Claude on AWS Bedrock
1. Summary
When you use the Triage Agent or Super Magic, Thread sends the relevant ticket context to Anthropic's Claude models hosted on AWS Bedrock, in the United States. Requests travel over an encrypted AI gateway to AWS Bedrock, which runs the model inside AWS infrastructure. Under AWS's published Bedrock terms, which Thread relies on: your inputs and outputs are not used to train any model, are not shared with the model provider (Anthropic), and are encrypted in transit and at rest. Anthropic has no access to your prompts, completions, or logs. Thread never trains or fine-tunes models on your data.
2. Which features this covers
Feature | What it does | Model / host |
Triage Agent | Contact-facing AI that reads inbound tickets, responds to end users, and routes or hands off to technicians | Anthropic Claude (currently Claude Sonnet 4.6) on AWS Bedrock |
Super Magic | Technician-facing AI assistant in the Thread Inbox that searches, summarizes, and performs ticket actions | Anthropic Claude (currently Claude Sonnet 4.6) on AWS Bedrock |
Not covered here: Thread's other AI assists (auto-categorize, auto-prioritize, auto-title, recap, sentiment, knowledge-base generation) run on Azure OpenAI in the United States and are covered by the AI Privacy & Security Overview in our help docs. Voice features use separate providers and are documented separately.
3. How your data flows
- A contact or technician interacts with the Triage Agent or Super Magic on a ticket.
- Thread's application assembles the necessary ticket context and sends the request over HTTPS/TLS to an encrypted AI gateway (Portkey), which handles secure routing.
- The gateway forwards the request to AWS Bedrock using AWS IAM authentication and TLS. Bedrock runs the Claude model and returns the response.
- Thread stores the AI conversation as part of the ticket record in Thread's AWS environment (see §6).
Processors on this path: Thread (application), AWS (Amazon Bedrock, which hosts and runs the model), and Portkey (the AI gateway). Anthropic provides the Claude models to AWS but has no access to your prompts, completions, or logs (see §5), so it does not receive or process your data on this path. Each processor is bound by its data processing terms. AWS and Portkey appear on Thread's published sub-processor list.
4. What data is processed
Only the context needed for the feature to do its job on the ticket at hand, which can include:
- Ticket content: subject, conversation messages, internal notes, status, priority, timestamps.
- Contact details on the ticket: name, email address, company name.
- Where enabled by your admin: knowledge-base article content, learned contact memory, and results from connected tools (for example device or documentation lookups).
- Attachments: image attachments when image understanding is used, and text extracted from uploaded PDFs.
Every request is scoped to a single Thread workspace (identified internally by a unique workspace ID). Cross-tenant data is never included in a prompt. This context is sent to the model only to complete the task on that ticket; protection relies on per-workspace tenant isolation, your workspace access controls, and the AWS Bedrock terms in §5 (no training, no sharing with the model provider).
5. AWS Bedrock data protections
Quoted from AWS's published documentation:
- Not used for training: "AWS and the third-party model providers will not use any inputs to or outputs from Amazon Bedrock to train … any third-party models." (AWS Bedrock FAQ)
- Not shared with the model provider: "Users' inputs and model outputs are not shared with any model providers." (AWS Bedrock FAQ)
- Anthropic has no access: model providers "don't have access to Amazon Bedrock logs or to customer prompts and completions." (AWS Bedrock data protection documentation)
- Encryption: customer content is encrypted in transit (TLS 1.2+) and at rest.
Thread accesses Claude exclusively through Bedrock. Anthropic acts as the model licensor to AWS on this path. It does not receive, store, or process your data.
6. Residency, retention & encryption
Layer | Detail |
AI processing region | United States. Thread's Bedrock deployment is homed in AWS US East (N. Virginia) and uses Bedrock cross-region inference across US regions only. All AI processing stays within United States AWS regions. |
Application data | Thread's application and databases run in AWS US East (N. Virginia), encrypted at rest. |
In transit | HTTPS/TLS on every hop (application to gateway to Bedrock). |
Bedrock retention | Inputs and outputs are not retained for training and are not shared with model providers (§5). |
Gateway (Portkey) | Requests pass through Portkey, which retains request logs on its managed platform under Thread's data processing terms with Portkey. |
Thread retention | AI conversations are stored as part of the ticket record under Thread's standard data retention. Operational metadata (model, token counts, and a ticket reference, containing no ticket content) is retained for service management. On contract termination, customer data is deleted in accordance with Thread's data retention policy and contractual commitments. |
7. Training on your data
Customer data is never used to train AI models.
- AWS and Anthropic do not use Bedrock inputs or outputs to train models (§5).
- Thread does not train or fine-tune any model on your data.
8. Tenant isolation
- Application layer: every AI request is scoped to a single workspace. Prompts are assembled only from that workspace's data, and audit records are keyed per workspace and per ticket.
- Gateway layer: requests carry workspace-scoped metadata for attribution, and Thread operates dedicated gateway workspaces per environment, with production fully isolated from all non-production environments.
- Inference layer: Bedrock processes each request in isolation within Thread's AWS entitlement. No data is shared across AWS customers or with the model provider.
9. Human oversight & audit trail
- Every Triage Agent and Super Magic action is recorded on the ticket, timestamped and attributable.
- Write actions require human confirmation: when Super Magic proposes a change (create or update ticket, add note, log time, schedule, merge), the technician confirms in-product before it executes.
- Admins control which write tools are available, to whom (including member-level allowlists), and per-tool on/off toggles. Integration tools are off by default.
- A technician can take over any thread at any time, which deactivates the agent for that thread.
- The Triage Agent is bounded by per-customer, per-board, per-source activations and intent-level controls.
10. Customer controls
- Admins can enable or disable the Triage Agent and Super Magic per workspace at any time, without affecting other Thread features.
- Knowledge-base generation and contact-memory learning can be disabled per workspace.
- Access to AI features follows your existing workspace roles and permissions.
11. Compliance posture
- Thread: SOC 2 Type II audit in progress (engagement started January 31, 2026). A bridge letter is available under NDA. Continuous control monitoring is available at Thread's Trust Center.
- AWS (Amazon Bedrock and application infrastructure): SOC 2 Type II, ISO 27001, HIPAA-eligible, GDPR-compliant.
- Microsoft Azure (Thread's other AI features): SOC 2 Type II, ISO 27001, ISO 27018, GDPR-compliant.
- GDPR: Thread acts as a data processor for customer data. Data processing terms are available on request.
FAQ
Does Anthropic see our data?
No. Claude runs inside AWS Bedrock. Per AWS's published documentation, model providers do not have access to Bedrock customer prompts, completions, or logs.
Is our data used to train Claude or any other model?
No. Not by AWS, not by Anthropic, not by Thread (§5, §7).
Where is our data processed?
In the United States. Application data lives in AWS US East (N. Virginia), and Claude inference runs on Bedrock's US-region capacity.
What exactly is sent to the model?
The ticket context described in §4: ticket content, the ticket's contact details, and admin-enabled context like knowledge-base articles. Nothing outside your workspace.
Can we audit what the AI did?
Yes. Every AI action is recorded on the ticket in your workspace, with the full conversation visible to your team.
Can we opt out?
Yes. Both features can be disabled per workspace at any time, and the Triage Agent can additionally be scoped per customer, board, and source.
What happens if the model is temporarily unavailable?
Tickets continue to route to your technicians as normal, so an AI outage never blocks your support workflow.
Can we get Thread's SOC 2 report?
The Type II audit is in progress (started January 31, 2026). A bridge letter is available now under NDA, and the final report will be shared when issued.