GitHub can hand over your personal data to police, government agencies, or other third parties when it believes there is a legal requirement or when it decides it is appropriate, without necessarily telling you first.
Previous version had no excerpt provided; current version now includes detailed disclosure conditions and explicit mention of law enforcement discretion.
View full change record →Your GitHub account data — including repository contents, IP address, and communications — can be disclosed to law enforcement or government entities at GitHub's discretion, potentially without any notice to you.
Cross-platform context
See how other platforms handle Law Enforcement and Government Disclosure and similar clauses.
Compare across platforms →This provision means your code, account activity, IP address, and identity could be disclosed to government authorities without your prior knowledge, which is particularly significant for developers working on sensitive or politically contentious projects.
REGULATORY FRAMEWORK: This provision implicates GDPR Art. 6(1)(c) (legal obligation) and Art. 6(1)(f) (legitimate interests) as lawful bases for disclosure; 18 U.S.C. §2703 (Stored Communications Act/ECPA) governs the procedural requirements for compelled government access to stored communications in the US; GDPR Art. 48 restricts transfers to foreign authorities not based on EU legal instruments. The FTC (Section 5) and state AGs retain authority over deceptive disclosure practices.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.