GitHub Enterprise Agreement

This Agreement is between you (also referred to as Customer) and GitHub, Inc. (or depending on where you live, one of its Affiliates) and applies to the following GitHub offerings, as further defined below (collectively, the "Products"):


This Agreement includes the following Sections:

If you have purchased any Products from a GitHub Partner, the following Sections of this Agreement are superseded by the terms you have agreed upon with the GitHub Partner: Section A.2 (Payment); Section A.7 (Term and Termination); Section B.8 (Delivery); and Section B.9 (Verification).


This Section A sets forth the terms and conditions applicable to your use of any of the Products.

1. Definitions

"Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a Party where "control" means having more than fifty percent (50%) voting power of the controlled entity.

"Effective Date" is the earlier of the date on which you (i) agree to the terms and conditions of this Agreement as described above, or (ii) first place an Order for the Products.

"Fees" means the fees you are required to pay GitHub to (i) use the Products during the applicable Subscription Term or (ii) receive Professional Services, as such fees are reflected on an Order Form or SOW.

"GitHub Partner" means a company authorized to resell Products under GitHub's Channel Partner Agreement.

"Order Form" means written or electronic documentation (including a quote) that the Parties use to order the Products. The Order Form will specify the authorized scope of use for the Products, which may include: (i) license type, (ii) number of Subscription Licenses, (iii) Subscription Term, or (iv) other restrictions or special terms (collectively, the "Scope of Use"). Upon execution by the Parties (or, in the case of electronic orders, confirmation and placement of the order), each Order Form will be subject to the terms of this Agreement.

"Parties" means, collectively, GitHub and you. Each may be referred to individually as a "Party."

"Professional Services" means training, consulting, or implementation services that GitHub provides to you pursuant to a mutually executed SOW. Services do not include Support.

"Professional Services Credits" means the upfront payment method for purchasing Professional Services (exclusive of travel and lodging expenses) that you may use over a period of twelve (12) months (unless otherwise stated in an Order Form) for Professional Services. Any Professional Services Credits that remain unused at the end of twelve (12) months from the date of purchase (or as otherwise stated in an Order Form) are automatically cancelled and are non-refundable.

"SOW" means a mutually executed statement of work detailing the Professional Services GitHub will perform for you, any related Fees, and each Party's related obligations.

“Subscription License” means the license assigned to each User to install, operate, access, and use the Product or Service on your behalf. You may only assign one Subscription License per User across your GitHub Enterprise Server instances and GitHub Enterprise Cloud Organizations. Each User will have access to as many of your Enterprise Server instances or Enterprise Cloud Organizations, as you permit. For clarity, however, once you assign a Subscription License to a User, you will not be authorized to bifurcate the Subscription License so that one User can use a Subscription License on Enterprise Server while another User uses the same Subscription License on another instance of Enerprise Server or on an Organization on Enterprise Cloud.

"Subscription Term" means one (1) year from the applicable effective date of an Order or as stated in the Order Form.

2. Payment

2.1 Fees. You agree to pay the Fees in full, up front without deduction or setoff of any kind, in U.S. Dollars (or Professional Services Credits, if applicable), unless otherwise specified in an Order Form or unless purchasing through an authorized third party (in which case, payment terms will be agreed upon between you and the authorized third party). You must pay the Fees within thirty (30) days of the date of the invoice that GitHub sends to you related to the applicable Order Form or SOW. Amounts payable under this Agreement are non-refundable, except as provided in Sections A.3.2, A.4.1 and B.12.1. If you fail to pay any Fees on time, GitHub reserves the right, in addition to taking any other action at law or equity, to (i) charge interest on past due amounts at 1.0% per month or the highest interest rate allowed by law, whichever is less, and to charge all expenses of recovery, and (ii) terminate the applicable Order Form or SOW. You are solely responsible for all taxes, fees, duties and governmental assessments (except for taxes based on GitHub's net income) that are imposed or become due in connection with this Agreement.

2.2 Professional Services Credits. If you use Professional Services Credits as the means of payment for Professional Services, then upon your receipt of an SOW, the applicable Professional Services Credits will be deducted from your Professional Services Credits balance. You are responsible for ensuring that your purchase order ("PO") issued to GitHub for the Professional Services reflects the pricing set forth in the SOW. If there is any difference in pricing listed in the SOW and the pricing listed in the PO, the pricing in the SOW will control. The Parties agree that SOWs payable via Professional Services Credits do not have to be signed by either Party to be valid and enforceable. Subject to the SOW, all Fees paid by you are non-refundable and all Professional Services Credits must be used within the time set forth in the Order Form or will automatically be cancelled and are non-refundable. You may not apply Professional Services Credits to travel and lodging expenses, which must be invoiced separately.

3. Professional Services

3.1 Professional Services. Upon your request for Professional Services, GitHub will provide a statement of work detailing such Professional Services. Each SOW is binding upon execution by the Parties and any Professional Services will be governed by the terms of the applicable SOW and this Agreement. In the event of any conflict between the terms of this Agreement and any SOW, the terms of this Agreement will control. GitHub will perform the Professional Services described in each SOW according to the timeframes set forth in such SOW. GitHub will control the manner and means by which the Professional Services are performed and reserves the right to determine which personnel is/are assigned to perform the Professional Services. GitHub may use third parties to perform the Professional Services, provided that GitHub remains responsible for all their acts and omissions. You acknowledge and agree that GitHub retains all right, title and interest in and to anything used or developed in connection with performing the Professional Services, including, among other things, software programs, tools, specifications, ideas, concepts, inventions, processes, techniques, and know-how. To the extent GitHub delivers anything to you during the course of performing the Professional Services, GitHub grants to you a non-exclusive, non-transferable, worldwide, royalty-free, limited-term license to use those deliverables during the term of this Agreement, solely in conjunction with your use of the Software.

3.2 Limited Warranty. Unless otherwise set forth in an SOW, GitHub warrants that any Professional Services performed under this Agreement will be performed in a professional and workmanlike manner by appropriately qualified personnel. GitHub's only obligation, and your only remedy, for a breach of this warranty will be, at GitHub's option and expense, to either: (i) promptly re-perform any Professional Services that fail to meet this warranty or (ii) if the breach cannot be cured, terminate the SOW and refund the unused prepaid Fees.

4. Defense of Claims; Release

The Parties will defend each other against the third-party claims described in this Section 4 and will pay the amount of any resulting adverse final judgment or approved settlement, but only if the defending party is promptly notified in writing of the claim and has the right to control the defense and any settlement of it. The party being defended must provide the defending party with all requested assistance, information, and authority. The defending party will reimburse the other party for reasonable out-of-pocket expenses it incurs in providing assistance, and will not settle or make any admissions with respect to a third-party claim without the other party’s prior written consent, such consent to settlements not to be unreasonably withheld. This Section 4 describes the Parties’ sole remedies and entire liability for such claims.

4.1 By GitHub.

GitHub will defend you against any claim brought by an unaffiliated third party to the extent it alleges your authorized use of the Software or the Website or Service infringes a copyright, patent, or trademark or misappropriates a trade secret of any third party (each, a “Claim”). If GitHub is unable to resolve a Claim under commercially reasonable terms, it may, at its option, either: (a) modify, repair, or replace the Software or the Website or Service (as applicable); or (b) terminate your subscription and refund any prepaid, unused subscription fees. GitHub will have no obligation under this Section 4.1 for any Claim arising from: (i) the modification of the Software or the Website or Service or the combination, operation, or use of the Software or the Website or Service with equipment, devices, software, systems, or data, other than as expressly authorized by this Agreement (including the Documentation); (ii) your failure to stop using the Software or the Website or Service after receiving notice to do so; (iii) your obligations under Section 4.2; or (iv) products or services (including use of the Software or the Website or Service) that are provided by GitHub free of charge (collectively, “Indemnity Exclusions”). For purposes of GitHub’s obligation under this Section 4.1, the Software, the Website, and the Service include open source components incorporated by GitHub therein.

4.2 By Customer.

Customer will defend GitHub against any claim brought by an unaffiliated third party arising from: (i) content that you upload to the Software, the Website, or the Service; (ii) your violation of this Agreement, including your breach of confidentiality or any violation of Section C.3, Acceptable Use Policies; or (iii) any third party-branded equipment, devices, software, systems, or data you combine, operate or use with the Software, the Website or Service (each, a “Customer Claim”).

