We’re in the process of updating our policies, and we’d like to get your input! We want to hear what you think of them and whether any of our changes or clarifications can be improved. Head on over to our Site Policy repository to see the open pull requests.
About every six months, we review our terms and policies to make sure they’re as clear as they can be and decide whether we should make any updates. This time around, we’re very focused on bringing our policies into alignment with a new law in Europe known as the General Data Protection Regulation, so we’ve made some changes to our Privacy Statement and Terms of Service to cover our compliance with that law. We’ve made other changes to our terms to clarify account control and developer obligations when integrations are created for others.
Over the last few months, we’ve gotten a few questions asking about our General Data Protection Regulation (GDPR) compliance. We are proud to announce that we are compliant with the GDPR. Additionally, we have always provided the same level of privacy protection to our users regardless of their residency, location, or citizenship—and that will not change. We provide strong privacy and security protection to all of our users.
For the most part, our changes to the Privacy Statement are only points of clarification. GitHub doesn’t ask for more personal data from our users than we need to provide our services to you. Where we offer you the option of giving us more data, we provide you the ability to access and delete the data you have given us. For example, you can always remove your profile information, your comments in issues, and your repository contents. We have gone through our Privacy Statement to provide more context and transparency, though, so our users understand exactly why we ask for information and what we’ll do with it.
- The GDPR requires us to inform our users about the legal basis on which we process their data. In this update, we explain what data we collect and why
- We describe our security practices in more detail
- Throughout the Privacy Statement, we provide greater transparency and insight into our data collection, data handling, data retention, and data deletion processes
- If you are a Corporate Terms of Service customer and you need a Data Protection Agreement with us, please contact support. We will be happy to provide one. Please understand that with the GDPR compliance deadline coming up, our volume of requests is high, but we will respond to you as promptly as possible
Much like the changes to the Privacy Statement, most of the changes to our terms are clarifications of pre-existing sections. Here are a few sections we’d like to highlight:
- Third Party Applications: We combined the Marketplace section with general requirements for those creating integrations for other users to provide better protections for GitHub users and their data. The Marketplace section is now called “Third Party Applications,” since it now applies to more than just GitHub’s Marketplace. We’ve also added a “Third Party Applications” section to the Privacy Statement to discuss our users’ privacy expectations in regards to those applications
- Access to Private Repositories: In Section E, we clarified the purposes for which we may be required to access private repository contents, in line with the security obligations of our GDPR compliance program
- More definitions: We included definitions of “User Accounts” and “Organizations” and described who has control of those types of accounts
- Community Forum Code of Conduct: Last year we launched the Community Forum. The Community Forum is a growing part of our platform and we thought it’d be great to include the Code of Conduct in our Site Policy repository, since we hadn’t yet included it
- Marketplace Developer Agreement: We’ve made some updates to this agreement that reflect some of the changes to the Marketplace over the past year
- Takedown policies: We’ve updated our takedown policies to add clarification around what’s covered by our DMCA policy
- Statement Against Modern Slavery and Child Labor: We’ve added our 2018 statement describing the steps we’ve taken to prevent modern slavery and child labor from occurring in our business and supply chain
We’ll leave the pull requests open until 5 pm Friday, May 18. Then, we’ll take a week to go through your comments and make changes to improve the policies. We’ll enact the new policies on Friday, May 25.
We look forward to hearing from you!