├── .github
    ├── ISSUE_TEMPLATE.md
    └── PULL_REQUEST_TEMPLATE.md
├── .gitignore
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── LICENSE.md
├── Policies
    ├── acceptable-use-policies
    │   ├── github-acceptable-use-policies.md
    │   ├── github-active-malware-or-exploits.md
    │   ├── github-appeal-and-reinstatement.md
    │   ├── github-bullying-and-harassment.md
    │   ├── github-disrupting-the-experience-of-other-users.md
    │   ├── github-doxxing-and-invasion-of-privacy.md
    │   ├── github-hate-speech-and-discrimination.md
    │   ├── github-impersonation.md
    │   ├── github-misinformation-and-disinformation.md
    │   ├── github-sexually-obscene-content.md
    │   └── github-threats-of-violence-and-gratuitously-violent-content.md
    ├── content-removal-policies
    │   ├── dmca-takedown-policy.md
    │   ├── github-private-information-removal-policy.md
    │   ├── github-trademark-policy.md
    │   ├── guide-to-submitting-a-dmca-counter-notice.md
    │   ├── guide-to-submitting-a-dmca-takedown-notice.md
    │   └── submitting-content-removal-requests.md
    ├── github-company-policies
    │   ├── github-anti-bribery-statement.md
    │   ├── github-gifts-and-entertainment-policy.md
    │   ├── github-gpl-cooperation-commitment.md
    │   └── github-statement-against-modern-slavery-and-child-labor.md
    ├── github-terms
    │   ├── github-community-code-of-conduct.md
    │   ├── github-community-guidelines.md
    │   ├── github-copilot-extension-developer-policy.md
    │   ├── github-corporate-terms-of-service.md
    │   ├── github-educational-use-agreement.md
    │   ├── github-event-code-of-conduct.md
    │   ├── github-event-terms.md
    │   ├── github-marketplace-developer-agreement.md
    │   ├── github-marketplace-terms-of-service.md
    │   ├── github-open-source-applications-terms-and-conditions.md
    │   ├── github-pre-release-license-terms.md
    │   ├── github-registered-developer-agreement.md
    │   ├── github-research-program-terms.md
    │   ├── github-sponsors-additional-terms.md
    │   ├── github-terms-for-additional-products-and-features.md
    │   └── github-terms-of-service.md
    ├── other-site-policies
    │   ├── github-account-recovery-policy.md
    │   ├── github-and-trade-controls.md
    │   ├── github-deceased-user-policy.md
    │   ├── github-government-takedown-policy.md
    │   ├── github-logo-policy.md
    │   ├── github-username-policy.md
    │   └── guidelines-for-legal-requests-of-user-data.md
    ├── privacy-policies
    │   ├── github-candidate-privacy-policy.md
    │   ├── github-codespaces-privacy-statement.md
    │   ├── github-cookies.md
    │   ├── github-general-privacy-statement.md
    │   └── github-subprocessors.md
    └── security-policies
    │   ├── coordinated-disclosure-of-security-vulnerabilities.md
    │   ├── github-bug-bounty-program-legal-safe-harbor.md
    │   └── github-sirt-description-rfc-2350.md
└── README.md


/.github/ISSUE_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | **Please read our README.md and CONTRIBUTING.md files before creating an issue. If you are creating an issue to provide feedback about our Closed Policies, please note that we may not incorporate your feedback into our policies due to laws that limit our flexibility around those issues. If your feedback is not related to any of the questions below, feel free to delete the template questions and enter your comments in free form.**
 2 | 
 3 | #### 1. What's the name of the policy?
 4 | 
 5 | #### 2. Is this issue related to a specific section within one of our policies (e.g. the Terms of Service)? If so, please include a link to the section or subsection.
 6 | 
 7 | #### 3. Did you already open a pull request? If so, please include a link to the PR in the [GitHub Docs repo](https://github.com/github/docs).
 8 | 
 9 | #### 4. Sometimes it's easier to just put your feedback text into an issue. If that's how you'd prefer to contribute, this is the section to do that.
10 | 
11 | #### 5. Why do you think this section or language needs improvement?
12 | 


--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | # Thank you for your interest in improving GitHub's site policies!
2 | ![new](https://img.shields.io/badge/-new!-yellow) Please follow this workflow to have your edits considered:
3 | 1. Open a pull request directly in the [GitHub Docs](https://github.com/github/docs) repo.
4 | 2. Open [an issue in this site-policy repo](https://github.com/github/site-policy/issues/new) describing your change and link it to your PR.
5 | 3. We will then consider your change and get back to you. Thank you!
6 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Ignore index
 2 | **/index.md
 3 | 
 4 | # Ignore enterprise terms
 5 | **/github-supplemental-terms-for-microsoft-volume-licensing.md
 6 | **/github-enterprise-subscription-agreement.md
 7 | **/github-enterprise-server-license-agreement.md
 8 | **/github-enterprise-service-level-agreement.md
 9 | **/github-enterprise-cloud-evaluation-agreement.md
10 | **/github-data-protection-addendum.md
11 | **/github-connect-addendum-to-the-github-enterprise-license-agreement.md
12 | **/github-ae-data-protection-agreement.md
13 | **/github-ae-product-specific-terms.md
14 | **/amendment-to-github-terms-of-service-applicable-to-us-federal-government-users.md
15 | 


--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
 1 | # Contributor Covenant Code of Conduct
 2 | 
 3 | ## Our Pledge
 4 | 
 5 | In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
 6 | 
 7 | ## Our Standards
 8 | 
 9 | Examples of behavior that contributes to creating a positive environment include:
10 | 
11 | * Using welcoming and inclusive language
12 | * Being respectful of differing viewpoints and experiences
13 | * Gracefully accepting constructive criticism
14 | * Focusing on what is best for the community
15 | * Showing empathy towards other community members
16 | 
17 | Examples of unacceptable behavior by participants include:
18 | 
19 | * The use of sexualized language or imagery and unwelcome sexual attention or advances
20 | * Trolling, insulting/derogatory comments, and personal or political attacks
21 | * Public or private harassment
22 | * Publishing others' private information, such as a physical or electronic address, without explicit permission
23 | * Other conduct which could reasonably be considered inappropriate in a professional setting
24 | 
25 | ## Our Responsibilities
26 | 
27 | Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
28 | 
29 | Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
30 | 
31 | ## Scope
32 | 
33 | This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
34 | 
35 | ## Enforcement
36 | 
37 | Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at contact@support.github.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
38 | 
39 | Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
40 | 
41 | ## Attribution
42 | 
43 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
44 | 
45 | [homepage]: http://contributor-covenant.org
46 | [version]: http://contributor-covenant.org/version/1/4/
47 | 


