This document outlines the GitHub Security Incident Response Team (SIRT), detailing its mission, contact information, and the services it provides. It explains how GitHub SIRT handles security incidents, including triage, coordination, and resolution, for its platform and users. The document also covers proactive security activities and how to report vulnerabilities or contact support.

This document provides an overview of a company's robust security measures designed to protect customer data. It covers practices such as data encryption, redundancy, physical security of servers, and continuous monitoring. The aim is to assure customers of the company's commitment to data safety and incident response protocols.

This document outlines the process for reporting security vulnerabilities and account attacks related to the company's products. It provides instructions for customers experiencing an attack and for security researchers discovering flaws, directing them to a bug bounty program. The policy also details how the company tracks, investigates, and discloses resolved security issues.

This document outlines a company's policy on personal data protection, detailing how it collects, uses, and discloses personal data in compliance with the EU General Data Protection Regulation (GDPR). It establishes basic principles for data processing, informs about data registration duties, sets storage periods, and defines rules for using data processors and handling data breaches.

This Business Associate Agreement (BAA) outlines the responsibilities of a Business Associate when handling Protected Health Information (PHI) on behalf of a Customer. It ensures compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the HITECH Act, detailing permitted uses, disclosures, safeguards, and breach reporting obligations.

The document outlines the list of subprocessors authorized by GitHub to process customer or personal data as part of providing services to Enterprise customers. It includes details such as the name of each subprocessor, the type of processing they perform, and their location. The document is governed by the GitHub Data Protection Agreement, complies with GDPR, and requires GitHub to notify customers at least 30 days before authorizing any new subprocessors. This document is useful for customers to understand who is processing their data when using GitHub services and ensure compliance with data protection regulations.

This legal document is a Data Protection Policy that serves as a guide for how a company handles personal data responsibly, ensuring compliance with relevant data protection laws such as GDPR, CCPA, PDPA, and Australia's Privacy Act. It details responsibilities for employees, contractors, and third parties, and outlines the role of the Data Protection Officer. The document explains lawful data processing bases, transparency obligations, and consent requirements, and describes data security measures, including breach response protocols. Additionally, it provides information on data subjects' rights and how they can exercise these rights.