This analysis describes what GitHub's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The legal validity of these transfers depends on SCCs being properly executed and supplemented with technical safeguards, following the Schrems II ruling — failure could expose EU users' data to US government access without adequate protection.
The updated terms now explicitly authorize GitHub to collect AI outputs generated within the platform alongside user-provided code and content, and to share personal data with Microsoft and other Git…
The policy states GitHub collects identifiers, device information, usage activity, payment data, and user-generated content, and authorizes sharing this data with Microsoft affiliates, service providers, and analytics and advertising partners. Public repository content is described as globally visible and potentially indexed by search engines, meaning code and associated metadata posted publicly is not treated as private personal data under the policy. You can submit data access, deletion, or correction requests through GitHub's privacy contact form at https://support.github.com/contact/privacy.
How other platforms handle this
If you are located in the European Economic Area, the United Kingdom, or Switzerland, please be aware that we may transfer your personal information to countries outside of these regions, including to the United States, where data protection laws may not provide the same level of protection as those...
You will provide personal information directly to our website in the United States. We may also transfer personal information to our partners and service providers in the United States and other jurisdictions. Please note that such jurisdictions may not provide the same protections as the data prote...
ClickUp is based in the United States and the information we collect is governed by U.S. law. By accessing or using our Services or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries, where you may not have the same...
Monitoring
GitHub has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are located in the European Economic Area, the United Kingdom, or Switzerland, we transfer your personal data to countries outside of your jurisdiction, including to the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms, as the legal basis for such transfers.— Excerpt from GitHub's GitHub Privacy Statement
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The legal validity of these transfers depends on SCCs being properly executed and supplemented with technical safeguards, following the Schrems II ruling — failure could expose EU users' data to US government access without adequate protection.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by GitHub.