--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
 1 | # Contributing
 2 | 
 3 | Hi there! We're thrilled that you'd like to contribute to our Site Policies. Your help is essential. Our [README](README.md) describes the project, its purpose, and caveats, and is necessary reading for contributors.
 4 | 
 5 | Contributions to this project are dedicated to the public domain under [CC0-1.0](LICENSE.md).
 6 | 
 7 | Remember that information in this repo [is not legal advice and comes without warranty](README.md#disclaimer).
 8 | 
 9 | Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.
10 | 
11 | ## Getting Started
12 | 
13 | As we mentioned in the README, we're mostly looking for contributions to a few of our policies, which are listed below. However, just because a policy is on the list, it does not mean that the terms are flexible. The current Terms of Service can be found on our website, at https://docs.github.com/github/site-policy/github-terms-of-service, and all Users must agree to them before using our website. We've opened this repo to provide more transparency around the updates to those Terms of Service, to allow you all to help us improve them, and to do so the GitHub way. Here are the policies we're currently hoping you'll contribute to:
14 | 
15 | * [GitHub Terms of Service](https://docs.github.com/github/site-policy/github-terms-of-service)
16 | * [GitHub Acceptable Use Policies](https://docs.github.com/en/free-pro-team@latest/github/site-policy/github-acceptable-use-policies)
17 | * [GitHub Community Guidelines](https://docs.github.com/en/github/site-policy/github-community-guidelines)
18 | * [GitHub Privacy Statement](https://docs.github.com/github/site-policy/github-privacy-statement)
19 | * [GitHub Global Privacy Practices](https://docs.github.com/github/site-policy/global-privacy-practices)
20 | 
21 | 
22 | The two main ways to contribute are through issues and pull requests. We've [open sourced GitHub Docs](https://github.blog/2020-10-07-github-docs-are-now-open-source/) and now seek pull request in the [GitHub Docs repo](https://github.com/github/docs). To track site-policy changes, we ask you to open issues in this repo, and we've made a [template](https://github.com/github/site-policy/issues/new) to request information that will help us better understand your feedback.
23 | ## Help Wanted
24 | 
25 | Before you decide to open an issue, browse [open issues](https://github.com/github/site-policy/issues) to see current requests. We also generally want to hear about:
26 | 
27 | * International issues with our policies
28 | * Typos
29 | * Clearer wording
30 | * Other sites that have adapted and reused some of our policies
31 | 
32 | [Open an issue](https://github.com/github/site-policy/issues/new) to tell us about any of the above. You may also open a pull request to propose specific changes, but it's always OK to start with an issue.
33 | 
34 | **NOTE:** Issues are best used as a task list, where each issue contains one and only one thing to be addressed, resolved, fixed or decided. So please include only one work item per issue. This helps us know when issues are completed and can be closed. In turn, this helps everyone watching the issues know when the item they're interested in has been resolved.
35 | 
36 | If you decide to open a pull request, please do so directly in the [GitHub Docs repo](https://github.com/github/docs) and link to it in your issue in this repo to help us track site-policy-specific changes. Please be aware that it is unlikely that we will merge your pull request directly unless it is a typo correction. It's not because we don't like your ideas, but because we may need to iterate on them internally, and officially open a pull request with our take with the amount of notice appropriate for the policy in question.
37 | 
38 | In general, before we make official changes to our site policies, we will open a pull request in this repository, showing all the draft changes on a working branch. In that pull request, we will do our best to cross link back to open issues or pull requests that we think are resolved or addressed by the draft changes. When those draft changes are ready to be published, we will make them on the official live version at https://docs.github.com/en/github/site-policy. After that, we'll merge the working branch in this repository.
39 | 
40 | **NOTE:** Please don't post legal complaints or ask for technical support in this repository. We may not respond to issues or comments promptly. If you need help, [contact Support](https://github.com/contact) and they'll get you an answer.
41 | 
42 | ## Resources
43 | 
44 | - [Contributing to Open Source on GitHub](https://opensource.guide/how-to-contribute/)
45 | - [Using Pull Requests](https://docs.github.com/github/collaborating-with-issues-and-pull-requests/about-pull-requests)
46 | - [GitHub Docs](https://docs.github.com)
47 | 


--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
  1 | CC0 1.0 Universal
  2 | 
  3 | Statement of Purpose
  4 | 
  5 | The laws of most jurisdictions throughout the world automatically confer
  6 | exclusive Copyright and Related Rights (defined below) upon the creator and
  7 | subsequent owner(s) (each and all, an "owner") of an original work of
  8 | authorship and/or a database (each, a "Work").
  9 | 
 10 | Certain owners wish to permanently relinquish those rights to a Work for the
 11 | purpose of contributing to a commons of creative, cultural and scientific
 12 | works ("Commons") that the public can reliably and without fear of later
 13 | claims of infringement build upon, modify, incorporate in other works, reuse
 14 | and redistribute as freely as possible in any form whatsoever and for any
 15 | purposes, including without limitation commercial purposes. These owners may
 16 | contribute to the Commons to promote the ideal of a free culture and the
 17 | further production of creative, cultural and scientific works, or to gain
 18 | reputation or greater distribution for their Work in part through the use and
 19 | efforts of others.
 20 | 
 21 | For these and/or other purposes and motivations, and without any expectation
 22 | of additional consideration or compensation, the person associating CC0 with a
 23 | Work (the "Affirmer"), to the extent that he or she is an owner of Copyright
 24 | and Related Rights in the Work, voluntarily elects to apply CC0 to the Work
 25 | and publicly distribute the Work under its terms, with knowledge of his or her
 26 | Copyright and Related Rights in the Work and the meaning and intended legal
 27 | effect of CC0 on those rights.
 28 | 
 29 | 1. Copyright and Related Rights. A Work made available under CC0 may be
 30 | protected by copyright and related or neighboring rights ("Copyright and
 31 | Related Rights"). Copyright and Related Rights include, but are not limited
 32 | to, the following:
 33 | 
 34 |   i. the right to reproduce, adapt, distribute, perform, display, communicate,
 35 |   and translate a Work;
 36 | 
 37 |   ii. moral rights retained by the original author(s) and/or performer(s);
 38 | 
 39 |   iii. publicity and privacy rights pertaining to a person's image or likeness
 40 |   depicted in a Work;
 41 | 
 42 |   iv. rights protecting against unfair competition in regards to a Work,
 43 |   subject to the limitations in paragraph 4(a), below;
 44 | 
 45 |   v. rights protecting the extraction, dissemination, use and reuse of data in
 46 |   a Work;
 47 | 
 48 |   vi. database rights (such as those arising under Directive 96/9/EC of the
 49 |   European Parliament and of the Council of 11 March 1996 on the legal
 50 |   protection of databases, and under any national implementation thereof,
 51 |   including any amended or successor version of such directive); and
 52 | 
 53 |   vii. other similar, equivalent or corresponding rights throughout the world
 54 |   based on applicable law or treaty, and any national implementations thereof.
 55 | 
 56 | 2. Waiver. To the greatest extent permitted by, but not in contravention of,
 57 | applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and
 58 | unconditionally waives, abandons, and surrenders all of Affirmer's Copyright
 59 | and Related Rights and associated claims and causes of action, whether now
 60 | known or unknown (including existing as well as future claims and causes of
 61 | action), in the Work (i) in all territories worldwide, (ii) for the maximum
 62 | duration provided by applicable law or treaty (including future time
 63 | extensions), (iii) in any current or future medium and for any number of
 64 | copies, and (iv) for any purpose whatsoever, including without limitation
 65 | commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes
 66 | the Waiver for the benefit of each member of the public at large and to the
 67 | detriment of Affirmer's heirs and successors, fully intending that such Waiver
 68 | shall not be subject to revocation, rescission, cancellation, termination, or
 69 | any other legal or equitable action to disrupt the quiet enjoyment of the Work
 70 | by the public as contemplated by Affirmer's express Statement of Purpose.
 71 | 
 72 | 3. Public License Fallback. Should any part of the Waiver for any reason be
 73 | judged legally invalid or ineffective under applicable law, then the Waiver
 74 | shall be preserved to the maximum extent permitted taking into account
 75 | Affirmer's express Statement of Purpose. In addition, to the extent the Waiver
 76 | is so judged Affirmer hereby grants to each affected person a royalty-free,
 77 | non transferable, non sublicensable, non exclusive, irrevocable and
 78 | unconditional license to exercise Affirmer's Copyright and Related Rights in
 79 | the Work (i) in all territories worldwide, (ii) for the maximum duration
 80 | provided by applicable law or treaty (including future time extensions), (iii)
 81 | in any current or future medium and for any number of copies, and (iv) for any
 82 | purpose whatsoever, including without limitation commercial, advertising or
 83 | promotional purposes (the "License"). The License shall be deemed effective as
 84 | of the date CC0 was applied by Affirmer to the Work. Should any part of the
 85 | License for any reason be judged legally invalid or ineffective under
 86 | applicable law, such partial invalidity or ineffectiveness shall not
 87 | invalidate the remainder of the License, and in such case Affirmer hereby
 88 | affirms that he or she will not (i) exercise any of his or her remaining
 89 | Copyright and Related Rights in the Work or (ii) assert any associated claims
 90 | and causes of action with respect to the Work, in either case contrary to
 91 | Affirmer's express Statement of Purpose.
 92 | 
 93 | 4. Limitations and Disclaimers.
 94 | 
 95 |   a. No trademark or patent rights held by Affirmer are waived, abandoned,
 96 |   surrendered, licensed or otherwise affected by this document.
 97 | 
 98 |   b. Affirmer offers the Work as-is and makes no representations or warranties
 99 |   of any kind concerning the Work, express, implied, statutory or otherwise,
100 |   including without limitation warranties of title, merchantability, fitness
101 |   for a particular purpose, non infringement, or the absence of latent or
102 |   other defects, accuracy, or the present or absence of errors, whether or not
103 |   discoverable, all to the greatest extent permissible under applicable law.
104 | 
105 |   c. Affirmer disclaims responsibility for clearing rights of other persons
106 |   that may apply to the Work or any use thereof, including without limitation
107 |   any person's Copyright and Related Rights in the Work. Further, Affirmer
108 |   disclaims responsibility for obtaining any necessary consents, permissions
109 |   or other rights required for any use of the Work.
110 | 
111 |   d. Affirmer understands and acknowledges that Creative Commons is not a
112 |   party to this document and has no duty or obligation with respect to this
113 |   CC0 or use of the Work.
114 | 
115 | For more information, please see
116 | <http://creativecommons.org/publicdomain/zero/1.0/>
117 | 


