GitForge Logo GitForge

GitForge General Privacy Statement

Effective Date: February 1, 2024

Summary of Changes and Key Points

A.

Our Commitment

We are committed to protecting your personal data. This policy applies to GitForge, Inc. or GitForge B.V. as data controller.

B.

Organization Accounts

If your account is provided by an organization (e.g., employer), they are the primary data controller. GitForge acts as a data processor.

C.

Data Collection

We collect data directly from you, automatically from your device, and sometimes from third parties.

D.

Data Usage Purposes

We use your data for service delivery, security, communication, and business operations.

E.

Private Repositories

Content in private repositories is treated as confidential and is only accessed under limited and specific circumstances.

F.

Your Rights

Depending on your location, you have rights to access, rectify, erase, or object to the processing of your personal data.

G.

International Transfers

We transfer data internationally using standard contractual clauses and comply with the DPF frameworks.

End-User Information: Organization-Provided GitForge Accounts

When a school or employer provides your GitForge account, they assume the role of data controller for most personal data used in our Services. This grants them the ability to manage your account, access, and use your personal data, including details on how you use the Services, your content, and files.

If you access a GitForge service through an organization-provided account, the organization becomes the data controller. GitForge then functions as a data processor, acting on the data controller’s instructions. A data protection agreement governs the relationship between GitForge and the data controller. For information on their privacy practices, refer to the organization’s privacy statement.

GitForge acts as a data controller only for specific processing activities, clearly defined in a contractual agreement with your organization (Data Protection Agreement). For these limited purposes, this statement governs the management of your personal data. For all other aspects, your organization’s policies apply.

Third-Party Access and Data Protection

When you use third-party extensions, integrations, or follow links within our services, the **privacy policies of those third parties apply** to any personal data you provide or consent to share with them. Their privacy statements govern how that data is processed.

The Personal Data We Collect

Personal data is collected directly from you, automatically from your device, and from third parties. The data we process depends on how you interact with our Services and the features you use.

From You

  • Account Data GitForge ID, name, email address, password, payment, and transaction information.
  • User Content and Files Personal data included in content you provide, such as code, inputs, text, documents, images, or feedback.
  • Demographic Data In some cases, information such as ethnic, sexual, or similar data.
  • Payment Information For paid subscriptions, details like name, billing address, and payment specifics.
  • Profile Information Information to create a user profile, which may include a photo, additional email addresses, job title, or a biography.

Automatically

  • Essential Cookies Used for essential functionalities such as storing settings and recognizing your use of our services.
  • Service Usage Information Data on your interactions, such as IP address, device info, session details, date/time of requests, and performance of specific functions.
  • Website Usage Data Automatically recorded data regarding your website interactions, including referrer site, pages viewed, and links clicked.
  • Geolocation Information Regional geolocation data, depending on the service features.

From Third Parties

  • Information from other users Other users may share information about you when they submit questions and comments.
  • Publicly Accessible Sources We may acquire information about you from publicly accessible sources such as public GitForge repositories.
  • Services linked to your GitForge Account Information received when you or your administrator integrate third-party apps or services (e.g., authentication data from Google).

Purposes of Processing: How We Use Your Personal Data

We use your personal data for a variety of purposes based on your interaction with our services. GitForge practices **data minimization** and uses a minimal amount of personal information required for these activities.

  • Service Provision To provide and update our services, and to offer personalized experiences and recommendations.
  • Safety and Security For the detection and prevention of abuse, violations of terms of service, and to promote the safety, integrity, and security of our services.
  • Communication To inform you about new services, features, promotions, security alerts, and to send confirmations, invoices, and administrative messages.
  • Business Operations For activities such as billing, accounting, generating statistical data for internal reporting, and capacity planning.
  • Troubleshooting and Performance To identify and resolve technical issues and to maintain the Services up-to-date and performing.
  • Legal Obligations To comply with and resolve legal obligations, including responding to data subject requests and tax requirements.

Sharing Personal Data

We may share personal data with the following recipients:

  • Affiliates Shared with GitForge subsidiaries, including to facilitate customer service, marketing, billing, and technical support.
  • Subprocessors and Service Providers Vendors providing services on our behalf, such as hosting, marketing, analytics, and payment processing. They are contractually bound to ensure security and confidentiality.
  • Competent Authorities Law enforcement, regulators, courts, or other public authorities in response to legal requests or to protect our rights and security.
  • Other Users and Public Depending on your account settings, we may share personal data with other users of the Services and with the public. You control the information that is made public via your profile settings.

