Building and publishing apps in a secure fashion is a shared responsibility. Replit is responsible for the security of the Replit Agent, platform, and infrastructure on which customer workloads run. Replit takes measures to operate them with reasonable controls and secure defaults, and provides tools you can use to protect your application and data. You are responsible for your application’s contents and for using and configuring the tools Replit provides. This is an intentional balance. Replit wants you to build anything you can dream of, and that freedom means putting certain decisions in your hands. The following table outlines Replit’s shared responsibility model, structured along the lines of established cloud and AI shared-responsibility patterns (Microsoft AI SRM, CSA AICM), and based on ISO/IEC 42001 and the NIST AI RMF:Documentation Index
Fetch the complete documentation index at: https://docs.replit.com/llms.txt
Use this file to discover all available pages before exploring further.
Responsibility matrix
General
| Area | Description | Responsibility |
|---|---|---|
| Terms of Service | Compliance with Replit’s Terms of Service. | You |
| Incident response and breach notification | Replit responds to and notifies impacted customers about platform incidents per our Incident Response Policy and contracts; you respond to incidents originating in your projects, application code, data, or end-user accounts. | Replit (platform) You (app) |
| Reporting vulnerabilities to Replit | Notifying Replit of issues discovered in the platform following the responsible disclosure model. | Replit (triage and fix) You (report to security@replit.com) |
| Compliance certifications of the platform | Maintaining attestations (for example, SOC 2 Type II) and providing evidence to customers. | Replit |
| Subprocessors | Replit vets and discloses subprocessors that process customer data on the platform; you vet and disclose subprocessors used by your app. | Replit (platform) You (app) |
Replit Agent
| Area | Description | Responsibility |
|---|---|---|
| Code generation | The generation of the application code by Replit Agent. | Replit |
| Code review | Verifying correctness, security, and licensing of Agent output, including third-party dependencies it introduces. | You |
| Agent harness | The agentic framework used by Replit Agent, memory management, core tools, and so on. | Replit |
| Human-in-the-loop | Approving sensitive actions Agent proposes (deploys, secret changes, outbound calls). | You |
| Prompting | Prompts and instructions given to Replit Agent. | You |
| Prompt injection and untrusted input | Replit hardens the harness and adds mitigations against malicious prompts (does not guarantee prevention); you avoid feeding the Agent untrusted external content without sanitization and validate outputs. | Replit (guardrails) You (input hygiene) |
| Processing of prompts and model interaction | How prompts and generated code are logged, retained, and whether used for training. | Replit (compliant with Terms of Service and Data Processing Agreement) |
| Skills / MCP | Replit-vetted Skills and MCP tools are maintained by Replit; user-installed Skills and MCP tools are your responsibility to vet, configure, and revoke. | Replit (first-party) You (third-party) |
Development environment
| Area | Description | Responsibility |
|---|---|---|
| Workspace identity and access management (accounts, MFA, SSO, SCIM) | Securing access to your Replit organization and Workspace. | Replit (controls) You (configuration) |
| Workspace audit logs | Logging of who did what in your Replit Workspace. | Replit (provision) You (review) |
| Secrets management | Always use Connectors and the Secrets feature to ensure proper storage of secrets. | You |
| Secrets storage | Replit does not store or log secrets in plaintext. | Replit |
| Sharing and collaboration | Replit gives you the tools to enforce access control; you are responsible for choosing who can view, edit, or remix each app, interact with the Agent, configure Connectors, view secrets, and so on. | Replit (role-based access control) You (configuration) |
| Data residency | Where application development data is stored and processed. | Replit (capabilities) You (selection) |
| Data retention, deletion, and export | How long data is kept and how it is deleted or exported. | Replit (mechanism) You (configuration) |
| Application functionality and correctness | Polish and functionality of the application. Replit is responsible to provide regression testing; you are responsible for stating desired business logic. | Replit (code writing and testing infrastructure) You (determine business logic) |