--------------------------------------------------------------------------------
/Policies/acceptable-use-policies/github-acceptable-use-policies.md:
--------------------------------------------------------------------------------
  1 | ---
  2 | title: GitHub Acceptable Use Policies
  3 | redirect_from:
  4 |   - /articles/github-acceptable-use-policies
  5 |   - /github/site-policy/github-acceptable-use-policies
  6 | versions:
  7 |   fpt: '*'
  8 | topics:
  9 |   - Policy
 10 |   - Legal
 11 | ---
 12 | 
 13 | **Short version:** _We host a wide variety of collaborative projects from all over the world, and that collaboration only works when our users are able to work together in good faith. While using the Service, you must comply with our Acceptable Use Policies, which include some restrictions on content and conduct on GitHub related to user safety, intellectual property, privacy, authenticity, and other limitations. In short, be excellent to each other._
 14 | 
 15 | Capitalized terms used but not defined in these Acceptable Use Policies have the meanings assigned to them in your main agreement with us — the [GitHub Terms of Service](/site-policy/github-terms/github-terms-of-service) or GitHub Customer Agreement, or the [GitHub Corporate Terms of Service](/site-policy/github-terms/github-corporate-terms-of-service) or other legacy GitHub contract, or a Microsoft volume licensing agreement. For customers subject to the legacy Corporate Terms of Service, "you" and "your" refer to "Customer" or "Users". "We", "us", and "our" refer to "GitHub".
 16 | 
 17 | ## 1. Compliance with Laws and Regulations
 18 | 
 19 | You are responsible for using the Service in compliance with all applicable laws, regulations, and all of our Acceptable Use Policies. These policies may be updated from time to time and are provided below.
 20 | 
 21 | ## 2. User Safety
 22 | 
 23 | We do not allow content or activity on GitHub that:
 24 | 
 25 | <!-- markdownlint-disable GHD034 -->
 26 | 
 27 | * is unlawful or promotes unlawful activities;
 28 | 
 29 | * is [sexually obscene](/site-policy/acceptable-use-policies/github-sexually-obscene-content) or relates to sexual exploitation or abuse, including of minors;
 30 | 
 31 | * is libelous, defamatory, or fraudulent;
 32 | 
 33 | * is [discriminatory or abusive](/site-policy/acceptable-use-policies/github-hate-speech-and-discrimination) toward any individual or group;
 34 | 
 35 | * is [false, inaccurate, or intentionally deceptive information](/site-policy/acceptable-use-policies/github-misinformation-and-disinformation) and likely to adversely affect the public interest (including health, safety, election integrity, and civic participation);
 36 | 
 37 | * [harasses or abuses](/site-policy/acceptable-use-policies/github-bullying-and-harassment) another individual or group, including our employees, officers, and agents, or other users;
 38 | 
 39 | * [threatens or incites violence](/site-policy/acceptable-use-policies/github-threats-of-violence-and-gratuitously-violent-content) toward any individual or group, especially on the basis of who they are;
 40 | 
 41 | * [gratuitously depicts or glorifies violence](/site-policy/acceptable-use-policies/github-threats-of-violence-and-gratuitously-violent-content), including violent images; or
 42 | 
 43 | * is off-topic, or interacts with platform features in a way that significantly or repeatedly [disrupts the experience of other users](/site-policy/acceptable-use-policies/github-disrupting-the-experience-of-other-users).
 44 | 
 45 | ## 3. Intellectual Property, Authenticity, and Private Information
 46 | 
 47 | We do not allow content or activity on GitHub that:
 48 | 
 49 | * infringes any proprietary right of any party, including patent, trademark, trade secret, copyright, right of publicity, or other right;
 50 | 
 51 | * unlawfully shares unauthorized product licensing keys, software for generating unauthorized product licensing keys, or software for bypassing checks for product licensing keys, including extension of a free license beyond its trial period;
 52 | 
 53 | * [impersonates any person or entity](/site-policy/acceptable-use-policies/github-impersonation), including any of our employees or representatives, including through false association with GitHub, or by fraudulently misrepresenting your identity or site's purpose; or
 54 | 
 55 | * [violates the privacy of any third party](/site-policy/acceptable-use-policies/github-doxxing-and-invasion-of-privacy), such as by posting another person's personal information without consent.
 56 | 
 57 | ## 4. Spam and Inauthentic Activity on GitHub
 58 | 
 59 | We do not allow content or activity on GitHub that is:
 60 | * automated excessive bulk activity and coordinated inauthentic activity, such as
 61 |    * spamming
 62 |    * cryptocurrency mining;
 63 | * bulk distribution of promotions and advertising prohibited by GitHub terms and policies;
 64 | * inauthentic interactions, such as fake accounts and automated inauthentic activity;
 65 | * rank abuse, such as automated starring or following;
 66 | * creation of or participation in secondary markets for the purpose of the proliferation of inauthentic activity;
 67 | * using GitHub as a platform for propagating abuse on other platforms;
 68 | * phishing or attempted phishing; or
 69 | * using our servers for any form of excessive automated bulk activity, to place undue burden on our servers through automated means, or to relay any form of unsolicited advertising or solicitation through our servers, such as get-rich-quick schemes;
 70 | * incentivized by (or incentivizes inauthentic engagement with) rewards such as cryptocurrency airdrops, tokens, credits, gifts or other give-aways.
 71 | 
 72 | ## 5. Site Access and Safety
 73 | 
 74 | We do not allow content or activity on GitHub that:
 75 | 
 76 | * directly supports [unlawful active attack or malware campaigns](/site-policy/acceptable-use-policies/github-active-malware-or-exploits) that are causing technical harms — such as using our platform to deliver malicious executables or as attack infrastructure, for example by organizing denial of service attacks or managing command and control servers — with no implicit or explicit dual-use purpose prior to the abuse occurring; or
 77 | * uses our servers to disrupt or to attempt to disrupt, or to gain or to attempt to gain unauthorized access to, any service, device, data, account or network. Please note, activities permitted under bug bounty programs, such as the [GitHub Bug Bounty program](https://bounty.github.com), are not considered “unauthorized,” but must only affect the organization whose bug bounty program authorized the activity.
 78 | 
 79 | <!-- markdownlint-enable GHD034 -->
 80 | 
 81 | ## 6. Services Usage Limits
 82 | 
 83 | You will not reproduce, duplicate, copy, sell, resell or exploit any portion of the Service, use of the Service, or access to the Service without our express written permission.
 84 | 
 85 | ## 7. Information Usage Restrictions
 86 | 
 87 | You may use information from our Service for the following reasons, regardless of whether the information was scraped, collected through our API, or obtained otherwise:
 88 | 
 89 | * Researchers may use public, non-personal information from the Service for research purposes, only if any publications resulting from that research are [open access](https://en.wikipedia.org/wiki/Open_access).
 90 | * Archivists may use public information from the Service for archival purposes.
 91 | 
 92 | Scraping refers to extracting information from our Service via an automated process, such as a bot or webcrawler. Scraping does not refer to the collection of information through our API. Please see Section H of our [Terms of Service](/site-policy/github-terms/github-terms-of-service#h-api-terms) for our API Terms.
 93 | 
 94 | You may not use information from the Service (whether scraped, collected through our API, or obtained otherwise) for spamming purposes, including for the purposes of sending unsolicited emails to users or selling personal information, such as to recruiters, headhunters, and job boards.
 95 | 
 96 | Your use of information from the Service must comply with the [GitHub Privacy Statement](/site-policy/privacy-policies/github-privacy-statement).
 97 | 
 98 | ## 8. Privacy
 99 | 
100 | Misuse of personal information is prohibited.
101 | 
102 | Any person, entity, or service collecting data from the Service must comply with the [GitHub Privacy Statement](/site-policy/privacy-policies/github-privacy-statement), particularly in regards to the collection of personal information. If you collect any personal information from the Service, you agree that you will only use that personal information for the purpose for which that User has authorized it. You agree that you will reasonably secure any personal information you have gathered from the Service, and you will respond promptly to complaints, removal requests, and "do not contact" requests from us or other users.
103 | 
104 | ## 9. Excessive Bandwidth Use
105 | 
106 | The Service's bandwidth limitations vary based on the features you use. If we determine your bandwidth usage to be significantly excessive in relation to other users of similar features, we reserve the right to suspend your Account, throttle your file hosting, or otherwise limit your activity until you can reduce your bandwidth consumption. We also reserve the right—after providing advance notice—to delete repositories that we determine to be placing undue strain on our infrastructure. For guidance on acceptable use of object storage in repositories, refer to [AUTOTITLE](/repositories/working-with-files/managing-large-files/about-large-files-on-github). For more details on specific features' bandwidth limitations, see the [GitHub Additional Product Terms](/site-policy/github-terms/github-terms-for-additional-products-and-features).
107 | 
108 | ## 10. Advertising on GitHub
109 | 
110 | **Short version:** _We do not generally prohibit use of GitHub for advertising. However, we expect our users to follow certain limitations, so GitHub does not become a spam haven. No one wants that._
111 | 
112 | While we understand that you may want to promote your Content by posting supporters' names or logos in your Account, the primary focus of the Content posted in or through your Account to the Service should not be advertising or promotional marketing. This includes Content posted in or through Pages, Packages, repositories, and all other parts of the Service. You may include static images, links, and promotional text in the README documents or project description sections associated with your Account, but they must be related to the project you are hosting on GitHub. You may not advertise in other Users' Accounts, such as by posting monetized or excessive bulk content in issues.
113 | 
114 | You may not promote or distribute content or activity that is illegal or otherwise prohibited by our [Terms of Service](/site-policy/github-terms/github-terms-of-service) or [Acceptable Use Policies](/site-policy/acceptable-use-policies/github-acceptable-use-policies), including excessive automated bulk activity (for example, spamming), get-rich-quick schemes, and misrepresentation or deception related to your promotion.
115 | 
116 | If you decide to post any promotional materials in your Account, you are solely responsible for complying with all applicable laws and regulations, including without limitation the U.S. Federal Trade Commission's Guidelines on Endorsements and Testimonials. We reserve the right to remove any promotional materials or advertisements that, in our sole discretion, violate any GitHub terms or policies.
117 | 
118 | ## 11. User Protection
119 | 
120 | You must not engage in activity that significantly harms other users.
121 | 
122 | We will interpret our policies and resolve disputes in favor of protecting users as a whole.
123 | 
124 | ---
125 | 
126 | **Enforcement.** GitHub retains full discretion to [take action](/site-policy/github-terms/github-community-guidelines#what-happens-if-someone-violates-githubs-policies) in response to a violation of these policies, including account suspension, account [termination](/site-policy/github-terms/github-terms-of-service#3-github-may-terminate), or [removal](/site-policy/github-terms/github-terms-of-service#2-github-may-remove-content) of content. Please also see our [Community Guidelines](/site-policy/github-terms/github-community-guidelines) for actions you can take if something or someone offends you.
127 | 
128 | **Reinstatement and appeal.** If your content or account has been disabled or restricted and you seek reinstatement or wish to appeal, please see our [Appeal and Reinstatement page](/site-policy/acceptable-use-policies/github-appeal-and-reinstatement) for information about the process and use our [Appeal and Reinstatement form](https://support.github.com/contact/reinstatement) to submit a request.
129 | 