Private Repositories: GitForge Access

If your GitForge account includes private repositories, you control access to that information. GitForge personnel will not access private repository information without your consent, except in the following cases:

  • for security purposes
  • for the automatic analysis or manual review of known vulnerabilities, active malware, or other content known to violate our Terms of Service
  • to assist the repository owner with a support question
  • to maintain the integrity of the Service, or
  • to comply with our legal obligations if we have reason to believe the content violates the law.

Legal Bases for Processing Personal Data (Applicable to EEA and UK End Users)

GitForge processes personal data in compliance with the GDPR, ensuring a legal basis for each processing activity. Our processing activities generally fall under these legal bases:

  • Contractual Necessity Processing is necessary to fulfill our contractual obligations to you, consistent with the GitForge Terms of Service.
  • Legal Obligation We process data when necessary to comply with applicable laws or to protect the rights, safety, and property of GitForge.
  • Legitimate Interests We process data for purposes that are in our legitimate interest, such as securing and improving our services, but only when your fundamental rights and freedoms do not override those interests.
  • Consent We process data where you have explicitly consented to that processing. You have the right to withdraw your consent at any time.

Your Privacy Rights

Depending on your place of residence, you may have specific legal rights regarding your personal data. These rights may include:

  • The right to access data collected about you.
  • The right to rectify or update inaccurate or incomplete personal data.
  • The right to erase or limit the processing of your personal data in specific conditions.
  • The right to object to the processing of your personal data, pursuant to applicable regulations.

To exercise these rights, please send an email to privacy[at]gitforge[dot]com. You can contact our Data Protection Officer at **dpo[at]gitforge[dot]com** for any comments or concerns. You also have the right to complain to your local Data Protection Authority.

International Data Transfers

GitForge stores and processes personal data in various locations, including the United States and other countries where GitForge, its affiliates, or its subprocessors operate. We transfer personal data from the European Union, the United Kingdom, and Switzerland to countries not recognized by the European Commission as having an adequate level of data protection.

When making such transfers, we generally rely on the Standard Contractual Clauses published by the European Commission to protect your rights and ensure those protections travel with your data.

Data Privacy Framework (DPF)

GitForge is compliant with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). We have certified to the U.S. Department of Commerce that we adhere to the DPF Principles regarding the processing of personal data received from the respective regions.

GitForge remains responsible under the DPF Principles if its agent processes such personal data in a manner inconsistent with the DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

Dispute Resolution Process

In compliance with the DPF, GitForge is committed to resolving DPF Principles-related complaints. EU, UK, and Swiss citizens with questions or complaints should first contact GitForge at dpo[at]gitforge[dot]com.

An individual has the possibility, under certain conditions, to invoke binding arbitration for DPF compliance complaints not resolved by the other DPF mechanisms.

Security and Retention

GitForge uses appropriate administrative, technical, and physical security controls to protect your personal data. We will retain your personal data as long as your account is active and as necessary to fulfill our contractual obligations, comply with legal requirements, resolve disputes, and enforce agreements.

Contact Us

Contact us via our contact form or by emailing our Data Protection Officer at dpo[at]gitforge[dot]com. Our addresses are:

GitForge BV Prins Bernhardplein 200, Amsterdam 1097JB Netherlands

GitForge, Inc. 88 Colin P. Kelly Jr. St. San Francisco, CA 94107 United States

Changes to Our Privacy Statement

GitForge may revise this Privacy Statement periodically. In the event of a material change, we will notify you at least 30 days in advance by updating our website or sending an email to your primary email address associated with your GitForge account.

Our Use of Cookies and Tracking Technologies

GitForge uses strictly necessary cookies to provide, secure, and improve our Service. We use them to (i) keep you logged in, (ii) remember your preferences, and (iii) identify your device for security or fraud detection.

We may also use non-essential cookies on Enterprise Marketing Pages to gather information for the purpose of personalizing experiences and measuring the effectiveness of targeted advertising. If you disable non-essential cookies, the ads, content, and marketing you see may be less relevant.