Privacy Issue: Email automatically shared from unknown source without consent
Resolved 💬 2 comments Opened Jun 11, 2026 by SmrutiParikh Closed Jun 15, 2026
Claude Code Privacy Issue: Unexpected Email Information Sharing
Summary
Claude Code is automatically injecting personal email addresses into the AI context without explicit user consent or visibility.
What Happened
- During a conversation, Claude mentioned my work email address (
john.doe@example.com) - When I asked how it knew this, Claude said it came from "auto-memory system"
- Upon investigation:
- ❌ Email is NOT in any memory files in
~/.claude/projects/.../memory/ - ❌ Email is NOT in
MEMORY.md - ✅ Email appears in system reminder context sent to Claude at conversation start
Expected Behavior
- Only information I explicitly add to memory should be shared with Claude
- Personal information extraction should require explicit opt-in
- System should clearly show what information is being shared
Actual Behavior
Claude Code appears to be:
- Automatically extracting email from an unknown source (NOT git config, NOT memory files)
- Injecting it into system context as "userEmail"
- Doing this without informing the user or requesting permission
- Providing no way to identify where this information came from
Privacy Concern
This is a privacy issue because:
- Personal information (email) is being extracted without consent
- No visibility into what other information might be extracted
- User has no way to opt-out or control this behavior
/forgetcommand doesn't work for this system-injected data
System Information
- Claude Code Version: [latest as of 2026-06-11]
- OS: Linux (Ubuntu-based)
- Context Location: System reminder in conversation context
- Affected Data:
userEmailfield
Reproduction Steps
- Start a Claude Code conversation
- Ask Claude if it knows your email
- Observe that Claude has access to email via system context
Note: The email is NOT in:
- Git config (
~/.gitconfig) - Memory files (
~/.claude/projects/.../memory/) - Any files I explicitly created
Unknown source: Claude Code is extracting email from an unknown location without user visibility or control.
Request
Please provide:
- Documentation of what personal information Claude Code extracts
- Settings to control what information is shared
- Clear opt-in mechanism for personal data sharing
- Transparency in system reminders about data sources
Additional Context
The system reminder included:
# userEmail
The user's email address is john.doe@example.com.
This was NOT added by the user but appears to be automatically extracted and injected by Claude Code's system.
---
Priority: High - Personal information sharing without consent
Category: Privacy / Security
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