4.3 Disputes with Other Users.

If you have a dispute with one or more Users, you release GitHub from all claims, demands and damages (actual and consequential) of every kind and nature, known and unknown, arising out of or in any way connected with such disputes.

5. Representations and Warranties; Limitations of Liability

5.1 General Warranty. Each Party represents and warrants to the other that it has the legal power and authority to enter into this Agreement, and that this Agreement and each Order Form is entered into by an employee or agent of such Party with all necessary authority to bind such Party to the terms and conditions of this Agreement.

5.2 Limitations of Liability.



6. Confidentiality

6.1 Definition of Confidential Information. For the purposes of this Agreement, "Confidential Information" means all non-public information disclosed by either Party to the others, whether in writing, orally or by other means, designated as confidential or that the receiving Party knows or reasonably should know, under the circumstances surrounding the disclosure and the nature of the information, is confidential to the disclosing Party. Except as expressly set forth in this Agreement, the source code of the Software will be deemed to be GitHub's Confidential Information, regardless of whether it is marked as such. For the avoidance of doubt, no content posted on the Website or Service will be considered Confidential Information unless such content is stored solely in your private repositories on the Service.

6.2 Exclusions. Confidential Information does not include any information that (i) was or becomes publicly known through no fault of the receiving party; (ii) was rightfully known or becomes rightfully known to the receiving party without confidential or proprietary restriction from a source other than the disclosing party who has a right to disclose it; (iii) is approved by the disclosing party for disclosure without restriction in a written document which is signed by a duly authorized officer of such disclosing party; (iv) the receiving party independently develops without access to or use of the other Party's Confidential Information; or (v) subject to Section C.5, is or has been stored or posted on the Website or Service and outside of your private repositories.

6.3 Restrictions on Use and Disclosure. Neither Party will use the other Party's Confidential Information, except as permitted under this Agreement. Each Party agrees to maintain in confidence and protect the other Party's Confidential Information using at least the same degree of care as it uses for its own information of a similar nature, but in any event at least a reasonable degree of care. Each Party agrees to take all reasonable precautions to prevent any unauthorized disclosure of the other Party's Confidential Information, including, without limitation, disclosing such Confidential Information only to its employees, independent contractors, consultants, and legal and financial advisors (collectively, "Representatives") who (i) have a need to know such information, (ii) are parties to appropriate agreements sufficient to comply with this Section A.6, and (iii) are informed of the restrictions on use and disclosure set forth in this Section A.6. Each Party is responsible for all acts and omissions of its Representatives. The foregoing obligations will not restrict either Party from disclosing Confidential Information of the other Party pursuant to the order or requirement of a court, administrative agency, or other governmental body, provided that the Party required to make such a disclosure gives reasonable notice to the other Party to enable such Party to contest such order or requirement. The restrictions set forth in this Section A.6 will survive the termination or expiration of this Agreement.

7. Term and Termination

7.1 Term. This Agreement starts on the Effective Date and will continue in effect until terminated by a Party in accordance with this Section A.7, subject to Section A.7.4.

7.2 Termination for Convenience. Either Party may terminate an Order Form or this Agreement, with or without cause, upon at least thirty (30) days' prior written notice.

7.3 Termination for Material Breach. Either Party may terminate this Agreement immediately upon notice if the other Party breaches a material obligation under this Agreement and fails to cure the breach within thirty (30) days from the date it receives notification. Either Party reserves the right to terminate this Agreement immediately upon written notice, but without giving the other Party a cure period, as follows: if you breach any of the terms of this Agreement relating to GitHub's intellectual property (including your non-compliance with the license grant or any license restrictions) or either Party breaches its confidentiality obligations.

7.4 Effect of Termination; Survival. Upon termination of this Agreement, you may not execute additional Order Forms; however, this Agreement will remain in effect for the remainder of any active Order Forms. When an Order Form terminates or expires, as to that Order Form: (i) the Subscription Term for the Software and/or Service will immediately end; (ii) you will no longer have the right to use the Software or the Service, and any Subscription Licenses or access granted in the Order Form will automatically cease to exist as of the date of termination or expiration; (iii) if any Fees were owed prior to termination, you must pay those Fees immediately; (iv) you must destroy all copies of the Software in your possession or control, and certify in writing to GitHub that you have done so; and (v) each Party will promptly return to the other (or, if the other party requests it, destroy) all Confidential Information belonging to the other to the extent permitted by the Service. Notwithstanding the foregoing, you may continue to access the Software to migrate your data and may request migration of the data in your repositories for up to ninety (90) days after termination or expiration of this Agreement or an Order Form; however, you may not use the Software on a production basis during that time. Any provisions which by their nature should reasonably survive will survive the termination or expiration of this Agreement or an Order Form.

8. General Provisions

8.1 Governing Law; Venue. If you are domiciled in the United States, Canada, Mexico, or a country in Central or South America or the Caribbean (the "Americas"), this Agreement will be governed by and construed in accordance with the laws of the State of California, as if performed wholly within the state and without giving effect to the principles of conflict of law, and any legal action or proceeding arising under this Agreement will be brought exclusively in the federal or state courts located in the Northern District of California and the Parties hereby consent to personal jurisdiction and venue therein. If you are domiciled outside the Americas, this Agreement will be governed by the laws of Ireland. The Parties expressly agree that the United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transactions Act will not apply to this Agreement. Notwithstanding anything to the contrary in the foregoing, GitHub may bring a claim for equitable relief in any court with proper jurisdiction.

8.2 U.S. Government Users. The Products and the Documentation were developed solely with private funds and are considered "Commercial Computer Software" and "Commercial Computer Software Documentation" as described in Federal Acquisition Regulations 12.212 and 27.405-3, and Defense Federal Acquisition Regulation Supplement 227.7202-3. The Products are licensed to the U.S. government end user as restricted computer software and limited rights data. No technical data or computer software is developed under this Agreement. Any use, disclosure, modification, distribution, or reproduction of the Products or Documentation by the United States Government or its contractors is subject to the restrictions set forth in this Agreement. All other use is prohibited.

8.3 Export and Sanctions. The Products are subject to export and sanctions restrictions administered by the U.S. Government and import restrictions by certain foreign governments, and you will comply with all applicable export and import laws and regulations in your use of the Products. You must not, and must not allow any third party to, remove or export from the United States or allow the export or re-export of any part of the Products or any direct product thereof: (i) into (or to a national or resident of) any embargoed or terrorist-supporting country or territory; (ii) to anyone on the U.S. Commerce Department’s Entity List or Table of Denial Orders, anyone blocked pursuant to rules administered by the U.S. Office of Foreign Assets Control, including anyone on the List of Specially Designated Nationals or sanctioned country “Government” entities, or anyone subject to other applicable prohibited or sanctioned persons lists; (iii) to any country or territory to which such export or re-export is restricted or prohibited, or as to which the U.S. government or any agency thereof requires an export license or other governmental approval at the time of export or re-export without first obtaining such license or approval; or (iv) otherwise in violation of any export, sanctions, or import restrictions, laws or regulations of any United States or foreign agency or authority. You represent and warrant that (a) you are not located in, under the control of, or a national or resident of any such prohibited country or on any such prohibited party list and (b) with respect to GitHub Enterprise Cloud, none of your data is controlled under the U.S. International Traffic in Arms Regulations. GitHub Enterprise Server is a self-hosted virtual appliance that can be run within your own datacenter or virtual private cloud. As such, GitHub Enterprise Server can be used to store ITAR or other export-controlled information. However, Customer is responsible for ensuring such compliance. You acknowledge and agree that the Products are restricted from being used for the design or development of nuclear, chemical, or biological weapons or missile technology without the prior permission of the U.S. government.

8.4 No Publicity without Permission. GitHub may identify you as a customer to current and prospective clients. However, GitHub may not use your name or logo in any advertising or marketing materials without your permission.

8.5 Assignment. Neither Party may assign or otherwise transfer this Agreement, in whole or in part, without the other Party's prior written consent, such consent not to be unreasonably withheld, and any attempt to do so will be null and void, except that either Party may assign this Agreement in its entirety, upon notice to the other party but without the other Party's consent, in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of the assigning party's business or assets.

