Edit on Replit

Privacy FAQ

Naturally, we expect the Teams for Education platform to be used by students of all ages. We are aware that there are implications for having users who are under 18 years old, especially when it comes to privacy. We have put together some handy FAQs to give you peace of mind that your students' personal information remains secure and confidential. But before we get there, our Key Privacy and Data Security Assurances might be able to answer your immediate concerns:

  • Replit does not sell your data or your students' data.
  • Replit does not show you advertisements for products/services from other companies.
  • Replit is compliant with FERPA, COPPA, GDPR, CCPA, UK Data Protection Act of 2018, and many other privacy regulations.
  • You retain the rights to the work you create on Replit.
  • Replit makes it easy to keep student work private and preserve academic integrity.
  • Replit follows industry standard best practices for privacy and data security.
  • All Replit employees receive privacy/security training and are bound by our privacy/security policies.
  • Replit ensures all contracts with third-parties are compliant with our internal policies.
  • Replit has a designated Data Protection Officer.
  • Replit values transparency and will update you about any changes to our policies.

Still have questions? Read on...

Can Replit be used in schools without disclosing students' personal information?

Yes. Using Teams for Education, teachers can set up their own accounts and email students directly to invite them to use the service. Students can create accounts at no cost to them, and use Teams for Education without providing personal information like names or email addresses. All that is required is a unique username and password, and you are good to go!

Note: You can code in any of our supported languages without needing to log in or share any information. You just won't get all the great extras available when you sign up. Try coding in Python in a private browser window.

How can I invite students and protect their privacy?

With Teams for Education and Private Invites, you can choose to generate a private invite link, which will protect the privacy of your students (including under 13-year olds).

When you share that link (for example by emailing it to your students outside of Replit, or by pasting the link into your LMS or curriculum), we will not ask students to provide names, emails, or other personal information when they sign up. Neither you nor the students will need to provide us with that information. Students will have view-only access to the Repl Talk forum, so they can still see all the great content, guides, and tutorials from the community, but they post or can't be contacted, which protects their privacy.

private invite

What data does Replit collect about students through Teams for Education?

We do not ask students to provide personal information during the sign up process. When students are invited to create an account on Replit, we only ask them to enter a username that does not include their real name. We do not ask them to provide their name, email address, or any other personal information during sign up. Like all online services, we receive Log Information (as defined in our Privacy Policy) when students use the services.

We do not allow students to post on our public forums. Students can still benefit from the forums, though, because they are not restricted from viewing them.

How does Replit use student data?

We only use the student data we collect for the purposes for which it was provided to us – that is, to perform services for the school and otherwise support the internal operations of our service. You can read the FTC’s COPPA FAQs for more detail on what “support for internal operations” includes.

We do not disclose student data to third parties other than our own subprocessors. We also implement appropriate technical, physical and administrative security measures to protect students’ information.

Can students under 13 use Replit in compliance with COPPA?

Yes, with Teams for Education, students under 13 can use Replit in compliance with COPPA. As noted above, we do not ask students (including students under 13) to provide personal information during sign up and we do not allow them to post in our public forums. The only COPPA-covered personal information we collect from students under 13 is Log Information and, as noted above, we only use that information to provide services for the school and otherwise support the internal operations of our service. Because of this, “verifiable parental consent” is not required for students to use our service.

In addition, and consistent with COPPA, we do not disclose student data to third parties other than our own subprocessors, and we implement appropriate measures to protect students’ information.

Can Replit be used in compliance with FERPA?

Yes, when we contract with schools to use Teams for Education, we do not collect information about students that can be used to identify or contact them, such as a name and email address. We only collect student’s Log Information (as defined in our privacy policy) and use this limited data for the purposes for which it was provided to us; that is, to perform services for the school and support our internal operations. We do not disclose data to third parties other than our own subprocessors.

Is Replit compliant with the GDPR?

Yes, Replit is compliant with the EU General Data Protection Regulation (GDPR). We are committed to protecting customer data and privacy. We take our obligations regarding data compliance seriously, and approach them transparently. Replit has engaged in a GDPR compliance review to make our practices consistent with the GDPR, in respect to the processing of EU personal data. For example, Replit maintains records of its processing activities, has a legal basis for each processing activity in which it engages, and uses a variety of technical, organizational, and physical measures to safeguard and protect data. We also actively monitor our compliance efforts and seek to continuously improve them.

How does Replit protect personal data provided by its EU customers and users?

Replit executes a Data Processing Agreement (DPA) with its EU entity customers, which contains all of the requirements of GDPR Article 28 and governs how Replit uses and protects personal data when the platform serves as a data processor to our controller customers. Moreover, with respect to individual end-users of Replit, Replit maintains a consumer-facing Privacy Policy that provides transparent information about our information collection and processing activities consistent with the GDPR. Replit also enters into agreements with its subprocessors, binding them to contractual provisions designed to comply with the GDPR, and keeps an updated list of its subprocessors.

How does Replit transfer and store personal data from the EU?

As Replit is located in the United States, Replit stores the personal data we receives from EU customers on secure data servers hosted by reputable third parties in the United States. To transfer personal data from the EU to the United States, Replit relies on a variety of transfer mechanisms as applicable to a particular transfer, such as EU Commission approved Standard Contractual Clauses, contractual necessity, and consent.

What other privacy regulations and security frameworks is Replit compliant with?

This list is not exhaustive and we will continue to update it over time. However, we have reviewed and are compliant with the following privacy regulations:

Will Replit sign our university's, school's or district's Data Security or Privacy Agreement?

Yes. If you would like us to review your local privacy regulation or sign your organization's specific privacy policy, please email [email protected].

If you are a Local Educational Agency in the United States, our U.S. Student Data Protection Addendum also applies. We are happy to send you a copy for comments/edits if you'd like.

Is all of the above information reflected in the Replit Privacy Policy?

Yes, our Privacy Policy reflects all of this information.