Also any SSL session issued between your device and a server does not have full end to end encryption.
This is actually fairly common. We routinely design hardware load balancing solutions (the devices which sit in front of web pages/servers and manage traffic according to a set of rules) which decrypt SSL traffic on the switch with special SSL Offload chips. This is sometimes the only way to perform fancy manipulation of the data stream, and may also be done to (sometimes dramatically) reduce the CPU load on the web/backend server. Financial institutions use this technology extensively, as do retailers, governments and, well, most major web sites.
.
Once this processing has taken place the datastream can either be re-encrypted and sent to the target server or sent clear to the web server. Usually if it is re-encrypted it is encrypted using a lower strength cipher - again to reduce the load on the server. After the web server has done its thing and the data stream is on its way back to your browser it is often the load balancer which encrypts it back to full strength before it sends it back across t'Internet.
.
There are some regulations and financial industry standards on how to deal with this datastream, but this much of this relates only if there is credit card data involved (called the PCI DSS (standard)). I've personally never seen a compromised load balancing switch or heard of the switch-server traffic being impersonated, though.
.
Having said that the idea of Amazon caching unrelated data on its servers from a web browser that is not looking at an Amazon site is highly disconcerting. That is more egregious an act than even Google or Facebook would try - and they *really* want your data and activity. As Haven said, the definition of "generally" becomes pretty important. So does the originating country's national law - for example if they store my Australia-originated data in the US and that data identifies me or someone else (phone numbers, addresses, email addresses) without my or the affected parties' approval then they have breached my understanding of the Australian 1998 Privacy Act and National Privacy Provisions. I'm not sure it's been tested but doubt a EULA couldn't arbitrate that right away.
.
Interesting!
Humphrey