Risk
Privacy And Redaction For Claude Logs
What to redact before sharing Claude transcripts, OpenTelemetry events, hook logs, screenshots, or derived summaries.
Identity
Events can identify users
Claude Code telemetry can include authenticated user and organization attributes, which are useful for audit and sensitive for sharing.
Content
Prompts are data
Prompts, responses, file paths, tool inputs, and MCP arguments may contain private business context even when no secret-looking token appears.
"attributed to the developer"
What To Protect
A Claude log can contain more sensitive information than a normal application log. It may include user prompts, assistant reasoning summaries, file paths, code snippets, terminal output, tool arguments, MCP call details, identity attributes, repository names, customer names, and screenshots or attachments.
Treat raw transcripts as sensitive by default. A transcript that looks harmless at the first prompt can reveal secrets later through a tool result, environment variable, stack trace, config file, or copied support message.
Redact In A Stable Order
First remove secrets and credentials. Then remove personal data, customer identifiers, private repository names, internal hostnames, unreleased product names, and exact file paths if they reveal too much. Finally, review model responses and tool outputs for copied context.
Do not rely only on regexes. They help catch token-shaped strings, but many sensitive facts are ordinary words. A human review step is still required before external sharing.
- Replace secrets with named placeholders such as
[REDACTED_API_KEY]. - Keep timestamps and event order unless they reveal private operations.
- Preserve enough structure for a reviewer to understand the incident or bug.
Telemetry Content Controls
OpenTelemetry event export is valuable because it centralizes agent activity. It also expands the blast radius if prompts, responses, and tool inputs are exported without policy. Start with metadata fields and explicitly decide whether content logging is allowed for each environment.
Anthropic documents options for detailed MCP activity and content-related event fields. If those are enabled, route the data to an access-controlled backend with retention and deletion rules, not an open team dashboard.
Safe Sharing Patterns
For a PR comment, share a short derived summary and link to internal evidence. For a vendor support ticket, create a minimal reproduction transcript with secrets removed. For a public blog post, rebuild the scenario with synthetic paths and data.
When in doubt, share the finding, not the raw transcript. The operational value usually comes from sequence, tool category, and final evidence, not from exposing every prompt token.
Primary sources
Sources behind this page
Anthropic
Claude Code monitoring
Reference for Claude Code metric names, event analysis, identity attributes, MCP audit detail, and retry analysis.
Anthropic
Observability with OpenTelemetry
Explains Agent SDK telemetry flow through the Claude Code CLI and the metrics, logs, and traces exported over OTLP.
Anthropic
CLI reference
Documents stream-json output, hook event inclusion, session persistence controls, naming, and resume flags.
OWASP
OWASP Logging Cheat Sheet
Practical application logging guidance, including event design and verification considerations.
Cite this page
Claude Logs. "Privacy And Redaction For Claude Logs." claudelogs.com, updated 2026-07-06. https://claudelogs.com/privacy-redaction
FAQ
Is a transcript safe if no API key appears?
Not necessarily. Repository names, customer data, business strategy, private paths, and model outputs can all be sensitive without matching a secret pattern.
Should redaction happen before indexing?
For shared search systems, yes. Indexing raw sensitive transcripts can spread data into caches and backups that are harder to clean later.