Bottom line for an employee
Treat your company Claude Enterprise account as a monitored work system, not a private notebook.
Your employer’s Primary Owner can request/export organization data that may include your Claude conversations, uploaded files, projects, usage patterns, and user data. Enterprise organizations can also enable a Compliance API that can programmatically pull activity logs, chat data, and file content. Anthropic’s official docs state that the company/customer controls the work account data, while Anthropic acts as a processor for Claude for Work. (Claude Help Center)
Claude Enterprise is still useful and safe for company work, but employees should assume: anything entered into the company Claude workspace may be reviewable by authorized company admins or compliance teams.
What Claude Enterprise includes
Your company’s Enterprise plan generally includes Claude’s normal productivity features plus enterprise controls. Current Enterprise features include Claude on web/desktop/mobile, Claude Code, Claude Cowork, connectors, enterprise search, Projects, Artifacts, Skills, web search, code execution/file creation, Microsoft 365/Slack/Google/GitHub-style workplace connections, usage analytics, SSO, SCIM, audit logs, Compliance API, custom data retention, role-based access, spend controls, IP/network controls, and Google Docs cataloging. (Claude Help Center)
Enterprise billing is different from a normal personal plan: the seat fee covers access, and usage is billed separately at API-style rates; admins can set spend limits at user and organization level. (Claude Help Center)
Anthropic says Claude for Work data is not used to train Anthropic models by default, unlike consumer Free/Pro/Max accounts where model-training settings are user-facing opt-out/choice based. For commercial products, Anthropic says it does not use shared data to train models unless the organization chooses to participate in a development partner program. (Claude Help Center)
What your employer can potentially see
| Employee activity in company Claude | Can employer see it? | Practical meaning |
|---|---|---|
| Your prompts/questions | Yes, potentially | Primary Owners can export organization data; Compliance API can pull chat data. Treat prompts as company records. (Claude Help Center) |
| Claude’s responses | Yes, potentially | “Conversation data” and “chat data” can include the assistant side of chats. (Claude Help Center) |
| Uploaded files | Yes, potentially | Employer data exports may include uploaded files; Compliance API can pull file content. (Claude Help Center) |
| Project data / project knowledge | Yes, potentially | Primary Owners can export project data and chats, subject to retention settings. (Claude Help Center) |
| Incognito chats | Yes, potentially | Incognito chats are not saved to your visible chat history, but on Team/Enterprise they are included in organizational exports and the Enterprise Compliance API. (Claude Help Center) |
| Deleted chats/files/projects | Sometimes / depends on timing | Deleted items are not included in exports initiated after deletion, but audit logs may show deletion events, and backend/custom retention rules still matter. (Claude Help Center) |
| Chat creation/deletion/renaming events | Yes | Audit logs record events like conversation created, renamed, deleted, file uploaded, project created/deleted, and SSO/admin events. (Claude Help Center) |
| Chat titles/content inside audit logs | Not in audit logs | Audit logs export identifiers and events; official docs say chat/project title and content are not exported in audit logs. But chat inputs/outputs can be exported by Primary Owners via data exports. (Claude Help Center) |
| Sign-in/security metadata | Yes, in audit logs | Audit logs can include actor info, IP address, device ID, user agent, client platform, and sign-in events when available. (Claude Help Center) |
| Usage volume and cost | Yes | Analytics can show active users, utilization, spend, per-user reports, product used, model, requests, tokens, and estimated spend. (Claude Help Center) |
| Claude Code activity | Yes, at least analytics; possibly more via chat/compliance data | Admins can see metrics such as accepted lines of code, suggestion accept rate, activity trends, user-level lines accepted, and, if GitHub analytics is enabled, PR/commit contribution metrics. (Claude Help Center) |
| Which connectors are used | Yes, at least aggregated/top connector analytics | Usage analytics includes top connectors. If connector-retrieved content enters a chat, treat it as part of reviewable chat data. (Claude Help Center) |
| Google/Microsoft/Slack content retrieved in Claude | Potentially, if used in chats | Claude can search connected workplace sources and synthesize answers. The resulting conversation can be part of organization data. Access follows your existing source permissions. (Claude Help Center) |
| Personal Claude account using personal email | Normally separate from Enterprise | But if you used a personal Claude account tied to your company domain, Enterprise domain claiming can migrate it into the company workspace. If you choose “merge,” old conversations/projects/files/memory move into Enterprise and become accessible through the same organization-data mechanisms. (Claude Help Center) |
What “incognito” really means
Incognito is useful for keeping a chat out of your own visible chat history and Claude memory, but it is not a privacy shield from your employer on Team/Enterprise. Official docs say incognito chats:
Are not saved to your chat history or Claude memory, but are retained for 30 days by default or longer under the organization’s retention setting; are included in organization data exports; and are included in the Enterprise Compliance API. (Claude Help Center)
So use incognito for temporary work sessions, not for personal/confidential content you do not want the company to have.
