GitHub's privacy policy explains what personal information they collect about you when you use their services, how they use it, and who they share it with. Your data may be used to improve GitHub's products, including training AI features like Copilot, though you can opt out of some of these uses. GitHub gives you rights to access, download, or delete your data by contacting them or through account settings.
Technical Summary
The GitHub General Privacy Statement governs the collection, use, sharing, and retention of personal data by GitHub, Inc. (a Microsoft subsidiary) across its platforms and services. It identifies GitHub as the data controller and outlines lawful bases for processing under GDPR and equivalent frameworks, covering categories including account data, usage data, payment information, and content uploaded by users. The statement grants users rights to access, correct, delete, export, and restrict processing of their personal data, and discloses data sharing with third-party service providers, corporate affiliates, and in response to legal process. Notable provisions include the use of personal data to train AI/ML models (with opt-out mechanisms for certain features), cross-border data transfers with Standard Contractual Clauses as the primary safeguard, and specific supplemental disclosures for California residents and EU/EEA data subjects.
Institutional Analysis
This document engages GDPR (EU/EEA users), UK GDPR, CCPA/CPRA (California residents), and cross-border data transfer obligations via Standard Contractual Clauses. Compliance teams should note GitHub'…
This document engages GDPR (EU/EEA users), UK GDPR, CCPA/CPRA (California residents), and cross-border data transfer obligations via Standard Contractual Clauses. Compliance teams should note GitHub's role as both data controller and, in enterprise contexts, data processor — with distinct DPA oblig…
🔒
Compliance intelligence locked
Regulatory exposure, material risk, and due diligence action items.
GitHub may use your personal data, activity, and content to train artificial intelligence and machine learning models, including features like GitHub Copilot, though certain opt-out options are available.
GitHub may disclose your personal data to law enforcement, government agencies, or other third parties in response to valid legal process such as subpoenas, court orders, or national security requests.
Your personal data may be transferred to and processed in countries outside your own, including the United States, with Standard Contractual Clauses used as the primary legal safeguard for EU/EEA transfers.
As a Microsoft subsidiary, GitHub may share your personal data with Microsoft and other affiliated companies for business purposes including product improvement and service delivery.
California residents have additional rights under the CCPA/CPRA including the right to know what data is collected, the right to opt out of the sale or sharing of personal information, and the right to limit use of sensitive personal information.
GitHub retains certain personal data even after you delete your account, including for legal compliance, dispute resolution, and enforcement of agreements, and some data may persist in backup systems.
GitHub uses cookies, pixel tags, and similar tracking technologies to collect information about your browsing behavior on their platform and across the web for analytics and advertising purposes.
GitHub's services are not directed at children under 13, and users must be at least 13 years old (or older where local law requires) to create an account.
Users have the right to access, correct, delete, or export their personal data held by GitHub, and can exercise these rights through account settings or by contacting GitHub's privacy team.
GitHub collects payment information when you purchase paid services, which is processed by third-party payment processors and may be stored for billing and fraud prevention purposes.