Security & what Cowork can see
The most important thing to understand before setting up Cowork:
Cowork only sees what's inside the folder you point it to. It doesn't have access to your whole laptop, your SharePoint, your email, or anything else — unless you explicitly connect it.
The boundary
Think of it like giving a smart contractor their own desk, not the keys to the building. You hand them exactly what they need for the job. Nothing more.
Whatever you put in the Cowork folder, Claude can read and work with. Whatever stays outside the folder, Claude cannot see. It's that simple.
What to put in
The obvious candidates:
- About-me and context files
- Templates and example outputs
- Project briefs and reference material
- Documents you're actively working on
What about sensitive data — financials, client information, contracts?
This is a personal and organisational decision, and reasonable people draw the line in different places.
Here's the case for sharing more freely: on Claude Pro and Max, your conversations are not used to train models. Anthropic holds SOC 2 Type II certification — the same security standard used by major enterprise software. The data handling is genuinely robust, not just a checkbox.
Here's the case for caution: your company may have its own policies, you may have contractual obligations to clients, or you may simply prefer to keep certain things offline. All of that is valid.
The Cowork folder structure helps here — Claude only sees what's inside the folder you point it to. Nothing else on your machine is accessible. So if you decide to include a financial report or client brief, it's in a controlled environment, not exposed to the open internet. And if you'd rather not include something, you just don't put it in the folder.
The honest answer: there's no universal rule. Know your obligations, make a considered call, and be consistent.
Practical rules
Keep your Cowork folder local rather than synced to a cloud drive. Good practice is to work from local files — it means you're not dependent on a live connection, things don't change under you mid-task, and you have a clear local backup of everything Claude is working with.
Strip sensitive details before dropping documents in. If you're working with a financial report or client data, you can usually remove the sensitive parts (account numbers, names, figures) and still get useful help from Claude on the structure and content.
Start small. Begin with a single project folder and an about-me file. You can always add more once you've seen how it works. There's no need to replicate your whole filing system on day one.
Review before you share. If you build something in Cowork that you're going to send to a client or share externally, read it first. Claude can confidently state things that aren't quite right — you're always the last check.
Connecting apps
Cowork can connect to external apps — Gmail, Google Calendar, Slack, Notion, and others — via plugins (more on those in the next section). When you connect an app, Claude can read and act on it.
Be selective. Connect the apps you actually need for specific tasks. You don't need to connect everything — each connection is a decision about access, and it's easy to add more later.
Data and privacy
Anthropic's data usage for Claude Pro and Max: conversations are not used to train models by default. You can also turn off conversation history in settings if you're handling particularly sensitive material.
For business use, check Anthropic's current terms — they're transparent about what they do and don't do with your data.
Cowork is a research preview. It's powerful and genuinely useful — but it can occasionally misread files or take an unexpected approach. Keep an eye on what it's doing, especially for anything important.