--- title: Anthropic Usage Policy and Commercial Terms Review Log owner: the operator cadence: quarterly first_review: 2026-Q2 last_reviewed: 2026-04-19 policy_sources: - https://www.anthropic.com/legal/aup - https://www.anthropic.com/legal/commercial-terms - https://www.anthropic.com/legal/privacy - https://www.anthropic.com/legal/trust --- # Anthropic policy review log We commit in [/rules-of-engagement.html](/rules-of-engagement.html) section 3 and in [/security.html](/security.html) to a quarterly review of Anthropic's Usage Policy, Commercial Terms, Privacy Policy, and Trust Center. This file is the audit record. The purpose of the review is to catch policy changes that would affect: (a) our ability to deliver any engagement as scoped, (b) the commitments we make to clients about data handling, (c) the way Claude is disclosed in deliverables, and (d) the residency or retention posture of the engagement corpus. The reviewer is the operating founder unless delegated explicitly. Each entry records: date, reviewer, policy documents reviewed, diff against the previous review, our assessment of whether any change affects our stack, and the remediation actions (if any) we took. ## Entry format Every entry follows the same structure. Copy the template block below for new entries. ```markdown ## YYYY-MM-DD - reviewer name **Documents reviewed:** - Usage Policy (version or fetch date) - Commercial Terms (version or fetch date) - Privacy Policy (version or fetch date) - Trust Center (date snapshot) **Diff vs previous review:** - Short bullet list of substantive changes detected. **Impact assessment:** - Per-area judgment: engagements, data handling commitments, deliverable disclosure, retention. **Actions taken:** - Concrete changes to our stack (policy, contract, website copy, intake). **Next review scheduled:** YYYY-MM-DD ``` ## 2026-04-19 - the operator (first entry) **Documents reviewed:** - Usage Policy (fetched 2026-04-19) - Commercial Terms (fetched 2026-04-19) - Privacy Policy (fetched 2026-04-19) - Trust Center overview (snapshot 2026-04-19) **Diff vs previous review:** - No previous review. This is the baseline entry. **Impact assessment:** - Engagements: the five service lines we deliver (cybersecurity, web development, product development, SEO / GEO, marketing) are compatible with the current Usage Policy. The security engagement is the one that warrants ongoing attention because Claude is used to draft, not to exploit; we keep that boundary explicit in the finding template and the review checklist. - Data handling: we operate under Zero Retention for engagement API traffic where the Anthropic API supports it. Commercial Terms at this snapshot allow ZR on API traffic for eligible workspaces. We will re-verify ZR continues to be supported at each review. - Deliverable disclosure: every handbook carries an authorship line naming Claude and the human editor. This is compatible with current Usage Policy guidance on AI-generated content. - Retention: engagement corpora are retained in our system for the quarterly refresh cycle (paid retainer clients) or the engagement duration plus 60 days (engagement-only clients). This is unaffected by the current Anthropic policies; it is our own commitment. **Actions taken:** - Created this review log. - Added links to the log from [/rules-of-engagement.html](/rules-of-engagement.html) and [/security.html](/security.html). - Added the quarterly review as a recurring calendar entry on the operating founder's calendar. **Next review scheduled:** 2026-07-19 ## Notes on interpretation The review is a compliance artifact, not a legal opinion. If a policy change has implications we cannot assess in-house, we engage outside counsel (current retainer: Sanders Legal, San Francisco, general engagement). We record the outside counsel engagement in this log when it happens and we link the counsel's memo where we are permitted to. If a policy change requires a contract amendment with an active client, we send the amendment within 14 days of the review. If the amendment materially changes the engagement scope, we also offer the client a proportional credit or a clean exit. This log is public. We do not record client-identifying information here. Client-specific policy-driven actions are recorded in the client's engagement folder and surfaced in their handbook update notes.