Here is our independent evaluation of Claude (anthropic), at the heart of the Web3 revolution and the quest for a sovereign and privacy-respecting AI. Based on an exclusive framework and a rigorous audit of publicly available data, this analysis reflects our vision of a future where privacy is a fundamental right.
The scoring system is based on a comprehensive guide created specifically for this project, accessible here. This ranking is dynamic, evolving with innovations and feedback from the decentralized community.
Our mission: to enlighten and inform, without filter or influence, to build together a fairer and more transparent AI ecosystem.
update : 25/08/05
Key Insights from the Claude Privacy and Data Review
Model
Claude Sonnet 4 : Hybrid reasoning model, optimized for a balance of performance and efficiency, with advanced coding, data analysis, tool use, and agentic task capabilities. Available free on Claude.ai and via paid plans on Anthropic API, Amazon Bedrock, and Google Cloud Vertex AI.
Data Collection
Prompts stored: User data is only used for training with explicit opt-in consent, in line with Anthropic’s practices. By default, Anthropic employees cannot access conversations unless explicit consent is provided or Usage Policy violations occur. A
Use for training: Training uses a mix of public web data (up to March 2025), non-public third-party data, service provider data, data from consenting users, and internally generated data. Cleaning and filtering methods, including deduplication, are applied. A
Account required: Yes, an account is required to access the model via Claude.ai, API, or cloud platforms. C
Data retention duration: Specific retention periods documented C
- Deleted conversations: Immediate removal from history, automatic backend deletion within 30 days
- Usage Policy violations: Up to 2 years for inputs/outputs, up to 7 years for safety classification scores
- Feedback data: 10 years for consented submissions
User Control
Deletion possible: Yes, users can delete conversations with immediate removal from conversation history and automatic backend deletion within 30 days. A
Export possible: Yes, data exports are available to free/Pro Claude.ai users and Team plan Primary Owners. Users can export conversation data and account information from Settings > Privacy on web app or Claude Desktop (not available on mobile apps). A
Granularity control: Claude Enterprise offers custom retention controls (minimum 30 days). Standard users have conversation deletion control. B
Explicit user consent: Explicit consent required for use of data for training, consistent with Anthropic’s stated policy. A
Transparency
Clear policy: Data use and deployment policies are clear, though some aspects (e.g., data retention) lack precision. B
Change notification: Updates are well-documented via the Responsible Scaling Policy and System Cards, including details on security evaluations and deployment decisions. A
Model documentation: Full documentation via detailed report and System Card, including performance evaluations (e.g., 72.7% on SWE-bench Verified), security measures (ASL-2), and deployment decisions. A
Privacy by Design
Encryption (core & advanced) | B | Data encrypted in transit using TLS and at rest using 256-bit AES encryption. Implementation includes:
- Transport Security: TLS 1.3 protocol with Perfect Forward Secrecy (PFS)
- At-Rest Encryption: AES-256 encryption for stored data with encrypted key management
- Access Controls: Role-based access control (RBAC) with principle of least privilege
- Employee Access: Zero default access policy – conversations accessible only with explicit user consent or Usage Policy violations requiring Trust & Safety review
- Research Initiative: Active development of Confidential Inference via Trusted Virtual Machines for enhanced model weight and user data protection
Auditability & Certification | A | Comprehensive compliance framework including:
- SOC 2 Compliance: SOC 2 Type I and Type II certifications achieved
- HIPAA Certification: HIPAA compliance for healthcare data handling
- ISO Standards: ISO/IEC 42001:2023 certification for AI management system – first international standard for AI governance
- External Audits: Regular independent security assessments and penetration testing
- Government Evaluation: Deep evaluations by US AI Safety Institute, UK AI Security Institute for safety and compliance
- Trust Center: Publicly accessible compliance artifacts and documentation via Anthropic Trust Center
