How Training Risk Differs When Using Claude Code via API, Web, and Bedrock

SECTION 01

The Bottom Line: Your Access Route Changes Everything

When adopting Claude Code for work, the first concern most developers face is whether their code will be used for model training. The answer depends entirely on how you access the service.

Under Anthropic's official policy, inputs through the free Web UI may be used for model improvement by default. API access, on the other hand, is generally not used for training purposes.

Here's a quick breakdown by route:

- Free Web UI: May be used for training by default
- Pro / Max Plan: Opt-out settings available
- Team / Enterprise: Contractual data protections in place
- Direct API access: Not used for training as a general rule
- AWS Bedrock / Google Cloud Vertex AI: Data doesn't reach Anthropic's servers

The critical point is that flipping an opt-out toggle isn't enough. When I ran a B2B AI assistant service, we explicitly highlighted that our product used API access, meaning conversation data wouldn't be used for training. When enterprise use cases involve customer data and internal knowledge, this distinction matters enormously.

An opt-out setting alone doesn't solve the fundamental question of where your data travels. You need to think about which plan you're on, which route your data takes, and where it's stored — treating this as a routing design problem, not just a settings problem.

SECTION 02

Data Handling for Web Usage (Free / Pro / Team / Enterprise)

Claude's free Web UI operates under a default setting where user inputs may be used for model improvement. This mirrors the structure of ChatGPT's free tier — a common pattern for AI services offering trial-level access.

Pro tier and above introduces different data handling terms. Opt-out options become available, allowing users to exclude their inputs from being used for training purposes.

Team and Enterprise plans add contractual data protection. Key differences include:

- Team: Organization-level data management with contractual training restrictions
- Enterprise: Stricter data retention policies with negotiable custom contracts
- Both: Admin tools for centralized management of member usage

However, as long as you're using the web interface, data still passes through Anthropic's servers. Upgrading your plan strengthens contractual protections, but the underlying route remains the same — a distinction worth understanding clearly.

SECTION 03

Data Handling via the API

Anthropic's API operates under a policy of not using user inputs for model training. OpenAI follows a similar approach for its API, making this an industry-standard expectation for paid API access.

When using Claude Code with API billing, your requests go directly through Anthropic's API. Code is transmitted via the API rather than the web interface, which means a different set of data handling rules applies.

This distinction between free chat and API access is something I've been conscious of since ChatGPT first emerged. Pasting production code into a free chat window is risky — I've written about this repeatedly. Choosing between API and a free plan isn't just about features; it's about where your data is going.

Even with API access, keep these points in mind:

- Data still reaches Anthropic's servers — the route changes, not the destination
- Log retention for a limited period may still occur
- Anthropic's internal policies could theoretically change in the future

The accurate framing is not "API means completely safe" but rather "there's a contractual agreement that your data won't be used for training." For enterprise decisions, this nuance matters.

SECTION 04

What Changes When You Use AWS Bedrock

When accessing Claude through AWS Bedrock (AWS's managed AI service platform), the data flow changes fundamentally. User inputs are processed within AWS infrastructure, and data does not reach Anthropic's servers.

This has significant implications for enterprise security requirements. You can keep communication within a VPC (Virtual Private Cloud) and enforce access control through IAM (AWS's permission management system), layering Claude usage on top of your existing AWS security posture.

The main reasons enterprises choose the Bedrock route include:

- Data stays out of Anthropic's hands: Eliminates concerns about source code reaching a SaaS vendor
- Audit compliance: Integrates with AWS CloudTrail and other audit logging tools
- Policy alignment: Fewer additional security reviews needed for companies already on AWS

Configuring Claude Code to use Bedrock is technically possible. By setting environment variables to point to a Bedrock endpoint, you can keep Claude Code's user experience intact while routing all data through AWS infrastructure.

As a comparable option, Google Cloud Vertex AI offers the same concept on GCP. For organizations primarily using Google Cloud, Vertex AI provides an equivalent alternative to Bedrock for running Claude within their own cloud infrastructure.

SECTION 05

Step-by-Step Opt-Out Settings

If you're using the web version of Claude, you can manage opt-out settings through an account settings toggle. Navigate to the Privacy section in your settings and disable the option for model improvement usage.

The process follows these steps:

- Log into claude.ai and open Settings
- Find the Privacy or Data section
- Toggle off the option related to data use for model training
- Save your changes and confirm they've taken effect

Anthropic also provides a dedicated opt-out request form. This is useful when the toggle alone doesn't feel sufficient, or when you want to submit a request on behalf of an entire organization.

However, opting out doesn't fix the routing problem — a point worth repeating. In my experience, a surprising number of people in corporate environments continue using AI tools without ever checking their settings, assuming "it's probably fine." Opt-out is the minimum step; the real issue is designing which route your data takes.

