Skip to main content

User terms

Using connectors

When you connect Claude to external services:
  • You authorize Claude to access your data on those services
  • Your permissions on the external service determine what Claude can access
  • You can revoke access at any time through Settings
  • Data accessed through connectors is subject to Anthropic’s privacy policy

Custom connectors

When using custom connectors:
  • You’re connecting to unverified third-party services
  • Review the connector’s permissions carefully
  • Only connect to servers from trusted organizations
  • Monitor for unexpected behavior

Data handling

Anthropic’s data practices

  • Tool call parameters and responses are logged
  • Team/Enterprise data is not used for model training
  • Consumer data training requires explicit opt-in

Credential storage

When you connect Claude to a remote connector — including built-in integrations and remote MCP servers — the OAuth tokens or API credentials for that connection are held in Anthropic’s token vault. This does not apply to Desktop Extensions, which run locally and store credentials on your device.
  • Encryption at rest — Credentials are encrypted at rest within Anthropic infrastructure.
  • Access controls — Credentials are retrieved programmatically by Claude services to fulfill your requests. Human access to the vault is tightly restricted, subject to strict internal controls, and audit-logged.
  • Scope — Tokens carry only the permissions you granted during the OAuth consent flow. Claude requests the scopes the connector advertises as required; if the connector does not advertise specific scopes, Claude falls back to the scopes published by the connector’s authorization server, which may be broader than the connector strictly needs.
  • Lifecycle — Tokens are deleted from Anthropic systems when you disconnect a connector. You can also revoke Claude’s access at any time from the third-party service’s own settings.
Anthropic does not use stored connector credentials to access your data outside of fulfilling the requests you make to Claude.

Third-party data practices

Each connector has its own privacy policy and data practices. Review them before connecting.

Directory policy for developers

The canonical policy for connectors listed in the directory is the Anthropic Software Directory Policy. Earlier references to a separate “MCP Directory Policy” point to the same document. Key positions for developers:
  • No dangerous actions by default. Connectors in high-risk verticals (finance, legal, medical, insurance) must not enable irreversible or high-consequence actions without explicit user confirmation.
  • No training on partner data. Connector terms do not grant Anthropic rights to train models on data accessed through your server. See the partnership FAQ.
  • Directory terms apply as written. The Software Directory Terms are not negotiated for standard inclusion.
  • Per-organization custom directories are not supported. Enterprises that need a curated set should use admin controls and custom connectors.
For encryption and data-handling specifics (encryption at rest, transport security, breach notification), see Anthropic’s Data Processing Addendum.

Reporting issues

Report security vulnerabilities or policy violations to Anthropic’s vulnerability disclosure program.