| Connectors | Replit provides secure mechanisms to connect to other services; you authorize, rotate, and revoke your credentials in the third-party services. | Replit (mechanism) You (third-party credentials and access) |
| Development runtime | Operating system and runtimes. | Replit |
| Network security | Isolation between development instances. | Replit |
| Platform monitoring | Monitoring of the Replit infrastructure fleet. | Replit |
Published apps
| Area | Description | Responsibility |
|---|---|---|
| User management | Control how users log in to the published app. | You |
| Usage policy / access control | Control which users have access to which resources or parts of the app based on authorization. | You |
| IP / Copyright | You are responsible for reviewing that Agent output and your application respect intellectual property rights and copyright. | You |
| Information / Data | The data that is consumed, created, or displayed by the application. | You |
| Privacy notices and end-user consent | Privacy disclosures, cookie banners, and consents shown to your end users. | You |
| Regulatory compliance of your application | Meeting laws and regulations applicable to your app (for example, GDPR, CCPA, PHI, PCI DSS, HIPAA, SOC 2). | You |
| Penetration testing of your app | Security testing of the application you build. | You |
| Vulnerability disclosure for your app | Receiving and triaging security reports from researchers about your app. | You |
| Edge protection (anti-DDoS and WAF) | Volumetric and application-layer attack mitigation at the platform edge. | Replit |
| Published apps infrastructure | Where published apps run, infrastructure maintenance, platform vulnerability patching, and so on. | Replit |
| Encryption in transit and at rest | TLS for traffic; encryption of platform-stored data. | Replit |
| Application-layer encryption | Any app-level or field-level encryption needs and any external data stores they connect to. | You |
| Publishing lifecycle | Replit provides tools to select visibility of the published app (Private, Password-protected, Public); you are responsible for choosing the correct visibility. | Replit (mechanism) You (configuration) |
| Vulnerability management | Replit detects and alerts on vulnerabilities in dependencies of already-published apps; you mitigate and remediate them. | Replit (detection) You (remediation) |
| Logging and monitoring | Replit monitors platform availability and abuse signals; you are responsible for application-level logging and monitoring (errors, business events, user activity). | Replit (platform) You (app) |
| Backups and recovery | Backup of code of published apps and Replit-managed database contents. | Replit |
How responsibility is divided
Most rows in the table follow one of three patterns:- Mechanism vs. configuration. Replit ships the controls: RBAC, visibility settings, MFA, SSO, data residency, retention. You decide which to enable and how to configure them.
- Detection vs. remediation. Replit watches the platform and surfaces what it can see: vulnerable dependencies, abuse signals, platform anomalies. You monitor and fix what’s inside your application, because you’re the only one who knows what “fixed” means in your context.
- First-party vs. third-party. Replit-vetted Skills, MCP tools, and Connectors are reviewed by Replit. Anything you connect, install, or wire up yourself is yours to vet, configure, rotate, and revoke.
Working with Replit Agent
You own the code Agent generates and you’re responsible for it. In practice this means a few habits:- Review before you ship. Agent produces working code, but “working” and “correct” are different things. Read what it wrote, especially around authentication, data handling, and anything that crosses a trust boundary. Asking Agent to write tests and explain its reasoning is a good way to catch regressions when you iterate.
- Keep secrets out of prompts. Use the Secrets feature and Connectors. Don’t paste API keys, tokens, or credentials into the chat: Agent doesn’t need them in plaintext to use them, and pasting them turns a managed secret into an unmanaged one.
- Explain your business logic and access control model. Tell Replit Agent who should have access to which functionality of your app. Choose one of Replit’s Private or Password-protected publishing options if your application is not meant to be viewed by everyone in the world.
- Approve sensitive actions deliberately. When Agent proposes to publish the app, a secret change, or an outbound call, the human-in-the-loop step is yours. Treat it as a real review, not a click-through.