8.6 Notices. Any notice, request, demand or other communication under this Agreement must be in writing (e-mail is acceptable), must reference this Agreement, and will be deemed to be properly given: (i) upon receipt, if delivered personally; (ii) upon confirmation of receipt by the intended recipient, if by e-mail; (iii) five (5) business days after it is sent by registered or certified mail, with written confirmation of receipt and email; or (iv) three (3) business days after deposit with an internationally recognized express courier and email, with written confirmation of receipt. Notices should be sent to the address(es) set forth on the invoice, unless a Party notifies the other that those addresses have changed.

8.7 Force Majeure. GitHub will be excused from liability to the extent that it is unable to perform any obligation under this Agreement due to extraordinary causes beyond its reasonable control, including acts of God, natural disasters, strikes, lockouts, riots, acts of war, epidemics, or power, telecommunication or network failures.

8.8 Independent Contractors. Each Party is an independent contractor with respect to the subject matter of this Agreement. Nothing contained in this Agreement will be deemed or construed in any manner to create a legal association, partnership, joint venture, employment, agency, fiduciary, or other similar relationship between the Parties, and neither Party can bind the other contractually.

8.9 Waiver. A Party's obligations under this Agreement may only be waived in a writing signed by an authorized representative of the other Party, which waiver will be effective only with respect to the specific obligation described. No failure or delay by a Party to this Agreement in exercising any right hereunder will operate as a waiver thereof, nor will any single or partial exercise thereof preclude any other or further exercise thereof or the exercise of any right hereunder at law or equity.

8.10 Entire Agreement. This Agreement, including each Order Form and SOW, constitutes the entire agreement and understanding of the Parties with respect to its subject matter, and supersedes all prior or contemporaneous understandings and agreements, whether oral or written, between the Parties with respect to its subject matter. The terms of any purchase order, written terms or conditions, or other document that you submit to GitHub that contains terms that are different from or in addition to the terms of this Agreement, any Order Form or SOW will be void and of no effect.

8.11 Amendments; Order of Precedence. GitHub reserves the right, at its sole discretion, to modify this Agreement and the GitHub Privacy Statement (and any other GitHub policies governing use of the Products) at any time. If such modifications represent material changes to the terms of this Agreement, GitHub will notify you at least thirty (30) days prior to such changes taking effect. For non-material modifications, your continued use of the Product, the Website, or the Service constitutes agreement to such modifications. In the event a conflict arises between the Privacy Statement and this Agreement, the Privacy Statement will prevail. In the event of a conflict between this Agreement and an Order Form, such Order Form will govern with respect to that order only.

8.12 Severability. If any provision of this Agreement is deemed by a court of competent jurisdiction to be illegal, invalid, or unenforceable, the Parties will modify or reform this Agreement to give as much effect as possible to that provision. Any provision that cannot be modified or reformed in this way will be deemed deleted and the remaining provisions of this Agreement will continue in full force and effect.


If you choose to use GitHub Enterprise Server, the following terms will apply to your use of the Software, inclusive of the GitHub Connect feature.

1. Definitions

"Documentation" means any manuals, documentation and other supporting materials relating to the Software that GitHub provides or makes available to you.

“GitHub Connect” or “Connect” means a feature included in the Software that enables you to connect the Software with, as described in more detail in Section B.11.

"License Key" means the data file used by the Software's access control mechanism that allows you to install, operate, and use the Software and which is delivered via a secure, password-protected website.

"Release" means a Software release that GitHub makes generally available to its customers, along with any corresponding changes to Documentation, that is comprised of an enhancement, new feature, or new functionality, generally indicated by a change in the digit to the right of the first decimal point (e.g., x.x.x to x.y.x) or to the left of the first decimal point (e.g., x.x.x to y.x.x).

"Software" means GitHub's proprietary GitHub Enterprise Server software. Software includes the GitHub Connect feature, any applicable Documentation, as well as any Updates to the Software that GitHub provides to you or that you can access under this Agreement.

"Update" means a Software release that GitHub makes generally available to its customers, along with any corresponding changes to Documentation, that is comprised of an error correction or bug fix, generally indicated by a change in the digit to the right of the second decimal point (e.g., x.x.x to x.x.y).

"User" means a single person or machine account that initiates the execution of the Software or interacts with or directs the Software in the performance of its functions.

2. Enterprise Server Software License Grant

Subject to your compliance with this Agreement, GitHub grants to you a non-exclusive, non-transferable, worldwide, royalty-free, limited-term license to install and use the Software (unless otherwise stated in an Order Form) for your internal business purposes during the applicable Subscription Term, in accordance with the Documentation, and only for the number of Subscription Licenses stated in your Order Form. Your Affiliates, agents and contractors (collectively, "Authorized Third Parties") may also use the Software, so long as additional Subscription Licenses have been purchased for their Users, they are using the Software on your behalf, and you remain fully responsible for such Authorized Third Parties' behavior under this Agreement.

3. Enterprise Server Software License Restrictions

Except as expressly permitted by law or by applicable third-party license, you and your Affiliates must not and must not allow any third party to: (i) sublicense, sell, rent, lease, transfer, assign, or redistribute the Software; (ii) host the Software for the benefit of third parties; (iii) disclose or permit any third party to access the Software, except as expressly permitted in this Section B; (iv) hack or modify the License Key, or avoid or change any license registration process; (v) modify or create derivative works of the Software, or merge the Software with other software; (vi) disassemble, decompile, bypass any code obfuscation, or otherwise reverse engineer the Software or attempt to derive any of its source code, in whole or in part; (vii) modify, obscure, or delete any proprietary rights notices included in or on the Software or Documentation; or (viii) otherwise use or copy the Software in a manner not expressly permitted by this Section B.

4. Modifications

You may modify the Software solely for purpose of developing bug fixes, customizations and additional features to any libraries licensed under open source licenses that may be included with or linked to by the Software ("Customer Modifications"). Notwithstanding anything in this Agreement to the contrary, GitHub has no support, warranty, indemnification or other obligation or liability with respect to Customer Modifications or its combination, interaction or use with the Software. You will indemnify, defend and hold GitHub harmless from and against all claims, costs, damages, losses, liabilities and expenses (including reasonable attorneys' fees and costs) arising out of or in connection with any claim brought against GitHub by a third party relating to Customer Modifications (including, but not limited to, any representations or warranties you make about Customer Modifications to the Software).

5. Third-Party Code

The Software includes components licensed to GitHub by third parties, including software whose licenses require GitHub to make the source code for those components available. The source code for such components will be provided upon request.

6. Ownership; Reservation of Rights

As between the Parties, GitHub owns all right, title and interest, including all intellectual property rights, in and to the Software. GitHub reserves all rights in and to the Software not expressly granted to you under this Agreement.

7. Subscription License Assignment

Only one person may be associated with a Subscription License. Multiple Users are not allowed to use the same Subscription License. You may reassign a Subscription License to a new User, but not less than 90 days since the last reassignment of that same Subscription License, unless the reassignment is due to (i) permanent hardware failure or loss, (ii) termination of the User’s employment or contract, or (iii) temporary reallocation of Subscription Licenses to cover a User’s absence. Reassignment of a Subscription License for any other purpose must be permanent. When you reassign a Subscription License from one User to another, you must block access to the Subscription License and your Organizations by the former User’s User Account. You may obtain additional Subscription Licenses by submitting a request through GitHub’s website or via its sales team. A new Order Form will then be generated and if you purchase the additional Subscription Licenses, you must pay the then-currently applicable Fees for them, prorated for the balance of the applicable Subscription Term. Upon renewal of your Subscription Licenses for another Subscription Term, GitHub will invoice all Subscription Licenses at once on an annual basis unless otherwise specified in an Order Form.

8. Delivery

GitHub will make the Software and the License Key available for you to download on a secure, password-protected website. All deliveries under this Section B will be electronic. For the avoidance of doubt, you are responsible for installation of any Software and acknowledge that GitHub has no further delivery obligation with respect to the Software after delivery of the License Key. As Updates become available, GitHub will make those available for download on the same website. You must Update the Software on a commercially reasonable basis but no less than one (1) time per year. You are responsible for maintaining the confidentiality of your usernames and passwords, including those you use to download the Software, and you are responsible for any activity with respect to such usernames and passwords.

9. Verification

At GitHub's request, you will promptly provide GitHub with a Software-generated report that verifies that you are using the Software in accordance with the terms of this Agreement, including the Scope of Use. If GitHub determines that you have exceeded your Scope of Use, then in addition to any other remedies at law or in equity, GitHub will invoice you for any additional use, effective from the date you exceeded the Scope of Use.

