The GitHub Private Information Removal Policy provides a process for removing high-risk confidential content—such as credentials, tokens, or sensitive diagrams—that poses security threats if exposed in repositories. It is an official GitHub policy, designed to protect users while maintaining platform integrity, and can be trusted as part of GitHub’s broader site governance framework.

The GitHub General Privacy Statement explains how GitHub (and GitHub B.V.) collects, uses, shares, and protects personal data across its services, including users’ rights (GDPR/US state laws), data transfers, cookies, and security/retention practices. It is an official GitHub policy (under Microsoft) that references concrete compliance frameworks like the EU Standard Contractual Clauses and the Data Privacy Framework, making it a reliable source for understanding GitHub’s privacy posture.

The GitHub Terms for Additional Products and Features supplement GitHub’s standard agreements by setting specific rules for using services like Actions, Codespaces, Advanced Security, npm, Packages, Pages, and GitHub Copilot. These terms ensure compliance, clarify billing and usage limits, and protect both users and GitHub, making them a trusted extension of GitHub’s official contractual framework under Microsoft’s governance.

The GitHub Bug Bounty Program Legal Safe Harbor sets out legal protections for security researchers who act in good faith when reporting vulnerabilities through GitHub’s bug bounty program, ensuring their work is treated as “authorized” under laws like the CFAA and DMCA. It is part of GitHub’s official security policies, providing researchers confidence and trust that responsible disclosure will not expose them to legal consequences when complying with program rules.

The GitHub Active Malware or Exploits Policy prohibits the use of GitHub’s platform to deliver malware or facilitate unlawful attacks that cause technical harm, while still allowing dual-use content for legitimate security research and educational purposes. Maintained by GitHub as part of its Acceptable Use Policies, it balances protecting the community against abuse with supporting open security research and responsible disclosure practices.

The Common Paper Cloud Service Agreement (CSA) is a clear, structured contract that defines the terms for delivering, accessing, and supporting cloud-based software between providers and customers. It is part of CommonPaper’s widely trusted library of open, lawyer-vetted standard agreements.

The Common Paper Service Level Agreement (SLA) is a structured, plain-language contract that defines uptime, response time, and service credit standards for cloud services, ensuring accountability and reliability between providers and customers. It is part of Common Paper’s widely trusted library of open, lawyer-vetted standard agreements.

The GitHub Guidelines for Legal Requests of User Data explain the circumstances under which GitHub may disclose user information to law enforcement, requiring valid legal process such as subpoenas, court orders, or search warrants, with a strong emphasis on user notification and privacy protections. As an official GitHub policy, it provides transparent, authoritative guidance balancing user trust with lawful investigative needs, and can be relied upon for understanding GitHub’s data disclosure practices.

The Security Overview page by Basecamp safeguards user data through encryption, redundancy, continuous monitoring, and strict physical and operational security measures. With over 20 years of experience, it emphasizes transparency, trust, and rapid response to any potential security incidents.

This “Subprocessors” policy outlines the company’s use of trusted third-party service providers to help operate its products—such as cloud hosting, analytics, or customer support tools. It explains that all subprocessors have GDPR-compliant agreements in place to ensure the same level of data protection as the company itself provides.