strong><\/p>\n\n\n\n If you’re signed into your work Claude account, assume your employer can read every prompt, every response, every file, and every line of code that touches Claude \u2014 across all surfaces.<\/strong><\/p>\n<\/blockquote>\n\n\n\n That single rule is conservative, accurate, and will keep you safe in 100% of situations.<\/p>\n\n\n\n
\n\n\n\nMaster Table: Surface-by-Surface Visibility<\/h2>\n\n\n\n
Surface<\/th> What Gets Sent to Anthropic (and visible to employer)<\/th> What Stays Local (NOT visible to employer)<\/th><\/tr><\/thead> \ud83c\udf10 Browser (claude.ai)<\/strong><\/td> Every prompt you type, every Claude response, every file you upload, every project you create, chat titles, artifacts, web search queries, connector data fetched (Slack\/GDrive content), memory summaries, incognito chats (yes \u2014 included in exports)<\/td> Other browser tabs, your bookmarks, your browser history outside Claude, files on your computer that you didn’t upload<\/td><\/tr> \ud83d\udcbb Desktop App (Mac\/Windows)<\/strong><\/td> Same as browser \u2014 all prompts, responses, files, projects. Plus any Desktop Extensions you use.<\/td> Files on your local disk you didn’t share with Claude, other desktop apps, system-level activity<\/td><\/tr> \ud83d\udcf1 Mobile App (iOS\/Android)<\/strong><\/td> All prompts, responses, photos you upload, voice mode transcripts, mobile-specific platform info (iOS\/Android), device ID<\/td> Other apps on your phone, photos you didn’t upload, location (unless shared), contacts<\/td><\/tr> \u2328\ufe0f Claude Code (CLI in terminal)<\/strong><\/td> Every file Claude reads<\/strong> (full contents), every prompt you type, every command Claude runs, every command’s output, every code edit\/diff, full session transcripts, git context Claude sees, environment variables Claude reads (\u26a0\ufe0f including .env<\/code> secrets if exposed)<\/td>Files Claude didn’t<\/strong> read, your local shell history, other terminal windows, processes Claude didn’t touch, databases\/APIs Claude didn’t connect to<\/td><\/tr> \ud83c\udf10 Claude Code on the Web<\/strong><\/td> Everything CLI sends + the cloned repo runs in Anthropic-managed VM<\/strong>, so even more is exposed (entire repo accessible to the sandbox)<\/td> GitHub credentials (handled via secure proxy, never enter the sandbox)<\/td><\/tr> \ud83e\udde9 Claude for Chrome (browser extension)<\/strong><\/td> Pages Claude reads\/acts on, prompts, what Claude does on websites, form data Claude fills in or extracts<\/td> Pages you visit when extension is not active, your other browsing<\/td><\/tr> \ud83d\udcbc Claude for Slack<\/strong><\/td> Slack messages Claude is asked to process, prompts you send, channels Claude accesses<\/td> Slack DMs\/channels Claude wasn’t invited to or asked about<\/td><\/tr> \ud83d\udcca Claude for Excel \/ PowerPoint \/ Word<\/strong><\/td> The spreadsheet\/doc\/deck content sent to Claude, your prompts, Claude’s edits<\/td> Other files on your computer, files you didn’t open with Claude<\/td><\/tr> \ud83d\udd0c Connectors (GDrive, Gmail, Jira, etc.)<\/strong><\/td> The specific data Claude pulled via the connector for your prompt, the prompt itself, Claude’s response using that data<\/td> Connector data Claude didn’t fetch for a specific request<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\nWhat Employer Can See \u2014 By Mechanism (All Surfaces)<\/h2>\n\n\n\n
Mechanism<\/th> Available To<\/th> What It Reveals<\/th> Available On<\/th><\/tr><\/thead> Analytics Dashboard \/ API<\/strong><\/td> Owners & Admins<\/td> Per-user message counts, conversations created, files uploaded, projects, models used, connectors used, Claude Code commits\/PRs\/lines of code \u2014 no content<\/strong><\/td> Team & Enterprise<\/td><\/tr> Audit Logs<\/strong><\/td> Owners & Primary Owners<\/td> Every login (with IP, device, user agent), every chat created\/deleted, every file upload, every project action, conversation rename labels \u2014 metadata + IPs, no chat content<\/strong><\/td> Enterprise only<\/strong><\/td><\/tr> Data Exports<\/strong><\/td> Primary Owner only<\/td> Full chat content, full file contents, all prompts and responses across all surfaces, including incognito chats<\/strong><\/td> Team & Enterprise<\/td><\/tr> Compliance API<\/strong><\/td> Primary Owner only<\/td> Real-time programmatic access to chat data, file content, and Claude Code session logs<\/strong> \u2014 pipes into Splunk\/Datadog\/SIEM<\/td> Enterprise only<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\nDetailed Surface Breakdowns<\/h2>\n\n\n\n
\ud83c\udf10 Browser (claude.ai)<\/h3>\n\n\n\n
\ud83d\udcbb Desktop App<\/h3>\n\n\n\n
\ud83d\udcf1 Mobile App<\/h3>\n\n\n\n
client_platform<\/code> (iOS or Android), so employer can tell you used Claude from a phone vs. a computer.<\/p>\n\n\n\n\u2328\ufe0f Claude Code (Command Line) \u2014 The Highest-Risk Surface<\/h3>\n\n\n\n
\n
~\/.claude\/projects\/<\/code> AND on Anthropic’s servers)<\/li>\n\n\n\n.env<\/code> files (Claude Code has been documented to auto-load .env<\/code> files, potentially exposing secrets)<\/li>\n<\/ul>\n\n\n\n\n
cd<\/code> into a repo and ask Claude Code to “understand this codebase,” Claude will read many files. Each file it reads = sent to Anthropic = retrievable by your Primary Owner via Compliance API.<\/p>\n\n\n\n\ud83c\udf10 Claude Code on the Web (Cloud Sandbox)<\/h3>\n\n\n\n
\ud83e\udde9 Claude for Chrome<\/h3>\n\n\n\n
\ud83d\udd0c Connectors (Slack, Google Drive, Gmail, Jira, etc.)<\/h3>\n\n\n\n
\n\n\n\nWhat’s Visible \/ Not Visible \u2014 Quick Reference<\/h2>\n\n\n\n
\u2705 Your Employer CAN See<\/h3>\n\n\n\n
\n
\u274c Your Employer CANNOT See<\/h3>\n\n\n\n
\n
\u26a0\ufe0f Common Misconceptions<\/h3>\n\n\n\n
\n
\n\n\n\nThe Decision Framework<\/h2>\n\n\n\n
\n
\n
\n
\n\n\n\nThe One-Sentence Rule<\/h2>\n\n\n\n
\n