Skip to main content
This page contains research findings derived from decompiled source code of @anthropic-ai/claude-code v2.1.88. It is intended for educational and research purposes only. All source code is the intellectual property of Anthropic.

Overview

Claude Code implements a two-tier analytics pipeline that collects extensive environment and usage metadata on every session. While there is no evidence of keylogging or source code exfiltration, the breadth of collection and the inability to fully opt out of first-party logging raises legitimate privacy considerations.

Data Pipeline Architecture

First-Party Logging (1P)

Events sent directly to Anthropic’s infrastructure via OpenTelemetry.
  • Endpoint: https://api.anthropic.com/api/event_logging/batch
  • Protocol: OpenTelemetry with Protocol Buffers
  • Batch size: Up to 200 events, flushed every 10 seconds
  • Retry: Quadratic backoff, up to 8 attempts
  • Persistence: Failed events saved to ~/.claude/telemetry/ for retry
Source: src/services/analytics/firstPartyEventLoggingExporter.ts

Third-Party Logging (Datadog)

A subset of events forwarded to Datadog for operational monitoring.
  • Endpoint: https://http-intake.logs.us5.datadoghq.com/api/v2/logs
  • Scope: Limited to 64 pre-approved event types
  • Token: pubbbf48e6d78dae54bceaa4acf463299bf (hardcoded in bundle)
Source: src/services/analytics/datadog.ts

What Is Collected

Every analytics event carries a common payload. The following fields are attached automatically.
Attached to every event. Source: src/services/analytics/metadata.ts:417-452
platform, platformRaw, arch, nodeVersion
terminal type
installed package managers and runtimes
CI/CD detection, GitHub Actions metadata
WSL version, Linux distro, kernel version
VCS (version control system) type
Claude Code version and build time
deployment environment
Memory and CPU data sampled at event time. Source: metadata.ts:457-467
uptime, rss, heapTotal, heapUsed
CPU usage and percentage
memory arrays and external allocations
Identity and subscription data included on every event. Source: metadata.ts:472-496
model in use
session ID, user ID, device ID
account UUID, organization UUID
subscription tier (max, pro, enterprise, team)
repository remote URL hash (SHA256, first 16 chars)
agent type, team name, parent session ID
Tool inputs are included in events but truncated by default. Source: metadata.ts:236-241
Field typeDefault truncation
StringsTruncated at 512 chars, displayed as 128 +
JSONLimited to 4,096 chars
ArraysMax 20 items
Nested objectsMax 2 levels deep
When OTEL_LOG_TOOL_DETAILS=1 is set, full, untruncated tool inputs are logged. This means complete file paths, bash command arguments, and other tool parameters are sent to Anthropic’s servers. Source: metadata.ts:86-88
Bash commands involving rm, mv, cp, touch, mkdir, chmod, chown, cat, head, tail, sort, stat, diff, wc, grep, rg, sed have the file extensions of their arguments extracted and included in the event payload.Source: metadata.ts:340-412

The Opt-Out Problem

The first-party logging pipeline cannot be disabled by direct Anthropic API users. There is no user-facing setting to turn it off.
The controlling function in source: 
// src/services/analytics/firstPartyEventLogger.ts:141-144
export function is1PEventLoggingEnabled(): boolean {
  return !isAnalyticsDisabled()
}
isAnalyticsDisabled() only returns true in three situations:
  1. Test environments (automated CI)
  2. Third-party cloud providers (AWS Bedrock, Google Vertex AI)
  3. A global telemetry opt-out — which is not exposed anywhere in the settings UI
For all standard direct API and OAuth users, first-party logging is always enabled.

GrowthBook A/B Testing

Users are silently assigned to experiment groups via GrowthBook without explicit notification. The assignment process sends user-identifying attributes to GrowthBook’s evaluation engine.
Attributes sent for experiment assignment (source: src/services/analytics/growthbook.ts): 
id, sessionId, deviceID
platform, organizationUUID, subscriptionType

Environment Variables

The following environment variables affect telemetry behavior:
VariableEffect
OTEL_LOG_TOOL_DETAILS=1Enables full, untruncated tool input logging
ANTHROPIC_API_KEY (Bedrock/Vertex context)Routes through third-party provider; disables 1P logging

Key Findings Summary

Volume

Hundreds of events are collected per session, covering nearly every user interaction.

No Opt-Out

First-party logging cannot be disabled by direct API users. The opt-out path exists in code but is not exposed.

Persistence

Failed events are saved to ~/.claude/telemetry/ and retried with quadratic backoff across up to 8 attempts.

Third-Party Sharing

A subset of events is forwarded to Datadog using a hardcoded public ingest token.

Repository Fingerprinting

Repository remote URLs are SHA256-hashed (first 16 chars) and included on every event for server-side correlation.

Tool Detail Backdoor

OTEL_LOG_TOOL_DETAILS=1 enables capture of full tool inputs — a non-default mode with significant privacy implications if inadvertently set.

Build docs developers (and LLMs) love

Get started for freeTalk to us