Transparency & Technical Documentation | A | Comprehensive technical disclosure including:
- System Cards: Detailed performance evaluations, security measures (ASL-2 classification), and deployment decisions
- Safety Metrics: Quantified harmlessness rate (98.99% ±0.23%), jailbreak resistance metrics (6.71% standard mode, 2.24% extended thinking)
- Technical Capabilities: Documented performance benchmarks (72.7% on SWE-bench Verified), context window specifications (200k tokens), output limits (64k tokens)
- Security Testing: Prompt injection defense statistics (86% prevention with protections), cyber capability assessments
- Responsible Scaling Policy: Public documentation of safety thresholds and deployment criteria
User-Configurable Privacy Features | B | Tiered privacy control system:
- Enterprise Level: Custom retention controls (minimum 30 days), enhanced privacy settings, data residency options via cloud providers
- API Clients: Zero data retention agreements available for qualified enterprise API clients (subject to Anthropic approval)
- Standard Users: Conversation deletion controls, data export capabilities (Settings > Privacy), opt-out mechanisms for training data
- Claude Code: Strict read-only permissions by default with explicit permission requests for file modifications
- Telemetry Control: Environment variable options for disabling analytics collection (DISABLE_TELEMETRY)
Hosting & Sovereignty
Sovereignty | C | Limited options available:
- Standard deployment: AWS (US East, US West, APAC, Europe) and Google Cloud
- Government deployment: AWS GovCloud for US Intelligence Community and national security customers
- Claude Gov models: Specialized deployment for classified US national security environments
- No general on-premises or local deployment options for commercial customers
Legal jurisdiction | D | Primarily US-based operations with international data transfer protections:
- EU transfers protected by Adequacy Decisions and Standard Contractual Clauses (SCCs)
- Specialized US jurisdiction deployment for government customers
Local option | C | Limited local deployment options:
- Claude Code can integrate with local MCP servers for desktop applications
- Enterprise deployments through Amazon Bedrock or Google Vertex AI
- No true on-premises deployment for commercial customers
- Government-specific deployments in AWS GovCloud
Big Tech dependency: Confirmed dependency on AWS (regions: US East, US West, APAC, Europe) and Google Cloud Vertex AI for hosting. D
Open Source
Publicly available model: Proprietary model, not open source. D
Clear open source license: Not applicable. D
Inference code available: Not available. However, Model Context Protocol (MCP) is open protocol for integrations. D
Remarks
Claude Sonnet 4 is a versatile model, surpassing Claude Sonnet 3.7 in multiple domains, notably coding (72.7% on SWE-bench Verified) and data analysis, with a 200k token context window and 64k output max. It is classified under the ASL-2 safety standard, with a harmlessness rate of 98.99% (±0.23%) and improved jailbreak resistance (6.71% in standard mode, 2.24% in extended thinking).
The model has specialized government deployments through Claude Gov models, which are designed for US national security customers and operate in classified environments. Rigorous evaluations have been conducted to minimize risk, including harmlessness training, post-deployment monitoring, and defenses against prompt injection (86% prevention with protections).
Cyber capabilities remain limited (e.g., 1/4 on network challenges), and the model is below ASL-3/ASL-4 thresholds for autonomy and CBRN risk. Available free on Claude.ai, it is well-suited for daily tasks and intermediate coding projects.
Privacy and Data Review: Overall Score
59.78/100
- Data Collection : 20 + 20 + 5 + 5 = 50
- User Control : 20 + 20 + 15 + 20 = 75
- Transparency : 15 + 20 + 20 = 55
- Privacy by Design : 15 + 15+ 20 + 20 + 15 = 85
- Hosting & Sovereignty : 5 + 0 + 5 + 0 = 10
- Open Source : 0 + 0 + 0 = 0
Total : 50 + 75 + 55 + 85 + 10 + 0 = 275
23 x 20 = 460
275 / 460 x 100 = 59.78
This evaluation is provided for informational purposes only and reflects a subjective analysis based on publicly available data at the time of publication. We do not guarantee absolute accuracy and disclaim all liability for errors or misinterpretations. Any disputes must be submitted in writing to futurofintenet@proton.me
For full methodology, see our complete scoring guide here: LLM Privacy Rating Guide