10. Software Support

Subject to your compliance with this Section B, GitHub will provide support for the Software, as follows, during the period for which you have paid all applicable Fees due.

10.1 Standard Support. GitHub will provide technical support for the Software ("Support") at no additional charge twenty-four (24) hours per day, five (5) days per week, excluding weekends and national U.S. holidays ("Standard Support"). Standard Support is only offered via web-based ticketing (through GitHub Support), and Support requests must be initiated from a person or machine with which GitHub's Support team can interact.

10.2 Premium Support. Subject to the Support Fees stated in the applicable Order Form and the Premium Support terms, GitHub will provide premium technical support for the Software ("Premium Support") at the Support level and term specified in such Order Form or in an applicable SOW.

10.3 Dedicated Support. Subject to the Support Fees stated in an applicable Order Form, GitHub will provide additional dedicated technical support for the Software ("Dedicated Support") via dedicated Support engineer(s), as more fully described in such Order Form or in an applicable SOW, at the Support level and term specified in such Order Form or SOW.

10.4 Updates and Releases. GitHub will make Updates and Releases available to you on the same secure website where you downloaded the Software and the License Key.

10.5 Exclusions. GitHub will use reasonable efforts to correct any material, reproducible errors in the Software you notify GitHub of. However, GitHub will not be responsible for providing Support where (i) someone (other than GitHub) modifies the Software; (ii) you change your operating system or environment in a way that adversely affects the Software or its performance; (iii) you use the Software in a manner other than as authorized under this Agreement or the Documentation; or (iv) there is an accident, negligence, or misuse by you of the Software.

10.6. Supported Releases. GitHub will only Support a given Release of the Software for one (1) year from the original Release date, or six (6) months from the last Update of the Release, whichever is longer. If you require Support for earlier Releases of the Software, then you must pay for that Support in accordance with the terms of a mutually agreed upon Order Form or SOW.

11. GitHub Connect

In order to access GitHub Connect, you must have at least one (1) account on and one (1) licensed instance of the Software.

You may not use GitHub Connect to violate Section C. Any use of GitHub Connect that violates Section C will also be a violation of this Section B. GitHub Connect may be used for performing automated tasks. In addition, multiple Users may direct certain actions with GitHub Connect. You are responsible for actions that are performed on or through your accounts.

GitHub may collect information about how you use GitHub Connect to provide and improve the feature. By using GitHub Connect, you authorize GitHub to collect protected data, which includes private repository data and User Personal Information (as defined in the GitHub Privacy Statement), from your GitHub Enterprise Server account. You also authorize the transfer of identifying instance information to GitHub through GitHub Connect, which information is governed by the GitHub Privacy Statement.

12. Limited Warranty; Disclaimer

12.1 Limited Warranty. GitHub warrants that: (i) the unmodified Software, at the time it is made available to you for download, will not contain or transmit any malware, viruses, or worms (otherwise known as computer code or other technology specifically designed to disrupt, disable, or harm your software, hardware, computer system, or network) and (ii) for ninety (90) days from the date it is made available for initial download, the unmodified Software will substantially conform to its Documentation. GitHub does not warrant that your use of the Software will be uninterrupted, or that the operation of the Software will be error-free. The warranty in this Section B.12.1 will not apply if you modify or use the Software in any way that is not expressly permitted by this Section B and the Documentation. GitHub's only obligation, and your only remedy, for any breach of this warranty will be, at GitHub's option and expense, to either (a) repair the Software; (b) replace the Software; or (c) terminate this Agreement with respect to the defective Software, and refund the unused, prepaid Fees for the defective Software during the then-current Subscription Term.



Upon creation of a Corporate Account and/or an Organization on the Service by you, your Users or by GitHub on your behalf, the following terms will apply to your use of the Website and the Service, inclusive of the GitHub Connect feature.

1. Definitions

"Account" means your legal relationship with GitHub. A "User Account" means an individual User's authorization to log in to and use the Service and serves as a User's identity on the Website. A "Corporate Account" means an Account created by a User on behalf of an entity. A Corporate Account may include a GitHub Enterprise Cloud subscription or a Team Plan.

"Active User" means a user trying to access the Service at the time of an Outage.

"Content" means content featured or displayed through the Website, including, without limitation, text, data, articles, images, photographs, graphics, software, applications, designs, features, and other materials that are available on the Website or otherwise available through the Service. "User-Generated Content" is Content, written or otherwise, created or uploaded by All Users. "Customer Content" is Content that you create or own or to which you are the rights holder.

"Developer Product" means a third-party application or other developer product created by a third party that collects User Personal Information (as defined in the GitHub Privacy Statement) or User-Generated Content and integrates with the Service through GitHub's API, OAuth mechanism, or otherwise.

"Eligible User" means an individual who is designated as a member of your GitHub Enterprise Cloud organization by having the individual's GitHub account associated with your Enterprise Cloud account.

"Essential Services" means the services essential to GitHub's core version control functionality, including features and services such as creating, forking, and cloning repositories; creating, committing, and merging branches; creating, reviewing, and merging pull requests; and, web, API, and Git client interfaces to the core Git workflows. The following are examples of peripheral features and services not included: webhooks, Gists, Pages, and email notifications.

GitHub Enterprise Cloud” (formerly known as Business Cloud) means the following features included in your Service Account: an Organization Account, SAML single sign-on, access provisioning, and 24/5 support with an 8-hour response time. This list of features and services is non-exhaustive and may be updated from time to time. For more information, see GitHub's Billing Plans.

Organization” means a shared workspace that may be associated with a single entity or with one or more Users where multiple Users can collaborate across many projects at once. A User Account can be a member of any number of Organizations.

"Outage" means the interruption of an Essential Service that affects more than 50% of Active Users.

"Scheduled Downtime" means maintenance or updates to the Service (including to any servers or other hardware required to host the Service), which has been scheduled in advance, during which the Service may be down or inaccessible to Users.

"Service" means the applications, software (excluding the Software covered in Section B), products, and services provided by GitHub, including on or through the Website.

"Service Credit" means a dollar credit, calculated as set forth below, that GitHub may credit back to an eligible Account.

"User" means the individual who (i) visits or uses the Website or Service, (ii) accesses or uses any part of the Account, or (iii) directs the use of the Account in the performance of functions, in each case on your behalf. "Other Users" means individuals, not including your Users, who visit or use the Website or Service. Users and Other Users are collectively referred to as "All Users."

"Website" means, collectively, (i) GitHub's website located at, (ii) GitHub-owned subdomains of, such as and, (iii) GitHub's conference websites, such as, and (iv) GitHub's product websites, such as Occasionally, websites owned by GitHub may provide different or additional terms of service. If those terms conflict with this Section C, the more specific terms apply to the relevant page or service.

2. Account Terms

2.1 Account Controls.

(i) Users. All Users retain ultimate administrative control over their User Accounts and the Content within them. GitHub's Standard Terms of Service govern All Users' use of the Website, except with respect to Users' activities under this Section C.

(ii) Organizations. You have ultimate administrative control over any Organization created on your behalf and User-Generated Content posted to the repositories within those Organizations, subject to this Section C. You can manage User access to the Organization's data and projects. Within the Service, you must designate one or more User Accounts as "owners" who are delegated administrative control of the Organization, but this designation does not supersede your ultimate administrative rights over the Organization. This Section C will govern the use of your Organization.

2.2 Corporate Accounts;Account Requirements.

(i) Applicability. This Section C applies only if you are entering into an agreement with GitHub on behalf of an entity, such as a company or non-profit organization. To the extent this Section C conflicts with other terms you have accepted for use of the Website or the Service, this Section C will govern with respect to any work a User does on the Website or the Service.

(ii) Required Information; Corporate Account Association. You must provide a valid email address and your entity’s name in order to complete the signup process. If you would like to associate your Organization with a Corporate Account, GitHub will use its best efforts to confirm the association based on the information you provide.

