Data Retention Policies by Vendor
Why retention matters
You now know what data leaves your environment and where it goes. The next question: how long does it stay there?
Retention policies determine how long vendors keep your prompts, code snippets, and model responses. A tool that holds your code for seven days has a fundamentally different risk profile than one storing it for account lifetime. Compliance frameworks often mandate specific retention limits or proof that data disappears within defined windows.
These policies vary by vendor, product tier, and configuration. Enterprise agreements can modify defaults. Understanding baseline policies is necessary before negotiating exceptions.
Claude retention policies
Anthropic maintains different retention policies for consumer and commercial products.
API retention
As of September 15, 2025, the Anthropic API retains inputs and outputs for 7 days by default. This dropped from the previous 30-day window. After 7 days, API logs are automatically deleted from backend systems.
Organizations needing longer retention for audit purposes can opt into 30-day retention via a Data Processing Addendum update. The 7-day default aligns with GDPR and EU Digital Services Act requirements.
For Claude Code:
Claude Code using direct API access inherits these policies. Your prompts, file contents, and model responses stay for up to 7 days, then disappear.
Commercial tiers
Claude Team and Enterprise plans retain conversation data for 30 days by default. Deleted conversations clear from backend systems within this window.
Enterprise custom retention:
Enterprise customers can configure custom retention with a minimum of 30 days. Only Primary Owner or Owner roles can change these settings. Retention calculates from last activity a chat's timer resets when you send a new message.
Project-level settings override individual chat settings. When the retention period expires, data is permanently deleted at midnight UTC. There is no recovery after deletion.
Zero Data Retention
Zero Data Retention (ZDR) is available to Enterprise API customers with Anthropic approval.
What ZDR covers:
- Anthropic API requests
- Claude Code when using a commercial API key with ZDR enabled
What ZDR does not cover:
- Claude.ai consumer products (Free, Pro, Max)
- Claude Team plans
- Beta products
- Workbench in Console
Exceptions that override ZDR:
| Feature | Behavior under ZDR |
|---|---|
| Files API | Files retained until explicitly deleted |
| Batch API | May override ZDR controls |
| Prompt caching | Temporarily stores hashed prompt representations |
| Structured outputs | Caches schema information up to 24 hours |
| Claude Code metrics logging | When enabled, metrics are not covered by ZDR |
Even with ZDR enabled, Anthropic retains UserSafety classifier results to enforce usage policies.
Consumer tier retention
Claude Pro ($20/month), despite its name, operates under consumer data policies. If users opt into allowing their data for training, retention extends to 5 years. Users who opt out have 30-day retention.
The training opt-in became opt-out by default on September 28, 2025. Users must explicitly enable it.
Feedback and policy violations
Bug reports submitted via the /bug command are retained for 5 years.
This includes full conversation history at the time of the report.
Inputs and outputs flagged for policy violations may be retained up to 2 years. Trust and safety classification scores may be retained up to 7 years.
Codex retention policies
OpenAI's Codex CLI operates under different policies for local and cloud modes.
Standard API retention
OpenAI's API retains abuse monitoring logs for up to 30 days by default. After 30 days, inputs and outputs are removed unless legally required to retain them.
The Responses API (used by Codex) has a 30-day Application State retention period when the store parameter is true.
This preserves session state for continuity across requests.
Local mode behavior
In local CLI mode, source code stays on your machine. Only prompts and context snippets travel to OpenAI's API.
Local session transcripts save to ~/.codex/history.jsonl by default.
Command history persists in ~/.codex/history.json.
Built-in regex patterns prevent saving commands containing API keys, passwords, or tokens.
To disable local history:
[history]
persistence = "none"Zero Data Retention
Codex supports OpenAI organizations with Zero Data Retention enabled. With ZDR:
- Prompts and completions process in memory, then disappear
- Data never writes to disk or database
- User content is excluded from abuse monitoring logs
- No human review occurs
ZDR limitation:
Code Interpreter cannot run when ZDR is enabled. Organizations needing both capabilities can use Modified Abuse Monitoring instead, which excludes customer content from abuse logs while allowing Code Interpreter.
