Anthropic
Claude 3.7 Sonnet
v3.7 · frontier · Released February 24, 2025
Updated June 27, 2026
No active compliance flags. Available via API and Claude.ai. Extended thinking mode available.
Enterprise guidance
Claude 3.7 Sonnet is Anthropic's primary enterprise-ready model and the recommended continuity option for organizations whose workflows depended on Fable 5 or Mythos 5. The API does not use your prompts to train models by default. For regulated industries, use Claude for Enterprise or AWS Bedrock, which include data processing agreements, HIPAA Business Associate Agreements, and zero data retention.
Data handling
Default data retention
Transient for API (no persistent storage of prompts for training); Enterprise: zero by default
Zero-retention available
YesVia: Claude for Enterprise; AWS Bedrock; Google Cloud Vertex AI
API data used for training
NoAnthropic does not train on API customer data by default. Claude.ai free tier: Anthropic may use conversations to improve models unless opted out in settings.
GDPR Data Processing Agreement
AvailableHIPAA Business Associate Agreement
AvailableClaude for Enterprise; AWS Bedrock
Data residency options
US (default); EU available via AWS Bedrock eu-west regions
Vendor compliance certifications
Key use restrictions
- —No CSAM or sexual content involving minors
- —No content facilitating mass casualty weapons (biological, chemical, nuclear, radiological)
- —No tools designed for non-consensual surveillance or stalkerware
- —No content designed to undermine legitimate AI oversight mechanisms
- —No cyberweapons intended to cause significant damage to critical systems
Safety documentation
Claude Model Specification published and regularly updated. Constitutional AI methodology published in peer-reviewed research. Responsible Scaling Policy (RSP) published with safety commitments. Extensive safety research papers and alignment work publicly available.
Safety documentation →Related governance resources
Governance controls
AI Vendor Due Diligence
Assess AI vendors against security, governance, and compliance criteria before procurement and at defined intervals during the vendor relationship.
AI Contractual Requirements
Define minimum contractual provisions that must be present in agreements with AI vendors, covering data handling, transparency, audit rights, and incident notification.
AI Procurement Risk Assessment
Assess and document the risks of procuring an AI system or service before approval, including technical, legal, privacy, and operational risks.
Third-Party AI Model Evaluation
Evaluate third-party AI models against defined performance, safety, and bias criteria before deploying them in enterprise workflows.
Vendor Safety Commitment Verification
Establish a workflow to verify that AI vendors are honoring their published safety commitments, voluntary pledges, and contractual safety obligations on an ongoing basis — not only at the time of procurement.
Playbook guides
How do we ensure third-party AI vendors meet our standards?
Extending vendor due diligence to cover model transparency, data handling, bias testing, and contractual liability for AI outputs.
How do we maintain data privacy compliance when using AI?
Addressing training data sourcing, data minimization, cross-border transfers, and the right to explanation under GDPR and CCPA.
How are we managing third-party AI risks?
Governing the use of external AI APIs and vendor-embedded models, including data handling, documentation requirements, and ongoing monitoring.