Claude
Anthropic · Generative AI assistant
Ayliea's assessment: Medium RiskAyliea recommends: ApproveIn Ayliea's curated list
Verified . Risk classification and recommended policy are Ayliea's subjective assessments — not vendor certifications.
- Data residency
- United States
- Zero retention available
- Yes (commercial / Enterprise tier)
- Certifications
- SOC 2 Type II, ISO 27001, HIPAA
Why this rating
Commercial API has 30-day default retention, ZDR option by contract, and broad certifications. Consumer claude.ai requires the same DPA review as other consumer LLM products.
Considerations before deploying
- Distinguish API access (managed) from claude.ai web access (unmanaged) at the network layer
- Confirm ZDR if processing PII/PHI
- MFA required on all admin console accounts
Sources
- Anthropic Trust Portal (trust.anthropic.com)
- Anthropic Privacy Policy (www.anthropic.com)
Want this for every tool on your network?
Ayliea finds every AI tool your team is actually using and applies your policies automatically.