(iii) Corporate Account Requirements. You must create a User Account before creating a Corporate Account, or you must allow GitHub to create a Corporate Account and/or Organization on your behalf. In order to create a User Accounts, the following are required:

2.3 User Account Security. You are responsible for keeping your account secure while using GitHub, including:

2.4 Additional Terms. In some situations, third parties' terms may apply to your use of the Service. For example, you may be a member of an organization with its own terms or license agreements; you may download an application that integrates with the Service; or you may use the Service to authenticate to another service. While this Agreement is GitHub's full agreement with you, other parties' terms govern their relationships with you. If you are a government User or otherwise accessing or using any portion of the Service in a government capacity, the Government Amendment applies, and you agree to its provisions.

3. Acceptable Use Policies

3.1 Compliance with Laws and Regulations. Your use of the Website and the Service must not violate any applicable laws, including copyright or trademark laws, U.S. and other applicable export control or sanctions laws, or other laws in your jurisdiction. You are responsible for making sure that you and your Users' use of the Service is in compliance with all applicable laws and regulations.

3.2 Content Restrictions. Under no circumstances will you or your Users upload, post, host, or transmit any Content to your repositories that:

3.3 Conduct Restrictions. While using the Service, you agree that under no circumstances will you or your Users:

3.4 Services Usage Limits. You will not reproduce, duplicate, copy, sell, resell or exploit any portion of the Service, use of the Service, or access to the Service without GitHub's express written permission.

3.5 Scraping. Scraping refers to extracting data from the Website via an automated process, such as a bot or webcrawler. It does not refer to the collection of information through GitHub's API. You and your Users may scrape the Website for the following reasons:

You and your Users may not scrape the Website for spamming purposes, including for the purposes of selling Other Users' personal information, such as to recruiters, headhunters, and job boards.

3.6 Privacy. Any person, entity, or service collecting data from the Website (including, without limitation, through scraping under Section C.3.5) must comply with the GitHub Privacy Statement, particularly in regards to the collection of our Users' Personal Information (as defined in the GitHub Privacy Statement). If you or your Users collect any User Personal Information from GitHub, you will only use it for the purpose for which the Other User has authorized it. You will reasonably secure any such Personal Information, and you will respond promptly to complaints, removal requests, and "do not contact" requests from GitHub or Other Users.

3.7 Excessive Bandwidth Use. If GitHub determines that your bandwidth usage, as displayed on your account and visible to you, to be significantly excessive in relation to Other Users, GitHub reserves the right to suspend your account or throttle your file hosting until you can reduce your bandwidth consumption.

3.8 User Protection. You will not to engage in activity that significantly harms Other Users. GitHub will resolve disputes in favor of protecting All Users as a whole.

4. User-Generated Content

4.1 Responsibility for User-Generated Content. You may create or upload User-Generated Content while using the Service. You are solely responsible for the content of, and for any harm resulting from, any User-Generated Content that you or your Users post, upload, link to or otherwise make available via the Service, regardless of the form of that Content. GitHub is not responsible for any public display or misuse of User-Generated Content.

4.2 GitHub May Remove Content. GitHub does not pre-screen User-Generated Content, but it has the right (though not the obligation) to refuse or remove any User-Generated Content that, in its sole discretion, violates any GitHub terms or policies.

4.3 Ownership of Content, Right to Post, and License Grants.

(i) You retain ownership of and responsibility for Customer Content. If you post anything that you did not create or that your Users did not create on your behalf, or that you do not own the rights to, you and your Users (a) are responsible for such Customer Content, (b) will only submit Customer Content that you have the right to post, and (c) you will fully comply with any third-party licenses relating to Customer Content that you post.

(ii) You grant the rights set forth in Sections C.4.4 through 4.6, free of charge and for the purposes identified in those sections until such time as you remove Customer Content from our servers, except for Content you have posted publicly and that Other Users have forked, in which case the license is perpetual until such time as all forks of Customer Content have been removed from our servers. You understand that you will not receive any payment for any of the rights granted in Sections C.4.4 through 4.6. If you upload Content that already comes with a license granting GitHub the permissions its need to run the Service, no additional license is required.

4.4 License Grant to GitHub. You grant to GitHub the right to store, parse, and display Customer Content, and make incidental copies as necessary to render the Website and provide the Service. This includes the right to do things like copy Customer Content to GitHub's database and make backups; display Customer Content to you and those you choose to show it to; parse Customer Content into a search index or otherwise analyze it on GitHub's servers; share Customer Content with Other Users you choose to share it with; and perform Customer Content, in case it is something like music or video. These rights apply to both public and private repositories. This license does not grant GitHub the right to sell Customer Content or otherwise distribute or use it outside of our provision of the Service. To the extent any provision of this Agreement is unenforceable under Section A.8, you grant to GitHub the rights it needs to use Customer Content without attribution and to make reasonable adaptations of Customer Content as necessary to render the Website and provide the Service.

4.5 License Grant to Other Users.

(i) Any User-Generated Content you or your Users post publicly, including issues, comments, and contributions to Other Users' repositories, may be viewed by others. By setting your repositories to be viewed publicly, you agree to allow Other Users to view and "fork" your repositories (i.e., Other Users may make their own copies of Content from your repositories in repositories they control).

(ii) If you set your pages and repositories to be viewed publicly, you grant to Other Users a nonexclusive, worldwide license to use, display, and perform Customer Content through the Service and to reproduce Customer Content solely on Service as permitted through functionality provided by GitHub (for example, through forking). You may grant further rights to Content if you adopt a license. If you are uploading Content you did not create or own, you are responsible for ensuring that the Content you upload is licensed under terms that grant these permissions to Other Users.

4.6 Contributions Under Repository License. Whenever you or your Users make a contribution to a repository containing notice of a license, you license such contribution under the same terms, and you agree that you have the right to license such contribution under those terms. If you have a separate agreement to license your contributions under different terms, such as a contributor license agreement, that agreement will supersede.

4.7 Moral Rights. You retain all moral rights to Customer Content that you or your Users upload, publish, or submit to any part of the Service, including the rights of integrity and attribution. However, you waive these rights and agree not to assert them against GitHub, solely to enable it to reasonably exercise the rights granted in Section C.4.4, but not otherwise.

5. Private Repositories

5.1 Control of Private Repositories. Some Accounts may have private repositories, which allow a User to control access to Content.

You are responsible for managing access to your private repositories, including invitations to such private repositories, administrative control of Organizations and teams, and termination of access to such private repositories.

5.2 Confidentiality of Private Repositories. GitHub considers the contents of your private repositories to be confidential to you. GitHub will protect and keep strictly confidential the contents of private repositories in accordance with Section A.6.

5.3 Access. GitHub employees may only access the content of your private repositories in the following situations:

You may choose to enable additional access to your private repositories. For example, you may enable various GitHub services or features that require additional rights to Customer Content in private repositories. These rights may vary depending on the service or feature, but GitHub will continue to treat your private repository Content as confidential. If those services or features require rights in addition to those it needs to provide the Service, GitHub will provide an explanation of those rights.

5.4 Exclusions. If GitHub has reason to believe the contents of a private repository are in violation of the law or of this Agreement, it has the right to access, review, and remove them. Additionally, GitHub may be compelled by law to disclose the contents of your private repositories. Unless otherwise bound by requirements under law or if in response to a security threat or other risk to security, it will provide notice of such actions.

6. Intellectual Property Notices

6.1 GitHub's Rights to Content. GitHub and its licensors, vendors, agents, and/or its content providers retain ownership of all intellectual property rights of any kind related to the Website and Service. GitHub reserves all rights that are not expressly granted to you under this Agreement or by law. The look and feel of the Website and Service is copyright © GitHub, Inc. All rights reserved. You may not duplicate, copy, or reuse any portion of the HTML/CSS, Javascript, or visual design elements or concepts without express written permission from GitHub.

6.2 Copyright Infringement and DMCA Policy. If you are a copyright owner and believe that content on the Website violates your copyright, your may contact GitHub in accordance with GitHub's Digital Millenium Copyright Act Policy, by notifying GitHub via its DMCA Form or by emailing GitHub will terminate the Accounts of repeat infringers of this policy

6.3 GitHub Trademarks and Logos. If you would like to use GitHub's trademarks, you must follow all of GitHub's trademark guidelines, including those on GitHub's logos page.

7. API Terms

Abuse or excessively frequent requests to GitHub via the API may result in the temporary or permanent suspension of your Account access to the API. GitHub, in its sole discretion, will determine abuse or excessive usage of the API. GitHub will make a reasonable attempt to notify you via email prior to suspension. You may not share API tokens to exceed GitHub's rate limitations. You may not use the API to download data or Content from the Website for spamming purposes, including for the purposes of selling User Personal Information, such as to recruiters, headhunters, and job boards. All use of the GitHub API is subject to this Agreement and the GitHub Privacy Statement. GitHub may offer subscription-based access to its API if you require high-throughput access or access that would result in resale of the Service.

