// Trust & Security Report
Replicate
Replicate is a cloud API platform for running and fine-tuning machine learning models (image, video, audio, speech, and language generation) with one line of code. Sub-products include: public/community model marketplace with per-run pricing, private model deployments (custom Cog-packaged models on dedicated hardware), fine-tuning / "Customer Derivative Models", a remote MCP server, and a separate Enterprise offering (SLAs, dedicated support, indemnity, higher GPU allocation).
Certifications held
0
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 8 unconfirmed / not-held certifications
source: replicate.comNo public evidence on replicate.com. No trust center, security page, or compliance page exists on the vendor's domain (replicate.com/security and replicate.com/trust both return 404). A widely-surfaced web search snippet claiming 'Replicate has achieved SOC 2 Type 1 & 2 certification' traces to Replicated (replicated.com), an unrelated Kubernetes-app-distribution company, not Replicate (replicate.com) - this is an identity-conflation risk, not vendor evidence.
source: replicate.comNo public evidence on replicate.com. The only ISO 27001 reference found in search results describes AWS's own data center certification ('AWS-managed ISO 27001 and FISMA certified data centers'), which is Replicate's cloud host's certification, not Replicate's own. No first-party ISO 27001 claim or certificate exists on replicate.com.
source: replicate.comThe Replicate Privacy Policy contains no mention of GDPR, EU/EEA data subject rights, international data transfer mechanisms (SCCs), or a Data Protection Officer. It includes only a 'U.S. State-Specific Notice': 'Replicate does not "sell" or "share" personal information, as defined by any U.S. state privacy law.' All 17 listed subprocessors (AWS, GCP, Cloudflare, CoreWeave, Fly.io, Stripe, etc.) are located in the United States, with no EU data region option surfaced.
source: replicate.comNo public evidence. No BAA program, HIPAA attestation, or health-data handling commitment found anywhere on replicate.com (privacy policy, terms, enterprise page, or docs).
source: replicate.comNo public evidence. Payment processing is handled by subprocessor Stripe (PCI DSS Level 1 certified in its own right); no PCI DSS attestation for Replicate itself found on the vendor domain.
source: replicate.comNo public evidence. No AI-governance certification of any kind is referenced on replicate.com.
source: replicate.comNo public evidence. Not referenced anywhere on the vendor domain.
source: replicate.comNo public evidence. Not referenced anywhere on the vendor domain.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
United States only. All 17 disclosed subprocessors (AWS, GCP, CoreWeave, Fly.io, Cloudflare, Crunchy Bridge, Stripe, etc.) are listed with US locations; no EU/other data-region option is advertised.
Replicate's Terms define 'Customer Data' (Customer Inputs and Outputs) separately from 'Resultant Data' (aggregated and anonymized usage/performance data). Section 5.2 grants Replicate a license to use Customer Data only 'to the extent necessary to provide the Output, train and generate Customer Derivative Models, provide the Services' - i.e. to run the customer's own requested fine-tunes, not to train Replicate's shared/general-purpose models. Separately, Replicate 'and its licensors' may use Resultant Data (aggregated/anonymized) 'to improve and enhance the Services.' No opt-out control for Resultant Data use was found on the vendor domain, and no per-model policy differences (e.g. whether third-party model creators on the marketplace retain/train on inputs) are disclosed on replicate.com itself - that is set per third-party model and outside Replicate's own privacy policy scope.
// Security controls
Encryption in transit
Not explicitly documented on the vendor's public pages beyond generic 'access, encryption, and incident response' language on the Enterprise page; no dedicated security page confirms TLS specifics.
replicate.comAPI token security
40-character tokens (prefixed r8_) treated as secrets; Replicate automatically scans public GitHub repos for exposed tokens, detects potential compromise, and auto-disables affected tokens with email notification.
replicate.comInfrastructure hosting
Runs on AWS, GCP, CoreWeave, and Fly.io (per subprocessor list); no independent data-center certification claimed by Replicate itself.
replicate.comData Processing Agreement
Enterprise page states customers can 'Stay compliant with data processing agreements,' implying a DPA is available on request for enterprise contracts; no self-serve/public DPA document found.
replicate.comIncident response
Enterprise page references 'strict controls for access, encryption, and incident response' at a marketing-copy level; no incident-response SLA, breach-notification timeline, or status page linked from the vendor's own domain in the evidence gathered.
replicate.com// Products & data scope
data: Customer inputs/outputs sent per-call to run third-party or Replicate-hosted models; billed per-second or per-token/output-unit.
Data handling for a given model can vary by the third-party model creator; Replicate's own privacy policy governs the platform layer only.
data: Custom Cog-packaged models run on dedicated hardware for a single customer.
Billed for setup, idle, and active processing time.
data: Customer-supplied training data used only to produce that customer's own derivative model, per Terms Section 5.2.
Not used to train Replicate's shared/general-purpose models per the Terms language reviewed.
data: Same technical data flows as self-serve, plus contractual add-ons.
Adds SLA, dedicated support, indemnity coverage, DPA availability, higher GPU allocation, and a named account contact - no additional certifications are claimed for this tier.
data: Credential handling routed via Cloudflare infrastructure per the vendor's blog post.
Newer product; no dedicated security documentation found beyond the announcement blog post.
// What to watch
- No trust center or dedicated security page exists on replicate.com (/security and /trust both 404) - all security claims are inferred from the Enterprise marketing page, docs, Terms, and Privacy Policy.
- IDENTITY-CONFLATION RISK: search results for 'Replicate SOC 2' / 'Replicate trust center' surface content that actually belongs to Replicated (replicated.com), a different company (Kubernetes app distribution, unrelated to replicate.com's AI model API). This assessment deliberately excludes that content; a less careful automated pass could mistakenly credit Replicate with Replicated's SOC 2 Type 2 and ISO 27001 status. Recommend double-checking before any future re-verification.
- Privacy Policy has no GDPR, EU data-subject-rights, or international-transfer-mechanism language, and all subprocessors are US-based - this is a real gap for EU customers, not just a documentation gap.
- No published DPA document; DPA availability is inferred only from a one-line Enterprise marketing bullet ('Stay compliant with data processing agreements').
- AI-training posture is not fully self-contained on replicate.com: individual third-party model creators on the public marketplace may have their own data-handling practices not covered by Replicate's own privacy policy.
- Minor entity-name inconsistency found in secondary search snippets ('Replicate, LLC' vs 'Replicate, Inc.'); not independently confirmed against the primary Terms/Privacy documents in this pass.
// At a glance
Pricing model
Usage-based: per-second compute billing (varies by hardware/GPU type) or per-token/per-output-unit for select models; Enterprise adds volume discounts and contracted terms.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Replicate's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
replicate.com