The honest answer depends on which product you use and what your contract says. Here is the buyer side version: the default position, the distinctions that actually matter, and the language to confirm in writing.
This is the first question a security team asks and one of the most commonly misunderstood, because the answer that circulates in hallways is usually too simple in one direction or the other. The short version, for enterprise buyers using the commercial API and business products, is that Anthropic does not use your inputs and outputs to train its models by default. That is the starting position, and it is a strong one. But the question that matters for a contract is not what the marketing page says, it is what your specific agreement commits to in writing, because a default is a default until it is written down as a binding term you can rely on. The real answer, the one a procurement and security team can act on, comes from understanding the distinction between Anthropic's product lines, reading the data terms that apply to yours, and confirming the commitment in the contract rather than trusting a general statement. This piece walks through how to get to that answer.
Most of the muddle comes from collapsing two very different things. Consumer facing products and enterprise commercial offerings are governed by different data terms, and a claim you read about one does not automatically apply to the other. The commercial path, the API and the business products an enterprise buys, is built around the premise that your data is yours and is not used to train models, because that is what business customers require and what the commercial terms are designed to provide. When someone says they heard a model provider trains on user data, they are often thinking of a consumer setting with entirely different terms, and applying that worry to an enterprise commercial agreement is comparing two unlike things. The first move in getting to the real answer is therefore to be precise about which product you are actually buying, because the answer for the commercial API is different from the answer for a free consumer tool, and conflating them produces a worry that the commercial terms already address.
Knowing that the default for commercial use is no training on your data is necessary but not sufficient, because a default is a posture, not a guarantee you can enforce. What a security team needs is the commitment captured in the agreement that binds Anthropic to you, so that the protection is a contractual obligation rather than a policy that could be described differently later. This is not skepticism about intent, it is ordinary contract discipline that applies to every vendor: the things you rely on belong in the document. For data handling, that means the agreement should state clearly how your inputs and outputs are treated, that they are not used to train models, and what the limited, legitimate operational uses of your data are. When the commitment is written, your protection does not depend on remembering a statement someone made or a page that may change, it rests on a term you can point to and hold the vendor to. Getting the default confirmed as a contractual commitment is the difference between believing you are protected and being able to prove it.
A security review should ask a focused set of questions rather than the single blunt one of whether they train on data, because the blunt question invites a blunt reassurance that does not tell you enough. Ask how your inputs and outputs are used, and confirm that training is excluded. Ask what data is retained, for how long, and for what purpose, because retention and training are separate questions and a no on training does not answer the retention question. Ask who can access your data and under what controls. Ask how the answers differ across the products you are using, since you may touch more than one. And ask for the relevant commitments to be reflected in the agreement rather than left to a general policy reference. These questions move you from a one word reassurance to a real understanding of how your data is handled, which is what a serious review requires and what lets you sign with confidence rather than hope.
It is tempting to treat data handling as purely a security matter, handled separately from the commercial negotiation, but that separation costs you leverage. The data terms and the commercial terms are negotiated with the same counterparty for the same deal, and the moment when you have the most leverage to get the data commitments you want written clearly is the same moment you are negotiating price and term, before signature, while the deal is still being shaped. A buyer who finalizes the commercial terms first and then tries to tighten the data language afterward has given up the leverage that came from the deal not yet being closed. The disciplined approach is to treat the data protections as part of the same negotiation, so that getting your training and retention commitments in writing is one of the things you are securing alongside the rate and the term, rather than an afterthought you chase once the pressure is off. The real answer to the training question is not just a fact to learn, it is a commitment to negotiate into the agreement while you still hold the leverage to do it well.
One more discipline matters: the answer can evolve, and product terms can be updated, so what was true at one signing should be reconfirmed at renewal rather than assumed to carry forward. When you renew or expand your agreement, re ask the questions and re confirm the commitments against the terms that apply at that time, because relying on a memory of what the terms said a year or two ago is exactly how a protection quietly lapses. This is not a reason for alarm, it is ordinary vendor management, and building the reconfirmation into your renewal process ensures that the real answer stays real for the life of the relationship rather than being a one time check you never revisit. The buyers who handle this well treat data terms as a living part of the agreement, confirmed at signing and reconfirmed at every renewal, so the protection is always current and always written.
The real answer to whether Anthropic trains on your data is reassuring for commercial buyers, but only once it is confirmed in your own agreement and kept current. We help teams get the data commitments written clearly and negotiated alongside the commercial terms, where the leverage is. For the full framework on negotiating with Anthropic, read the pillar guide, the token optimization playbook. This page is general information for buyers, not legal advice, so confirm the current terms that apply to your agreement.
Download the token optimization playbook and the buyer framework for getting training and retention commitments into the agreement.
Download the playbookWeekly intelligence on Anthropic pricing moves and the buyer side counters that work.