Most developers who have been using Claude Code haven't spent much time thinking about what the agentic AI is doing with all the context it gathers. That includes me. The tool's usefulness comes from its deep access to everything in your environment, including files, running services, and installed packages. That's how it gives relevant answers when you have a question about your system.
In March 2026, Anthropic accidentally shipped a version of Claude Code that exposed hundreds of thousands of lines of its source code. The leak revealed a batch of unreleased and upcoming features, including a Tamagotchi-style pet. That's what most people found interesting, but it also confirmed exactly what information Claude Code collects from your machine and what it's doing with it.
I set up Claude Code the way its creator does, and the difference is night and day
Who better to learn from than the person who made it?
It's collecting a lot more than your prompts
The data profile goes deeper than you'd expect
I already expected that Anthropic was saving every prompt I sent to Claude Code. Nobody should be shocked by that. The disconcerting part of the revelation is that it also uploads any file contents that Claude Code reads. Seeing as you're expected to point the tool at your codebase and system files in order to get its help, that means that users are sending heaps of data to Anthropic when using the tool as intended. To clarify, this isn't innocuous file metadata, but the actual contents of your files. That data can then be retained by Anthropic for up to seven years in some cases.
The leaked source also confirms that uploaded session data includes your user ID, session ID, account UUID, org UUID, email address, app version, platform, terminal type, and enabled feature flags. Since a user's ID is transmitted alongside the file content being uploaded, it's reasonable to conclude that a user's files are linked to their user ID. In other words, Anthropic is storing a lot of each user's data and knows exactly who owns what.
Claude Code also has a "memory" feature. That's the tool's ability to store pertinent information about your project so that it can recall it across different sessions. It stores notes about your setup, preferences, and conventions, so it doesn't have to re-learn your environment every time you open a new session. It's a useful feature, but all that context resides on Anthropic's servers in order for it to work.
The background features nobody told you about
KAIROS and dream mode are more interesting than they sound
The leaked code shows a couple of unreleased features that give us some insight into the future of Claude Code. KAIROS is the name of a daemon (a process that runs in the background) that would allow Claude Code to operate without the user watching the terminal at all. It would be able to fix errors and run tasks while you're away, and send push notifications when something needs your attention.
"Dream mode" is a background process that runs whenever Claude Code is idle. It's essentially a mode in which the model can reflect on past interactions, spot patterns, and build upon its understanding of your project. It's actually a neat idea; the same kind of perspective you gain from stepping away from a problem and coming back to it fresh.
Those features sound really cool, but they're fundamentally different than what Claude Code currently offers. Both of these new features would be running in the background and without user intervention, bringing a new level of autonomy to the agentic tool that not everyone will be comfortable with. Neither of these are available yet, but both appear to be far along in development, given how much supporting code was uncovered.
None of this was a secret
Anthropic's documentation already covers this
All the data practices brought to light by the leak don't contradict anything from Anthropic's terms, which users have to agree with before using Claude Code. Most users aren't going to read pages of terms and conditions, especially not when the practices are scattered across different policy and security pages. A leak that makes headlines will do more to inform users about their data than any terms page ever will.
Anthropic's data retention ranges anywhere from 30 days to seven years. It all depends on the plan tier you're subscribed to and whether any safety flags are applied to your account. Under most circumstances, deleting a chat will delete the data from Anthropic's servers in 30 days. If you opt in to letting Anthropic train models based on your data, they'll save it for up to five years. Safety flags override this behavior, with the longest possible retention being seven years. Claude's docs use vague wording, but Concretio's blog post details the retention policy clearly.
Agentic tools are naturally invasive
Anthropic published a list of environmental variables in response to the coverage. Setting CLAUDE_CODE_DISABLE_AUTO_MEMORY=1 disables memory and telemetry write operations, and running with --bare mode strips out memory and the autoDream features entirely. These were buried in docs before, and I hadn't encountered them myself, so I'd wager most other users hadn't either.
The reality is that agentic tools need deep access to your system or project to be useful. It's a trade-off about how much data you're willing to let the tool have, and this leak reveals exactly how much you've already been sharing without realizing it.