Enterprise retention controls
Enterprise Owners can set custom retention policies with a minimum of 90 days. This is longer than Anthropic's 30-day enterprise minimum a difference worth noting if your compliance requirements specify maximum retention periods rather than minimums.
Data residency options are available in: Europe, UK, United States, Canada, Japan, South Korea, Singapore, India, Australia, and UAE.
Training policy
OpenAI does not use business customer data for model training by default. This policy has been in effect since March 1, 2023. Organizations can opt in, but this option is not available for Enterprise customers or those with ZDR.
GitHub Copilot retention policies
Copilot retention varies significantly by access method, not just subscription tier. This catches many organizations off guard.
Prompt and suggestion retention
| Access method | Retention period |
|---|---|
| IDE/code editor | Not retained (discarded after suggestion returned) |
| CLI, mobile, web (github.com) | 28 days |
| Coding agent | Session logs retained for life of account |
For IDE completions, suggestions generate and immediately disappear. No server-side storage occurs for Business and Enterprise plans.
For CLI, mobile, and web interfaces, 28-day retention enables chat history and context continuity. This is a significant difference from IDE-only usage.
Coding agent retention
Copilot coding agent session logs are retained for the life of the account. These logs capture the agent's reasoning, tools used, and actions taken. Users can review session logs in the GitHub web interface, VS Code, JetBrains IDEs, Eclipse, or the CLI.
This is the longest retention period of any feature covered here. If your organization has concerns about indefinite data storage, this matters.
Agentic memory
As of January 2026, Copilot's agentic memory feature (public preview) retains learned repository-specific information for 28 days. Memories automatically expire unless validated and used, which can refresh and extend their lifespan.
Memories are repository-isolated no cross-repository data sharing occurs. Repository owners can review and delete memories in Repository Settings > Copilot > Memory.
Training policies by tier
| Tier | Used for training? |
|---|---|
| Enterprise | Never |
| Business | Never |
| Pro/Pro+ | No (setting locked off) |
| Free | No by default (opt-out available) |
GitHub explicitly states it does not use Business or Enterprise data to train models. This extends to third-party providers (Anthropic, Google, OpenAI) powering Copilot features.
GitHub maintains zero data retention agreements with both OpenAI and Anthropic.
User engagement and feedback
User engagement data (pseudonymous identifiers, accepted/dismissed completions, error messages) is retained for 2 years. Feedback data (thumbs up/down) is retained as long as needed. These cannot be fully disabled but do not include code content.
Retention comparison
| Vendor | Default retention | ZDR available | Enterprise minimum |
|---|---|---|---|
| Anthropic (API) | 7 days | Yes (approval required) | 30 days |
| Anthropic (Team/Enterprise) | 30 days | Enterprise only | 30 days |
| OpenAI (Codex) | 30 days | Yes | 90 days |
| GitHub Copilot (IDE) | Not retained | Via provider agreements | N/A |
| GitHub Copilot (CLI/web) | 28 days | Via provider agreements | N/A |
| GitHub Copilot (coding agent) | Account lifetime | Via provider agreements | N/A |
Verification and audit
Retention policies are contractual commitments. Verifying compliance requires audit mechanisms.
SOC 2 Type II reports cover data handling controls, including retention. Anthropic, OpenAI, and GitHub all maintain SOC 2 Type II certifications. Request these reports through your enterprise sales contact.
Data Processing Addendums formalize retention commitments. These are legally binding and auditable. Enterprise agreements should explicitly reference retention periods.
Deletion verification:
None of these vendors currently offer cryptographic proof of deletion. Compliance relies on contractual commitments and third-party audits. Organizations with strict deletion verification requirements should evaluate this limitation.
Configuration recommendations
For enterprise deployments:
- Document your retention requirements before selecting tiers or negotiating contracts
- Match tier to requirements: ZDR requires Enterprise API (Anthropic) or Enterprise with ZDR (OpenAI)
- Account for access methods: IDE-only Copilot usage has different retention than CLI or coding agent
- Review DPA language: Ensure retention periods are explicitly stated, not just referenced by policy
- Request SOC 2 reports: Verify controls exist to enforce stated retention
The next section covers identifying and protecting sensitive data before it reaches these retention systems.