--------------------------------------------------------------------------------
/Policies/acceptable-use-policies/github-active-malware-or-exploits.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Active Malware or Exploits
 3 | shortTitle: Active Malware or Exploits
 4 | versions:
 5 |   fpt: '*'
 6 | topics:
 7 |   - Policy
 8 |   - Legal
 9 | redirect_from:
10 |   - /github/site-policy/github-active-malware-or-exploits
11 |   - /github/site-policy/github-community-guidelines#active-malware-or-exploits
12 | ---
13 | 
14 | Being part of a community includes not taking advantage of other members of the community. We do not allow anyone to use our platform in direct support of unlawful attacks that cause technical harms, such as using GitHub as a means to deliver malicious executables or as attack infrastructure, for example by organizing denial of service attacks or managing command and control servers. Technical harms means overconsumption of resources, physical damage, downtime, denial of service, or data loss, with no implicit or explicit dual-use purpose prior to the abuse occurring.
15 | 
16 |   Note that GitHub allows dual-use content and supports the posting of content that is used for research into vulnerabilities, malware, or exploits, as the publication and distribution of such content has educational value and provides a net benefit to the security community. We assume positive intention and use of these projects to promote and drive improvements across the ecosystem.
17 | 
18 |   In rare cases of very widespread abuse of dual-use content, we may restrict access to that specific instance of the content to disrupt an ongoing unlawful attack or malware campaign that is leveraging the GitHub platform as an exploit or malware CDN. In most of these instances, restriction takes the form of putting the content behind authentication, but may, as an option of last resort, involve disabling access or full removal where this is not possible (e.g. when posted as a gist). We will also contact the project owners about restrictions put in place where possible.
19 | 
20 |   Restrictions are temporary where feasible, and do not serve the purpose of purging or restricting any specific dual-use content, or copies of that content, from the platform in perpetuity. While we aim to make these rare cases of restriction a collaborative process with project owners, if you do feel your content was unduly restricted, we have an [appeals process](/site-policy/acceptable-use-policies/github-appeal-and-reinstatement) in place.
21 | 
22 |   To facilitate a path to abuse resolution with project maintainers themselves, prior to escalation to GitHub abuse reports, we recommend, but do not require, that repository owners take the following steps when posting potentially harmful security research content:
23 | 
24 | * Clearly identify and describe any potentially harmful content in a disclaimer in the project’s README.md file or source code comments.
25 | * Provide a preferred contact method for any 3rd party abuse inquiries through a SECURITY.md file in the repository (e.g. "Please create an issue on this repository for any questions or concerns"). Such a contact method allows 3rd parties to reach out to project maintainers directly and potentially resolve concerns without the need to file abuse reports.
26 | 
27 |   _GitHub considers the npm registry to be a platform used primarily for installation and run-time use of code, and not for research._
28 | 