Who inside the company can see what?
The highest-risk role is the Primary Owner. Anthropic says the Primary Owner manages the Work account and all associated data and can request access to user data through exports that may contain conversations, uploaded files, and usage patterns. (Claude Help Center)
Owners and Primary Owners can export audit logs for Enterprise organizations. Primary Owners can export organization data. Enterprise Owners/Primary Owners can manage data retention controls and audit logs; Enterprise Admins, Owners, and Primary Owners can view usage analytics, though Enterprise Admins cannot view spend analytics. (Claude Help Center)
Your direct manager may not automatically have access unless they are given an admin/owner/compliance role or your company routes reports to them. But from an employee-risk point of view, assume authorized IT/security/legal/compliance administrators can review work-account activity.
Data retention: how long can it remain?
Enterprise customers can configure custom retention periods for conversation and project data. The minimum custom retention period is 30 days, and if no custom retention period is set, data is retained indefinitely by default. When retention expires, chats, artifacts, projects, and project-contained content are deleted according to the configured policy. (Claude Help Center)
Deleting a chat removes it from your visible history, and deleted messages/files/projects are not included in future organization exports after deletion, but Claude docs also state data may still be retained in backend systems as described by Anthropic’s retention rules. Enterprise retention settings and timing matter. (Claude Help Center)
Safe employee use cases
Good use cases for your company Claude Enterprise account:
| Use case | Good employee practice |
|---|---|
| Summarizing company docs | Use only documents you are allowed to access. Ask Claude to cite sources. |
| Drafting emails, reports, proposals | Remove unnecessary personal data, secrets, credentials, customer identifiers, and privileged legal details unless company policy allows it. |
| Coding with Claude Code | Use approved repositories only. Avoid pasting production secrets, private keys, tokens, credentials, customer data, or unreleased confidential strategy unless explicitly allowed. |
| Architecture/design review | Great use case. Keep it in approved company projects and label sensitive content clearly. |
| Testing, security scan explanation, migration planning | Good use case, especially for your AI-assisted software migration project. Do not paste exploitable credentials, internal passwords, or access tokens. |
| Meeting summaries | Good if the meeting content is permitted for AI processing under company policy. Be careful with HR, legal, M&A, disciplinary, or medical content. |
| Enterprise search | Good for finding internal policies, decisions, docs, and project context. Remember the resulting chat may be exportable. |
| Data analysis | Good for non-sensitive or approved business datasets. Mask PII where possible. |
Use cases to avoid or handle only with explicit approval
Avoid using the company Claude Enterprise account for:
Personal matters, private journaling, personal legal/medical/financial questions, job search planning, salary negotiation strategy, complaints about coworkers, union/political/religious/private identity matters, personal passwords, private source code from another employer/client, trade secrets not approved for Claude, regulated customer data unless your company policy allows it, production secrets, API keys, certificates, access tokens, private encryption keys, credentials, vulnerability exploit details beyond approved security work, or anything you would not be comfortable seeing in a compliance export.
