You're using Claude Code, you sign in to the same Anthropic account on a second machine, and suddenly the whole history you were building on the first PC — past conversations and all — appears on the other screen. Is your data leaking?
This exact worry has been filed as a GitHub issue (anthropics/claude-code #71794, with a security label).
The short version first: in the Claude Code world there are two separate histories, and they sync completely differently. Separate them and most of what you're seeing is explained — whether it's a real bug, expected behavior, or a backup/sync tool of your own doing the copying. And here's the line that matters most, the one I keep coming back to in my incident work: the first surprise is rarely the expensive part — the panicked next move is. If you assume "leak" and wipe your history, then later find out it was expected behavior (or your own sync folder), you've destroyed the very thing you needed to diagnose it. Separate first, then act.
The two histories
1. The terminal CLI's local, on-this-machine history
The conversation history from running claude in a terminal is stored on that PC's disk, in known locations:
- Per-project conversations:
~/.claude/projects/<project-hash>/*.jsonl - The cross-project index:
~/.claude/history.jsonl
The key point: the CLI itself does not upload these files to the cloud or sync them to another machine. A first-party cloud sync isn't implemented yet — it's an open feature request (#7805). That's exactly why the community builds its own rsync/git sync tools. So a pure terminal claude session, left alone, should stay on that one machine.
2. The account-bound, cloud side
These surfaces, by contrast, store conversations server-side per account:
- claude.ai (the web app)
- Desktop app / Cowork
- Remote Control
These are tied to your Anthropic account, so showing up on every signed-in device is by design. A conversation created here appearing on another PC is not abnormal.
There's also Memory, default-on for all users since March 2026, which remembers preferences, in-progress projects, and working style across conversations and devices. But that's a summarized memory, not the full text of your conversations.
Check which one you're hitting — without opening the UI
When history "appears," the fastest, most reliable move is to look at the filesystem directly on the machine where it showed up (call it Device B), before opening any UI:
ls -1 ~/.claude/projects/
wc -l ~/.claude/history.jsonl 2>/dev/null
- If the other machine's conversations physically exist as
.jsonlfiles on Device B's disk — something is copying files. That's your own environment, not Claude Code (see below). - If the files are not on disk but the UI shows them — that's not the CLI's local history; it's a cloud surface rendering the account's server-side history. By design, not a leak.
That one check separates "real bug," "by design," and "your own sync."
The most common real culprit — ~/.claude lives under a sync folder
Most "the CLI synced!" cases are because ~/.claude itself is inside a cloud-sync target:
# Is ~/.claude a real dir, or a link pointing into a sync folder?
ls -ld ~/.claude
readlink -f ~/.claude
If ~/.claude is under OneDrive / iCloud Drive / Dropbox (or is a symlink into one), then Claude Code did nothing — a sync tool is copying the files to your other machine behind the scenes. Windows OneDrive pulling in the whole user folder is an especially common shape. The same goes for ~/.claude being inside a dotfiles git repo, or a backup tool's target.
This is also where exposure meets credential exposure: conversation transcripts can contain secrets and tokens stored verbatim. If ~/.claude is flowing to another machine — or a shared cloud folder — that's not just history exposure, it's credential exposure.
Stopping the exposure / separating devices
-
Move
~/.claudeout of sync: ifreadlinkshows it under a sync folder, move the real directory somewhere outside sync and add~/.claudeto the tool's exclude list. This is the single most effective cut for "CLI history being shipped without my asking." - Turn Memory off: claude.ai → Settings → Memory toggle off; subsequent conversations start fresh.
- Opt out of training: Settings → Privacy, turn off using conversations for future model training.
- Don't retain temporarily: claude.ai Incognito (ghost icon) conversations aren't used for training even if your account allows it.
-
Separate per device: keep work on the terminal CLI, don't route the same case through Web / Desktop / Remote, and confirm
~/.claudeis outside any sync folder.
Honest limits
What Anthropic does server-side isn't visible from your machine. If a pure terminal CLI session truly full-text-synced to another device with no sync tool, no backup, and no shared storage involved, that would be a genuine bug worthy of the security label. In that case, report it with: which client you used on each device (terminal claude, Desktop/Cowork, or claude.ai web), and whether the .jsonl files physically exist on Device B's disk. That turns a vague "it leaked" into a fast root-cause.
The one line
If it feels like a leak, don't wipe before you check — run ls and readlink and see what's actually happening on your machine right now. Data incidents get worse when you act on assumption. Confirming facts one at a time is, in the end, the fastest and safest path.
This is exactly the kind of verified incident — detection → recovery → prevention — that goes out monthly in the Agent Safety Brief: one incident a month free by email (Substack), or the full monthly digest of every failure that landed on the tracker that month, with paste-ready prevention for each, at $5/month (cancel anytime). A free sample issue is the complete public version of one paid month. Free hooks: cc-safe-setup.
"It showed up on another device" is usually one of two known histories, or your own sync folder — not a server-side leak. Check the disk before you delete.
Top comments (0)