8. Additional Terms for GitHub Pages and GitHub Learning Lab

8.1 GitHub Pages. Each Account comes with access to the GitHub Pages static hosting service. This hosting service is intended to host static web pages for All Users. GitHub Pages are subject to some specific bandwidth and usage limits, and may not be appropriate for some high-bandwidth uses or other prohibited uses. Please see the GitHub Pages guidelines for more information. GitHub reserves the right at all times to reclaim any subdomain without liability.

8.2 GitHub Learning Lab. If you decide to purchase and use the GitHub Learning Lab application and associated documentation, depending on the nature of your usage, the GitHub Learning Lab Terms and Conditions found at either or will apply.

9. Third-Party Applications

9.1 Creating Applications. If you create a Developer Product and make it available for Other Users, then you must comply with the following requirements:

9.2 Using Applications.

(i) You may grant a Developer Product authorization to use, access, and disclose the contents of your repositories, including your private repositories. Some Developer Products are available through the GitHub Marketplace. Some Developer Products can be used for performing automated tasks, and in some cases, multiple Users may direct the actions of a Developer Product. However, if you purchase and/or set up a Developer Product on your Account, or you are an owner of an Account with an integrated Developer Product, then you will be responsible for the Developer Product's actions that are performed on or through your Account. Please see the GitHub Privacy Statement for more information about how GitHub shares data with Developer Products.

(ii) GitHub makes no warranties of any kind in relation to Developer Products and is not liable for disclosures to third parties that you authorize to access Customer Content. Your use of any third-party applications is at your sole risk.

(iii) If you buy Developer Products through GitHub Marketplace, the GitHub Marketplace Terms of Service control such purchase. This Section C, as well as the GitHub Marketplace Terms of Service, will govern Customer's use of GitHub Marketplace.

10. Advertising on GitHub

10.1 GitHub Pages. GitHub offers Pages sites primarily as a showcase for personal and organizational projects. Some monetization efforts are permitted on Pages, such as donation buttons and crowdfunding links.

10.2 GitHub Repositories. GitHub repositories are intended to host Content. You may include static images, links, and promotional text in the README documents associated with your repositories, but they must be related to the project you are hosting on GitHub. You may not advertise in Other Users' repositories, such as by posting monetized or excessive bulk content in issues.

10.3 Spamming and Inappropriate Use of GitHub. Advertising Content, like all Content, must not violate the law or this Agreement, for example through excessive bulk activity such as spamming. GitHub reserves the right to remove any advertisements that, in its sole discretion, violate any GitHub terms or policies.

11. Cancellation and Suspension

11.1 Cancellation. It is your responsibility to properly cancel your Account with GitHub. You may cancel your Account at any time by going to your settings in the global navigation bar at the top of the screen. GitHub is not able to cancel Accounts in response to an email or phone request.

11.2 Suspension. GitHub has the right to suspend access to all or any part of the Service at any time for violation of these Terms or to protect the integrity, operability, and security of the Website or the Service, effective immediately, with or without notice. Unless prohibited by law or legal process or to prevent imminent harm to the Service or any third party, GitHub typically provides notice in the form of a banner or email on or before such suspension. GitHub will, in our discretion and using good faith, tailor any suspension as needed to preserve the integrity, operability, and security of the Website and Service.

12. Additional Terms relating to the Service – Privacy, Security, and Service Level Agreement (SLA)

12.1 Privacy and Security. The data protection terms set forth in Exhibit D and the security terms set forth in Exhibit E (which include the technical and organizational measures GitHub has in place to protect and secure various types of data) apply to the Service.

12.2 Service Level Agreement (SLA).

(i) Program Benefits – Uptime Guarantee and Calculation. GitHub guarantees that the Service will have a quarterly Uptime percentage of 99.95%. That means GitHub's Essential Services will not be interrupted by an Outage affecting more than 50% of Active Users, for more than .05% of the quarter. If GitHub doesn't meet such 99.95% quarterly Uptime guarantee, GitHub may issue Service Credits to customers. GitHub's Uptime calculation is based on the percentage of successful requests it serves through its web, API, and Git client interfaces.

(ii) Exclusions. Exclusions from the Uptime guarantee include Outages resulting from:

(iii) Calculation of Uptime Service Credits; Redemption of Uptime Service Credits.

If GitHub's quarterly Uptime percentage drops below its 99.95% Uptime guarantee, then you are entitled to receive a Service Credit equal to 25 times the amount that was paid for the Outage time that exceeds the quarterly Uptime guarantee. Service Credits are calculated at the end of each quarter, and may only be granted upon request.

To find out about GitHub's Uptime percentage, you can request an Uptime report at the end of each quarter.

In order to be granted Service Credits, either an Account Owner or Billing Manager must send a written request, on your behalf, within thirty (30) days of the end of each quarter. Service Credits may not be saved. After being granted a Service Credit, it will be automatically applied to your next bill. Written requests should be sent to GitHub Support.

12.3 Disclaimer and Limitation of Liability. GitHub's Status Page is not connected to the Uptime guarantee set forth in this Section and is not an accurate representation of GitHub's Uptime for the purposes of calculating Service Credits. Service Credits are limited to thirty (30) days of paid service, per quarter. Service Credits are your only remedy for any failure by GitHub to meet any Uptime obligations as identified in this Section.

13. Disclaimer of Warranties

GitHub provides the Website and the Service "as is," and "as available" (except as explicitly set forth in Section C.12.2), without warranty of any kind. WITHOUT LIMITING THIS AND TO THE EXTENT PERMITTED BY LAW, GITHUB EXPRESSLY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, REGARDING THE WEBSITE AND THE SERVICE, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, SECURITY, ACCURACY, AND NON-INFRINGEMENT. Without limiting the foregoing, GitHub does not warrant that the Service will meet your requirements; that the Service will be uninterrupted, timely, secure, or error-free; that the information provided through the Service is accurate, reliable or correct; that any defects or errors will be corrected; that the Service will be available at any particular time or location; or that the Service is free of viruses or other harmful components. GitHub will not be responsible for any risk of loss resulting from your downloading and/or use of files, information, content or other material obtained from the Service.

14. Website Changes

GitHub reserves the right at any time and from time to time to modify or discontinue, temporarily or permanently, the Website (or any part of it) with or without notice.


1. Definitions

1.1 The "Applicable Data Protection Laws" refer to certain laws, regulations, regulatory frameworks, or other legislations relating to the processing and use of Personal Data, as applicable to Customer's use of GitHub and the GitHub Service, including:

a. The EU General Data Protection Regulation 2016/679 ("GDPR"), along with any implementing or corresponding equivalent national laws or regulations, once in effect and applicable; and

b. The U.S. Department of Commerce and European Commission's EU--U.S. Privacy Shield Framework ("Privacy Shield"), or any succeeding legislation, available at, or any succeeding URL, as may be amended. The "Privacy Shield Principles" refer to the principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.

1.2 "Controller," "Data Subject," "Member State," "Personal Data," "Personal Data Breach," "Processing," "Processor," and "Supervisory Authority" have the meanings given to them in the Applicable Data Protection Laws. In the event of a conflict, the meanings given in the GDPR will supersede.

1.3 "Customer Personal Data" means any Personal Data for which Customer is a Controller, whether supplied by Customer for processing by GitHub or generated by GitHub in the course of performing its obligations under the Agreement. It includes data such as billing information, IP addresses, corporate email addresses, and any other Personal Data for which Customer is a Controller.

1.4 "Customer Repository Data" means any data or information that is uploaded or created by Customer into any of its private GitHub repositories.

1.5 A "Data Breach" refers to a Personal Data Breach or any other confirmed or reasonably suspected breach of Customer's Protected Data.

1.6 "End User" means an individual Data Subject who controls a GitHub account and has agreed to the GitHub Terms of Service, and whose Personal Data is being transferred, stored, or processed by GitHub. For example, each Customer employee or contractor who has a GitHub account is also a GitHub End User.

