This document outlines GitHub's policy for the coordinated disclosure of security vulnerabilities. It encourages security researchers to report any discovered vulnerabilities to GitHub to help maintain platform safety. The document also introduces GitHub's bug bounty program, which rewards researchers for their efforts in identifying and reporting bugs.

This Data Protection Policy outlines a company's commitment to safeguarding personal data and respecting individual privacy rights. It details how the company collects, processes, stores, and manages personal data in compliance with various data protection laws and regulations. The policy also defines responsibilities for employees, contractors, and the Data Protection Officer, and covers data subject rights and breach response procedures.

This Privacy Policy template outlines how a company collects, uses, and shares personal information from its users through its website and services. It details the types of data gathered, the purposes for its use, and the circumstances under which it may be disclosed to third parties. The policy also informs users about their data protection rights, particularly those in the European Economic Area.

This document outlines GitHub's policy and process for requesting the removal of private information from repositories. It defines what constitutes "private information" for removal purposes, such as access credentials or sensitive organizational data, and details the steps a complainant must follow to submit a valid removal request. The policy also clarifies what types of content are not appropriate for this specific removal process.

This document outlines a company's policy on personal data protection, detailing how personal data is collected, processed, stored, and secured. It emphasizes compliance with the EU General Data Protection Regulation (GDPR) and sets forth principles for data handling, employee obligations, and procedures for data breaches and inquiries. The policy also addresses the use of data processors and international data transfers.

This document is a Business Associate Agreement (BAA) designed to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) regulations concerning Protected Health Information (PHI). It outlines the specific obligations of a Provider (acting as a Business Associate or Subcontractor) and a Company (acting as a Business Associate or Covered Entity) regarding the use, disclosure, and safeguarding of PHI. The agreement incorporates standard terms and allows for customization through a key terms cover page.

This document outlines GitHub's policy and process for requesting the removal of private information from repositories. It defines what constitutes "private information" for removal purposes, focusing on high-risk content like exposed access credentials that pose a specific security risk. The policy details the steps a complainant must follow, including providing specific links and explanations of security risks, and explains how GitHub processes such requests.

This document describes the GitHub Security Incident Response Team (SIRT), outlining its mission to protect GitHub's platform and user data by maintaining confidentiality, integrity, and availability. It provides essential contact information, details the team's operational policies, and explains the scope of its incident response and proactive security activities. The document also guides users and customers on how to report vulnerabilities and access support.

This Privacy Policy template outlines how a company collects, uses, and shares personal information from its users through its website and services. It details various data collection methods, including direct input and automatic tracking via cookies, and explains the legal bases for processing data. The policy also covers user rights, particularly those under GDPR, international data transfers, and security measures.

This document serves as a template for describing a Computer Security Incident Response Team (CSIRT) or Computer Emergency Response Team (CERT), adhering to RFC 2350 standards. It outlines the team's contact information, mission, constituency, operational policies, and the range of services provided, including incident response, triage, coordination, and resolution. The template also details proactive security activities and disclaimers.