Add /delete-session-data command for GDPR-compliant server-side data deletion

Resolved 💬 2 comments Opened Feb 8, 2026 by gigarun Closed Mar 8, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Problem

Claude Code transmits all file contents read via the Read tool (and other tools) to Anthropic's API servers for processing. This is expected behavior, but there is currently no built-in mechanism to request deletion of this data from Anthropic's servers once a session is complete.

This creates a serious compliance gap for professionals bound by strict confidentiality obligations:

  • Lawyers (attorney-client privilege)
  • Tax authorities (fiscal secrecy — e.g., Article L. 103 of the French Livre des Procédures Fiscales)
  • Healthcare professionals (medical secrecy / HIPAA)
  • Financial advisors (banking secrecy)
  • Any user handling PII or sensitive data

Currently, the only recourse is to manually send an email to privacy@anthropic.com — a slow, uncertain, and impractical process that does not meet the expectations of professional environments.

Proposed Solution

1. /delete-session-data command

A new built-in command that triggers server-side deletion:

# Delete current session data from Anthropic's servers
/delete-session-data

# Delete a specific past session by ID
/delete-session-data --session <session-id>

# Delete all sessions for the current project
/delete-session-data --project

Expected behavior:

  • Sends a deletion request to Anthropic's API
  • Deletes the local .jsonl transcript file
  • Returns a confirmation with a deletion receipt/ticket ID
  • Logs the deletion request for audit purposes

2. /sensitive-mode toggle

A mode for sessions involving confidential data:

/sensitive-mode on

When enabled:

  • Warns before each file read that content will be transmitted to Anthropic's servers, with option to cancel
  • Displays a real-time summary of all data transmitted during the session (file paths, sizes)
  • Auto-purges server-side data at session end
  • Disables context compression that may persist data in summarized form
  • Adds a visual indicator in the CLI prompt (e.g., 🔒) to remind the user

3. Post-session deletion prompt

When a session ends (or on /exit), if files were read during the session:

⚠ This session transmitted content from 12 files to Anthropic's servers.
  Would you like to request server-side data deletion? (y/N)

Why This Matters

Legal compliance

  • GDPR Article 17 — Right to erasure ("right to be forgotten")
  • GDPR Article 25 — Data protection by design and by default
  • GDPR Article 30 — Records of processing activities
  • Professional secrecy laws in multiple jurisdictions (France, Germany, EU, US/HIPAA)

Real-world scenario

I used Claude Code to analyze confidential tax litigation documents (bank statements, tax assessments, lawyer correspondence). Only after the analysis was complete did I realize that all file contents had been transmitted to Anthropic's servers — including taxpayer PII, bank account numbers, and attorney-client privileged communications. My only option was to draft a manual email to privacy@anthropic.com and hope for the best.

This should never be the user's experience.

Enterprise adoption

Organizations evaluating Claude Code for professional use will require:

  • Data lifecycle management capabilities
  • Audit trails for data transmission and deletion
  • Compliance with internal data governance policies
  • Ability to demonstrate GDPR compliance to regulators

Without built-in data deletion, Claude Code cannot be responsibly deployed in environments handling sensitive data.

Alternatives Considered

| Alternative | Why it's insufficient |
|---|---|
| Email to privacy@anthropic.com | Manual, slow (up to 30 days), no confirmation, not scalable |
| Don't use Claude Code for sensitive data | Defeats the purpose — sensitive data is where AI assistance is most valuable |
| Local-only LLM | Performance gap makes this impractical for complex analysis tasks |
| API data retention policies | Passive — user needs active control, not just policy promises |

Implementation Considerations

  • The deletion API endpoint could return a ticket/receipt ID for audit purposes
  • Deletion should cover: conversation logs, tool call contents, cached/compressed context, any derived data
  • A --dry-run flag could show what would be deleted without executing
  • Integration with Anthropic's existing privacy infrastructure
  • The command should work retroactively for past sessions (via session ID from /sessions or local logs)

Labels suggestion

enhancement, privacy, security, gdpr, enterprise

---

This feature request was inspired by a real-world incident involving confidential fiscal data inadvertently transmitted to Anthropic's servers during a Claude Code session. The current absence of any built-in data deletion mechanism represents a significant gap in Claude Code's data governance capabilities.

Proposed Solution

Add a built-in /delete-session-data command that sends a server-side deletion request to Anthropic's API for all
data transmitted during a Claude Code session (conversation logs, file contents from Read tool, image data, cached
context). The command should support deleting the current session, a past session by ID, and provide a deletion
confirmation receipt. Additionally, implement a /sensitive-mode toggle that warns users before each file
transmission, displays a real-time summary of transmitted data, and auto-purges server-side data at session end.

Alternative Solutions

The only current alternative is to manually email privacy@anthropic.com with session details and wait up to 30 days
for processing under GDPR Article 12(3). This is impractical, unscalable, and incompatible with professional
environments where data deletion must be immediate and auditable. Other alternatives like avoiding Claude Code for
sensitive data or using local-only LLMs are not viable — sensitive data workflows are precisely where AI assistance
provides the most value, and local models lack the performance needed for complex analysis tasks.

Priority

Critical - Blocking my work

Feature Category

CLI commands and flags

Use Case Example

_No response_

Additional Context

As a financial inspector, I used Claude Code to analyze a confidential fiscal litigation dossier containing bank statements,
tax assessments, taxpayer PII (name, address, SIREN, bank account numbers), and attorney-client privileged
correspondence. All file contents were transmitted to Anthropic's servers via the Read tool without any warning. After
completing the analysis, I had no way to request deletion of this sensitive data from within Claude Code. My only
option was to manually draft a GDPR erasure request email to privacy@anthropic.com — a process that is slow,
uncertain, and falls far short of the data governance requirements imposed by professional secrecy obligations (French
tax secrecy, Article L. 103 LPF). A simple /delete-session-data command would have resolved this immediately.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