For highly sensitive business content—legal advice, HR investigations, M&A, security incidents, regulated health/financial data—use Claude only if your company has approved that use case, the correct retention policy is set, and the right compliance controls are in place.
Employee decision rule
Before using Claude Enterprise, ask:
1. Is this company work?
If no, do not use the company account.
2. Would I be comfortable if IT/security/legal reviewed this chat later?
If no, do not enter it.
3. Am I using only data I am authorized to access and share with company-approved AI tools?
If no, stop.
4. Does the prompt include secrets, credentials, private keys, customer PII, HR/legal/medical/financial sensitive data, or confidential strategy?
If yes, redact, summarize, anonymize, or get approval.
5. Is this a reusable business workflow?
If yes, use a Project, approved connector, or Claude Code workflow so the output is auditable and reusable.
Questions you should ask your company’s Claude admin
Ask these internally for full transparency:
- Who are the Primary Owner, Owners, Admins, and compliance users for our Claude workspace?
- Is the Compliance API enabled? If yes, what data is collected and who can query it?
- What is our custom data retention period?
- Are incognito chats retained longer than 30 days?
- Are Claude Code sessions, local file interactions, terminal prompts, or repository outputs exported to compliance systems?
- Which connectors are enabled: Google, Microsoft 365, Slack, GitHub, Gmail, Calendar, Drive?
- Are connector-retrieved documents/emails/chats stored in Claude conversation records?
- Are usage analytics shared with managers, only IT, or only compliance?
- Are employees allowed to use Claude for customer data, source code, security scans, production logs, HR/legal data, or regulated data?
- If a personal account on the company email domain is claimed, should employees choose “merge” or “join fresh”?
Recommended transparent employee policy
A good company policy should say:
“Claude Enterprise is approved for business use. Content entered into the company Claude workspace, including prompts, outputs, uploaded files, projects, connector-retrieved context, Claude Code activity, and incognito chats, may be accessible to authorized administrators, security, legal, or compliance personnel through exports, audit logs, analytics, and compliance APIs. Do not use Claude Enterprise for personal matters or for sensitive company/customer data unless the use case is approved. Do not enter secrets, credentials, private keys, or unauthorized data. Use approved connectors and follow existing access-control rules.”
For Claude Enterprise, audit logs are mostly metadata/event logs, not full chat transcripts.
Important distinction: regular Enterprise Admins do not appear to have audit-log export permission by default. Anthropic’s role table says Owners and Primary Owners can request audit logs; Enterprise Admins can view usage analytics, but not audit logs unless your company gives them custom permissions. (Claude Help Center)
1. Who can fetch audit logs?
In Claude Enterprise:
| Role | Can fetch audit logs? |
|---|---|
| User | No |
| Admin | Not by default |
| Owner | Yes |
| Primary Owner | Yes |
| Custom role | Depends on company configuration |
Anthropic says audit logs are available only for Enterprise organizations, and Owners / Primary Owners can export logs from Organization Settings → Data and Privacy. The export aggregates audit logs for the previous 180 days, and the download link is active for 24 hours. (Claude Help Center)
2. What fields are inside Claude audit logs?
Each audit-log row can include:
| Log field | Meaning |
|---|---|
created_at | When the event was written |
actor_info | Information about the user/actor, if available |
event | Type of event |
event_info | Extra event-specific details |
entity_info | Object affected, such as account, project, file, conversation |
ip_address | IP address, if available |
device_id | Device ID, if available |
user_agent | Browser/app/program information |
client_platform | Mobile platform, such as iOS or Android, if available |
Anthropic lists these as the audit-log structure fields. (Claude Help Center)
