ZDR (Zero Data Retention)
Summary — Key Points of This Lesson
- ZDR (Zero Data Retention) is an optional setting where Anthropic does not retain data from API requests.
- By default, Anthropic may retain request data for a certain period for model improvement purposes. Enabling ZDR prevents this retention from occurring.
- ZDR is an option available only on the Enterprise plan. The details of configuration and scope depend on the Anthropic Privacy Policy and the terms of your contract with the sales team.
- This is a different concept from "absolute immunity from leaks" or "complete security." It is strictly an agreement regarding the suppression of learning and log retention on Anthropic's side.
- Healthcare, legal, and financial institutions handling sensitive data must verify alignment with their organization's information security policy in addition to considering ZDR.
目次 (5)
What Is ZDR?
ZDR (Zero Data Retention) is an option that stipulates Anthropic will not retain on its servers the data sent and received when using the Anthropic API.
In standard API usage, Anthropic may retain request and response data for a certain period for the purpose of improving model safety and quality. When ZDR is enabled, this data retention is configured not to occur.
The detailed definitions, conditions, and scope of applicability depend on the Anthropic Privacy Policy and the individual terms of your Enterprise contract. If you are considering adoption, always confirm with the official Anthropic contact.
Scenarios Where ZDR Is Needed
ZDR may be recommended for consideration in the following industries and operations.
- Healthcare — Requests containing patient information and medical records
- Legal — Documents subject to attorney-client privilege
- Finance and Securities — Non-public financial information and transaction data
- Government and Public Institutions — Information with a classified designation
- Research and development information you do not want competitors to know
What ZDR "Can" and "Cannot" Do
| Item | Handled by ZDR | Notes |
|---|---|---|
| Suppress data retention on Anthropic's side | ✅ | Based on contract terms |
| Prevent use for model training | ✅ | Based on contract terms |
| Encrypt data during network transmission | Handled separately via TLS | A feature independent of ZDR |
| Prevent data leaks within your own systems | Out of scope | Handled by your organization's security policy |
| Guarantee "absolute security" | Out of scope | No such guarantee exists |
Important Notes When Adopting ZDR
ZDR is strictly an option concerning Anthropic's data handling policy. The following are outside the scope of ZDR and require separate measures.
- Storage within your own application servers and databases
- Caching on the user's device or browser
- Data flow when integrating with third-party tools (MCP servers, external APIs, etc.)
For the latest official information and conditions of applicability regarding ZDR, please check the Anthropic Privacy Policy and the Enterprise sales contact. The content on this page is based on publicly available information, but contract terms vary on an individual basis.
Differences from Standard API Data Policy
Even in standard API usage without ZDR, Anthropic handles data within the scope of the Privacy Policy. The standard API policy is sufficient for many development and business use cases, but ZDR is recommended for regulated industries or when handling highly sensitive data.
