Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is the AWS privacy policy, which explains what personal information Amazon Web Services collects about people who visit its website, create accounts, or use its cloud services, including your name, contact details, payment information, IP address, and browsing behavior on AWS properties. The most important thing to know is that AWS may share your personal information with third-party service providers, advertising partners, and affiliates, and may transfer it internationally, including to the United States, which may not provide the same level of data protection as your home country. If you are an EU or California resident, you have specific rights to access, correct, or delete your data, which you can exercise by contacting AWS through the privacy request mechanisms described in the policy.
This document is the Amazon Web Services (AWS) Privacy Notice, governing how AWS collects, uses, and discloses personal information in connection with its websites, cloud services, and marketing activities, with Amazon.com, Inc. serving as the data controller. The policy states that AWS collects information users provide directly (name, email, payment details, credentials), information collected automatically (IP addresses, cookies, device identifiers, browsing behavior on AWS properties), and information from third parties, and the terms authorize use of this data for service delivery, fraud prevention, marketing communications, and improvement of AWS products. The policy discloses sharing of personal information with third-party service providers, business partners, and in the context of corporate transactions, and reserves the right to transfer data internationally, including to the United States, where AWS's principal operations are based; the policy asserts compliance with frameworks such as EU-US Data Privacy Framework but does not foreclose transfers under standard contractual clauses or other mechanisms. The policy engages GDPR for EU and UK data subjects, CCPA for California residents, and various other regional frameworks, granting specific rights such as access, correction, deletion, and objection to processing, though the practical scope of these rights and the enforceability of certain transfer mechanisms depends on jurisdiction and evolving regulatory interpretation.
Institutional analysis available with Professional
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Start Professional free trialMonitoring
AWS has updated this document before.
Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
Professional Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Professional free trialCross-platform context
See how other platforms handle Behavioral Advertising and Third-Party Tracking and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.