1
OneTrust
OneTrust offers a comprehensive privacy management platform that automates various aspects of privacy, security, and third-party risk management.
AI ToolBecomes the API
Anthropic Data Processing Addendum Review
The Anthropic Data Processing Addendum is a legally binding document outlining the terms under which Anthropic processes personal data on behalf of its customers using its AI services, ensuring compliance with data protection regulations.
shipped Nov 20, 2025trust, security & compliancepaid
Read full review↓Visit Anthropic Data Processing Addendum↗
Trust, Security & CompliancePrivacyData Processing Addendum
1Ensures compliance with data protection laws such as GDPR and UK GDPR for Anthropic's AI services.
2Specifies Anthropic's role as a data processor, committing not to sell or share customer personal data.
3Details technical and organizational safeguards implemented by Anthropic to protect customer data.
4Includes mechanisms like Standard Contractual Clauses (SCCs) for EU data and UK IDTA for UK data transfers.
Stork Quadrant
Becomes the API· 46/100
Replaceable as a UI, but kept alive as the API the agents call.
“This is a legal artifact, not a software tool — it's a PDF that enterprise buyers need to sign before deploying Claude in regulated environments. The moat is Anthropic's identity as the counterparty: you can't sign a DPA with yourself. It exists because GDPR and enterprise procurement require it, not because it delivers unique software value.”
Defensibility · 27/100
- Physical-world coupling
- Regulatory moat
- Network liquidity
- Proprietary refreshing data
- High-trust catastrophic workflows
- Multi-party coordination
- Brand / community / taste
An LLM alone could replace
- Summarize what a DPA document covers and what clauses to expect
- Draft a generic DPA template based on GDPR Article 28 requirements
- Explain the difference between data controller and data processor roles
- Identify gaps or missing clauses in a provided DPA draft
Agent-Readiness · 70/100
- Verified MCP— Stork MCP listing: anthropic-mcp-reference (confirmed)
- Listed on agent surfaces— anthropic_directory, cursor, claude_desktop + Stork:anthropic-mcp-reference
- Usage-based pricing
- Headless agent auth— https://www.anthropic.com/docs (api-key auth)
- Public OpenAPI— https://docs.anthropic.com/.well-known/openapi
- Active changelog
- llms.txt
Score history · +16 pts over 2 re-scores
How to defend
The DPA only matters as long as Anthropic remains the vendor enterprises want to use. Strengthen it by getting ISO 27001, SOC 2 Type II, and HIPAA BAA coverage so procurement teams can check every box without escalating — that turns a legal formality into a sales accelerant.
- Add a usage-based or per-call tier; per-seat-only pricing dies when agents replace seats (+15).
- Publish a public changelog and ship in the last 90 days — silence reads as abandonment (+10).
- Ship an /llms.txt file pointing agents to your most important docs (+5, easy win).
Anthropic Data Processing Addendum at a Glance
Similar Tools
Compare Alternatives
Other tools you might consider
View on Stork→
2
TrustArc
TrustArc provides an AI-powered platform for end-to-end privacy and data governance, helping organizations automate and simplify compliance management.
3
Securiti
Securiti's Data Command Center offers unified intelligence and controls across hybrid multicloud environments, focusing on automating data privacy operations and AI security and governance.
4
NeuralTrust AI
NeuralTrust AI provides a Data Processing Addendum specifically designed for securing Generative AI operations, detailing data handling, security, and compliance in an AI context.
overview
What is Anthropic Data Processing Addendum?
Anthropic Data Processing Addendum is a legal framework tool developed by Anthropic that enables enterprises using Anthropic's AI services to ensure compliance with data protection laws. It outlines processing roles, data handling commitments, and security safeguards for personal data. This addendum is a legally binding document that specifies the terms under which Anthropic, acting as a data processor, handles personal data on behalf of its customers, who are designated as data controllers, when utilizing Anthropic's AI services, including the Claude models. Its primary function is to ensure adherence to data protection regulations such as the EU General Data Protection Regulation (GDPR) and the UK GDPR. The DPA establishes clear roles, defining the customer as the entity determining the purpose and means of data processing, and Anthropic as the entity processing data based on the customer's instructions. Key aspects include commitments not to sell or share customer personal data, detailed technical and organizational security measures, and provisions for international data transfers through mechanisms like Standard Contractual Clauses (SCCs) for EU data and the UK International Data Transfer Addendum (UK IDTA). The DPA also outlines Anthropic's assistance in fulfilling data subject requests. It is automatically incorporated into Anthropic's commercial Terms of Service for products such as the Claude API and Claude for Work.
