Updates to our Privacy Statement and Terms of Service
Learn more about updates we’ve made to our Privacy Statement and Terms of Service.
We’re in the process of updating our policies, and we’d like to get your input! We want to hear what you think of them and whether any of our changes or clarifications can be improved. Head on over to our Site Policy repository to see the open pull requests.
What’s changed
About every six months, we review our terms and policies to make sure they’re as clear as they can be and decide whether we should make any updates. This time around, we’re very focused on bringing our policies into alignment with a new law in Europe known as the General Data Protection Regulation, so we’ve made some changes to our Privacy Statement and Terms of Service to cover our compliance with that law. We’ve made other changes to our terms to clarify account control and developer obligations when integrations are created for others.
Updates to our Privacy Statement
Over the last few months, we’ve gotten a few questions asking about our General Data Protection Regulation (GDPR) compliance. We are proud to announce that we are compliant with the GDPR. Additionally, we have always provided the same level of privacy protection to our users regardless of their residency, location, or citizenship—and that will not change. We provide strong privacy and security protection to all of our users.
For the most part, our changes to the Privacy Statement are only points of clarification. GitHub doesn’t ask for more personal data from our users than we need to provide our services to you. Where we offer you the option of giving us more data, we provide you the ability to access and delete the data you have given us. For example, you can always remove your profile information, your comments in issues, and your repository contents. We have gone through our Privacy Statement to provide more context and transparency, though, so our users understand exactly why we ask for information and what we’ll do with it.
GDPR Compliance
- The GDPR requires us to inform our users about the legal basis on which we process their data. In this update, we explain what data we collect and why
- We describe our security practices in more detail
- We now provide a separate page describing our tracking, our use of cookies, and listing our subprocessors (the vendors and third parties we have engaged to process personal data on our behalf)
- Throughout the Privacy Statement, we provide greater transparency and insight into our data collection, data handling, data retention, and data deletion processes
- If you are a Corporate Terms of Service customer and you need a Data Protection Agreement with us, please contact support. We will be happy to provide one. Please understand that with the GDPR compliance deadline coming up, our volume of requests is high, but we will respond to you as promptly as possible
Updates to our Terms of Service and other policies
Standard Terms of Service and Corporate Terms of Service
Much like the changes to the Privacy Statement, most of the changes to our terms are clarifications of pre-existing sections. Here are a few sections we’d like to highlight:
- Third Party Applications: We combined the Marketplace section with general requirements for those creating integrations for other users to provide better protections for GitHub users and their data. The Marketplace section is now called “Third Party Applications,” since it now applies to more than just GitHub’s Marketplace. We’ve also added a “Third Party Applications” section to the Privacy Statement to discuss our users’ privacy expectations in regards to those applications
- Access to Private Repositories: In Section E, we clarified the purposes for which we may be required to access private repository contents, in line with the security obligations of our GDPR compliance program
- More definitions: We included definitions of “User Accounts” and “Organizations” and described who has control of those types of accounts
Other policies
- Community Forum Code of Conduct: Last year we launched the Community Forum. The Community Forum is a growing part of our platform and we thought it’d be great to include the Code of Conduct in our Site Policy repository, since we hadn’t yet included it
- Marketplace Developer Agreement: We’ve made some updates to this agreement that reflect some of the changes to the Marketplace over the past year
- Takedown policies: We’ve updated our takedown policies to add clarification around what’s covered by our DMCA policy
- Statement Against Modern Slavery and Child Labor: We’ve added our 2018 statement describing the steps we’ve taken to prevent modern slavery and child labor from occurring in our business and supply chain
Taking action
We’ll leave the pull requests open until 5 pm Friday, May 18. Then, we’ll take a week to go through your comments and make changes to improve the policies. We’ll enact the new policies on Friday, May 25.
We look forward to hearing from you!
Tags:
Written by
Related posts
Students: Start building your skills with the GitHub Foundations certification
The GitHub Foundations Certification exam fee is now waived for all students verified through GitHub Education.
Announcing GitHub Secure Open Source Fund: Help secure the open source ecosystem for everyone
Applications for the new GitHub Secure Open Source Fund are now open! Applications will be reviewed on a rolling basis until they close on January 7 at 11:59 pm PT. Programming and funding will begin in early 2025.
Software is a team sport: Building the future of software development together
Microsoft and GitHub are committed to empowering developers around the world to innovate, collaborate, and create solutions that’ll shape the next generation of technology.