Does Claude Code read your private files without asking?

The fear sounds terrifying.

"Claude Code can read everything on your computer. Your bank statements. Your passwords. Your private documents. All of it."

Is this true?

What is actually true:Claude Code can only read files inside the folder you open it in.

When you start a Claude Code session — you navigate to a specific project folder first. Claude Code works inside that folder. It cannot read files outside it unless you specifically point it there using an @ mention or give it a file path.

It cannot read your Downloads folder. Your documents. Your photos. Your browser history. Your passwords. None of that — unless you specifically ask it to go there.

The one thing to be careful about:If your project folder contains sensitive files — API keys, passwords saved in a text file, private notes — Claude Code can read those because they are inside the folder you opened.

This is why Safety Rule 2 from the challenge matters: never store passwords or API keys in plain files inside your project folder. Use a .env file and add it to .gitignore.

To keep sensitive information safe when using Claude Code:

• Store all API keys and passwords in a file named .env — never in regular code files.
• Add .env to your .gitignore file so it never gets pushed to GitHub.
• Never save private notes, bank details, or personal documents inside a project folder.
• If you are unsure what Claude Code has access to — ask it: "What files can you currently see in this project?"

The bottom line:Claude Code is not quietly reading your computer. It reads what you point it at — nothing more.