Amazon AWS Amazon Bedrock Privacy Policy Analysis

Amazon AWS

Amazon Bedrock

Verified: 2026-06-22 Changed: 2026-06-23

B85 Pts

VerifiedPrimary Policy Source

Privacy Grade Breakdown

Scores are calculated based on default weights. Visit the Methodology page for the formulas.

Default Training

A+100/100

Opt-Out Ease

A+100/100

Data Retention

F0/100

Deletion Rights

A+100/100

Third-Party Sharing

A+100/100

Human Review

A+100/100

Policy Details & Nuances

Default Model Training

AWS Bedrock does not use customer data (inputs, outputs, or custom model weights) to train or improve any base models by default. Other AWS AI services may collect data by default but allow account-level opt-out.

Opt-Out Mechanism

Yes

Opt-out is the default for Bedrock (no action needed). For other AWS AI services, opt out via AWS Organizations by attaching an AI services opt-out policy.

Data Retention & Deletion

Retention Period

No conversational data is stored by AWS for Bedrock inference. Customer data remains within their selected AWS region VPC.

Deletion on Request

Yes

You have full ownership and control over your data. It can be deleted instantly through standard AWS console or API commands.

Third-Party Data Sharing

AWS does not share customer prompts or outputs with model providers (such as Anthropic, Meta, or Cohere) or any other third parties.

Human Review of Chats

There is no human review of prompts or responses processed through Amazon Bedrock.

Context & Variations

Regional Variations

Compliance is managed at the AWS region level (e.g., EU-West-1 for GDPR alignment, US-East-1 for US compliance).

Children's Data Policy

AWS is a cloud developer platform restricted to users 18 years or older.

Enterprise vs. Consumer

Yes

Bedrock is an enterprise developer service with comprehensive B2B compliance (HIPAA, SOC, GDPR), customer-managed encryption keys (KMS), and VPC connectivity.