How does GitHub's GitHub Privacy Statement affect users?

The document authorizes GitHub to collect and process a broad category of personal data spanning identifiers, financial records, device information, activity logs, and posted content. Users may submit requests for data access, correction, or deletion through the designated privacy portal at https://support.github.com/contact/privacy. Public repository content is classified under the policy as non-private, globally accessible material, establishing different handling standards than private repos…

How often is GitHub's GitHub Privacy Statement updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when GitHub updates this document?

Yes. Watcher subscribers ($9.99/month) can add GitHub to their watchlist and receive same-day email alerts whenever this document or any other GitHub document changes.

CA-D-000254

GitHub Privacy Statement

GitHub

Last change detected April 28, 2026 Privacy policy

SHA-256: b36cbcc068012375c4a… 3 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at GitHub ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

3 High severity

7 Medium severity

0 Low severity

Summary

This document establishes GitHub's data collection, processing, and sharing practices for users of its platform. GitHub collects personal identifiers (name, email address), payment information, device identifiers, IP addresses, browsing activity, and user-generated content, with authorization to share this data with Microsoft affiliates, service providers, and analytics and advertising partners. The policy designates public repository content as globally visible material not subject to private data protections, permitting indexing by search engines and third-party access.

Technical / Legal Breakdown

This document is GitHub's General Privacy Statement, governing the collection, use, storage, sharing, and protection of personal data across GitHub's products and services, with Microsoft Corporation as GitHub's parent entity and data controller for certain processing activities. The statement asserts that GitHub collects registration information (name, email, password), profile data, payment information, device and usage data, cookies and tracking data, and content users upload; the terms authorize use of this data for service delivery, security, legal compliance, personalization, and to improve GitHub products including AI features such as GitHub Copilot. The policy discloses that personal data may be shared with Microsoft affiliates, service providers, advertising partners, and third parties in the context of business transactions, and that public repository content is visible globally and may be indexed by search engines, which is operationally distinct from platforms where user-generated content defaults to private. The statement engages GDPR for EU/EEA users (including rights of access, rectification, erasure, portability, and objection), the California Consumer Privacy Act for California residents, and additional state privacy laws; GitHub designates a Data Protection Officer and commits to Standard Contractual Clauses for international transfers. Compliance teams should note that the policy's AI training data provisions, the breadth of affiliate data sharing with Microsoft, and the treatment of public repository content as non-private warrant specific review under applicable data minimization and purpose limitation obligations.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

1 important change detected

3 versions captured · Last updated: April 2026

April 28, 2026

high

What changed GitHub updated its Privacy Statement on April 28, 2026 to explicitly authorize collection and use of AI outputs from user-provided content, and to broaden the scope of personal data sharing with affiliates to include product development and AI/machine learning training. The statement also removed specific language describing the conditions under which GitHub personnel may access private repositories and replaced it with a reference to the Terms of Service. These changes expand the stated purposes for data use and affiliate sharing without adding explicit opt-out mechanisms.

Why this matters The updated terms now explicitly authorize GitHub to collect AI outputs generated within the platform alongside user-provided code and content, and to share personal data with Microsoft and other GitHub affiliates for purposes including training and improving artificial intelligence and machine learning technologies. The privacy statement indicates that aggregate and de-identified data will be used where feasible, but the updated language establishes broader authority for affiliate data sharing and AI model development than the previous version stated. The revised terms also remove specific disclosure of the conditions under which GitHub personnel may access private repositories, replacing that detail with a cross-reference to the Terms of Service, which means the scope of internal GitHub access to private repositories is now defined in a separate contract document rather than the privacy statement itself.

View full change record →

High — 3 provisions

Affiliate Data Sharing with Microsoft Compare →

GitHub may share your personal data with Microsoft and its subsidiaries for service, security, and product improvement purposes, and Microsoft may use that data under Microsoft's own privacy policy.

Added May 12, 2026 Standard Seen across 246 platforms
AI Product Improvement and Copilot Data Use Compare →

GitHub states it may use your usage data and content interactions to improve AI products including GitHub Copilot, and directs users to product-specific terms for full details on how AI features process data.

Added May 12, 2026 Common Seen across 104 platforms
International Data Transfers and Standard Contractual Clauses Compare →

GitHub transfers personal data internationally, including to the US, and relies on Standard Contractual Clauses to make EU, UK, and Swiss data transfers lawful under data protection law.

Added May 12, 2026 Standard Seen across 246 platforms

Medium — 7 provisions

Data Collection Scope Compare →

GitHub collects your registration details, payment information, profile data, and records how you use the platform including pages visited, features used, your IP address, and device information.

Added May 12, 2026 Standard Seen across 251 platforms
Public Repository Content Visibility

Any code or content you post in a public GitHub repository is visible to anyone on the internet and may be indexed by search engines and accessed by third parties.

Added May 12, 2026 Rare
User Rights: Access, Deletion, Portability, and Objection Compare →

GitHub states that users in applicable jurisdictions can request to access, correct, delete, or export their personal data, and can object to certain types of processing, by submitting a request through GitHub's privacy portal.

Added May 12, 2026 Standard Seen across 223 platforms
Cookies and Tracking Technologies Compare →

GitHub uses cookies for authentication, preferences, analytics, and advertising, and allows third-party analytics and advertising partners to set cookies on GitHub services; blocking cookies may affect how the service works.

Added April 3, 2026 Standard Seen across 251 platforms
Data Retention Compare →

GitHub keeps your personal data for as long as it needs to for service delivery, legal compliance, dispute resolution, and contract enforcement, with specific timeframes varying by data type.

Added April 27, 2026 Standard Seen across 223 platforms
Legal Disclosure and Law Enforcement Access Compare →

GitHub may share your personal data with law enforcement or government agencies when legally required or to protect rights and safety, and states it will notify you before disclosing to law enforcement where law permits.

Added May 12, 2026 Standard Seen across 246 platforms
California Consumer Privacy Act Rights Compare →

California residents can request to know what personal data GitHub holds about them, ask for it to be deleted or corrected, and opt out of GitHub sharing their personal information with third parties, all through GitHub's privacy portal.

Added May 12, 2026 Standard Seen across 262 platforms