SECTION 06

Why I Chose the Max Plan: Cost and Policy Combined

Claude Code offers two main billing models: pay-per-use API billing and a Max Plan subscription. I went with the Max Plan without hesitation.

There were two reasons. First, cost predictability — when you're coding from morning to night, API billing adds up fast. The anxiety of watching costs mount actually slowed down my development workflow.

Second, the training policy angle. The route you choose changes your data contract relationship with Anthropic. The Max Plan operates under paid-tier data protection policies, so your inputs aren't subject to default training opt-in like the free tier.

In practice, I've rarely hit usage limits on the Max Plan, and the ability to focus without cost anxiety has been the biggest benefit. For individual developers, it's a rational choice that provides both lower training risk and predictable costs.

Of course, for team usage or scenarios involving customer data, the Max Plan alone may not be sufficient. That's when Team / Enterprise plans or the Bedrock route come into the picture.

SECTION 07

How the Safe Route Differs Between Solo and Corporate Use

When you're a solo developer working only with your own code, the acceptable risk range is relatively broad. API access or a Max Plan provides sufficient protection under a no-training policy.

However, when teams are involved or customer data enters the picture, the entire routing design needs re-examination. Without a system to manage who inputs what to the AI, one person's mistake can expose sensitive information.

Key checkpoints for corporate adoption include:

- Access route: Which of Web UI / API / Bedrock / Vertex AI is approved?
- Permissions: Who can use Claude Code, and in which repositories?
- Input restrictions: Are there rules against feeding customer data, credentials, or internal secrets to the AI?
- Audit logs: Can you track who entered what and when?
- Opt-out confirmation: Has the organization verified training exclusion across all accounts?

For IT managers and dev leads making adoption decisions, it's worth drawing a diagram of where data flows before saying "let's roll it out." Discovering after the fact that data was being used for training creates damage that a single settings change can't undo.

Through years of trial and error, I've learned that security holes are most expensive to fix after the fact. AI tools are no exception — setting the route and rules at the adoption stage is ultimately the cheapest approach.

SECTION 08

How I Decide What to Delegate to Claude Code

When I first started using Claude Code, I set several safety restrictions right away. No automatic commits, no destructive database operations, and Docker-related actions are limited too.

As coding speed increases, the boundary of "how much to delegate" needs to be drawn explicitly. The faster the AI can act, the faster damage spreads if something goes wrong.

Here's where I draw my lines:

- Commits: Auto-commit is disabled. I always review diffs before committing
- DB operations: Destructive migrations and data deletions are forbidden
- External connections: I don't use MCP. This prevents unexpected connections to external services
- Credentials: Environment variables and API keys are never passed to the AI

My decision to skip MCP comes from a security principle: "hold as little information as possible" and "send as little outside as possible." I understand MCP is a powerful extension mechanism, but the risk of unexpected external connections and unintended operations is something I'm not willing to accept at this stage.

Having built over 40 services throughout my career, I can say that "too cautious" is about right when it comes to security. The more you delegate to AI, the more deliberately you need to design what stays under your own control.

SECTION 09

Pre-Adoption Checklist

Based on everything covered so far, here's a consolidated list of essential checks before adopting Claude Code safely. These apply whether you're a solo developer or leading a team rollout.

For individual developers:

- Have you verified the training policy for your plan in official documentation?
- Have you enabled opt-out settings?
- Have you configured Claude Code's initial safety restrictions for dangerous operations?
- Have you established a rule to never include credentials or API keys in AI inputs?

For team and corporate adoption, add these:

- Has the organization decided on a specific access route (API / Bedrock / Vertex AI)?
- Have you diagrammed which servers data passes through?
- Is audit logging set up and operational?
- Are member usage scopes and input rules documented?
- Has the security team or legal approved the adoption?

These items aren't one-time checks — they need periodic review. AI service policies can change with any update, and what you confirmed six months ago may no longer be accurate.

The dangerous pattern with AI tools is that risk accumulates invisibly when you postpone these decisions. Maintaining a state where every team member is aware of the rules set during initial adoption is, practically speaking, the most important security measure you can take.

SECTION 10

Conclusion: Choosing Your Route Is the First Security Step

Claude Code's training risk varies fundamentally depending on your access route. The free Web UI may use inputs for training by default, API access generally doesn't, and Bedrock routes data so it never reaches Anthropic.

Rather than settling for "I opted out, so I'm safe," the key is to reframe this as a routing problem — where does your data travel? This means considering your plan selection, route design, and operational rules as a unified theme.

What I've arrived at through experience is a simple principle: the more you delegate to AI, the more you need to expand what you control. The balance between speed and safety is determined by upfront design.

I hope this article serves as useful decision-making material for anyone considering Claude Code adoption. Technologies change, but the security fundamental of "minimize what goes outside" remains constant.