--------------------------------------------------------------------------------
/Policies/acceptable-use-policies/github-appeal-and-reinstatement.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Appeal and Reinstatement
 3 | versions:
 4 |   fpt: '*'
 5 | redirect_from:
 6 |   - /articles/github-appeal-and-reinstatement
 7 | topics:
 8 |   - Policy
 9 |   - Legal
10 | ---
11 | ## Appeal and Reinstatement
12 | 
13 | While the majority of interactions between individuals in GitHub’s community fall within our Acceptable Use Policies and Community Guidelines, violations of those policies do occur at times. When they do, GitHub staff may need to take enforcement action to address the violations. However, we understand that sometimes we might make mistakes. In some cases there may be a basis to reverse a moderation action taken (or not taken) by GitHub Staff. To ensure our policies and outcomes are applied evenly, GitHub provides an internal complaint-handling process where users can submit requests for reinstatement or provide additional information to appeal a moderation decision.
14 | 
15 | ## What are Appeals and Reinstatements?
16 | 
17 | Both Appeals and Reinstatements may arise in relation to decisions to disable or limit access to content or an account, including decisions whether or not to:
18 | 
19 | * Remove, disable access to, or restrict visibility of content
20 | * Suspend or terminate access to an account
21 | * Suspend or terminate access to the service, in whole or in part
22 | * Suspend, terminate or otherwise restrict the ability to monetize content
23 | 
24 | A “Reinstatement” is where a user wishes to regain access to their account or content and is willing to make any necessary changes to address the violation and agrees not to violate our terms going forward.
25 | 
26 | An “Appeal” is where a user disputes that a violation has occurred and can provide additional information to show that a different decision should have been reached.
27 | 
28 | ## How this works
29 | 
30 | If you seek Reinstatement or wish to Appeal an enforcement action, please fill out our [Appeal and Reinstatement form](https://support.github.com/contact/reinstatement). You may Appeal a moderation decision for up to six months following the decision. GitHub may, in its discretion, refuse to consider any Appeals submitted more than six months after the decision.
31 | 
32 | GitHub staff will review the information provided in the form to determine whether there is sufficient information to warrant Reinstatement or granting of an Appeal.
33 | 
34 | ### Reinstatements
35 | 
36 | Where a user can agree to abide by our Acceptable Use Policies moving forward and has made the changes necessary to address the violation(s), we may choose to reinstate their account or content depending on the circumstances and severity of the initial violation.
37 | 
38 | All legitimate Reinstatement requests will be reviewed initially by GitHub staff and will be answered with a decision.
39 | 
40 | ### Appeals
41 | 
42 | Where a user seeks to dispute a decision, they can use the form to explain their basis for disputing the decision and to provide any additional information regarding the alleged violation that they believe should have led to a different decision.
43 | 
44 | If the information provided demonstrates that a different conclusion should have been reached, we may be able to grant an Appeal. GitHub will reverse or modify its decision when the Appeal contains sufficient grounds for us to determine that (i) our decision to act or not to act was mistaken; (ii) that the content or conduct was not illegal and not incompatible with our Terms; or (iii) that the content or conduct warrants a lesser severity of action than the measure taken.
45 | 
46 | All decisions on Appeal are made by humans and not by any automated means. If the GitHub Staff reviewer on the Appeal is the same person who made the initial determination and that staff member believes their initial conclusion was correct (and thus would be inclined to deny the Appeal), a different member of GitHub’s staff will independently review the Appeal.
47 | 
48 | All legitimate Appeals will be answered with a final decision.
49 | 
50 | ## Transparency
51 | 
52 | We track Appeals and Reinstatements in our [Transparency Center](https://transparencycenter.github.com/appeals/).
53 | 
54 | ### Legal Rights
55 | 
56 | If you believe that a final decision made on Appeal is still incorrect you may, in certain circumstances, have additional rights to seek review of the decision under your local law. For example, if you are located in the European Union, it might be possible to access an out-of-court dispute settlement process under the [Digital Services Act](https://eur-lex.europa.eu/eli/reg/2022/2065/oj#d1e2819-1-1).
57 | 


--------------------------------------------------------------------------------
/Policies/acceptable-use-policies/github-bullying-and-harassment.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Bullying and Harassment
 3 | shortTitle: Bullying and Harassment
 4 | versions:
 5 |   fpt: '*'
 6 | topics:
 7 |   - Policy
 8 |   - Legal
 9 | redirect_from:
10 |   - /github/site-policy/github-bullying-and-harassment
11 |   - /github/site-policy/github-community-guidelines#bullying-and-harassment
12 | ---
13 | 
14 | We do not tolerate harassment, bullying, or abuse of any kind, whether directly or by encouraging others to take part in the prohibited conduct. This includes:
15 | 
16 | * Targeted personal attacks
17 | * Piling on to or orchestrating [disruptive](/site-policy/acceptable-use-policies/github-disrupting-the-experience-of-other-users) activity in a way that amounts to abuse
18 | * Following another user around the platform in a manner that causes intimidation
19 | * Making sexual advances or comments directed at another individual
20 | * Disingenuously participating in conversation in a way that instigates conflict or undermines sincere discussion
21 | * Creating alternative accounts specifically to evade moderation action taken by GitHub staff or users
22 | 
23 | Please note, not all unwelcome conduct is necessarily considered harassment. For example, disagreeing with another user or downvoting their comments may not rise to the level of harassment on our platform. In addition, sharing criticism of public figures or projects, or topics of public interest, does not necessarily fall under this policy. However, we encourage you to be mindful in how you engage with other users and the platform, as this activity may still violate our restriction on disrupting the experience of other users.
24 | 


--------------------------------------------------------------------------------
/Policies/acceptable-use-policies/github-disrupting-the-experience-of-other-users.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Disrupting the Experience of Other Users
 3 | shortTitle: Disrupting the Experience of Other Users
 4 | versions:
 5 |   fpt: '*'
 6 | topics:
 7 |   - Policy
 8 |   - Legal
 9 | redirect_from:
10 |   - /github/site-policy/github-disrupting-the-experience-of-other-users
11 |   - /github/site-policy/github-community-guidelines#disrupting-the-experience-of-other-users
12 | ---
13 | 
14 | Being part of a community includes recognizing how your behavior affects others and engaging in meaningful and productive interactions with people and the platform they rely on.
15 | 
16 | We do not allow behavior that significantly or continually disrupts the experience of other users. This includes:
17 | 
18 | * Posting off-topic comments
19 | * Opening empty or meaningless issues or pull requests
20 | * Starring and/or following accounts or repositories in large volume in a short period of time
21 | * Creating nonsensical or irrelevant code reviews
22 | * Engaging with platform features in a way that causes excessive notifications for other users
23 | * Using any other platform feature in a way that creates disruption
24 | 
25 | While we encourage maintainers to moderate their own projects on an individual basis, GitHub staff may take further restrictive action against accounts that are engaging in these types of behaviors.
26 | 
27 | Please note that the above conduct may also violate other restrictions in our [Acceptable Use Policies](/site-policy/acceptable-use-policies/github-acceptable-use-policies). For example, depending on the nature and severity of the activity, it may rise to the level of [bullying and harassment](/site-policy/acceptable-use-policies/github-bullying-and-harassment).
28 | 


--------------------------------------------------------------------------------
/Policies/acceptable-use-policies/github-doxxing-and-invasion-of-privacy.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Doxxing and Invasion of Privacy
 3 | shortTitle: Doxxing and Invasion of Privacy
 4 | versions:
 5 |   fpt: '*'
 6 | topics:
 7 |   - Policy
 8 |   - Legal
 9 | redirect_from:
10 |   - /github/site-policy/github-doxxing-and-invasion-of-privacy
11 |   - /github/site-policy/github-community-guidelines#doxxing-and-invasion-of-privacy
12 | ---
13 | 
14 | Don't post other people's personal information. This includes:
15 | 
16 | * Personal, private email addresses
17 | * Phone numbers
18 | * Physical addresses or other private location information
19 | * Bank account information or credit card numbers
20 | * Social Security/National Identity numbers
21 | * Passwords
22 | * Voter information
23 | * Medical information and personal biometric data
24 | * Other private information that may pose a safety or security risk
25 | 
26 | We may consider other information, such as photos or videos that were taken or distributed without the subject's consent, to be an invasion of privacy, especially when such material presents a safety risk to the subject, such as in the case of intimidation or harassment.
27 | 
28 | GitHub will take context into account as well as whether the reported content is publicly available elsewhere. Please note, however, that while sharing publicly available content may not be a violation of this policy, if the information is shared with the intent to harass or incite other abusive behavior, it may violate our prohibition against [bullying and harassment](/site-policy/acceptable-use-policies/github-bullying-and-harassment).
29 | 
30 | For more information, or to learn how to report a violation, see our [Private Information Removal Policy](/site-policy/content-removal-policies/github-private-information-removal-policy) and our instructions for [Reporting Abuse](/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam).
31 | 


