This is Amazon's Privacy Notice explaining what personal information Amazon collects about you across all its services — including your shopping history, voice recordings from Alexa, location data, financial information, and browsing behavior. The most important thing to know is that Amazon shares your personal data with a wide network of third-party sellers, advertising partners, and affiliates, and uses it to power personalized advertising and AI systems, meaning your data travels far beyond Amazon itself. You can review and adjust your privacy settings, opt out of interest-based advertising, and submit data deletion requests through Amazon's Privacy Central at amazon.com/privacy.
This document is Amazon's Privacy Notice governing the collection, use, storage, and sharing of personal information for all Amazon services and affiliated companies, operating under applicable U.S. federal and state law (including CCPA/CPRA) and international frameworks including GDPR for EU/UK users. The Notice creates obligations for Amazon to provide data access, correction, and deletion rights to users, while establishing broad permissions for Amazon to collect behavioral, transactional, voice, biometric, location, and device data across its ecosystem including Alexa, Ring, Amazon Fresh, and third-party sellers. Notable provisions include the collection of voice recordings and biometric identifiers via Alexa devices, real-time location tracking, sharing of personal data with an expansive network of third-party sellers and service providers, and the use of personal data to train AI/ML models — practices that exceed baseline industry norms and create elevated regulatory exposure. The Notice engages GDPR (Arts. 6, 13, 17), CCPA/CPRA (Cal. Civ. Code §§1798.100-1798.199), COPPA (16 CFR Part 312), BIPA (740 ILCS 14), FTC Act Section 5, and Illinois/Washington biometric privacy laws; material compliance considerations include the adequacy of consent mechanisms for sensitive data categories, the sufficiency of cross-border transfer safeguards (SCCs/adequacy decisions), and the scope of data sharing with third-party sellers who operate under separate privacy policies.
REGULATORY EXPOSURE: This Notice engages GDPR Arts. 6 (lawful basis), 13 (transparency), 17 (right to erasure), and 46 (cross-border transfers) enforced by EU/UK data protection authorities (ICO, nat…
REGULATORY EXPOSURE: This Notice engages GDPR Arts. 6 (lawful basis), 13 (transparency), 17 (right to erasure), and 46 (cross-border transfers) enforced by EU/UK data protection authorities (ICO, national DPAs); CCPA/CPRA Cal. Civ. Code §§1798.100, 1798.110, 1798.120, 1798.140 enforced by the Calif…
Compliance intelligence locked
Regulatory exposure, material risk, and due diligence action items.