Is Replit safe with your data?

Replit

Replit, Inc.

55/100

Partial disclosure · high confidence

Replit earns a C (55/100) because it discloses its data practices only in part.

#87

of 116 apps ranked

score · Coding avg 56

-1

vs category average

Grade scaleA · 85–100B · 70–84C · 55–69D · 40–54F · 0–39

Replit discloses data-subject rights across six US state regimes plus the EEA and UK, and commits to a 30-day account deletion window. It relies on a legitimate interest to improve the accuracy of its machine learning technologies such as code generation, names no training opt-out, and says nothing about output ownership or specific security controls, which holds the score in the low C band.

What Replit's privacy policy says about your data

Trains on code with no opt-out

The policy claims a legitimate interest in using information to improve the accuracy of its machine learning technologies such as code generation, and names no way to opt out of that use.

Clear deletion timeline

When you request to delete your account, Replit deletes your data within 30 days. The policy gives a specific number.

Does not sell personal information

Across the California, Colorado, Connecticut, Iowa, Utah, and Virginia sections, the policy repeats that it does not sell personal information as that term is defined under each state law.

Broad data-subject rights with a named channel

EEA and UK users get access, correction, restriction, objection, anonymization or deletion, and portability. State residents submit access and deletion requests by emailing privacy@replit.com or through account settings.

What the policy is silent or vague on

Not stated: keeping user inputs out of model training
Not stated: a way to opt out of training
Not stated: whether training use differs by plan
Not stated: your ownership of generated outputs

Replit privacy rating

Training-data use0 of 4 disclosed

Keeps user inputs out of model training, or makes training opt-inSilent

Names a way to opt out of or into trainingSilent

Says whether training use differs by plan or tierSilent

Lets the user keep ownership of generated outputsSilent

Data-subject rights5 of 5 disclosed

Grants a right to access your dataDisclosed

Grants a right to delete your dataDisclosed

Offers data portability in a usable formatDisclosed

Grants a right to correct your dataDisclosed

Grants a way to object to or opt out of processingDisclosed

Retention and deletion2 of 4 disclosed

States a retention period for your dataPartial

States a deletion timeline after closure or requestDisclosed

Sets a shorter retention for AI conversation logsSilent

Commits to collecting only the data it needsDisclosed

Third-party sharing4 of 5 disclosed

Lists the categories of third parties it shares withDisclosed

References a sub-processor list or data processing agreementDisclosed

Does not sell or share data for advertising, or offers opt-outDisclosed

Names a safeguard for international data transfersSilent

States a standard for government and law-enforcement accessDisclosed

Transparency3 of 4 disclosed

Discloses that you are interacting with AIDisclosed

Marks AI-generated or synthetic outputNot applicable

Enumerates the categories of data it collectsDisclosed

Maps processing purposes to legal basesDisclosed

Is versioned and dated, with change noticePartial

Sensitive data and children1 of 2 disclosed

Discloses automated decisions and a human-review pathNot applicable

Limits the use of special-category dataSilent

Governs biometric data specificallyNot applicable

States protections for children's dataDisclosed

Security and accountability0 of 3 disclosed

Describes its security safeguardsPartial

Commits to breach notificationSilent

Names a certification or a privacy contactSilent

DisclosedPartialSilentAdverseNot applicable

Details

Category: Coding
Modalities: text
Processes biometrics: No
Policy last updated: 2025-02-24
Region scored: Global / US-default
Assessed: 2026-06-20

Read Replit's privacy policy

Other coding apps

Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.