AWS collects personal details you give them directly (like your name and payment info) as well as technical data automatically when you visit their website or use their services, such as your IP address and browsing behavior.
This analysis describes what AWS's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The scope of automatic collection, including IP addresses and behavioral data, means AWS gathers information about you even without you actively filling out a form, which has implications for profiling and targeted advertising.
Interpretive note: The exact verbatim text of the collection clause was not available in the truncated document; the excerpt above reflects the substance described in the policy based on available context.
AWS collects both voluntarily provided data (name, payment details) and automatically gathered data (IP address, browsing patterns) from all users who visit its websites or use its services, meaning data collection begins before you create an account or make a purchase.
Cross-platform context
See how other platforms handle Personal Information Collection and similar clauses.
Compare across platforms →Monitoring
AWS has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect information you provide to us, such as your name, email address, physical address, phone number, credit card and other payment information, and any other information you choose to provide. We also automatically collect certain information when you interact with our websites, services, or communications, such as IP address, browser type, pages viewed, and the date and time of your visit.— Excerpt from AWS's AWS Privacy Notice
REGULATORY LANDSCAPE: The collection of IP addresses, device identifiers, and behavioral data constitutes personal data under GDPR, requiring a lawful basis for processing. The FTC Act governs unfair or deceptive data collection practices in the US context. CCPA defines personal information broadly to include IP addresses and browsing history, triggering disclosure and rights obligations for California-connected data subjects. The relevant EU enforcement authority would be the lead supervisory authority for AWS's EU establishment. GOVERNANCE EXPOSURE: Medium. The automatic collection of technical and behavioral data is standard industry practice for large cloud and technology providers, but the breadth of data types collected (IP address, browser type, pages viewed, date and time) means enterprise customers must confirm this collection is reflected in their own privacy notices and data maps when AWS processes data on their behalf. JURISDICTION FLAGS: EU and EEA data subjects have GDPR rights requiring a lawful basis for each category of processing. California residents may request disclosure of specific personal information categories collected. UK GDPR applies equivalent standards post-Brexit. No specific minors' provisions are noted in connection with this collection clause. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers using AWS for regulated workloads should confirm that AWS's data processing addendum covers all categories of personal data automatically collected during service delivery, and that their own customer-facing privacy notices accurately reflect AWS's role as a service provider or processor. COMPLIANCE CONSIDERATIONS: Compliance teams should update internal data inventories to include AWS-collected technical data categories, confirm that consent or legitimate interest assessments cover behavioral data collection where applicable, and verify that AWS's cookie and tracking practices are disclosed in customer-facing cookie notices.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The scope of automatic collection, including IP addresses and behavioral data, means AWS gathers information about you even without you actively filling out a form, which has implications for profiling and targeted advertising.
AWS collects both voluntarily provided data (name, payment details) and automatically gathered data (IP address, browsing patterns) from all users who visit its websites or use its services, meaning data collection begins before you create an account or make a purchase.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by AWS.