To confirm whether AWS Bedrock uses your input data for model training, start by reviewing AWS's documentation and service agreements. AWS provides explicit details about data handling in its AI Services Data Privacy documentation. Check for sections outlining how input data and outputs are stored, whether they’re used for service improvements, and if opt-out mechanisms exist. For example, AWS typically allows customers to disable data sharing for training purposes via account settings or API parameters. Look for terms like "data retention," "model training," or "usage opt-out" in Bedrock’s service-specific documentation. If the information isn’t clear, contact AWS Support directly to request written clarification. AWS is legally bound to disclose data usage practices, so their response can serve as formal assurance.
If you confirm that data is used by default, take immediate steps to opt out or mitigate risks. For Bedrock, AWS may provide a configuration setting in the AWS Management Console or a parameter in the API request (e.g., enableDataSharing: false
) to disable data retention and training. If no opt-out exists, consider encrypting sensitive data before sending it to Bedrock using AWS Key Management Service (KMS) or client-side encryption. You could also anonymize or tokenize data to remove identifiable information while preserving its utility for inference. For critical privacy requirements, explore isolated environments like AWS’s PrivateLink or dedicated infrastructure options, though these may incur additional costs. Document all configurations and validate them through testing—for example, submit non-sensitive test data and monitor AWS’s activity logs to verify no unintended data retention occurs.
To ensure long-term compliance, implement a monitoring strategy. Use AWS CloudTrail and AWS Config to audit API calls and track changes to Bedrock settings. Set up alerts for any unauthorized modifications to data-sharing configurations. Regularly review AWS’s updated policies, as cloud providers occasionally revise terms. If AWS’s data practices don’t align with your organization’s requirements, evaluate alternatives like self-hosted open-source models (e.g., using SageMaker) or third-party services with contractual guarantees against data usage. For legal assurance, include specific clauses in your AWS contract prohibiting data reuse and stipulating penalties for violations. Combining technical safeguards with contractual agreements creates a layered defense against unintended data usage while maintaining the utility of Bedrock for your workloads.