The AWS shared responsibility model applies to data protection in Kiro. As described in this model, AWS is responsible for protecting the global infrastructure that runs all of the AWS Cloud. You are responsible for maintaining control over your content that is hosted on this infrastructure. You are also responsible for the security configuration and management tasks for the AWS services that you use. For more information about data privacy, see the Data Privacy FAQ.
Data storage
Kiro stores your questions, its responses, and additional context, such as code, to generate new responses to your requests. For information about how data is encrypted, see Data encryption. For information about how AWS may use some questions that you ask Kiro and its responses to improve our services, see Kiro service improvement.
AWS Regions where content is stored and processed
Your content, such as prompts and responses, will be stored in the US East (N. Virginia) Region.
When you use any features in Kiro, your user content will be processed in a US Region. For more information, see Cross-region processing.
Cross-region processing
The following sections describe how cross-region inference and cross-region calls are used to provide the Kiro service.
Cross-region inference
Kiro is powered by Amazon Bedrock, and uses cross-region inference to distribute traffic across different AWS Regions to enhance large language model (LLM) inference performance and reliability. With cross-region inference, you get increased throughput and resilience during high demand periods, as well as improved performance.
Cross region inference doesn’t affect where your data is stored. For information on where data is stored when you use Kiro, see AWS Regions where content is stored and processed.
Supported regions for Kiro cross-region inference
| Supported Kiro geography | Inference regions |
|---|---|
| United States |
|
Data encryption
This topic provides information specific to Kiro about encryption in transit and encryption at rest.
Encryption in transit
All communication between customers and Kiro and between Kiro and its downstream dependencies is protected using TLS 1.2 or higher connections.
Encryption at rest
Kiro encrypts your data using AWS owned encryption keys from AWS Key Management Service (AWS KMS). You don’t have to take any action to protect the AWS managed keys that encrypt your data. For more information, see AWS owned keys in the AWS Key Management Service Developer Guide.
Service improvement
To help Kiro provide the most relevant information, we may use certain content from Kiro, such as questions that you ask Kiro and its responses, for service improvement. This page explains what content we use and how to opt out.
Kiro content used for service improvement
We may use certain content from Kiro for service improvement. Kiro may use this content, for example, to provide better responses to common questions, fix Kiro operational issues, for de-bugging, or for model training. Content that Kiro may use for service improvement includes, for example, your questions to Kiro and the responses and code that Kiro generates.
We do not use content from Kiro Pro, Pro+, or Power users that access Kiro through AWS IAM Identity Center.
If you have an Amazon Q Developer Pro subscription and access Kiro through your AWS account with the Amazon Q Developer Pro subscription, then Kiro will not use your content for service improvement.
Opt out of data sharing in the IDE
By default, Kiro collects usage data, errors, crash reports, and content for service improvement. This page explains how to opt out of sharing your data in Kiro, including the core application, first-party extensions, and participating third-party extensions. Note that if you opt out, you'll be opting out of sharing both your telemetry and content. For information on how Kiro uses this data, see Kiro service improvement.
Kiro Pro, Pro+, or Power users that access Kiro through AWS IAM Identity Center are automatically opted out.
Opting out of sharing your client-side telemetry and content
To opt out of sharing your telemetry data in Kiro, use this procedure:
- Open Settings in Kiro.
- Switch to the User sub-tab.
- Choose Application, and from the drop-down choose Telemetry and Content.
- In the Telemetry and Content drop-down field, select Disabled to disable all product telemetry and user data collection.
Types of telemetry collected
- Usage data — Information such as the Kiro version, operation system (Windows, Linux, or macOS), and the anonymous machine ID.
- Performance metrics — The request count, errors, and latency for various features:
- Login
- Tab completion
- Code generation
- Steering
- Hooks
- Spec generation
- Tools
- MCP
Data protection