Users have the right to access, correct, delete, or export their personal data held by GitHub, and can exercise these rights through account settings or by contacting GitHub's privacy team.
This analysis describes what GitHub's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These provisions establish operational procedures for GitHub to respond to user requests regarding personal data management and portability. The clause creates enforceable mechanisms for data access, correction, deletion, and transfer that define GitHub's data handling obligations and establish user-initiated data governance workflows.
The updated terms now explicitly authorize GitHub to collect AI outputs generated within the platform alongside user-provided code and content, and to share personal data with Microsoft and other GitHub affiliates for purposes including training and improving artificial intelligence and machine learning technologies. The privacy statement indicates that aggregate and de-identified data will be used where feasible, but the updated language establishes broader authority for affiliate data sharing and AI model development than the previous version stated. The revised terms also remove specific disclosure of the conditions under which GitHub personnel may access private repositories, replacing that detail with a cross-reference to the Terms of Service, which means the scope of internal GitHub access to private repositories is now defined in a separate contract document rather than the privacy statement itself.
View change record →GitHub grants users rights to view, update, export, and request deletion of their personal data, which is particularly important for users who close their accounts or wish to limit their digital footprint. EU/EEA users have additional rights under GDPR including the right to restrict processing and to object to processing based on legitimate interests.
How other platforms handle this
You can request access to, erasure of, and updates to your personal data. If you'd like to port your data elsewhere, you can use tools Microsoft provides to do so, or if none are available, you can contact Microsoft for assistance.
You may submit a request to know, access, correct or delete the information we have collected from or about you here or by sending your request to the physical address provided in the "Contact Us" section below. Through your in-app settings, you can directly update your account information, request ...
Depending on where you live, you may have certain statutory rights in relation to your Personal Data. For example, you may have the right to: Access your Personal Data and information relating to how it is processed. Rectify or update your Personal Data. Delete your Personal Data from our records. R...
Monitoring
GitHub has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"The right to access the data collected about you; The right to rectify or update inaccurate or incomplete Personal Data under certain circumstances; The right to erase or limit the processing of your Personal Data under specific conditions; The right to receive your collected Personal Data in a structured, commonly used, and machine-readable format to facilitate its transfer to another company, where technically feasible.— Excerpt from GitHub's GitHub Privacy Statement
The data subject rights framework mirrors GDPR Articles 15-22 and CCPA/CPRA consumer rights. Organizations using GitHub for employee accounts should determine whether they act as controllers of employee data and whether GitHub's standard consumer rights mechanisms are sufficient for compliance with applicable workforce privacy laws.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These provisions establish operational procedures for GitHub to respond to user requests regarding personal data management and portability. The clause creates enforceable mechanisms for data access, correction, deletion, and transfer that define GitHub's data handling obligations and establish user-initiated data governance workflows.
GitHub grants users rights to view, update, export, and request deletion of their personal data, which is particularly important for users who close their accounts or wish to limit their digital footprint. EU/EEA users have additional rights under GDPR including the right to restrict processing and to object to processing based on legitimate interests.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by GitHub.