Edit on Replit

Privacy FAQs

Can Replit’s services be used in schools?

Yes. Using Teams for Education, teachers can set up their own accounts and email students directly to invite them to use the service. Students can create accounts and use Teams for Education without providing personal information like names or email addresses.

Note: that you can code in any of our supported languages without needing to log in or share any information. You just won't get all the great extras available when you sign up. Try coding in Python in a private browser window.

Key Privacy and Data Security Assurances

  • Replit does not sell your data or your students' data
  • Replit does not show you advertisements for products/services from other companies
  • Replit is compliant with FERPA, COPPA, GDPR, CCPA, UK Data Protection Act of 2018, and many other privacy regulations
  • You retain rights to the work you create on Replit
  • Replit makes it easy to keep student work private and preserve acedmic integrity
  • Replit follows industry standard best practices for privacy and data security
  • All Replit employees receive privacy/security training and are bound by our privacy/security policies
  • Replit ensures all contracts with 3rd-parties are compliant with our policies
  • Replit has a designated Data Protection Officer
  • Replit values transparency and will update you about any changes to our policies

How can I invite students and protect their privacy?

With Teams for Education and Private Invites, you can choose to generate a private invite link, which will protect the privacy of your students (including under 13-year olds).

When you share that link (for example by emailing it outside of Replit to your students or by pasting the link into your LMS or curriculum), then we will not ask students to provide names, emails, or other personal information when they sign up. Neither you nor the students will need to provide us with that information. Students will have view-only access to the Repl Talk forum, so they can still see all the great content, guides, and tutorials from the community, but they can't be contacted or post, which protects their privacy.

private invite

What data does Replit collect about students through Teams for Education?

We do not ask students to provide personal information during the sign up process. When students are invited to create an account on Replit, we only ask them to enter a username that does not include their real name. We do not ask them to provide their name, email address, or any other personal information during sign up. Like all online services, we receive Log Information (as defined in our Privacy Policy) when students use the services.

We do not allow students to post on our public forums. Students can still benefit from the forums, though, because they are not restricted from viewing them.

How does Replit use student data?

We only use the student data we collect for the purposes for which it was provided to us – that is, to perform services for the school and otherwise support the internal operations of our Service. Please see the FTC’s COPPA FAQs for more detail on what “support for internal operations” includes.

We do not disclose student data to third parties other than our own subprocessors. We also implement appropriate technical, physical and administrative security measures to protect students’ information.

Can students under 13 use Replit in compliance with COPPA?

With Teams for Education, students under 13 can use Replit in compliance with COPPA. As noted above, we do not ask students (including students under 13) to provide personal information during sign up and we do not allow them to post in our public forums. The only COPPA-covered personal information we collect from students under 13 is Log Information and, as noted above, we only use that information to provide services for the school and otherwise support the internal operations of our Service. Because the only COPPA-covered personal information we collect is Log Information and we only use that information to support the internal operations of our Service, “verifiable parental consent” is not required for students to use our Service.

In addition, consistent with COPPA, we do not disclose student data to third parties other than our own subprocessors, and we implement appropriate measures to protect students’ information.

Can Replit be used in compliance with FERPA?

When we contract with schools to use Teams for Education, we do not collect information about students that can be used to identify or contact them, such as a name and email address. We only collect student’s Log Information (as defined in our privacy policy) and use this limited data for the purposes for which it was provided to us; that is, to perform services for the school and support our internal operations. We do not disclose data to third parties other than our own subprocessors.

Is Replit compliant with the GDPR?

Yes, Replit is GDPR compliant.

What is the GDPR?

The EU General Data Protection Regulation (GDPR) is the primary law regulating how companies must protect the personal data of EU citizens. The GDPR took effect on May 25th, 2018, and it gives EU citizens broad rights to their data, creates strong safeguards for the processing of any data, and requires companies to transparently disclose their data processing activities. Any company that processes or stores EU personal data must be compliant with the GDPR. "Personal Data" is considered any information relating to an identified or identifiable natural person.

How is Replit Compliant with the GDPR?

Replit is committed to protecting customer data and privacy, and we take our obligations regarding data compliance seriously and transparently. Replit has engaged in a GDPR compliance review to make its practices with respect to the processing of EU personal data consistent with the GDPR. For example, Replit maintains records of its processing activities, has a legal basis for each processing activity in which it engages, and uses a variety of technical, organizational, and physical measures to safeguard and protect data. We also actively monitor our compliance efforts and seek to continuously improve them.

How does Replit Protect Personal Data Provided by its EU Customers and Users?

Replit executes a Data Processing Agreement (DPA) with its EU entity customers, which contains all of the requirements of GDPR Article 28 and governs how Replit uses and protects personal data when it serves as a data processor to its controller customers. Moreover, with respect to individual end users of Replit, Replit maintains a consumer-facing Privacy Policy that provides transparent information about its information collection and processing activities consistent with the GDPR. Replit also enters into agreements with its subprocessors binding them to contractual provisions designed to comply with the GDPR, and keeps an updated list of its subprocessors.

How does Replit Transfer and Store Personal Data from the EU?

As Replit is located in the United States, Replit stores the Personal Data it receives from its EU customers on secure data servers hosted by reputable third parties in the United States. To transfer personal data from the EU to the United States, Replit relies on a variety of transfer mechanisms as applicable to a particular transfer, such as EU Commission approved Standard Contractual Clauses, contractual necessity, and consent.

What other privacy regulations and security frameworks is Repl.it compliant with?

This list is not exhaustive and we will continue to update it over time, however, we have reviewed and are compliant with the following privacy regulations:

Will you sign our university's, school's or district's Data Security or Privacy Agreement?

Yes. If you would like us to review your local privacy regulation or sign your organization's specific privacy policy, please email [email protected].

If you are a Local Educational Agency in the United States, our U.S. Student Data Protection Addendum also applies. We are happy to send you a copy for comments/edits if you'd like.

Is this update reflected in your Privacy Policy?

We have also updated our Privacy Policy in accordance with this change.