Updates to our Privacy Statement

When you check your GitHub account today, you’ll see an announcement letting you know that we’ve updated our Privacy Statement. Check it out!

Before we get into what’s new, rest assured that your information is still safe and sound. We have not made any substantive changes to the way we handle your information. For example, we still . . .

don’t sell your personal information to any third parties for their commercial purposes;
don’t have advertising on GitHub;
only require a small amount of information; and
only use your information for the purpose of providing services to you.

What’s changed

The new Privacy Statement clarifies quite a few things about how GitHub uses data, and how we permit third parties to use your information. For example, the new Privacy Statement describes how people such as researchers or archivists can use your public information on GitHub.com, and it explains that third parties using public information must respect our users’ choices. The new Privacy Statement now also includes a statement regarding tracking—we don’t track your web browsing off our site, and we don’t let third parties track you on GitHub.

Privacy Shield compliance

With this updated Privacy Statement, we’ve also applied for certification with the new EU–US Privacy Shield Framework. Privacy Shield is an agreement between the US Department of Commerce and the European Commission that provides companies in both the United States and the European Union a mechanism to comply with EU data protection requirements when transferring personal data from the EU to the US. We expect to receive our certification shortly, and we currently comply with the Privacy Shield Principles to protect all our users’ information.

Protecting our users

Although the Privacy Shield is only directed to users in the European Union, GitHub is committed to protecting all our users equally, regardless of where you live. So we are extending Privacy Shield’s benefits to all our users, including access to a free independent arbitration provider for privacy disputes.

Please take a few minutes to look over the new Privacy Statement, and please reach out if you have any questions.

Tags:

privacy

More on privacy

GitHub achieves ISO/IEC 27701:2019, 27018:2019, and CSA STAR certifications

GitHub’s Information Security and Privacy Management System (ISPMS) has been certified against ISO/IEC 27701:2019 (PII Processor) and 27018:2019 standards, as well as the Cloud Controls Matrix (CCM). These standards and frameworks are internationally recognized for security and privacy program best practices.

Brandon Griffeth & Glory Francke

Revised enterprise DPA with new standard contractual clauses

As part of GitHub's strong commitment to developer privacy, we are excited to announce updates to our privacy agreements in line with new legal requirements and our own robust data protection practices.

Olivia Holder

2021 Transparency Report: January to June

We’re reporting on a six-month period rather than annually to increase our level of transparency. For this report, we’ve added more granularity to our 2020 stats.

Abby Vollmer

Updates to our Privacy Statement

What’s changed

Privacy Shield compliance

Protecting our users

Explore more from GitHub

Policy

GitHub Universe 2023

GitHub Copilot

Work at GitHub!

Updates to our Privacy Statement

What’s changed

Privacy Shield compliance

Protecting our users

Related posts

How to get AI regulation right for open source

No cyber resilience without open source sustainability

Developers need the right to challenge junk patents

Explore more from GitHub

Policy

GitHub Universe 2023

GitHub Copilot

Work at GitHub!

Subscribe to The GitHub Insider