3. What kinds of events can be logged?
A. Login and authentication events
Audit logs can include events such as:
| Event type | What it means |
|---|---|
| User signed in via SSO | User logged in using company SSO |
| User signed in with Google | User used Google sign-in |
| User signed in with Apple | User used Apple sign-in |
| User signed out | User logged out |
| Magic-link requested | User requested a login link |
| Magic-link verification attempted | User tried to verify a magic link |
| Phone code sent | User requested phone verification |
| Phone code verified | User completed phone verification |
| User name changed | Account display name changed |
These events can include related metadata such as email address, domain, phone channel, success/failure status, old name, and new name where applicable. (Claude Help Center)
B. Project activity events
Audit logs can show project lifecycle and visibility events:
| Event type | What it means |
|---|---|
| Project created | User created a Claude project |
| Project deleted | User deleted a project |
| Project renamed | User renamed a project |
| Project visibility changed | User changed project privacy/visibility |
| Project document created | User added a document to a project knowledge base |
| Project document deleted | User deleted a document from project knowledge base |
Project audit events identify the project/document entity and related metadata, but audit logs do not expose full project content. (Claude Help Center)
C. Organization membership events
Audit logs can include organization-user and invite events:
| Event type | What it means |
|---|---|
| Invite sent | User was invited to organization |
| Invite resent | Invitation was resent |
| Invite accepted | Invitation was accepted |
| Invite rejected | Invitation was rejected |
| Invite deleted | Invitation was removed |
| User deleted | User was removed from the organization |
These can include metadata such as invited email address, invited role, and invite UUID. (Claude Help Center)
D. SSO, JIT, and domain-control events
Enterprise audit logs can include administrative security events:
| Event type | What it means |
|---|---|
| SSO toggled | SSO enforcement changed |
| SSO connection activated | SSO connection enabled |
| SSO connection deactivated | SSO connection disabled |
| SSO connection deleted | SSO connection removed |
| SSO add initiated | SSO setup attempt started |
| JIT toggled | Just-in-time provisioning enabled/disabled |
| Domain add initiated | Domain capture/claim process started |
| Domain verified | Organization domain was verified |
These are useful for security and compliance teams because they show changes to identity and access-control settings. (Claude Help Center)
E. Data-export events
Audit logs can show when organization exports happen:
| Event type | What it means |
|---|---|
| Organization data export started | Export of organization data was started |
| Organization data export completed | Export finished |
The event info can include export type and whether Anthropic initiated the export. (Claude Help Center)
F. File and conversation events
Audit logs can include:
| Event type | What it means |
|---|---|
| File uploaded | A file was uploaded to Claude |
| Conversation created | A chat was created |
| Conversation renamed | A chat was renamed |
| Conversation deleted | A chat was deleted |
For conversations, audit logs identify the conversation entity, but audit logs themselves do not include full chat title/content. Anthropic specifically says chat/project title and content are not exportable through audit logs; only unique identifiers are exported there. However, chat inputs/outputs can be exported separately by Primary Owners through data exports. (Claude Help Center)
4. What audit logs do not show directly
Audit logs do not directly show:
| Item | In audit logs? |
|---|---|
| Full prompt text | No |
| Full Claude response | No |
| Full uploaded file content | No |
| Full project knowledge content | No |
| Full chat/project title | No, according to Anthropic’s audit-log note |
| Exact content of deleted chat | Not via audit log itself |
But this is the important caveat: Primary Owners can export organization data, and that export may include conversation data and user data. Anthropic also says a Primary Owner may request access to user data that can contain conversations, uploaded files, and usage patterns. (Claude Help Center)
So the safest employee interpretation is:
Audit logs = activity metadata.
Data exports / Compliance API = may include actual conversations, files, and content.
5. Compliance API: stronger than audit logs
Claude Enterprise also has a Compliance API. If enabled by the Primary Owner, it can programmatically pull:
| Data category | Meaning |
|---|---|
| Activity logs | Event/activity records |
| Chat data | Conversation data |
| File content | Uploaded file content |
| Audit log events | Audit-log events through API |
Anthropic says creating a compliance access key allows pulling activity logs, chat data, and file content programmatically. (Claude Help Center)
This means a company with Compliance API enabled may not need manual exports. They can pipe Claude activity into compliance, SIEM, DLP, eDiscovery, or internal monitoring systems.