--------------------------------------------------------------------------------
/Policies/acceptable-use-policies/github-hate-speech-and-discrimination.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Hate Speech and Discrimination
 3 | shortTitle: Hate Speech and Discrimination
 4 | versions:
 5 |   fpt: '*'
 6 | topics:
 7 |   - Policy
 8 |   - Legal
 9 | redirect_from:
10 |   - /github/site-policy/github-hate-speech-and-discrimination
11 |   - /github/site-policy/github-community-guidelines#hate-speech-and-discrimination
12 | ---
13 | 
14 | GitHub does not tolerate speech that attacks or promotes hate toward an individual or group of people on the basis of who they are, including age, body size, ability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, sexual identity, or sexual orientation. This includes:
15 | 
16 | * Mocking, attacking, or excluding a person or group based on their beliefs or the characteristics listed above
17 | * Displaying clear affiliation or identification with known terrorist or violent extremist organizations
18 | * Supporting or promoting hate groups or hate-based conspiracy theories
19 | * Sharing symbols or images synonymous with hate
20 | * Using harmful stereotypes, slurs, or dehumanizing speech
21 | * Attacking an individual based on their perceived gender
22 | * Dog whistling; or using coded or suggestive language and/or symbols to promote abuse or hate
23 | 
24 | While GitHub takes all instances of abuse and harassment on the platform seriously, we are especially committed to fighting hate-based abuse where it disproportionately affects communities that have historically been targeted by such abuse. We aim to make GitHub a place where all individuals feel welcome and safe.
25 | 


--------------------------------------------------------------------------------
/Policies/acceptable-use-policies/github-impersonation.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Impersonation
 3 | shortTitle: Impersonation
 4 | versions:
 5 |   fpt: '*'
 6 | topics:
 7 |   - Policy
 8 |   - Legal
 9 | redirect_from:
10 |   - /github/site-policy/github-impersonation
11 |   - /github/site-policy/github-community-guidelines#impersonation
12 | ---
13 | 
14 | You may not misrepresent your identity or your association with another person or organization. This includes doing any of the following in a way that misleads or deceives others:
15 | 
16 | * Copying another user's avatar or other personal profile information
17 | * Posting content under another user's email address
18 | * Using a deceptively similar username, organization name, or other namespace
19 | * Accessing an account or organization with another user's token or credentials
20 | * Otherwise posing as another individual or organization
21 | 
22 | Impersonation is a form of harassment and violation of this policy may lead to loss of access to your account.
23 | 
24 | Please note, having a username similar to another is not necessarily impersonation. GitHub will take context into account. For example, as in cases involving claims of [misinformation or disinformation](/site-policy/acceptable-use-policies/github-misinformation-and-disinformation), we generally allow parody and satire that is in line with our [Acceptable Use Policies](/site-policy/acceptable-use-policies/github-acceptable-use-policies).
25 | 


--------------------------------------------------------------------------------
/Policies/acceptable-use-policies/github-misinformation-and-disinformation.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Misinformation and Disinformation
 3 | shortTitle: Misinformation and Disinformation
 4 | versions:
 5 |   fpt: '*'
 6 | topics:
 7 |   - Policy
 8 |   - Legal
 9 | redirect_from:
10 |   - /github/site-policy/github-misinformation-and-disinformation
11 |   - /github/site-policy/github-community-guidelines#misinformation-and-disinformation
12 | ---
13 | 
14 | You may not post content that presents a distorted view of reality, whether it is inaccurate or false (misinformation) or is intentionally deceptive (disinformation), where such content is likely to result in harm to the public or to interfere with fair and equal opportunities for all to take part in a free and open society. This may include:
15 | * Inaccurate or scientifically unsupported medical claims that endanger public health or safety
16 | * Manipulated media, whether audio or visual, likely to mislead or deceive in a way that may harm the public interest
17 | * False or misleading content likely to interfere with an individual's ability to participate in civic activities
18 | * Unsubstantiated claims that could promote hate or targeted harassment of specific groups of people
19 | 
20 | We encourage active participation in the expression of ideas, perspectives, and experiences and may not be in a position to dispute personal accounts or observations. We generally allow parody and satire that is in line with our [Acceptable Use Policies](/site-policy/acceptable-use-policies/github-acceptable-use-policies), and we consider context to be important in how information is received and understood. When reviewing content under this policy, GitHub will consider the impact of various factors that may help to orient the viewer, such as whether the content has been provided with clear disclaimers, citations to credible sources, or includes other details that clarify the accuracy of the information being shared.
21 | 
22 | ## Synthetic & Manipulated Media Tools
23 | 
24 | GitHub does not allow any projects that are designed for, encourage, promote, support, or suggest in any way the use of synthetic or manipulated media for the creation of non-consensual intimate imagery or any content that would constitute misinformation or disinformation under this policy.
25 | 


--------------------------------------------------------------------------------
/Policies/acceptable-use-policies/github-sexually-obscene-content.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Sexually Obscene Content
 3 | shortTitle: Sexually Obscene Content
 4 | versions:
 5 |   fpt: '*'
 6 | topics:
 7 |   - Policy
 8 |   - Legal
 9 | redirect_from:
10 |   - /github/site-policy/github-sexually-obscene-content
11 |   - /github/site-policy/github-community-guidelines#sexually-obscene-content
12 | ---
13 | 
14 | We do not tolerate content associated with sexual exploitation or abuse of another individual, including where minors are concerned. We do not allow sexually themed or suggestive content that serves little or no purpose other than to solicit an erotic or shocking response, particularly where that content is amplified by its placement in profiles or other social contexts. This includes:
15 | 
16 | * Pornographic content
17 | * Non-consensual intimate imagery
18 | * Graphic depictions of sexual acts including photographs, video, animation, drawings, computer-generated images, or text-based content
19 | 
20 | We recognize that not all nudity or content related to sexuality is obscene. We may allow visual and/or textual depictions in artistic, educational, historical or journalistic contexts, or as it relates to victim advocacy. In some cases a disclaimer can help communicate the context of the project. However, please understand that we may choose to limit the content by giving users the option to opt in before viewing.
21 | 


--------------------------------------------------------------------------------
/Policies/acceptable-use-policies/github-threats-of-violence-and-gratuitously-violent-content.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Threats of Violence and Gratuitously Violent Content
 3 | shortTitle: Threats of Violence and Gratuitously Violent Content
 4 | versions:
 5 |   fpt: '*'
 6 | topics:
 7 |   - Policy
 8 |   - Legal
 9 | redirect_from:
10 |   - /github/site-policy/github-threats-of-violence-and-gratuitously-violent-content
11 |   - /github/site-policy/github-community-guidelines#threats-of-violence
12 |   - /github/site-policy/github-community-guidelines#gratuitously-violent-content
13 | ---
14 | 
15 | 
16 | You may not use GitHub to organize, promote, encourage, threaten, or incite acts of violence. You may not post content that depicts or glorifies violence or physical harm against human beings or animals. This includes:
17 | 
18 | * Threatening another individual or group with abuse, harm, sexual violence, or death
19 | * Posting text, imagery, or audio content glorifying or containing a graphic depiction of violence toward oneself, another individual, group, or animal
20 | * Encouraging another individual to engage in self harm
21 | 
22 | We do not allow violent content to be posted indiscriminately or in a way that is difficult for other users to avoid, such as a profile avatar or an issue comment. However, we understand there may be legitimate reasons to post violent content, such as for educational or documentary purposes, creative works, or depictions of historical events. In those cases, a clear warning or disclaimer can help users make an educated decision as to whether or not they want to engage with such content. Still, GitHub may decide to limit the visibility of such content to those who choose to opt in.
23 | 


