This analysis describes what GitHub's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the operational framework for GitHub's use of third parties in service delivery and marketing functions, creating contractual obligations on service providers while authorizing broader data sharing with advertising and analytics partners.
The updated terms now explicitly authorize GitHub to collect AI outputs generated within the platform alongside user-provided code and content, and to share personal data with Microsoft and other GitHub affiliates for purposes including training and improving artificial intelligence and machine learning technologies. The privacy statement indicates that aggregate and de-identified data will be used where feasible, but the updated language establishes broader authority for affiliate data sharing and AI model development than the previous version stated. The revised terms also remove specific disclosure of the conditions under which GitHub personnel may access private repositories, replacing that detail with a cross-reference to the Terms of Service, which means the scope of internal GitHub access to private repositories is now defined in a separate contract document rather than the privacy statement itself.
View change record →Users operate under terms that authorize GitHub to share personal data with service providers bound by contractual data protection obligations, as well as with marketing and analytics partners. The scope and specific recipients of marketing partner sharing are not detailed in the clause language provided.
How other platforms handle this
If you use a third-party service — like a social network or login service — to access our services, those services will tell us basic information about you, like your username and profile picture. In addition, information about you may be shared with other businesses within the Snap Inc. corporate f...
We may share your personal information with: Service providers who perform services on our behalf. Financial partners, such as banks, payment processors, and financial institutions. Professional advisors, such as lawyers, auditors, and insurers. Business partners with whom we jointly offer products ...
We may share personal information with third-party service providers and partners who support our business operations, including identity verification providers, payment processors, analytics providers, marketing partners, and blockchain analytics companies.
Monitoring
GitHub has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We share personal data with third-party service providers who help us provide our Services. These service providers are only permitted to use your personal data to provide services to us and are contractually required to protect your personal data. We may also share data with partners and advertising networks for marketing and analytics purposes.— Excerpt from GitHub's GitHub Privacy Statement
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the operational framework for GitHub's use of third parties in service delivery and marketing functions, creating contractual obligations on service providers while authorizing broader data sharing with advertising and analytics partners.
Users operate under terms that authorize GitHub to share personal data with service providers bound by contractual data protection obligations, as well as with marketing and analytics partners. The scope and specific recipients of marketing partner sharing are not detailed in the clause language provided.
ConductAtlas has identified this type of provision across 4 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by GitHub.