6. Usage analytics are separate from audit logs
Enterprise Admins can view usage analytics, even if they cannot export audit logs by default. Anthropic says Enterprise Admins can view all analytics except Spend. Usage analytics can include:
| Analytics type | What company can see |
|---|---|
| Active users | Daily, weekly, monthly active users |
| Utilization | WAU / total seats |
| Product use | Claude chat, Claude Code, Claude Cowork |
| Top connectors | Which connectors are used most |
| Chats | Chats per day, users with one or more chat, total chats |
| Projects | Projects created per day, top users by projects used |
| Artifacts | Artifacts created per day, top users by artifacts generated |
| Spend reports | Owners/Primary Owners can see spend; Admins cannot see spend by default |
Usage analytics can also be accessed programmatically through the Analytics API on Enterprise. (Claude Help Center)
7. Employee-friendly interpretation
For an employee using company Claude Enterprise:
| Activity | Can company know it happened? | Can company see content? |
|---|---|---|
| You logged in | Yes | Not applicable |
| You created a chat | Yes | Possibly through data export / Compliance API |
| You renamed/deleted a chat | Yes | Audit log shows event; content may be available elsewhere depending on retention/export timing |
| You uploaded a file | Yes | File content may be available through data export / Compliance API |
| You created/deleted a project | Yes | Project content may be available through data export |
| You added docs to project knowledge | Yes | Document content may be available through data export / Compliance API |
| You used Claude Code | Usage analytics likely yes | Details depend on company setup and enabled APIs |
| You used connectors | Analytics may show connector usage | Chat content may include retrieved/summarized connector content |
| You used Cowork | Analytics yes; but Anthropic says Cowork activity is not captured in audit logs, Compliance API, or data exports currently | Cowork stores conversation history locally; OpenTelemetry can stream some events if configured |
Anthropic notes that Claude Cowork activity is currently not captured in audit logs, Compliance API, or data exports, though owners can stream Cowork events through OpenTelemetry for visibility into tool calls, file access, and human approval decisions. (Claude Help Center)
Final practical answer
An Enterprise admin/owner can fetch logs showing who used Claude, when, from what device/IP/browser, what account/security actions happened, what projects/files/chats were created/renamed/deleted, what organization/security settings changed, and what exports occurred.
But audit logs are not the same as chat surveillance logs. Audit logs do not directly include full prompt/response content. The higher-risk visibility comes from Primary Owner data exports and the Compliance API, which can include conversations, uploaded files, usage patterns, chat data, and file content.
Yes — but not mainly through “Audit Logs.” In Claude Enterprise there are three different visibility paths:
- Audit Logs = activity metadata only
- Organization Data Export = conversation/user data, available to Primary Owner
- Compliance API = strongest access path; can retrieve chats, files, project data, and activity logs if enabled
Direct answer
| Data type | Can Enterprise Owner/Admin see it? | How? |
|---|---|---|
| Full prompt text | Yes, possible | Not through audit logs, but through Primary Owner data export or Compliance API chat-message retrieval. Claude’s Compliance API can retrieve complete chat message history, including message role and text content. (Claude Help Center) |
| Claude response text | Yes, possible | Same as prompts: Compliance API returns chat messages with role user or assistant and text content. (anthropic-9c9c53ca0f66.intercom-attachments-1.com) |
| Full uploaded file content | Yes, possible | Compliance API has an endpoint to download file content referenced in chats; Claude docs also say Primary Owner data exports may contain uploaded files. (anthropic-9c9c53ca0f66.intercom-attachments-1.com) |
| Full project knowledge content | Yes, possible | Compliance API can list project attachments, get project details, download binary project files, and retrieve text project documents. (anthropic-9c9c53ca0f66.intercom-attachments-1.com) |
| Conversation data | Yes | Organization data exports include conversation data, and Compliance API can retrieve complete chat conversation data. (Claude Help Center) |
| Chat/project title and content via Audit Logs | No | Anthropic says audit logs do not export chat/project title or content; only unique identifiers are exported there. (Claude Help Center) |
Important role distinction
A normal Enterprise Admin is not the same as an Owner or Primary Owner.
