Site Policy Versions Save

This release is to document the additions of four policies to this repository, added in this pull request. The policies are below:

• GitHub Anti-Bribery Statement
• GitHub Gifts and Entertainment Policy
• GitHub Event Code of Conduct
• GitHub Event Terms

The live versions of those policies can be found on our GitHub Help site

The following minor changes are also documented in this release:

• Plan name change: Business plan -> Business Cloud
• Adding language to the Trademark Policy
• Adding language to the Sensitive Data Removal Policy
• Fixing section reference typos

What’s changed

About every six months, we review our terms and policies to make sure they're as clear as they can be and decide whether we should make any updates. This time around, we focused on bringing our policies into alignment with a new law in Europe known as the General Data Protection Regulation, so we made some changes to our Privacy Statement and Terms of Service to cover our compliance with that law. We made other changes to our terms to clarify account control and developer obligations when integrations are created for others.

Updates to our Privacy Statement

Over the last few months, we got a few questions asking about our General Data Protection Regulation (GDPR) compliance. We are proud to announce that we are compliant with the GDPR. Additionally, we have always provided the same level of privacy protection to our users regardless of their residency, location, or citizenship—and that will not change. We provide strong privacy and security protection to all of our users.

For the most part, our changes to the Privacy Statement are only points of clarification. GitHub doesn't ask for more personal data from our users than we need to provide our services to you. Where we offer you the option of giving us more data, we provide you the ability to access and delete the data you have given us. For example, you can always remove your profile information, your comments in issues, and your repository contents. We have gone through our Privacy Statement to provide more context and transparency, though, so our users understand exactly why we ask for information and what we'll do with it.

GDPR Compliance

• The GDPR requires us to inform our users about the legal basis on which we process their data. In this update, we explain what data we collect and why
• We describe our security practices in more detail
• We now provide a separate page describing our tracking, our use of cookies, and listing our subprocessors (the vendors and third parties we have engaged to process personal data on our behalf)
• Throughout the Privacy Statement, we provide greater transparency and insight into our data collection, data handling, data retention, and data deletion processes
• If you are a Corporate Terms of Service customer and you need a Data Protection Agreement with us, please contact support. We will be happy to provide one.

Updates to our Terms of Service and other policies

Standard Terms of Service and Corporate Terms of Service

Much like the changes to the Privacy Statement, most of the changes to our terms are clarifications of pre-existing sections. Here are a few sections we'd like to highlight:

• Third Party Applications: We combined the Marketplace section with general requirements for those creating integrations for other users to provide better protections for GitHub users and their data. The Marketplace section is now called "Third Party Applications," since it now applies to more than just GitHub's Marketplace. We've also added a "Third Party Applications" section to the Privacy Statement to discuss our users' privacy expectations in regards to those applications
• Access to Private Repositories: In Section E, we clarified the purposes for which we may be required to access private repository contents, in line with the security obligations of our GDPR compliance program
• More definitions: We included definitions of "User Accounts" and "Organizations" and described who has control of those types of accounts

Other policies

• Community Forum Code of Conduct: Last year we launched the Community Forum. The Community Forum is a growing part of our platform and we thought it'd be great to include the Code of Conduct in our Site Policy repository, since we hadn't yet included it
• Marketplace Developer Agreement: We've made some updates to this agreement that reflect some of the changes to the Marketplace over the past year
• Takedown policies: We updated our takedown policies to add clarification around what's covered by our DMCA policy
• Statement Against Modern Slavery and Child Labor: We added our 2018 statement describing the steps we've taken to prevent modern slavery and child labor from occurring in our business and supply chain

Minor updates to the following policies:

• Terms of Service
• Corporate Terms of Service
• Marketplace Terms of Service
• Privacy Statement
• Open Source Applications Terms and Conditions

Changes:

• Changes to the API section include the removal of redundant language (sections H1 and H3), and consolidation of both termination (section M) and limitation of liability (section P) language in their respective sections.
• Addition of language to Section E. Private Repositories, includes notice about potential opt-in features.

The associated pull request in this site-policy repo was merged on Thursday, October 12.

This release includes changes made to the following policies:

• Terms of Service
• Corporate Terms of Service
• Business Plan Addendum
• DMCA Takedown Policy
• Amendment to GitHub Terms of Service Applicable to US Federal Government Users
• Marketplace Terms of Service

Most of the associated pull requests were merged on Friday, August 4.