Naturally, we expect the Teams for Education platform to be used by students of all ages. We are aware that there are implications for having users who are under 18 years old, especially when it comes to privacy. We have put together some handy FAQs to give you peace of mind that your students' personal information remains secure and confidential. But before we get there, our Key Privacy and Data Security Assurances might be able to answer your immediate concerns:
- Replit does not sell your data or your students' data.
- Replit does not show you advertisements for products/services from other companies.
- Replit is compliant with FERPA, COPPA, GDPR, CCPA, UK Data Protection Act of 2018, and many other privacy regulations.
- You retain the rights to the work you create on Replit.
- Replit makes it easy to keep student work private and preserve academic integrity.
- Replit follows industry standard best practices for privacy and data security.
- All Replit employees receive privacy/security training and are bound by our privacy/security policies.
- Replit ensures all contracts with third-parties are compliant with our internal policies.
- Replit has a designated Data Protection Officer.
- Replit values transparency and will update you about any changes to our policies.
- Replit has enabled the use of Cloudflare's family-friendly DNS resolver to block adult and inappropriate content.
Still have questions? Read on...
1. Can Replit be used in schools without disclosing students' personal information?
Yes. Using Teams for Education, teachers can set up their own accounts and email students directly to invite them to use the service. Students can create accounts at no cost to them, and use Teams for Education without providing personal information like names or email addresses. All that is required is a unique username and password, and you are good to go!
Note: You can code in any of our supported languages without needing to log in or share any information. You just won't get all the great extras available when you sign up. Try coding in Python in a private browser window.
2. How can I invite students and protect their privacy?
With Teams for Education and Private Invites, you can choose to generate a private invite link, which will protect the privacy of your students (including under 13-year olds). Please note that students must be added using private invites for your team to be FERPA/COPPA compliant.
When you share that link (for example by emailing it to your students outside of Replit, or by pasting the link into your LMS or curriculum), we will not ask students to provide names, emails, or other personal information when they sign up. Neither you nor the students will need to provide us with that information. Students will have view-only access to the Repl Talk forum, so they can still see all the great content, guides, and tutorials from the community, but they post or can't be contacted, which protects their privacy.
3. What data does Replit collect about students through Teams for Education?
We do not allow students to post on our public forums. Students can still benefit from the forums, though, because they are not restricted from viewing them.
4. How does Replit use student data?
We only use the student data we collect for the purposes for which it was provided to us – that is, to perform services for the school and otherwise support the internal operations of our service. You can read the FTC’s COPPA FAQs for more detail on what “support for internal operations” includes.
We do not disclose student data to third parties other than our own subprocessors. We also implement appropriate technical, physical and administrative security measures to protect students’ information.
5. Can students under 13 use Replit in compliance with COPPA?
Yes, with Teams for Education, students under 13 can use Replit in compliance with COPPA. As noted above, we do not ask students (including students under 13) to provide personal information during sign up and we do not allow them to post in our public forums. The only COPPA-covered personal information we collect from students under 13 is Log Information and, as noted above, we only use that information to provide services for the school and otherwise support the internal operations of our service. Because of this, “verifiable parental consent” is not required for students to use our service.
In addition, and consistent with COPPA, we do not disclose student data to third parties other than our own subprocessors, and we implement appropriate measures to protect students’ information.
6. Can Replit be used in compliance with FERPA?
7. Is Replit compliant with the GDPR?
Yes, Replit is compliant with the EU General Data Protection Regulation (GDPR). We are committed to protecting customer data and privacy. We take our obligations regarding data compliance seriously, and approach them transparently. Replit has engaged in a GDPR compliance review to make our practices consistent with the GDPR, in respect to the processing of EU personal data. For example, Replit maintains records of its processing activities, has a legal basis for each processing activity in which it engages, and uses a variety of technical, organizational, and physical measures to safeguard and protect data. We also actively monitor our compliance efforts and seek to continuously improve them.
8. How does Replit protect personal data provided by its EU customers and users?
9. How does Replit transfer and store personal data from the EU?
As Replit is located in the United States, Replit stores the personal data we receives from EU customers on secure data servers hosted by reputable third parties in the United States. To transfer personal data from the EU to the United States, Replit relies on a variety of transfer mechanisms as applicable to a particular transfer, such as EU Commission approved Standard Contractual Clauses, contractual necessity, and consent.
10. What other privacy regulations and security frameworks is Replit compliant with?
This list is not exhaustive and we will continue to update it over time. However, we have reviewed and are compliant with the following privacy regulations:
- Student Privacy Pledge 2020
- New York Education Law 2-D
- California Consumer Privacy Act (CCPA)
- UK Data Protection Act of 2018
- NIST Cybersecurity Framework
- Higher Education Community Vendor Assessment Toolkit (HECVAT) Lite
- Connecticut Student Privacy Pledge
- Montana Student Privacy Alliance
- MA-RI-NH NDPA
11. Will Replit sign our university's, school's or district's Data Security or Privacy Agreement?
If you are a Local Educational Agency in the United States, our U.S. Student Data Protection Addendum also applies. We are happy to send you a copy for comments/edits if you'd like.
13. Does Replit block adult content in Teams for Education?
Yes. In 2021, Replit enabled the use of Cloudflare's family-friendly DNS resolver by default in all user repls, even outside of Teams for Eduation. You can read more about this update on our blog. Cloudflare’s website has more information on this resolver and the type of content it blocks.
Further, using Replit as a proxy to bypass school or parental filters violates our Terms of Service. We actively shut down repls that do this, with both automated tools and manual intervention.