California residents can request to know what personal data GitHub holds about them, ask for it to be deleted or corrected, and opt out of GitHub sharing their personal information with third parties, all through GitHub's privacy portal.
This analysis describes what GitHub's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes GitHub's operational framework for responding to statutory privacy rights exercisable by a specific user population. The establishment of a designated submission mechanism (privacy portal) creates a defined procedural pathway for rights exercise and GitHub's corresponding obligations to process and respond to such requests in accordance with CCPA/CPRA requirements.
The updated terms now explicitly authorize GitHub to collect AI outputs generated within the platform alongside user-provided code and content, and to share personal data with Microsoft and other GitHub affiliates for purposes including training and improving artificial intelligence and machine learning technologies. The privacy statement indicates that aggregate and de-identified data will be used where feasible, but the updated language establishes broader authority for affiliate data sharing and AI model development than the previous version stated. The revised terms also remove specific disclosure of the conditions under which GitHub personnel may access private repositories, replacing that detail with a cross-reference to the Terms of Service, which means the scope of internal GitHub access to private repositories is now defined in a separate contract document rather than the privacy statement itself.
View change record →California residents can exercise CCPA/CPRA rights to access, delete, correct, and opt out of the sharing of their personal information by submitting a request at https://support.github.com/contact/privacy; exercising these rights cannot result in discriminatory treatment according to the policy.
How other platforms handle this
If you are a California resident, you have certain rights with respect to your personal information under the California Consumer Privacy Act (CCPA). These rights include the right to know about the personal information we collect, use, disclose, and sell; the right to request deletion of your perso...
Depending on where you live, you may have certain rights regarding your personal information. These rights may include the right to know what personal information we have collected about you, the right to delete your personal information, the right to correct inaccurate personal information, the rig...
Depending on where you live, you may have certain rights regarding your personal information, including: the right to know what personal information we have collected about you; the right to delete personal information we have collected from you; the right to correct inaccurate personal information;...
Monitoring
GitHub has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are a California resident, you have specific rights under the California Consumer Privacy Act and California Privacy Rights Act. These rights include the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale or sharing of personal information, the right to correct inaccurate personal information, and the right to non-discrimination for exercising these rights. To exercise these rights, California residents can submit a request through our privacy portal.— Excerpt from GitHub's GitHub Privacy Statement
(1) REGULATORY LANDSCAPE: This provision directly engages the California Consumer Privacy Act and the California Privacy Rights Act. The California Privacy Protection Agency is the primary enforcement authority, with the California Attorney General having concurrent enforcement jurisdiction. Non-discrimination requirements under CCPA prohibit GitHub from denying services or charging different prices based on exercise of privacy rights. (2) GOVERNANCE EXPOSURE: Medium. GitHub's disclosure of data sharing with advertising and analytics partners means California residents' opt-out rights are practically significant. Compliance teams should verify that opt-out requests are honored across all downstream sharing relationships and that the opt-out mechanism meets CPRA's universal opt-out signal requirements. (3) JURISDICTION FLAGS: This provision applies specifically to California residents. Other US states with comprehensive privacy laws (Virginia, Colorado, Connecticut, Texas, and others) have analogous rights that may apply to their residents but are not separately addressed in this provision. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers with California-based employees should confirm that employee data subject to CCPA is covered by GitHub's consumer-facing rights mechanisms or addressed separately in enterprise Data Processing Agreements, as CCPA's B2B exemptions have evolved under CPRA. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should test GitHub's opt-out mechanism for California residents, verify that the mechanism addresses both sale and sharing as defined under CPRA, confirm that GitHub honors Global Privacy Control signals, and assess whether employee-facing privacy notices disclose GitHub's CCPA data sharing practices.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes GitHub's operational framework for responding to statutory privacy rights exercisable by a specific user population. The establishment of a designated submission mechanism (privacy portal) creates a defined procedural pathway for rights exercise and GitHub's corresponding obligations to process and respond to such requests in accordance with CCPA/CPRA requirements.
California residents can exercise CCPA/CPRA rights to access, delete, correct, and opt out of the sharing of their personal information by submitting a request at https://support.github.com/contact/privacy; exercising these rights cannot result in discriminatory treatment according to the policy.
ConductAtlas has identified this type of provision across 4 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by GitHub.