Privacy Issue: Email automatically shared from unknown source without consent

Resolved 💬 2 comments Opened Jun 11, 2026 by SmrutiParikh Closed Jun 15, 2026

Claude Code Privacy Issue: Unexpected Email Information Sharing

Summary

Claude Code is automatically injecting personal email addresses into the AI context without explicit user consent or visibility.

What Happened

  1. During a conversation, Claude mentioned my work email address (john.doe@example.com)
  2. When I asked how it knew this, Claude said it came from "auto-memory system"
  3. Upon investigation:
  • ❌ Email is NOT in any memory files in ~/.claude/projects/.../memory/
  • ❌ Email is NOT in MEMORY.md
  • ✅ Email appears in system reminder context sent to Claude at conversation start

Expected Behavior

  • Only information I explicitly add to memory should be shared with Claude
  • Personal information extraction should require explicit opt-in
  • System should clearly show what information is being shared

Actual Behavior

Claude Code appears to be:

  • Automatically extracting email from an unknown source (NOT git config, NOT memory files)
  • Injecting it into system context as "userEmail"
  • Doing this without informing the user or requesting permission
  • Providing no way to identify where this information came from

Privacy Concern

This is a privacy issue because:

  1. Personal information (email) is being extracted without consent
  2. No visibility into what other information might be extracted
  3. User has no way to opt-out or control this behavior
  4. /forget command doesn't work for this system-injected data

System Information

  • Claude Code Version: [latest as of 2026-06-11]
  • OS: Linux (Ubuntu-based)
  • Context Location: System reminder in conversation context
  • Affected Data: userEmail field

Reproduction Steps

  1. Start a Claude Code conversation
  2. Ask Claude if it knows your email
  3. Observe that Claude has access to email via system context

Note: The email is NOT in:

  • Git config (~/.gitconfig)
  • Memory files (~/.claude/projects/.../memory/)
  • Any files I explicitly created

Unknown source: Claude Code is extracting email from an unknown location without user visibility or control.

Request

Please provide:

  1. Documentation of what personal information Claude Code extracts
  2. Settings to control what information is shared
  3. Clear opt-in mechanism for personal data sharing
  4. Transparency in system reminders about data sources

Additional Context

The system reminder included:

# userEmail
The user's email address is john.doe@example.com.

This was NOT added by the user but appears to be automatically extracted and injected by Claude Code's system.

---

Priority: High - Personal information sharing without consent
Category: Privacy / Security

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