AWS offers strong privacy rights and some transparency, but the legal terms are heavily one-sided in places, with significant customer responsibilities, broad retention, and strong limitations on beta and certain service programs.
AWS’s terms are detailed and enterprise-oriented. The company requires compliance with its documentation and license terms, places responsibility on customers for content, privacy notices, and consents, and can remove prohibited content quickly. Privacy disclosures are relatively robust, with rights to access, delete, correct, restrict, object, and portability, plus cookie controls and a statement that AWS does not sell customer personal information. However, AWS also retains data for legal and business reasons, uses some advertising/marketing data sharing, and imposes strict rules and disclaimers on beta services and some products.
Points of interest
Beta and preview services come with no SLA, can change at any time, and are offered as-is with broad warranty disclaimers and limited liability. Data used in beta may also be deleted or inaccessible if access ends.
"Service Level Agreements do not apply to Beta Services or Beta Regions."
You are responsible for your content and must remove or disable prohibited content within 2 business days after notice, or AWS can suspend service access. In some cases AWS can remove content immediately without prior notice, especially for illegal or disruptive content.
"If you do not remove or disable access to the Prohibited Content within 2 business days of our notice, we may remove or disable access..."
AWS says it will delete your content after account closure, and some services may delete content after inactivity. That can be good for cleanup, but it also means you should not rely on AWS as a permanent archive.
"Following closure of your AWS account, we will delete Your Content..."
Savings Plans, Reserved Instances, Dedicated Hosts, and Capacity Blocks are generally noncancellable and nonrefundable, with limited pro rata refunds only in specific termination scenarios. Users should treat these commitments as hard lock-ins.
"Savings Plans, EC2 Reserved Instances and EC2 Dedicated Host Reservations are noncancellable... All amounts paid ... are nonrefundable"
AWS states it is not in the business of selling customer personal information. That is a meaningful privacy-friendly point, even though it still shares data with providers and advertising partners in some contexts.
"we are not in the business of selling our customers’ personal information to others."
The privacy notice gives users rights to access, correct, delete, restrict, object, and request portability, with jurisdiction-specific complaint options. That makes it easier to inspect and control personal data than many cloud providers.
"You can access, correct, delete, restrict, object, and request portability of personal information"
If you benchmark AWS, you must disclose enough information to replicate the test, and AWS can publish benchmark results about your products or services. That may expose performance details or strategic information.
"you will disclose to us, all information necessary to replicate such Benchmark, and ... we may perform and disclose the results of Benchmarks of your products or services"
If you process personal data using AWS, you are responsible for giving legally adequate notices and getting any required consents. This shifts a lot of privacy compliance work and liability onto you.
"you are responsible for providing legally adequate privacy notices and obtaining necessary consents"
The policy describes an account-management path for updating or deleting account information, and AWS says it usually keeps a prior copy for records. That is not instant erasure, but it does indicate an identifiable deletion workflow.
"If you want to add, update, or delete information related to your account, please go to the AWS Management Console."
Other Cloud services on AIgree
Compare AWS with…
The 7 clauses that actually matter, the red flags to watch for, in 5 minutes.
Report a problem with this summary
Spot something wrong, missing, or misleading? Tell us — we review every report.
Spot something wrong, missing, or misleading? Tell us — we review every report.
Thanks — your report was submitted and will be reviewed.
Documents
Terms of Service
source ↗- •You must follow AWS documentation, provide accurate account information, and comply with software license terms for anything you run or upload.
- •You are responsible for Your Content and must remove or disable Prohibited Content within 2 business days after notice, or AWS may suspend or remove access.
- •AWS may perform maintenance and may change credentials or disable/deprecate third-party identity providers without prior notice in some cases.
- •Benchmarking rules require you to share replication information and allow AWS to publish benchmark results about your products or services.
- •If you process personal data, you must provide required privacy notices and obtain necessary consents, and the AWS DPA/SCCs and other addenda apply.
- •AWS may delete Your Content after account closure and may delete content in some services after inactivity (e.g., SimpleDB, Lambda, GameLift).
- •Beta and preview services have separate rules: no SLA, possible changes, AWS owns Test Observations, and services are provided “as is.”
- •Payment, refund, and credits rules include service-availability credits, currency handling, nonrefundable reserved or capacity programs, and pro rata refunds only in limited termination cases.
- •AWS limits liability for Beta services and disclaims many warranties, with liability capped to amounts you paid for the specific Beta service in the prior 12 months.
- •Dispute resolution and refund/termination grounds beyond service credits, reserved program rules, and notice-based removals are not covered in this excerpt.
Privacy Policy
source ↗- •AWS collects personal information you provide, information automatically generated when you use AWS offerings, and information from other sources.
- •AWS uses personal information to provide and improve AWS offerings, process transactions, measure performance, respond to requests, and prevent fraud and abuse.
- •AWS may share personal information with third-party service providers, marketplace sellers, and in business transfers, and may disclose information to comply with law or protect safety.
- •Some AWS offerings use cookies and you can manage cookie preferences and opt out of certain targeted advertising through “Your Privacy Choices” and browser settings.
- •The policy describes security safeguards, including encryption and compliance programs, and may request identity proof before disclosing personal information.
- •AWS generally retains personal information as needed for the purposes described, and may keep some information after account closure for legal, dispute, tax, accounting, and security reasons.
- •You can access, correct, delete, restrict, object, and request portability of personal information, with jurisdiction-specific rights and complaint options.
- •When you consent to a specific processing purpose, you can withdraw consent at any time to stop further processing for that purpose.
- •The notice provides contact details and explains that it can be updated; AWS states it will not materially reduce past protections without affected customers being informed and given a choice.