quick facts
Quick Facts
| Attribute | Value |
|---|---|
| Developer | Anthropic |
| Business Model | Usage-based (per token) |
| Pricing | Usage-based, starting at $0.001 per 1k input tokens for Claude Haiku 4.5 |
| Platforms | API |
| API Available | Yes |
| Integrations | Cloudflare, CrowdStrike, Palo Alto Networks, Microsoft Purview, Okta, Netskope, Fortinet (via Claude Compliance API) |
features
Key Features of Anthropic Data Processing Addendum
The Anthropic Data Processing Addendum provides a structured framework for data privacy and compliance, offering specific features designed to protect customer data when interacting with Anthropic's AI services.
- 1Provides a Data Processing Addendum (DPA) template for enterprise use.
- 2Outlines specific processing roles for data controllers (customers) and data processors (Anthropic).
- 3Establishes technical and organizational safeguards for data protection.
- 4Ensures compliance with major data protection regulations, including GDPR and UK GDPR.
- 5Commits Anthropic not to sell or share customer personal data.
- 6Includes Standard Contractual Clauses (SCCs) for EU data transfers.
- 7Incorporates the UK International Data Transfer Addendum (UK IDTA) for UK data transfers.
- 8Supports customers in fulfilling data subject requests (e.g., access, deletion).
- 9Integrates with enterprise security tools via the Claude Compliance API for telemetry and content ingestion.
- 10Offers Zero Data Retention (ZDR) for qualifying Enterprise customers.
use cases
Who Should Use Anthropic Data Processing Addendum?
The Anthropic Data Processing Addendum is essential for organizations that utilize Anthropic's AI services, particularly those handling personal data, to ensure legal compliance and robust data governance.
- 1Enterprises using Claude API or Claude for Work to process personal data, requiring a legal framework for data handling.
- 2Organizations operating under GDPR, UK GDPR, or similar data protection laws that need to define data controller and processor responsibilities.
- 3Businesses seeking to establish clear data safeguards and security measures when integrating third-party AI services.
- 4Companies requiring mechanisms for international data transfers, such as SCCs and UK IDTA, for their AI operations.
- 5Customers who need assistance from Anthropic in responding to data subject access, rectification, or deletion requests.
pricing
Anthropic Data Processing Addendum Pricing & Plans
The Anthropic Data Processing Addendum itself is a legal document incorporated into the commercial Terms of Service for Anthropic's paid AI services, such as the Claude API and Claude for Work. The pricing for these services is usage-based, primarily determined by token consumption and API rate limits, which vary by model and user tier. For instance, Claude Haiku 4.5 has a lower cost per request compared to Claude Opus 4.7. API rate limits are structured across multiple tiers; Tier 1 offers 50 requests per minute (RPM) and 40k-50k input tokens per minute on 3.5 models, while Tier 4 provides up to 4,000 RPM and 400k input tokens per minute across all models. Standard API log retention is 7 days, with Zero Data Retention (ZDR) available for qualifying Enterprise customers.
- 1Claude Opus 4.7: $0.005 per 1k input tokens, $0.025 per 1k output tokens.
- 2Claude Sonnet 4.6: $0.003 per 1k input tokens, $0.015 per 1k output tokens.
- 3Claude Haiku 4.5: $0.001 per 1k input tokens, $0.005 per 1k output tokens.
- 4API Tier 1: 50 requests per minute (RPM), 40k-50k input tokens per minute (3.5 models).
- 5API Tier 4: 4,000 requests per minute (RPM), up to 400k input tokens per minute (all models).
competitors
Anthropic Data Processing Addendum vs Competitors
Anthropic's Data Processing Addendum is positioned within a competitive landscape of privacy and compliance solutions, distinguishing itself through its specific focus on AI services and a strong emphasis on safety and data control.
1
OneTrust offers a comprehensive privacy management platform that automates various aspects of privacy, security, and third-party risk management.