1.7 "Permitted Purposes" for data processing are those limited and specific purposes of providing the Service as set forth in the Agreement, the GitHub Privacy Statement, and this Addendum, or the purposes for which a Data Subject has authorized the use of Customer Personal Data.

1.8 "Protected Data" includes any Customer Personal Data and any Customer Repository Data processed by GitHub on behalf of Customer under the Agreement.

1.9 "Sensitive Data" means any Personal Data revealing racial or ethnic origin; political opinions, religious or philosophical beliefs or trade union membership; processing of genetic data or biometric data for the purposes of uniquely identifying a natural person; data concerning health, a natural person's sex life or sexual orientation; and data relating to offences, criminal convictions, or security measures.

2. Status and Compliance

2.1 Data Processing. GitHub acts as a Processor in regard to any Customer Personal Data it receives in connection with the Agreement, and GitHub will process Customer Personal Data only for Permitted Purposes in accordance with Customer's instructions as represented by the Agreement and other written communications. In the event that GitHub is unable to comply with Customer's instructions, such as due to conflicts with the Applicable Data Protection Laws, or where processing is required by the Applicable Data Protection Laws or other legal requirements, GitHub will notify Customer to the extent permissible. GitHub processes all Customer Personal Data in the United States or in the European Union; however, GitHub's subprocessors may process data outside of the United States or the European Union. Additionally, GitHub acts as a Processor for any Customer Repository Data.

2.2 Data Controllers. GitHub receives Personal Data both from Customer and directly from Data Subjects who create End User accounts. Customer is a Controller only for the Customer Personal Data it transfers directly to GitHub.

2.3 GitHub Compliance. GitHub represents and warrants that it complies with Privacy Shield, which governs cross-border transfers of Personal Data. GitHub will remain certified under Privacy Shield for the duration of the Agreement, provided Privacy Shield remains a valid data transfer mechanism. In the event that GitHub is unable to remain certified, or that Privacy Shield does not remain a valid data transfer mechanism, please see Section 7. GitHub will comply with Applicable Data Protection Laws in relation to the processing of Personal Data.

3. Data Protection

3.1 Purpose Limitation. GitHub will process and communicate the Protected Data only for Permitted Purposes, unless the Parties agree in writing to an expanded purpose.

3.2 Data Quality and Proportionality. GitHub will keep the Customer Personal Data accurate and up to date, or enable Customer to do so. GitHub will take commercially reasonable steps to ensure that any Protected Data it collects on Customer's behalf is adequate, relevant, and not excessive in relation to the purposes for which it is transferred and processed. In no event will GitHub intentionally collect Sensitive Data on Customer's behalf. Customer agrees that the GitHub Service is not intended for the storage of Sensitive Data; if Customer chooses to upload Sensitive Data to the Service, Customer must comply with Article 9 of the GDPR, or equivalent provisions in the Applicable Data Protection Laws.

3.3 Data Retention and Deletion. Upon Customer's reasonable request, unless prohibited by law, GitHub will return, destroy, or deidentify all Customer Personal Data and related data at all locations where it is stored after it is no longer needed for the Permitted Purposes within thirty days of request. GitHub may retain Customer Personal Data and related data to the extent required by the Applicable Data Protection Laws, and only to the extent and for such period as required by the Applicable Data Protection Laws, provided that GitHub will ensure that Customer Personal Data is processed only as necessary for the purpose specified in the Applicable Data Protection Laws and no other purpose, and Customer Personal Data remains protected by the Applicable Data Protection Laws.

3.4 Data Processing. GitHub provides the following information, required by Article 28(3) of the GDPR, regarding its processing of Customer's Protected Data:

a. The subject matter and duration of the processing of Customer Personal Data are set out in the Agreement and this Addendum.

b. The nature and purpose of the processing of Customer Personal Data is described in Section 3.1 of this Addendum.

c. The types of Customer Personal Data to be processed are described in the GitHub Privacy Statement, and include Customer Personal Data such as user names, passwords, email addresses, and IP addresses. GitHub also processes information necessary for billing Customer's account, but does not process or store credit card information. Customer may choose to supply GitHub with additional Customer Personal Data, such as in Customer's profile settings or by uploading Customer Personal Data to its GitHub repositories.

d. The categories of Data Subject to whom the Customer Personal Data relates are the Customer itself and its End Users.

e. The obligations and rights of Customer are set out in the Agreement and this Addendum.

4. Security and Audit Obligations

4.1 Technical and Organizational Security Measures. Taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, GitHub will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks, such as against accidental or unlawful destruction, or loss, alteration, unauthorized disclosure or access, presented by processing the Protected Data. GitHub will regularly monitor compliance with these measures and will continue to take appropriate safeguards throughout the duration of the Agreement.

4.2 Incident Response and Breach Notification. GitHub will comply with the Information Security obligations in the GitHub Security Exhibit and the Applicable Data Protection Laws, including Data Breach notification obligations. Please see Section 1.2 of the GitHub Security Exhibit regarding GitHub's responsibilities in relation to Data Breach response and notification.

4.3 GitHub Personnel. GitHub represents and warrants that it will take reasonable steps to ensure that all GitHub personnel processing Protected Data have agreed to keep the Protected Data confidential and have received adequate training on compliance with this Addendum and the Applicable Data Protection Laws.

4.4 Records. GitHub will maintain complete, accurate, and up to date written records of all categories of processing activities carried out on behalf of Customer containing the information required under the Applicable Data Protection Laws. To the extent that assistance does not risk the security of GitHub or the privacy rights of individual Data Subjects, GitHub will make these records available to Customer on request as reasonably required, such as to help Customer demonstrate its compliance under the Applicable Data Protection Laws. To learn more about GitHub's requirements to provide assistance in the event of a security incident, please see Section 1.2 of the GitHub Security Exhibit.

4.5 Compliance Reporting. GitHub will provide security compliance reporting in accordance with Section 2.3 of the GitHub Security Exhibit and privacy compliance reporting in accordance with Section 2.4 of the GitHub Security Exhibit. Customer agrees that any information and audit rights granted by the Applicable Data Protection Laws (including, where applicable, Article 28(3)(h) of the GDPR) will be satisfied by these compliance reports, and will only arise to the extent that GitHub's provision of a compliance report does not provide sufficient information, or to the extent that Customer must respond to a regulatory or Supervisory Authority audit. Section 3.1 of the GitHub Security Exhibit describes the parties' responsibilities in relation to a regulatory or Supervisory Authority audit.

4.6 Assistance. GitHub will provide reasonable assistance to Customer with concerns such as data privacy impact assessments, Data Subject rights requests, consultations with Supervisory Authorities, and other similar matters, in each case solely in relation to the processing of Customer's Personal Data and taking into account the nature of processing.

5. Use and Disclosure of Protected Data

5.1 No Use in Marketing. GitHub will not use the Protected Data for the purposes of advertising third-party content, and will not sell the Protected Data to any third party except as part of a merger or acquisition.

5.2 GitHub Privacy Statement. The GitHub Privacy Statement, publicly available at, provides detailed notice of GitHub's privacy and data use practices, including its use of cookies, its dispute resolution process, and further details about GitHub's GDPR compliance.

6. Subprocessing and Onward Transfer

6.1 Protection of Data. GitHub is liable for onward transfers of Protected Data to its subprocessors, such as its third-party payment processor. In the event that GitHub does transfer the Protected Data to a third-party subprocessor, or GitHub installs, uses, or enables a third party or third-party services to process the Protected Data on GitHub's behalf, GitHub will ensure that the third-party subprocessor is contractually bound to comply with or provide at least the same level of confidentiality, security, and privacy protection as is required of subprocessors by the Privacy Shield Principles and the Applicable Data Protection Laws.

6.2 Acceptance of GitHub Subprocessors. Customer authorizes GitHub to appoint (and permit each subprocessor appointed in accordance with this Section 6 to appoint) subprocessors in accordance with Section 6 and any other restrictions in the Agreement. GitHub may continue to use those subprocessors currently engaged as of the Effective Date of this Addendum.

6.3 General Consent for Onward Subprocessing. Customer provides a general consent for GitHub to engage onward subprocessors, conditional on GitHub's compliance with the following requirements:

a. Any onward subprocessor must agree in writing to only process data in a country that the European Commission has declared to have an "adequate" level of protection; or to only process data on terms equivalent to the Standard Contractual Clauses, or pursuant to a Binding Corporate Rules approval granted by competent European data protection authorities, or pursuant to a compliant US-EU Privacy Shield certification; and

b. GitHub will restrict the onward subprocessor's access to Customer Personal Data only to what is strictly necessary to perform its services, and GitHub will prohibit the subprocessor from processing the Customer Personal Data for any other purpose.

