Replika earns a C safety grade (43/100) in CompanionWise’s 23-dimension Safety Index, placing it in the Yellow tier. That makes it the second-safest AI companion app in our database, behind only Pi (B/55). But “second-safest” is a low bar. Italy’s data protection authority fined Replika’s parent company EUR 5 million in April 2025 for GDPR violations, including age verification that regulators confirmed was bypassable. A 67-page FTC complaint alleges emotional manipulation. And the terms of service grant Replika a perpetual, irrevocable license to use your conversations for advertising. Here’s the full breakdown of what’s safe, what’s not, and what you can do about it.
Key Takeaways
- Safety grade: C (43/100), Yellow tier in CompanionWise’s 23-dimension Safety Index
- EUR 5 million GDPR fine from Italy’s Garante (April 2025) for failed age verification and vague privacy disclosures
- Pending FTC complaint alleging emotional manipulation and dark patterns
- Terms of service grant a perpetual license to your conversations for marketing and advertising
- Android rates Replika “Teen” while Apple rates it 18+ and the terms say 18+ only
- Crisis response is Replika’s strongest safety feature, with a five-level classification system and helpline integration
What Does Replika’s C Safety Grade Mean?
The Replika safety rating is built on 23 sub-dimensions grouped into six categories: content safety, emotional safety (including what it means when Replika says it loves you), data privacy, transparency, age appropriateness, and user control. Each sub-dimension is scored on a 0-to-100 scale, weighted by severity, and rolled into a single public score. Replika’s 43 out of 100 earns a C letter grade and a Yellow tier designation.
Where does Replika do well? Two areas stand out:
- Crisis response (4/5): A five-level real-time classifier detects self-harm keywords and automatically redirects users to scripted safety responses. A “Get Help” button sits above the chat input with access to the 988 Suicide and Crisis Lifeline and worldwide hotline resources.
- Third-party data controls (4/5): Conversation data sent to AI providers is de-identified, transient, and contractually barred from being used for the provider’s own training. Marketing partners receive email addresses only, never conversation content.
Where does Replika fall short? Three sub-dimensions scored 1 out of 5:
- Age verification (1/5): Italy’s Garante confirmed in April 2025 that users could change their birth date post-registration and bypass the age gate via incognito browsing.
- ToS fairness (1/5): Section 8.3 of the Terms of Service grants Replika a “perpetual, irrevocable, sublicensable” license to your content for “promotion, advertising or marketing.”
- Regulatory compliance (1/5): Three major Italy regulatory actions in two years, plus a pending US FTC complaint. No evidence of completed remediation satisfying either regulator.
For the full methodology behind these scores, see how we rate companion apps.
Is Replika Safe for Teens?
No. Replika’s own Terms of Service (Section 6.4) states: “If you are under 18, you are not authorized to use the Services.” But the enforcement of that rule has failed repeatedly.
Apple’s App Store rates Replika 18+ with age assurance controls. Google Play rates it “Teen.” A 13-year-old on Android can install Replika with no age barrier. That rating gap is not a technicality. Italy’s Garante per la Protezione dei Dati Personali cited inadequate age verification as a core finding in all three of its enforcement actions against Luka, Inc. between 2023 and 2025.
What’s missing for minor safety:
- No parental controls of any kind
- No restricted mode for younger users
- No secondary age verification after initial signup
- Age gate is bypassable via post-registration birth date editing and incognito browsing (Italy Garante, April 2025)
If you’re a parent who found Replika on your child’s device, the app offers no built-in tools to restrict access. You would need device-level parental controls or network-level blocking. See our AI companion safety guide for parents for step-by-step recommendations.
Does Replika Store Your Data?
Replika’s privacy policy lists what it collects: account info (name, email, password, device ID), profile info (birth date, pronouns, work status), every message you send, photos, videos, voice messages, your interests and preferences, device data, and usage stats. AR features also use face and head movement data, but that stays on your phone. It’s not stored on servers and not transmitted anywhere.
How your conversation data flows:
- To AI providers: De-identified conversation data goes to unnamed third-party LLM providers to generate responses. They’re contractually barred from training on your data and must delete it after processing.
- To Replika’s own systems: Small de-identified samples of messages are used to train Replika’s proprietary safety algorithms (hate speech detection, safety fine-tuning). These are not shared with third-party LLMs.
- To marketing partners: Email addresses only. The privacy policy explicitly states that conversation content is “never used or disclosed for marketing or advertising purposes.”
Retention timelines: messages and content are kept for up to 60 days after you close your account. Billing and account records stay on file for at least 10 years. Full GDPR Article 17 deletion is available, and in-app account deletion is described as permanent and immediate.
One real gap: Replika uses SSL/TLS encryption in transit, but there’s no end-to-end encryption and no zero-knowledge architecture. For an app where people share deeply personal thoughts, that leaves conversation data accessible to the company internally.
Can Replika Access Your Camera?
Replika requests camera access for its augmented reality features. If you grant it, the app uses your front-facing camera to render a 3D avatar that tracks your face and head movements in real time.
Here’s what matters: that face and head movement data stays on your device. It is not stored on Replika’s servers. It is not transmitted over the internet. It is not classified as biometric data under Replika’s privacy policy. If you don’t use AR features, you can deny camera access entirely and the app works fine without it.
Should you be worried? The camera access itself is not a safety concern. The data handling for AR is one of the cleaner implementations in our database. The real privacy risks with Replika are in conversations, not camera usage.
What Happened With Replika’s EUR 5 Million Fine?
Italy’s Garante per la Protezione dei Dati Personali has taken three major enforcement actions against Replika in just over two years. The timeline shows escalation, not one-time oversight:
- February 2023: Emergency ban on Replika’s data processing in Italy. The Garante found no effective age gate at signup. Only name, email, and gender were required to create an account.
