GitHub collects your registration details, payment information, profile data, and records how you use the platform including pages visited, features used, your IP address, and device information.
This analysis describes what GitHub's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The breadth of collection covers both identity-linked data (name, email, payment) and behavioral data (usage patterns, device fingerprint), meaning GitHub builds a detailed profile of both who you are and how you use the service.
The updated terms now explicitly authorize GitHub to collect AI outputs generated within the platform alongside user-provided code and content, and to share personal data with Microsoft and other Git…
The policy authorizes collection of identifiers, payment data, device information, IP address, browser type, operating system, and usage activity from all users interacting with GitHub services.
How other platforms handle this
We collect the following information when you register for and use our services: Account information. You can create a Discord account by providing an email address and creating a username and password. When you create an account, we will assign you a unique identifier. If you choose to, you may pro...
"Personal Data" refers to any information associated with an identified or identifiable individual, which can include data that you provide to us, and that we collect about you during your interaction with our Services (such as device information, IP address, etc.).
We collect information you provide directly to us, such as when you create an account, make a purchase, or contact us for support. This includes: Account information (name, email address, password); Payment information (credit card details, billing address); Profile information (company name, job ti...
Monitoring
GitHub has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect information directly from you for registration, payment, and profile purposes. Usage data we collect includes information about how you interact with our services, such as the pages you view, the features you use, and the actions you take. We also collect device and connection information, including IP address, browser type, operating system, and referring URLs.— Excerpt from GitHub's GitHub Privacy Statement
(1) REGULATORY LANDSCAPE: This provision implicates GDPR Article 5 (data minimization and purpose limitation), Article 13 (transparency at point of collection), and CCPA sections requiring disclosure of categories of personal information collected. The Irish Data Protection Commission and California Privacy Protection Agency are the primary enforcement authorities. Where collected data categories exceed what is strictly necessary for service delivery, tension with GDPR data minimization principles may arise. (2) GOVERNANCE EXPOSURE: Medium. The collection of device identifiers, IP addresses, and behavioral usage data alongside identity data creates a detailed combined profile. This is standard for large software platforms but requires documented lawful basis for each processing purpose under GDPR, which compliance teams should verify is maintained. (3) JURISDICTION FLAGS: EU/EEA users have heightened rights regarding lawful basis documentation. California residents have CCPA rights to know and delete. Illinois users should note that device biometric or fingerprint data, if collected, would engage BIPA, though the policy does not reference biometric collection specifically. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers deploying GitHub for employees should ensure their own privacy notices disclose GitHub's data collection scope. Procurement teams should confirm that GitHub's Data Processing Agreement covers behavioral and device data collected from enterprise users. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should map each data category collected against documented lawful bases, confirm that privacy notices presented at registration accurately reflect all collection categories, and review whether data minimization controls are available for enterprise deployments.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The breadth of collection covers both identity-linked data (name, email, payment) and behavioral data (usage patterns, device fingerprint), meaning GitHub builds a detailed profile of both who you are and how you use the service.
The policy authorizes collection of identifiers, payment data, device information, IP address, browser type, operating system, and usage activity from all users interacting with GitHub services.
ConductAtlas has identified this type of provision across 12 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by GitHub.