AWS states that it will not use the data or content you send to Bedrock models to train Amazon's own AI models unless you have given consent for that use.
This analysis describes what AWS Bedrock's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The terms explicitly state that customer prompts and content submitted through Bedrock inference are not used to train Amazon foundation models by default, which is a material data handling commitment relevant to customers submitting proprietary or sensitive data.
Interpretive note: The scope of what constitutes customer content versus aggregated service metadata is not exhaustively defined, creating some uncertainty about the full extent of the no-training commitment.
The updated terms establish new data-sharing mechanisms for users of Anthropic models on Amazon Bedrock. Specifically, AWS now explicitly authorizes notification to Anthropic of metadata present in requests sent to certain Anthropic products (e.g., Claude Code, computer use features), enabling Anthropic to conduct product-level usage attribution. Additionally, the terms introduce AWS WAF AI traffic monetization, which permits AWS to facilitate payment transactions between content publishers and buyers by sharing pricing, payment, and configuration information with payment providers and facilitators; the updated terms clarify that AWS does not provide regulated financial services and is not a party to fund flows, and that users' interactions with payment providers are governed by separate terms between the user and those parties. Users employing these features should review what metadata may be embedded in their requests and understand their own obligations to payment providers.
View change record →The updated terms establish that customers operating Amazon RDS databases on end-of-life software versions are now required to upgrade to supported versions. The agreement authorizes AWS to scan extension code used with Trusted Language Extensions for security and performance purposes, and establishes that extension code constitutes customer content. AWS disclaims responsibility for service failures caused by extensions or end-of-life database software. If a customer does not upgrade before an engine reaches end of life, AWS may snapshot the customer's data and delete the instance or cluster running the unsupported software, after providing prior notice of the engine end-of-life date.
View change record →The updated terms establish new operational requirements for any organization using Amazon Connect Talent to make or inform employment decisions. Customers must now obtain legally adequate privacy notices and consents from job applicants before their data is processed by the service. The terms require customers to review all AI output before making hiring decisions, implement processes for applicants to request information about the AI's role in decisions, and ensure their use of the tool complies with applicable labor, anti-discrimination, disability, data privacy, AI, wiretap, recordkeeping, and biometrics laws. Customers can configure an AI services opt-out policy through AWS Organizations to prevent their data from being used to train or improve AWS AI technologies.
View change record →Organizations submitting proprietary business data, personal data, or sensitive information as prompts through Bedrock can rely on the terms' statement that this content is not used to train Amazon's foundation models by default; however, customers should confirm that their specific Bedrock configuration and any fine-tuning features they use are covered by this commitment.
How other platforms handle this
We process the information you share with us when you create your profile or send messages. This includes photos, videos, messages, and other content you share on the platform. We may use this content to improve our services, ensure safety, and comply with legal obligations.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
AWS Bedrock has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"AWS processes Customer Content you submit to Amazon Bedrock in accordance with the AWS Customer Agreement and applicable data protection terms. AWS does not use Customer Content processed by Amazon Bedrock to train Amazon's foundation models without your consent.— Excerpt from AWS Bedrock's AWS Service Terms
(1) REGULATORY LANDSCAPE: This provision directly engages GDPR, CCPA, and HIPAA frameworks where customer content includes personal data or protected health information. The statement that customer content is not used for model training without consent is a material disclosure relevant to data minimization and purpose limitation principles under GDPR. AWS's status as data processor for customer-submitted inference data requires a valid data processing agreement, which customers should confirm is in place. (2) GOVERNANCE EXPOSURE: Medium. The commitment not to use customer content for model training is significant, but the scope of what constitutes customer content versus service metadata, aggregated usage statistics, or anonymized data is not exhaustively defined in this provision, leaving some interpretive uncertainty about what data categories are covered by this commitment. (3) JURISDICTION FLAGS: EU customers have heightened rights under GDPR to confirm the scope of data processing and obtain documentation of the specific processing purposes for customer content submitted to Bedrock. California customers have analogous rights under CCPA regarding the use of personal information. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should verify that AWS Data Processing Addenda are current and scoped to cover Bedrock inference endpoints. For healthcare customers, a Business Associate Agreement must be in place before submitting any data that could constitute protected health information. (5) COMPLIANCE CONSIDERATIONS: Data mapping exercises should include Bedrock inference endpoints as data processing touchpoints, documenting the categories of data submitted in prompts and the legal basis for processing under applicable data protection law. Customers using Bedrock fine-tuning features should conduct a separate review of whether fine-tuning data submission is governed by the same no-training commitment.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The terms explicitly state that customer prompts and content submitted through Bedrock inference are not used to train Amazon foundation models by default, which is a material data handling commitment relevant to customers submitting proprietary or sensitive data.
Organizations submitting proprietary business data, personal data, or sensitive information as prompts through Bedrock can rely on the terms' statement that this content is not used to train Amazon's foundation models by default; however, customers should confirm that their specific Bedrock configuration and any fine-tuning features they use are covered by this commitment.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by AWS Bedrock.