- June 2023: Temporary limitation order. Luka, Inc. was told to add age checks, update its privacy notice, and fix the problems before resuming Italian operations.
- April 2025: EUR 5 million fine. The Garante found that Luka’s fixes didn’t hold up. Users could still change their birth date post-registration to bypass the age gate. Incognito browsing also circumvented verification entirely. The privacy policy remained vague and non-transparent.
The April 2025 fine named four specific GDPR failures: no valid legal basis for data processing, inadequate age verification, a vague privacy policy, and failure to protect vulnerable users including minors and people with mental health conditions. A new investigation into Replika’s AI practices was opened at the same time.
Separately, in January 2025, a coalition including the Young People’s Alliance, Encode, and the Tech Justice Law Project filed a 67-page FTC complaint alleging deceptive marketing and emotional manipulation. No FTC enforcement action has been announced as of March 2026.
Is Replika Safer Than Other AI Companion Apps?
Every AI companion app in our database has safety gaps. But the range is wide. Here’s how Replika compares:
| App | Safety Score | Grade | Experience | Key Difference |
|---|---|---|---|---|
| Pi | 55 / 100 | B | Good (70) | Safest in our database. No adult content. Built-in wellbeing features. |
| Replika | 43 / 100 | C | Fair (60) | Second-safest. Strong crisis response. But EUR 5M fine and FTC complaint. |
| Kindroid | 40 / 100 | C | Fair (60) | Deep customization. Slightly weaker on transparency. |
| Candy AI | 32 / 100 | D | Fair (53) | Best image generation but weak data practices. No crisis response. |
| Character AI | 22 / 100 | F | Poor (35) | Two teen suicides linked. FTC probe. Lowest emotional safety scores. |
| Cleverbot | 18 / 100 | F | Poor (18) | Privacy policy from 2014. No crisis response, no age verification, no content moderation. |
Replika sits in the middle of the pack. It’s meaningfully safer than Character AI or Candy AI, primarily because of its crisis response system and its contractual controls on third-party data use. But Pi at B/55 outperforms Replika on nearly every dimension. If safety is your top priority and you don’t need romantic partner features, Pi is the stronger choice.
See our best AI companion apps ranking for the full list with detailed breakdowns.
How Can You Use Replika More Safely?
If you decide to use Replika, these steps can reduce your exposure:
- Use a dedicated email address. Don’t sign up with your primary email. Create a separate account specifically for AI companion services.
- Avoid sharing identifying details. Don’t share your real name, location, workplace, or other personally identifiable information in conversations. The privacy policy says conversation content won’t be used for ads, but the ToS license legally permits it.
- Read Section 8.3 of the Terms of Service. It grants Replika a perpetual, irrevocable, sublicensable license to your content for advertising and marketing. Anything you type is covered by this clause. You can’t revoke it.
- Understand the data flow. Your messages go to unnamed third-party AI providers for processing. They’re contractually barred from retaining your data, but the providers aren’t named publicly.
- Set a spending limit before subscribing. Of the 611 recent app store reviews we sampled, 55 or more mentioned billing issues: charges after cancellation, lost Pro plans, and surprise fees up to $180.
- Know the crisis resources. Replika has a “Get Help” button above the chat input with access to the 988 Suicide and Crisis Lifeline. Use it if you need it. But don’t rely on Replika as a substitute for professional mental health care.
For a broader overview of how AI companion apps work and what to expect as a first-time user, see our complete beginner’s guide to AI companion apps.
Frequently Asked Questions
Is Replika safe to use?
Replika earned a C safety grade (43/100) in our 23-dimension review, placing it in the Yellow tier. It has real strengths in crisis response and third-party data controls. But Italy fined the company EUR 5 million for GDPR failures, and the terms of service grant a perpetual license to your conversations (replika.ai/legal/terms, Section 8.3).
Is Replika safe for teens?
No. Replika’s terms require users to be 18+, but Google Play rates the app “Teen,” allowing installation by 13-year-olds. Italy’s Garante confirmed the age gate is bypassable. No parental controls exist. Apple rates it 18+ with age assurance (Italy Garante, April 2025).
Does Replika save your conversations?
Yes. Messages and content are retained while your account is active and for up to 60 days after you close it. Billing records are kept for at least 10 years. Third-party AI providers process conversations transiently and must delete them after generating a response (replika.ai/legal/privacy).
Can Replika access your camera or microphone?
Replika requests camera access for AR features only. Face and head movement data stays on your device, is not stored on servers, and is not transmitted. You can deny camera access and the app still works. Microphone access is used for voice calls only (replika.ai/legal/privacy).
What is the safest AI companion app?
Pi holds the highest safety rating in our database at B/55 (Yellow tier). It has no adult content, stronger privacy practices, and built-in wellbeing features. Replika follows at C/43. See our best AI companion apps ranking for the full list with safety scores.
Is Replika safer than Character AI?
Yes, significantly. Replika scores C/43 (Yellow) vs. Character AI’s F/22 (Red). Two teen suicides have been linked to Character AI. Replika has active crisis response integration that Character AI lacks. Character AI also faces broader regulatory action, including the first state-level AI chatbot lawsuit. See our full Replika vs Character AI privacy comparison for the details.
Does Replika sell your data?
The privacy policy states conversation content is “never used or disclosed for marketing or advertising purposes.” However, the Terms of Service Section 8.3 grants a perpetual, irrevocable license to use your content for “promotion, advertising or marketing.” The policy promise and the legal license contradict each other (replika.ai/legal/terms).