Risk

Privacy And Redaction For Claude Logs

What to redact before sharing Claude transcripts, OpenTelemetry events, hook logs, screenshots, or derived summaries.

#

Identity

Events can identify users

Claude Code telemetry can include authenticated user and organization attributes, which are useful for audit and sensitive for sharing.

#

Content

Prompts are data

Prompts, responses, file paths, tool inputs, and MCP arguments may contain private business context even when no secret-looking token appears.

"attributed to the developer"

What To Protect

A Claude log can contain more sensitive information than a normal application log. It may include user prompts, assistant reasoning summaries, file paths, code snippets, terminal output, tool arguments, MCP call details, identity attributes, repository names, customer names, and screenshots or attachments.

Treat raw transcripts as sensitive by default. A transcript that looks harmless at the first prompt can reveal secrets later through a tool result, environment variable, stack trace, config file, or copied support message.

Redact In A Stable Order

First remove secrets and credentials. Then remove personal data, customer identifiers, private repository names, internal hostnames, unreleased product names, and exact file paths if they reveal too much. Finally, review model responses and tool outputs for copied context.

Do not rely only on regexes. They help catch token-shaped strings, but many sensitive facts are ordinary words. A human review step is still required before external sharing.

  • Replace secrets with named placeholders such as [REDACTED_API_KEY].
  • Keep timestamps and event order unless they reveal private operations.
  • Preserve enough structure for a reviewer to understand the incident or bug.

Telemetry Content Controls

OpenTelemetry event export is valuable because it centralizes agent activity. It also expands the blast radius if prompts, responses, and tool inputs are exported without policy. Start with metadata fields and explicitly decide whether content logging is allowed for each environment.

Anthropic documents options for detailed MCP activity and content-related event fields. If those are enabled, route the data to an access-controlled backend with retention and deletion rules, not an open team dashboard.

Safe Sharing Patterns

For a PR comment, share a short derived summary and link to internal evidence. For a vendor support ticket, create a minimal reproduction transcript with secrets removed. For a public blog post, rebuild the scenario with synthetic paths and data.

When in doubt, share the finding, not the raw transcript. The operational value usually comes from sequence, tool category, and final evidence, not from exposing every prompt token.

Primary sources

Sources behind this page

Anthropic

Claude Code monitoring

Reference for Claude Code metric names, event analysis, identity attributes, MCP audit detail, and retry analysis.

Anthropic

CLI reference

Documents stream-json output, hook event inclusion, session persistence controls, naming, and resume flags.

OWASP

OWASP Logging Cheat Sheet

Practical application logging guidance, including event design and verification considerations.

Cite this page

Claude Logs. "Privacy And Redaction For Claude Logs." claudelogs.com, updated 2026-07-06. https://claudelogs.com/privacy-redaction

FAQ

Is a transcript safe if no API key appears?

Not necessarily. Repository names, customer data, business strategy, private paths, and model outputs can all be sensitive without matching a secret pattern.

Should redaction happen before indexing?

For shared search systems, yes. Indexing raw sensitive transcripts can spread data into caches and backups that are harder to clean later.