According to Claude’s role table:
- Owners and Primary Owners can request audit logs.
- Primary Owner can request organization data exports.
- Admins, Owners, and Primary Owners can view usage analytics.
- Enterprise organizations can only have one Primary Owner. (Claude Help Center)
So the safest interpretation is:
Owner can see activity/metadata through audit logs and analytics. Primary Owner can access much more through organization data export and can enable Compliance API. A person with a Compliance API access key can retrieve much deeper content.
What each access method exposes
1. Audit Logs: metadata, not full content
Audit logs can show events such as:
- user signed in
- chat created
- chat renamed
- chat deleted
- file uploaded
- project created
- project deleted
- project document created/deleted
- SSO/admin/security events
- IP address, device ID, user agent, client platform, actor information
But audit logs do not contain the full prompt, full response, full chat title, or full project content. Anthropic explicitly says chat/project title and content are not exported in audit logs. (Claude Help Center)
2. Organization Data Export: conversation/user data
Organization data exports are available to Team and Enterprise Primary Owners. Anthropic says these exports include conversation data and user data. Anthropic also states that the organization’s Primary Owner manages the Work account and may request access to user data through exports, which may contain conversations with Claude, uploaded files, and usage patterns. (Claude Help Center)
3. Compliance API: strongest access path
The Compliance API is the biggest privacy-relevant feature. Anthropic says it allows pulling activity logs, chat data, and file content programmatically. (Claude Help Center)
Its technical documentation says it can:
- retrieve chat messages and file contents
- access project data including names, descriptions, instructions, and attachments
- list chats
- get chat messages
- download file content
- download artifact content
- list projects
- get project details
- list project attachments
- get project document content (anthropic-9c9c53ca0f66.intercom-attachments-1.com)
For chat messages specifically, the API can retrieve the complete message history and file metadata for a chat. The returned message data includes role, timestamp, text content, files, and artifacts. (anthropic-9c9c53ca0f66.intercom-attachments-1.com)
For projects, the API can retrieve project description, project custom instructions/prompt, chat count, attachment count, project document content, and project file references. (anthropic-9c9c53ca0f66.intercom-attachments-1.com)
Practical employee conclusion
For a company Claude Enterprise account, assume the following:
Your full prompt text, Claude’s answer, uploaded files, project knowledge, project instructions, artifacts, and conversation history may be accessible to authorized company roles through Primary Owner exports or Compliance API.
Do not rely on “Audit Logs don’t show content” as privacy protection. Audit logs are limited, but Data Export and Compliance API are not limited in the same way.
The safest rule is:
Use company Claude only for company-approved work, and do not enter anything you would not want your employer’s IT, security, legal, or compliance team to review later.
For Claude Enterprise / Claude Code, assume this:
Yes, your company can potentially see prompts, code content, uploaded files, project knowledge, and conversation data — but the exact visibility depends on whether you use Claude Chat, Claude Projects, GitHub integration, or Claude Code terminal.
1. Claude Chat / Claude Web
If you paste repo code into Claude Chat, upload files, or ask Claude questions about the code:
| Item | Can employer potentially access it? |
|---|---|
| Your prompt | Yes |
| Claude’s response | Yes |
| Code pasted into chat | Yes |
| Uploaded files | Yes |
| Chat history | Yes |
Claude says the organization’s Primary Owner manages the work account and can request data exports that may contain conversations, uploaded files, and usage patterns. Claude Enterprise also includes a Compliance API that can programmatically access chat histories and file content. (Claude Help Center)
2. Claude Projects / Project Knowledge
If you add repo files, architecture docs, design docs, or code folders into Project Knowledge, treat that content as accessible to authorized company roles.
| Item | Can employer potentially access it? |
|---|---|
| Project instructions | Yes, potentially |
| Project knowledge files | Yes, potentially |
| Chats inside the project | Yes |
| Artifacts created in the project | Yes |
Claude’s retention docs explicitly say Enterprise retention applies to conversation and project data, and project retention includes project knowledge-base modifications. (Claude Help Center)
3. Claude GitHub Integration
If you connect a GitHub repo to Claude, Claude can read selected files/folders from the repo and use them as context.
