GitHub collects payment information when you purchase paid services, which is processed by third-party payment processors and may be stored for billing and fraud prevention purposes.
This analysis describes what GitHub's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The collection of payment information is operationally necessary to facilitate billing and subscription management for paid service tiers, and establishes the scope of personal financial data GitHub processes in its capacity as a payment processor.
The updated terms now explicitly authorize GitHub to collect AI outputs generated within the platform alongside user-provided code and content, and to share personal data with Microsoft and other GitHub affiliates for purposes including training and improving artificial intelligence and machine learning technologies. The privacy statement indicates that aggregate and de-identified data will be used where feasible, but the updated language establishes broader authority for affiliate data sharing and AI model development than the previous version stated. The revised terms also remove specific disclosure of the conditions under which GitHub personnel may access private repositories, replacing that detail with a cross-reference to the Terms of Service, which means the scope of internal GitHub access to private repositories is now defined in a separate contract document rather than the privacy statement itself.
View change record →Payment data is shared with third-party processors to complete transactions, and some billing data may be retained by GitHub for accounting and fraud prevention. Users should review the privacy policies of GitHub's payment processors for additional data handling details.
How other platforms handle this
We may share information about you and your transactions with Card Networks and our financial services partners. By accepting this agreement, you authorize Stripe to share your information with these entities for purposes including facilitating your use of the Services, complying with applicable law...
We may share your personal information with: Service providers who perform services on our behalf. Financial partners, such as banks, payment processors, and financial institutions. Professional advisors, such as lawyers, auditors, and insurers. Business partners with whom we jointly offer products ...
11 Inferences Conclusions that could be used to create a profile reflecting an individual's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, aptitude. YES. YES
Monitoring
GitHub has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Payment Information: For paid subscriptions, we collect details like name, billing address, and payment specifics.— Excerpt from GitHub's GitHub Privacy Statement
Payment data handling implicates PCI-DSS compliance obligations and potentially state-level financial privacy laws. Where GitHub acts as a merchant, responsibility for cardholder data security rests primarily with the payment processor, but GitHub retains exposure for any billing data it stores independently.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The collection of payment information is operationally necessary to facilitate billing and subscription management for paid service tiers, and establishes the scope of personal financial data GitHub processes in its capacity as a payment processor.
Payment data is shared with third-party processors to complete transactions, and some billing data may be retained by GitHub for accounting and fraud prevention. Users should review the privacy policies of GitHub's payment processors for additional data handling details.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by GitHub.