This document outlines the Cookie Policy for a website, explaining what cookies are, how they are used to enhance user experience and site functionality, and how users can control or disable them. It clarifies that disabling cookies may affect site performance and refers to the Privacy Policy for personal data management.

This Cybersecurity Policy outlines a company's commitment to protecting information assets and personal data, aligning with U.S. laws and cybersecurity frameworks. It details how the company governs cybersecurity, including data protection, access control, incident response, employee training, and vendor management. The policy applies to all employees, contractors, and third parties handling personal data on behalf of the company.

The GitHub Private Information Removal Policy provides a process for removing high-risk confidential content—such as credentials, tokens, or sensitive diagrams—that poses security threats if exposed in repositories. It is an official GitHub policy, designed to protect users while maintaining platform integrity, and can be trusted as part of GitHub’s broader site governance framework.

The GitHub General Privacy Statement explains how GitHub (and GitHub B.V.) collects, uses, shares, and protects personal data across its services, including users’ rights (GDPR/US state laws), data transfers, cookies, and security/retention practices. It is an official GitHub policy (under Microsoft) that references concrete compliance frameworks like the EU Standard Contractual Clauses and the Data Privacy Framework, making it a reliable source for understanding GitHub’s privacy posture.

The GitHub Terms for Additional Products and Features supplement GitHub’s standard agreements by setting specific rules for using services like Actions, Codespaces, Advanced Security, npm, Packages, Pages, and GitHub Copilot. These terms ensure compliance, clarify billing and usage limits, and protect both users and GitHub, making them a trusted extension of GitHub’s official contractual framework under Microsoft’s governance.

The GitHub Bug Bounty Program Legal Safe Harbor sets out legal protections for security researchers who act in good faith when reporting vulnerabilities through GitHub’s bug bounty program, ensuring their work is treated as “authorized” under laws like the CFAA and DMCA. It is part of GitHub’s official security policies, providing researchers confidence and trust that responsible disclosure will not expose them to legal consequences when complying with program rules.

The GitHub Active Malware or Exploits Policy prohibits the use of GitHub’s platform to deliver malware or facilitate unlawful attacks that cause technical harm, while still allowing dual-use content for legitimate security research and educational purposes. Maintained by GitHub as part of its Acceptable Use Policies, it balances protecting the community against abuse with supporting open security research and responsible disclosure practices.

The Common Paper Cloud Service Agreement (CSA) is a clear, structured contract that defines the terms for delivering, accessing, and supporting cloud-based software between providers and customers. It is part of CommonPaper’s widely trusted library of open, lawyer-vetted standard agreements.

The Common Paper Service Level Agreement (SLA) is a structured, plain-language contract that defines uptime, response time, and service credit standards for cloud services, ensuring accountability and reliability between providers and customers. It is part of Common Paper’s widely trusted library of open, lawyer-vetted standard agreements.

The GitHub Guidelines for Legal Requests of User Data explain the circumstances under which GitHub may disclose user information to law enforcement, requiring valid legal process such as subpoenas, court orders, or search warrants, with a strong emphasis on user notification and privacy protections. As an official GitHub policy, it provides transparent, authoritative guidance balancing user trust with lawful investigative needs, and can be relied upon for understanding GitHub’s data disclosure practices.