--------------------------------------------------------------------------------
/Policies/content-removal-policies/github-private-information-removal-policy.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Private Information Removal Policy
 3 | redirect_from:
 4 |   - /articles/github-sensitive-data-removal-policy
 5 |   - /github/site-policy/github-sensitive-data-removal-policy
 6 |   - /github/site-policy/github-private-information-removal-policy
 7 | versions:
 8 |   fpt: '*'
 9 | topics:
10 |   - Policy
11 |   - Legal
12 | ---
13 | 
14 | We offer this private information removal process as an exceptional service only for high-risk content that violates [GitHub's Terms of Service](/site-policy/acceptable-use-policies/github-acceptable-use-policies#3-conduct-restrictions), such as when your security is at risk from exposed access credentials. This guide describes the information GitHub needs from you in order to process a request to remove private information from a repository.
15 | 
16 | ## What is Private Information?
17 | 
18 | For the purposes of this document, “private information” refers to content that (i) should have been kept confidential, _and_ (ii) whose public availability poses a specific or targeted security risk to you or your organization.
19 | 
20 | "Security risk" refers to a situation involving exposure to physical danger, identity theft, or increased likelihood of unauthorized access to physical or network facilities.
21 | 
22 | ### Private information removal requests are appropriate for:
23 | 
24 | * Access credentials, such as user names combined with passwords, access tokens, or other sensitive secrets that can grant access to your organization's server, network, or domain.
25 | * AWS tokens and other similar access credentials that grant access to a third party on your behalf. You must be able to show that the token does belong to you.
26 | * Documentation (such as network diagrams or architecture) that poses a specific security risk for an organization.
27 | * [Information](/site-policy/acceptable-use-policies/github-doxxing-and-invasion-of-privacy) related to, and posing a security risk to, you as an individual (such as social security numbers or other government identification numbers).
28 | 
29 | ### Private information removal requests are _not_ appropriate for:
30 | 
31 | * Internal server names, IP addresses, and URLs, on their own. You must be able to show that their use in a particular file or piece of code poses a security threat.
32 | * Mere mentions of your company's identity, name, brand, domain name, or other references to your company in files on GitHub. You must be able to articulate why a use of your company's identity is a threat to your company's security posture.
33 | * Entire files or repositories that do not pose a specific security risk, but you believe are otherwise objectionable.
34 | * Requests to remove content that may infringe your or your organization's copyright rights. If you have questions about how GitHub handles copyright-related matters or would like to report potentially infringing content, please review our [DMCA Takedown Policy](/site-policy/content-removal-policies/dmca-takedown-policy). The private information removal process is generally not intended for the removal of full files or repositories — only for the specific pieces of private information in those files. While there may be cases where files are filled entirely with private information, you must justify the security risk for the removal of such files, and this may increase the time required to process your request.
35 | * Trademark disputes. If you have questions about how GitHub handles trademark-related matters or would like to report content containing your organization's trade or service marks, please review our [Trademark Policy](/site-policy/content-removal-policies/github-trademark-policy).
36 | * Privacy complaints. If you wish to access, transfer, change, or delete your personal information on GitHub, please contact us via [our Privacy contact form](https://github.com/contact/privacy).
37 | * Content governed by our [Community Guidelines](/site-policy/github-terms/github-community-guidelines), such as malware or general-purpose tools. If you have questions about our Community Guidelines or believe that content on GitHub might violate our guidelines, you can contact us through the {% data variables.contact.contact_support_portal %} to report content.
38 | 
39 | ## Things to Know
40 | 
41 | **Ask Nicely First.** A great first step before sending us a request to remove data is to try contacting the user directly. They may have listed contact information on their public profile page or in the repository's README or Support file, or you could get in touch by creating an issue or pull request in the repository. This is not strictly required, but it is appreciated.
42 | 
43 | **No Bots.** You should have a trained professional evaluate the facts of every request you send. If you're outsourcing your efforts to a third party, make sure you know how they operate, and make sure they are not using automated bots to submit complaints in bulk. These complaints often include data that does not pose any security threats, and they do not include sufficient explanations, requiring additional back-and-forth and resulting in delays, even when the complaint is valid.
44 | 
45 | **Send In The Correct Request.** As noted above, we offer this private information removal process as an exceptional service only for high-risk content. We are not able to use this process to remove other kinds of content, such as potentially infringing content, and we are not able to process any other kinds of removal requests simultaneously while processing private information removal requests. We will be able to help you more quickly if you send in your private information removal requests separately from any requests to remove potentially infringing content. If you are unsure whether your request involves only private information or also involves other legal matters, please consult legal counsel.
46 | 
47 | **Processing Time.** While we do process private information removal requests as quickly as possible, due to the volume of requests we process, it may take some time for your request to be reviewed. Additional requests, or multiple requests from additional points of contact, may result in delays.
48 | 
49 | ## How Does This Actually Work?
50 | 
51 | 1. **Complainant Investigates.** It is up to the requesting party to conduct their own investigation and to provide us with the [details we require](#your-request-must-include) — most importantly, an explanation of how the data poses a security risk. GitHub is not in a position to search for or make initial determinations about private information on any individual's or organization's behalf.
52 | 
53 | 1. **Complainant Sends a Private Information Removal Request.** After conducting an investigation, the complainant prepares and [sends a private information removal request](#sending-a-private-information-removal-request) to GitHub. If the request is not sufficiently detailed to demonstrate the security risk and for GitHub to locate the data, we will reply and ask for more information.
54 | 
55 | 1. **GitHub Asks User to Make Changes.** In most cases, we will contact the user who created the repository and give them an opportunity to delete or modify the private information specified in the request or to dispute the claim.
56 | 
57 | 1. **User Notifies GitHub of Changes.** If the user chooses to make the specified changes, they must tell us so within the window of time they've been allowed. If they don't, we will disable the repository. If the user notifies us that they made changes, we will verify that the changes have been made and notify the complainant.
58 | 
59 |    OR
60 | 
61 | 1. **User May Dispute the Request.** If a user believes the content in question is not private information subject to this Policy, they may dispute it. If they do, we will generally leave it up to the complainant to contact the user and work things out with them directly, within reason.
62 | 
63 | 1. **Complainant Reviews Changes.** If the user makes changes, the complainant must review them. If the changes are insufficient, the complainant must provide GitHub with details explaining why. GitHub may disable the repository or give the user an additional chance to make the changes.
64 | 
65 | 1. **User May Request an Additional Window to Make Changes.** If the user missed their opportunity to remove the private information specified in the notice, we may allow them an additional window of approximately 1 business day, upon request, to make those changes. In that event, GitHub will notify the complainant.
66 | 
67 | ### What About Forks? (or What's a Fork?)
68 | 
69 | One of the best features of GitHub is the ability for users to "fork" one another's repositories. What does that mean? In essence, it means that users can make a copy of a project on GitHub into their own repositories. As the license or the law allows, users can then make changes to that fork to either push back to the main project or just keep as their own variation of a project. Each of these copies is a [AUTOTITLE](/get-started/learning-about-github/github-glossary#fork) of the original repository, which in turn may also be called the "parent" of the fork.
70 | 
71 | GitHub will not automatically disable forks when disabling a parent repository. This is because forks belong to different users and may have been altered in significant ways. GitHub does not conduct any independent investigation into forks. We expect those sending private information removal requests to conduct that investigation and, if they believe that the forks also contain private information, expressly include forks in their request.
72 | 
73 | If at the time that you submitted your notice, you identified all existing forks of that repository, we would process a valid claim against all forks in that network at the time we process the notice. We would do this given the likelihood that all newly created forks would contain the same content. In addition, if the reported network that contains the reported content is larger than one hundred (100) repositories and thus would be difficult to review in its entirety, we may consider disabling the entire network if you state in your notice that, based on the representative number of forks you have reviewed, you believe that all or most of the forks contain the content reported in the parent repository.
74 | 
75 | ## Sending A Private Information Removal Request
76 | 
77 | Due to the type of content GitHub hosts (mostly software code) and the way that content is managed (with Git), we need complaints to be as specific as possible. In order for us to verify that a user has removed reported private information completely, we need to know exactly where to look.
78 | 
79 | These guidelines are designed to make the processing of requests to remove private information as straightforward as possible.
80 | 
81 | ### Your Request Must Include:
82 | 
83 | 1. A working, clickable link to each file containing private information. (Note that we're not able to work from search results, examples, or screenshots.)
84 | 1. Specific line numbers within each file containing the private information.
85 | 1. A brief description of how each item you've identified poses a security risk to you or your organization. ***It is important that you provide an explanation of how the data poses a security risk beyond merely stating that it does.*** <!-- markdownlint-disable-line emphasis-style -->
86 | 1. If you are a third party acting as an agent for an organization facing a security risk, include a statement that you have a legal right to act on behalf of that organization.
87 | 1. OPTIONAL: Let us know if your request is particularly urgent, and why. We respond to all private information removal requests as quickly as possible. However, if this request is especially time-sensitive, such as a very recent credential exposure, please explain why.
88 | 
89 | ## How to Submit Your Request
90 | 
91 | You can submit your request to remove private information via our [contact form](https://support.github.com/contact?tags=docs-private-information). Please include a plain-text version of your request in the body of your message. Sending your request in an attachment may result in processing delays.
92 | 
93 | ## Disputes
94 | 
95 | If you received a private information removal request from us, you can dispute it by replying to our email and letting us know — in as much detail as possible — why you think the content in question is not private information subject to this Policy.
96 | 