6.4 Disclosure of Subprocessor Agreements. GitHub maintains a list of onward subprocessors it has engaged to process Customer Personal Data at, including the categories of Customer Personal Data processed, a description of the type of processing the subprocessor performs, and the location of its processing. GitHub will, upon Customer's written request, provide Customer with this list of subprocessors and the terms under which they process the Customer Personal Data. Pursuant to subprocessor confidentiality restrictions, GitHub may remove any confidential or commercially sensitive information before providing the list and the terms to Customer. In the event that GitHub cannot disclose confidential or sensitive information to Customer, the Parties agree that GitHub will provide all information it reasonably can in connection with its subprocessing agreements.

6.5 Objection to Subprocessors. GitHub will provide thirty days' prior written notice of the addition or removal of any subprocessor, including the categories listed in Section 6.4, by announcing changes on its site. If Customer has a reasonable objection to GitHub's engagement of a new subprocessor, Customer must notify GitHub promptly in writing. Where possible, GitHub will use commercially reasonable efforts to provide an alternative solution to the affected Service to avoid processing of data by the objectionable subprocessor. In the event that GitHub is unable to provide an alternative solution and the Parties cannot resolve the conflict within ninety days, Customer may terminate the Agreement.

7. Termination

7.1 Suspension. In the event that GitHub is in breach of its obligations to maintain an adequate level of security or privacy protection, Customer may temporarily suspend the transfer of all Customer Personal Data or prohibit collection and processing of Customer Personal Data on Customer's behalf until the breach is repaired or the Agreement is terminated.

7.2 Termination with Cause. In addition to any termination rights Customer has under the Agreement, Customer may terminate the Agreement without prejudice to any other claims at law or in equity in the event that:

a. GitHub notifies Customer that it can no longer meet its privacy obligations;

b. the transfer, collection, or processing of all Customer Personal Data has been temporarily suspended for longer than one month pursuant to Section 7.1;

c. GitHub is in substantial or persistent breach of any warranties or representations under this Addendum;

d. GitHub is no longer carrying on business, is dissolved, enters receivership, or a winding up order is made on behalf of GitHub; or

e. Customer objects to a subprocessor pursuant to Section 6.5, and GitHub has not been able to provide an alternative solution within ninety days.

7.3 Breach. Failure to comply with the material provisions of this Addendum is considered a material breach under the Agreement.

7.4 Failure to perform. In the event that changes in law or regulation render performance of this Addendum impossible or commercially unreasonable, the Parties may renegotiate the Addendum in good faith. If renegotiation would not cure the impossibility, or if the Parties cannot reach an agreement, the Parties may terminate the Agreement after thirty days.

7.5 Notification. In the event that GitHub determines that it can no longer meet its privacy obligations under this Addendum, GitHub will notify Customer in writing immediately.

7.6 Modifications. GitHub may modify this Addendum from time to time as required by the Applicable Data Protection Laws, with thirty days' notice to Customer.

7.7 Termination Requirements. Upon Termination, GitHub must:

a. take reasonable and appropriate steps to stop processing the Customer Personal Data;

b. within ninety days of termination, delete or deidentify any Customer Personal Data GitHub stores on Customer's behalf pursuant to Section 3.3; and

c. provide Customer with reasonable assurance that GitHub has complied with its obligations in Section 7.7.

8. Liability for Data Processing

8.1 Limitations. Except as limited by the Applicable Data Protection Laws, any claims brought under this Addendum will be subject to the terms of the Agreement regarding Limitations of Liability.


1. Information Technology Security Program

1.1 Security Management.

Scope and Contents. Throughout the duration of the Agreement, GitHub will maintain and enforce a written information security program ("Security Program") that aligns with industry recognized frameworks; includes security safeguards reasonably designed to protect the confidentiality, integrity, availability, and resilience of Customer Protected Data; is appropriate to the nature, size, and complexity of GitHub's business operations; and complies with the Applicable Data Protection Laws and other specific information security related laws and regulations that are applicable to the geographic regions in which GitHub does business.

a. Security Officer. GitHub has designated a senior employee to be responsible for overseeing and carrying out its Security Program and for governance and internal communications regarding information security matters.

b. Security Program Changes. GitHub will provide details of any material changes to its Security Program that may adversely affect the security of any Customer Protected Data where notification is required under applicable laws and regulations.

1.2 Security Incident Management. Throughout the duration of the Agreement, and where applicable, GitHub will provide a Security incident management program as follows:

a. Security Availability and Escalation. GitHub will maintain appropriate security contact and escalation processes on a 24-hours-per-day, 7-days-per-week basis to ensure customers and employees can submit issues to the GitHub Security team.

b. Incident Response. If GitHub becomes aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data or Personal Data (each a "Security Incident"), GitHub will promptly and without undue delay (1) notify Customer of the Security Incident; (2) investigate the Security Incident and provide Customer with detailed information about the Security Incident; (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident.

c. Notification(s) of Security Incidents will be delivered to one or more of Customer's administrators by any means GitHub selects. It is Customer's sole responsibility to ensure Customer's administrators monitor for and respond to any notifications. Customer is solely responsible for complying with its obligations under incident notification laws applicable to Customer and fulfilling any third-party notification obligations related to any Security Incident.

d. GitHub will make reasonable efforts to assist Customer in fulfilling Customer's obligation under GDPR Article 33 or other applicable law or regulation to notify the relevant supervisory authority and data subjects about such Security Incident.

1.3 Due Diligence over Subcontractors and Vendors. GitHub will maintain appropriate due diligence when utilizing subcontractors and vendors. GitHub will maintain vendor audit reports and any assessment work for a minimum of three years.

1.4 Data Center Physical Safeguards. To the extent GitHub utilizes third party vendors to host production environments, GitHub will select vendors that comply with physical security controls outlined in industry standards and that issue an annual external audit report such as SOC 2 or ISO 27001 certification. All access to areas, cabinets, or racks that house telecommunications, networking devices, and other "data transmission lines" or equipment will be controlled as follows:

a. access will be controlled by badge reader at one or more entrance points;

b. doors used only as exit points will have only "one way" doorknobs or crash bar exit devices installed;

c. all doors will be equipped with door alarm contacts;

d. all exit doors will have video surveillance capability; and

e. all card access and video systems will be tied in to generator or UPS backup systems.

2. Requests for Information and Compliance Reporting

2.1 Requests for Information. Upon Customer's written request and no more than once annually, GitHub will respond to one request for information to assess security and compliance risk-related information. The response will be provided in writing within thirty days of receipt of the request, pending needed clarifications of any request.

2.2 Response Contents. GitHub will include in its annual response relevant audit reports for production datacenter, IaaS, PaaS or private hosting providers, as deemed relevant by GitHub, in its sole discretion and based on data and services rendered.

2.3 GitHub Security Audit Report. GitHub will execute external, independent audit to produce a SOC1 audit report and a SOC2 audit report. GitHub will continue to execute audits and issue corresponding reports for the duration of the agreement on at least an annual basis.

3 Cooperation with Regulatory Audits

3.1 Regulatory Audits. Should Customer realize a regulatory audit or an audit in response to a Supervisory Authority that requires participation from GitHub, GitHub will fully cooperate with related requests by providing access to relevant knowledgeable personnel, documentation, and application software. Customer has the following responsibilities regarding any such regulatory or Supervisory Authority audits:

a. Customer must ensure use of an independent third party (meaning the regulator or regulator's delegate), and that findings and data not relevant to Customer are restricted.

b. Notification of such audit must be written and provided to GitHub in a timely fashion, pending regulator notification, and in a manner that allows for appropriate personnel to be made available to assist. Where regulators provide no advance notice to Customer of audit or investigation, GitHub will respond in as timely a fashion as required by regulators.

c. Any third party auditor must disclose to GitHub any findings and recommended actions where allowed by regulator.

d. In the event of a regulatory audit, access will be permitted only during regular business hours, Pacific time.

e. To the extent permitted by law, Customer must keep confidential any information gathered through any such audit of GitHub that, by its nature, should be confidential.

Ask a human

Can't find what you're looking for?

Contact us