While Anthropic focuses on an enterprise DPA template, OneTrust provides a full suite of tools for DPA incorporation, regulatory guidance, consent management, and policy management, making it a broader solution for operationalizing privacy compliance.
2
TrustArc↗
TrustArc provides an AI-powered platform for end-to-end privacy and data governance, helping organizations automate and simplify compliance management.
Similar to Anthropic's DPA, TrustArc offers DPA solutions and incorporates Standard Contractual Clauses, but it extends to a full platform with data mapping, risk assessments, and automated compliance across numerous privacy laws.
3
Securiti's Data Command Center offers unified intelligence and controls across hybrid multicloud environments, focusing on automating data privacy operations and AI security and governance.
Securiti directly competes by offering DPA automation as part of its broader PrivacyOps solution, which includes features like data mapping, assessment automation, and breach management, providing a more integrated approach than a standalone DPA template.
4
NeuralTrust AI↗
NeuralTrust AI provides a Data Processing Addendum specifically designed for securing Generative AI operations, detailing data handling, security, and compliance in an AI context.
NeuralTrust AI is a direct competitor as it offers an AI-specific DPA, similar to Anthropic's focus on AI data processing, but specifically highlights its application to Generative AI, addressing unique challenges in that domain.
5
iubenda↗
iubenda offers a suite of compliance solutions, including a direct download for a US Data Processing Addendum template, alongside tools for privacy policies and cookie solutions.
While Anthropic provides an enterprise DPA template, iubenda offers a more accessible, starter DPA template for direct download, catering to businesses that might need a foundational document rather than a fully integrated platform.
❓
Frequently Asked Questions
+What is Anthropic Data Processing Addendum?
Anthropic Data Processing Addendum is a legal framework tool developed by Anthropic that enables enterprises using Anthropic's AI services to ensure compliance with data protection laws. It outlines processing roles, data handling commitments, and security safeguards for personal data.
+Is Anthropic Data Processing Addendum free?
The Anthropic Data Processing Addendum is a legal document that is incorporated into the commercial Terms of Service for Anthropic's paid AI services, such as the Claude API and Claude for Work. The services themselves are usage-based, with costs determined by token consumption and API rate limits, not a standalone free offering.
+What are the main features of Anthropic Data Processing Addendum?
Key features include providing an enterprise DPA template, outlining processing roles and safeguards, ensuring compliance with GDPR and UK GDPR, committing not to sell or share customer data, and incorporating mechanisms for international data transfers like SCCs and UK IDTA. It also supports customers in fulfilling data subject requests and integrates with enterprise security tools via the Claude Compliance API.
+Who should use Anthropic Data Processing Addendum?
Organizations using Anthropic's Claude API or Claude for Work that process personal data should utilize the Anthropic Data Processing Addendum. This is particularly relevant for businesses operating under strict data protection regulations like GDPR and UK GDPR, or those requiring robust data safeguards and clear definitions of data controller/processor responsibilities.
+How does Anthropic Data Processing Addendum compare to alternatives?
Anthropic Data Processing Addendum is specifically tailored for Anthropic's AI services, focusing on data processing within that context. Competitors like OneTrust, TrustArc, and Securiti offer broader privacy management platforms that automate a wider range of compliance tasks. NeuralTrust AI provides an AI-specific DPA, particularly for Generative AI, while iubenda offers more general, accessible DPA templates for direct download.
More on Stork
Related AI Tools
Other tools in this category, ranked by community signal
Termly DPA Generator
🧩 Trust, Security & Compliance
Self-serve tool to build compliant DPAs.
Securiti DSR
🧩 Trust, Security & Compliance
Manages data processing agreements and privacy rights.
DataGrail DPA Manager
🧩 Trust, Security & Compliance
Automates DPA collection and processor obligations.
OneTrust Data Processing
🧩 Trust, Security & Compliance
Templates and workflows for DPAs and vendor agreements.
Satori Data Access
🧩 Trust, Security & Compliance
Monitors and approves training dataset usage in real time.
Privacera Data Security
🧩 Trust, Security & Compliance
Applies fine-grained policies to ML training pipelines.
For builders
This page is doing a job for someone else’s tool.
AI agents read it. Buyers find it. Backlinks accrue. Your tool can have one too — live in 24 hours, indexed by Claude, ChatGPT, and Perplexity, queryable via MCP.