> ## Documentation Index
> Fetch the complete documentation index at: https://docs.replit.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Information Security

> Learn about Replit's security practices, data protection, and compliance standards

Replit provides an AI-powered, cloud-based development environment used by millions of developers worldwide. Security is fundamental to our platform, ensuring users can confidently build, collaborate, and publish applications across multiple devices and platforms.

## Data protection

Data protection is a top priority at Replit. We implement comprehensive security measures to protect your data and ensure the integrity of our platform.

### Hosting and infrastructure

Replit hosts data primarily in Google Cloud Platform (GCP) data centers in the United States, with an optional hosting region in India for users who opt in. We leverage GCP's enterprise-grade backup and recovery tools to ensure:

<CardGroup cols={2}>
  <Card title="High Availability" icon="server">
    Redundant systems and automated failover mechanisms protect against service interruptions and data loss
  </Card>

  <Card title="Data Segregation" icon="layer-group">
    Strong logical separation prevents unauthorized access between different users and organizations
  </Card>
</CardGroup>

GCP is an industry-leading cloud provider, certified for compliance with **ISO 27001** and **SOC 2 Type 2**. Additionally, **Replit has achieved SOC 2 Type 2 Attestation of Compliance**, demonstrating our ongoing commitment to security best practices and controls.

Every client request must be rigorously **authenticated and authorized** before accessing any private information.

### Encryption standards

<Note>
  Replit implements comprehensive encryption across all data states to ensure the confidentiality, integrity, and security of your information.
</Note>

<AccordionGroup>
  <Accordion title="Transit encryption" icon="shield-halved">
    Industry-standard **TLS 1.2+** encryption secures all communications between clients and our servers, protecting data as it moves across networks. This includes all API calls, web traffic, real-time collaboration data, and other communications.
  </Accordion>

  <Accordion title="Data at rest" icon="database">
    Data stored in GCP is protected using [**AES-256 server-side encryption**](https://cloud.google.com/docs/security/encryption/default-encryption). This military-grade encryption standard safeguards all stored data, including code, configurations, user information, and system metadata.
  </Accordion>

  <Accordion title="Database security" icon="lock">
    We use **Google Cloud SQL** for [database encryption](https://cloud.google.com/sql/faq#encryption-manage-rest) and [secure key management](https://cloud.google.com/secret-manager), ensuring that sensitive data remains protected with automatic encryption, regular key rotation, and granular access controls.
  </Accordion>
</AccordionGroup>

## Infrastructure security

All data-processing components operate in Replit's **private network** within a secure cloud environment, protected by:

<CardGroup cols={3}>
  <Card title="Load Balancing" icon="server">
    Intelligent traffic distribution for optimal performance and reliability
  </Card>

  <Card title="WAF Protection" icon="shield">
    Advanced web application firewall prevents malicious traffic and sophisticated attacks
  </Card>

  <Card title="Vendor Security" icon="user-check">
    Rigorous subprocessor standards with regular security assessments and monitoring
  </Card>
</CardGroup>

We conduct thorough **due diligence** on all subprocessors to ensure they meet our strict security standards and compliance requirements.

## Security teams

<CardGroup cols={2}>
  <Card title="Security Team" icon="shield-halved">
    Dedicated in-house team that continuously monitors, assesses, and strengthens our platform's security across infrastructure, product features, and operational processes
  </Card>

  <Card title="Trust & Safety Team" icon="users-gear">
    Ensures compliance with our **Terms of Service** and community guidelines, fostering a safe and respectful environment for all users
  </Card>
</CardGroup>

Security is a fundamental priority at the executive level, with direct oversight and engagement from company leadership.

## Legal framework

Our security and data handling practices are governed by these key documents:

<CardGroup cols={3}>
  <Card title="Terms of Service" icon="file-contract" href="https://replit.com/terms-of-service" className="hover:bg-gray-50 dark:hover:bg-gray-800">
    For Free and Core users
  </Card>

  <Card title="Teams Agreement" icon="users" href="https://replit.com/teams-agreement" className="hover:bg-gray-50 dark:hover:bg-gray-800">
    For Teams users
  </Card>

  <Card title="Privacy Policy" icon="shield-check" href="https://replit.com/privacy-policy" className="hover:bg-gray-50 dark:hover:bg-gray-800">
    For all users
  </Card>
</CardGroup>

## Additional resources

For more detailed information about our security policies, certifications, and best practices, visit our [**Trust Center**](http://trust.replit.com).

At Replit, we believe that security is not just a requirement—it's a core part of delivering an exceptional developer experience. By maintaining rigorous security standards, we empower individuals and teams to build with complete confidence.

<Warning>
  If you discover a security vulnerability, please report it immediately following our [responsible disclosure policy](/legal-and-security-info/security).
</Warning>