Claude Compliance Sync

Bring your organization's Claude.ai chats and messages into MCP-S so you can search, audit, and run analytics on them alongside your tool-call logs. Data can be pulled automatically from the Claude Compliance API or imported from a one-off claude.ai data export.

Beta feature

Claude Compliance Sync is a beta feature. Enable Conversation Logs under Admin Settings → Beta Features before the configuration card appears in Admin Settings → Logs.

What you can do

• Continuously sync chats and messages from the Claude Compliance API
• Import a conversations.json (and users.json) data export
• Browse conversations in a Claude-style chat view, with markdown, tool calls, user avatars, and provider logos
• Automatically detect sensitive data (emails, secrets, PII) in messages and highlight it inline
• Filter to flagged messages only, and delete logs by date range

Prerequisites

The Compliance API is available to Claude Enterprise plans (excluding Public Sector organizations) and Claude Platform customers. You need an owner or primary owner to enable it and create an access key.

• Enterprise: a Primary Owner enables the Compliance API under Organization settings → API and creates a compliance access key.
• Platform: an admin enables the Compliance API from the Claude Platform.

See Anthropic's guide: Access the Compliance API.

---

Option A — Sync from the Compliance API (recommended)

This is the best path for ongoing, programmatic access. It pulls chats, messages, and content and keeps them up to date.

Step 1 — Create a Compliance API key

1. In the Claude Console, open Organization settings → API.
2. Under Compliance API, click Enable (if not already enabled).
3. Click + Create key to generate a compliance access key.
4. Copy the key — you'll paste it into MCP-S next.

For full details and endpoint references, see Access the Compliance API.

Treat the key like a secret

The compliance access key can read your organization's chat content. MCP-S stores it encrypted at rest (KMS). Only paste it over a trusted connection, and rotate it if you suspect exposure.

Step 2 — Save the key in MCP-S

1. Go to Admin Settings → Logs → Claude Compliance Sync.
2. Paste the key into Compliance API key and click Save key.
3. A confirmation appears showing a short hint of the saved key (e.g. sk-ant-a••••).

Step 3 — Choose a start date

Set Sync from to the earliest date you want to pull. It defaults to the first of the current month.

A later start date is much faster

The start date is applied server-side (created_at.gte), so the sync only fetches chats created on or after it. Choosing a recent date dramatically reduces the volume and time of the first run. Changing the start date later restarts pagination from the new window.

Step 4 — Run the sync

• Click Sync now to start a run immediately. Progress (chats and messages synced so far) updates live while it runs.
• Toggle Automatic hourly sync to keep data fresh. It runs every hour and is rate-capped at 10,000 chats per organization per hour.

The sync is safe and resumable: it advances a cursor as it goes, retries transient errors, skips individual bad chats, and picks up where it left off on the next run.

---

Option B — Import a data export

Use this for a one-off backfill when you have a claude.ai data export.

Get the export

1. In claude.ai, an owner requests a full data export under Organization settings → Data & privacy.
2. When ready, download and unzip the export. You'll find:
   • conversations.json — the chats and messages (required)
   • users.json — maps user IDs to names/emails (optional but recommended)

Audit log export is not the same thing

claude.ai also offers an audit log export (a CSV of organization events). It is much narrower than the Compliance API — a capped lookback window, CSV only, and no chat, file, or project content. Use the Compliance API for ongoing, programmatic access; use the data export only for a one-off backfill.

Import into MCP-S

1. Go to Admin Settings → Logs → Claude Compliance Sync.
2. Click Import JSON and select conversations.json (and users.json if you have it — you can pick both at once).
3. A progress bar shows conversations imported as they're processed.

Including users.json lets MCP-S resolve each conversation to a real user name/email instead of an opaque ID.

---

Viewing conversations and messages

Open Monitor → Logs and switch the action type to Messages or Conversations.

• Conversations lists each chat with its user, model, provider, and message count. Click View to open the full thread.
• Messages lists individual messages. Open a single Message or jump to its full Conversation.
• The conversation view renders markdown, tool calls, files, user avatars, and the source provider's logo.

Guardrails (sensitive data detection)

During import and sync, each message is scanned for sensitive data such as email addresses, credit card numbers, SSNs, AWS keys, API keys, private keys, and JWTs. Messages with findings are marked Detected.

• Use the Highlight guardrail catches toggle in a message or conversation to highlight matched text inline and list the Detected sensitive data.
• Use the Flagged only filter in Monitor → Logs to show only messages with detections.

Detection only

Findings describe what was present in historical logs — nothing is blocked or redacted. The labels reflect detection, not an action taken.

Deleting logs

In the Danger zone of the Claude Compliance Sync card you can permanently delete conversations and messages whose timestamp falls within a date range.

1. Pick a From and To date.
2. Click Delete logs, then confirm by checking the acknowledgement box.

This cannot be undone

Deletion is permanent and removes both conversations and their messages in the selected range.

How the sync works

Behavior	Detail
Source	Claude Compliance API (/v1/compliance/apps/chats and messages)
Ordering	Chats are returned oldest-first; the cursor walks forward
Date filter	created_at.gte is set from your Sync from date
Rate limit	Max 10,000 chats per org per hour
Resumable	Cursor and progress are checkpointed during the run
De-duplication	Records are upserted by their external ID, so re-runs are safe
Security	The API key is encrypted at rest; content is stored in your deployment

Troubleshooting

• "Sync now" is disabled — save a Compliance API key first.
• First run is slow — set a more recent Sync from date; the start date is the single biggest factor in run time.
• Users show as IDs after an import — re-import including users.json from the same export.
• Hourly limit reached — the run stops at 10,000 chats and resumes the next hour from the saved cursor; no data is lost.
• No data after enabling — confirm the Compliance API is enabled in Claude and the key has not been disabled or rotated.

References

• Access the Compliance API
• Logs settings — audit log retention and log providers
• Monitor → Logs — viewing and searching synced conversations