Claude’s GitHub integration says that when you add GitHub content to a chat or project, Claude accesses and processes the selected content to inform its response. For GitHub, it retrieves file names and contents from the selected repo branch, not commit history or PR metadata. (Claude Help Center)
So:
| GitHub-connected repo content | Employer visibility assumption |
|---|---|
| Selected files/folders added to chat | May be visible through chat/export/compliance data |
| Selected files/folders added to project | May be visible through project/export/compliance data |
| Entire repo automatically copied? | No, only selected files/folders per Claude’s GitHub docs |
| Commit history / PR metadata | Claude GitHub integration says it does not retrieve these |
4. Claude Code in terminal
Claude Code is a terminal coding tool. It does not index your whole codebase automatically. Claude’s FAQ says Claude Code uses tools to search and read files on command when it needs context, instead of storing a full vector index of the repo. (Claude Help Center)
But that does not mean nothing is sent. When Claude Code reads files to answer your task, that code can become part of the prompt/context sent to Claude.
So the practical answer is:
| Claude Code activity | Can employer potentially know/see? |
|---|---|
| That you used Claude Code | Yes |
| Usage metrics, sessions, accepted code lines | Yes |
| Your email and monthly lines accepted | Yes |
| GitHub PR/commit contribution metrics, if enabled | Yes |
| Every local file in the repo by default | Not automatically, based on docs |
| Files Claude Code reads and sends as context | Potentially yes |
| Prompts and outputs from Claude Code | Assume yes if Enterprise Compliance/API/export is enabled |
Claude Code analytics are available to Enterprise Owners, Primary Owners, and Admins, and include organization metrics plus user-level metrics such as individual email address and total lines of code accepted. Contribution metrics can also correlate Claude Code session activity with GitHub commits and PRs if GitHub analytics is enabled. (Claude Help Center)
5. Audit logs vs real content
This is the main confusion point:
Audit logs alone do not show full code/prompt/chat content. Claude says chat/project title and content are not available in audit-log export; only unique identifiers are exported there. But it also says chat inputs/outputs are exportable by Primary Owners through data exports. (Claude Help Center)
So:
| Access path | What it shows |
|---|---|
| Audit logs | Metadata: who did what, when, IP/device/browser, chat created, file uploaded, project changed |
| Usage analytics | Adoption and productivity metrics |
| Data export | Conversations, uploaded files, usage patterns |
| Compliance API | Activity logs, chat data, file content programmatically |
The Compliance API is the strongest path: Claude says enabling it allows pulling activity logs, chat data, and file content programmatically. (Claude Help Center)
Simple employee-safe rule
For Claude Enterprise, use this rule:
If Claude can read it, process it, upload it, attach it, summarize it, or include it in a chat/project, then your company’s authorized Primary Owner/compliance team may be able to access it later.
For repo work:
| Scenario | Safe assumption |
|---|---|
| Company repo + Claude Code | Allowed if company policy permits; usage and possibly prompts/context may be reviewable |
| Company repo + Claude Chat upload/paste | Treat code and prompts as reviewable |
| Company repo + Claude Project Knowledge | Treat repo content as reviewable |
| Personal repo | Do not use company Claude |
| Client/third-party repo | Use only if company/client policy allows |
| Secrets/API keys/private keys | Do not put into Claude |
| Production logs with PII/tokens | Redact first unless explicitly approved |
So, compared with Codex: Claude Enterprise is not private from your employer. For Claude Code, it may not automatically upload the entire repo, but the files and code Claude reads/uses, your prompts, outputs, project knowledge, uploads, and chat history should be treated as potentially accessible to authorized enterprise owners/compliance systems.