GitHub uses cookies for authentication, preferences, analytics, and advertising, and allows third-party analytics and advertising partners to set cookies on GitHub services; blocking cookies may affect how the service works.
This analysis describes what GitHub's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes GitHub's operational use of tracking technologies and defines the scope of authorized data collection mechanisms. It clarifies that data collection extends to third-party partners operating within GitHub's service environment.
Interpretive note: The policy does not name specific advertising partners or detail what data is shared with them, creating uncertainty about the full scope of third-party cookie data collection.
The updated terms now explicitly authorize GitHub to collect AI outputs generated within the platform alongside user-provided code and content, and to share personal data with Microsoft and other GitHub affiliates for purposes including training and improving artificial intelligence and machine learning technologies. The privacy statement indicates that aggregate and de-identified data will be used where feasible, but the updated language establishes broader authority for affiliate data sharing and AI model development than the previous version stated. The revised terms also remove specific disclosure of the conditions under which GitHub personnel may access private repositories, replacing that detail with a cross-reference to the Terms of Service, which means the scope of internal GitHub access to private repositories is now defined in a separate contract document rather than the privacy statement itself.
View change record →The policy authorizes GitHub and third-party analytics and advertising partners to use cookies and tracking technologies to collect browsing behavior and usage data; disabling cookies via browser settings may reduce functionality but limits this third-party tracking.
How other platforms handle this
We use cookies, web beacons, pixel tags, and other tracking technologies to collect information about your use of our website and Service, including your browser type, referring URL, pages visited, and time spent on pages. We may use this information to analyze trends, administer the site, track use...
We and our third-party partners may use cookies, web beacons, and similar tracking technologies to collect information about your use of the Sites. Cookies are small data files stored on your browser or device. We use both session cookies and persistent cookies. We may also use web beacons, pixel ta...
cookie data, resettable device identifiers, advertising identifiers and other unique identifiers (described below in the section "Cookies and other Technologies").
Monitoring
GitHub has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"GitHub uses cookies and similar tracking technologies on our websites and services for purposes including authentication, preferences, analytics, and advertising. You may be able to adjust your browser settings to refuse cookies, but doing so may affect the functionality of GitHub services. GitHub also works with third-party analytics and advertising partners who may set their own cookies.— Excerpt from GitHub's GitHub Privacy Statement
(1) REGULATORY LANDSCAPE: Cookie use and third-party tracking implicates the EU ePrivacy Directive, GDPR consent requirements for non-essential cookies, the UK PECR (Privacy and Electronic Communications Regulations), and CCPA/CPRA provisions on sharing personal information with advertising partners. The Irish DPC, UK ICO, and California Privacy Protection Agency are the relevant enforcement authorities. Consent requirements for advertising and analytics cookies under EU law require freely given, specific, informed, and unambiguous consent prior to setting non-essential cookies. (2) GOVERNANCE EXPOSURE: Medium. The disclosure that advertising partners may set their own cookies on GitHub services raises questions about whether users receive adequate notice and consent mechanisms meeting ePrivacy Directive standards, particularly for EU and UK users. The policy does not specify the names of advertising partners or the specific data transferred to them. (3) JURISDICTION FLAGS: EU/EEA and UK users have the most stringent cookie consent requirements. California residents have CCPA rights to opt out of sale or sharing of personal information derived from advertising cookies. Organizations deploying GitHub in enterprise environments should assess whether employee browsing data on GitHub is captured by third-party advertising cookies. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should review whether GitHub's cookie practices for enterprise deployments are distinct from consumer-facing practices, and confirm whether advertising partner cookies are scoped to consumer pages or extend to enterprise product interfaces. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should review GitHub's cookie consent banner implementation for EU/UK compliance, test whether consent choices are respected and whether non-essential cookies are blocked prior to consent, and map third-party advertising partner cookie data flows for CCPA sharing disclosure purposes.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes GitHub's operational use of tracking technologies and defines the scope of authorized data collection mechanisms. It clarifies that data collection extends to third-party partners operating within GitHub's service environment.
The policy authorizes GitHub and third-party analytics and advertising partners to use cookies and tracking technologies to collect browsing behavior and usage data; disabling cookies via browser settings may reduce functionality but limits this third-party tracking.
ConductAtlas has identified this type of provision across 69 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by GitHub.