--------------------------------------------------------------------------------
/Policies/content-removal-policies/github-trademark-policy.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Trademark Policy
 3 | redirect_from:
 4 |   - /articles/github-trademark-policy
 5 |   - /github/site-policy/github-trademark-policy
 6 | versions:
 7 |   fpt: '*'
 8 | topics:
 9 |   - Policy
10 |   - Legal
11 | ---
12 | ## What is a GitHub Trademark Policy Violation?
13 | 
14 | Using a company or business name, logo, or other trademark-protected materials in a manner that may mislead or confuse others with regard to its brand or business affiliation may be considered a trademark policy violation.
15 | 
16 | ## What is not a GitHub Trademark Policy Violation?
17 | 
18 | Using another's trademark in a way that has nothing to do with the product or service for which the trademark was granted is not a trademark policy violation. GitHub user names are available on a first come, first served basis and may not be reserved. A GitHub account with a user name that happens to be the same as a registered trademark is not, by itself, necessarily a violation of our trademark policy.
19 | 
20 | ## How Does GitHub Respond To Reported Trademark Policy Violations?
21 | 
22 | When we receive reports of trademark policy violations from holders of federal or international trademark registrations, we review the account and may take the following actions:
23 | 
24 | * When there is a clear intent to mislead others through the unauthorized use of a trademark, GitHub will suspend the account and notify the account holder.
25 | * When we determine that an account appears to be confusing users, but is not purposefully passing itself off as the trademarked good or service, we give the account holder an opportunity to clear up any potential confusion. We may also release a username for the trademark holder's active use.
26 | 
27 | ## How Do I Report a Trademark Policy Violation?
28 | 
29 | Holders of registered trademarks can report possible trademark policy violations to GitHub via [Submit a Trademark Policy Violation Report](https://support.github.com/contact/trademark-policy). Please use the contact form and submit trademark-related requests using your company email address and include all the information requested below to help expedite our response. Also be sure to clearly describe to us why the account may cause confusion with your mark or how the account may dilute or tarnish your mark.
30 | 
31 | ## What Information is Required When Reporting Trademark Policy Violations?
32 | 
33 | In order to investigate trademark policy violations, please provide all of the following information:
34 | 
35 | * Username of the reported account
36 | * Your company name
37 | * Your company GitHub account (if there is one)
38 | * Company website
39 | * Your trademarked word, symbol, etc.
40 | * Trademark registration number
41 | * Trademark registration office (e.g., USPTO)
42 | * Description of confusion (e.g., passing off as your company, including specific descriptions of content or behavior)
43 | * Requested Action (e.g., removal of violating account or transfer of trademarked username to an existing company account)
44 | * Include the following statement: "I have a good faith belief that use of the trademark described above is not authorized by the trademark owner, or its agent, or the law. I have taken nominative and other fair uses into consideration."
45 | * Also include the following statement: "I swear, under penalty of perjury, that the information in this notification is accurate and that I am the trademark owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed."
46 | * Include your physical or electronic signature.
47 | 
48 | * Note: A federal or international trademark registration number is required. If the name you are reporting is **not** a registered mark (e.g., a government agency or non-profit organization), please let us know:
49 |     * Your first and last name
50 |     * Title
51 |     * Address
52 |     * Phone
53 |     * Email (must be from company domain)
54 | 


--------------------------------------------------------------------------------
/Policies/content-removal-policies/guide-to-submitting-a-dmca-counter-notice.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: Guide to Submitting a DMCA Counter Notice
 3 | redirect_from:
 4 |   - /dmca-counter-notice-how-to
 5 |   - /articles/dmca-counter-notice-how-to
 6 |   - /articles/guide-to-submitting-a-dmca-counter-notice
 7 |   - /github/site-policy/guide-to-submitting-a-dmca-counter-notice
 8 | versions:
 9 |   fpt: '*'
10 | topics:
11 |   - Policy
12 |   - Legal
13 | ---
14 | 
15 | This guide describes the information that GitHub needs in order to process a counter notice to a DMCA takedown request. If you have more general questions about what the DMCA is or how GitHub processes DMCA takedown requests, please review our [DMCA Takedown Policy](/site-policy/content-removal-policies/dmca-takedown-policy).
16 | 
17 | If you believe your content on GitHub was mistakenly disabled by a DMCA takedown request, you have the right to contest the takedown by submitting a counter notice. If you do, we will wait 10-14 days and then re-enable your content unless the copyright owner initiates a legal action against you before then. Our counter-notice form, set forth below, is consistent with the form suggested by the DMCA statute, which can be found at the U.S. Copyright Office's official website: <https://www.copyright.gov>.
18 | 
19 | As with all legal matters, it is always best to consult with a professional about your specific questions or situation. We strongly encourage you to do so before taking any action that might impact your rights. This guide isn't legal advice and shouldn't be taken as such.
20 | 
21 | ## Before You Start
22 | 
23 | ***Tell the Truth.*** <!-- markdownlint-disable-line emphasis-style -->
24 | The DMCA requires that you swear to your counter notice _under penalty of perjury_. It is a federal crime to intentionally lie in a sworn declaration. (_See_ [U.S. Code, Title 18, Section 1621](https://www.gpo.gov/fdsys/pkg/USCODE-2011-title18/html/USCODE-2011-title18-partI-chap79-sec1621.htm).) Submitting false information could also result in civil liability—that is, you could get sued for money damages.
25 | 
26 | ***Investigate.*** <!-- markdownlint-disable-line emphasis-style -->
27 | Submitting a DMCA counter notice can have real legal consequences. If the complaining party disagrees that their takedown notice was mistaken, they might decide to file a lawsuit against you to keep the content disabled. You should conduct a thorough investigation into the allegations made in the takedown notice and probably talk to a lawyer before submitting a counter notice.
28 | 
29 | ***You Must Have a Good Reason to Submit a Counter Notice.*** <!-- markdownlint-disable-line emphasis-style -->
30 | In order to file a counter notice, you must have "a good faith belief that the material was removed or disabled as a result of mistake or misidentification of the material to be removed or disabled." ([U.S. Code, Title 17, Section 512(g)](https://www.copyright.gov/title17/92chap5.html#512).) Whether you decide to explain why you believe there was a mistake is up to you and your lawyer, but you _do_ need to identify a mistake before you submit a counter notice. In the past, we have received counter notices citing mistakes in the takedown notice such as: the complaining party doesn't have the copyright; I have a license; the code has been released under an open-source license that permits my use; or the complaint doesn't account for the fact that my use is protected by the fair-use doctrine. Of course, there could be other defects with the takedown notice.
31 | 
32 | ***Copyright Laws Are Complicated.*** <!-- markdownlint-disable-line emphasis-style -->
33 | Sometimes a takedown notice might allege infringement in a way that seems odd or indirect. Copyright laws are complicated and can lead to some unexpected results. In some cases a takedown notice might allege that your source code infringes because of what it can do after it is compiled and run. For example:
34 |   * The notice may claim that your software is used to [circumvent access controls](https://www.copyright.gov/title17/92chap12.html) to copyrighted works.
35 |   * [Sometimes](https://www.copyright.gov/docs/mgm/) distributing software can be copyright infringement, if you induce end users to use the software to infringe copyrighted works.
36 |   * A copyright complaint might also be based on [non-literal copying](https://en.wikipedia.org/wiki/Substantial_similarity) of design elements in the software, rather than the source code itself — in other words, someone has sent a notice saying they think your _design_ looks too similar to theirs.
37 | 
38 | These are just a few examples of the complexities of copyright law. Since there are many nuances to the law and some unsettled questions in these types of cases, it is especially important to get professional advice if the infringement allegations do not seem straightforward.
39 | 
40 | ***A Counter Notice Is A Legal Statement.*** <!-- markdownlint-disable-line emphasis-style -->
41 | We require you to fill out all fields of a counter notice completely, because a counter notice is a legal statement — not just to us, but to the complaining party. As we mentioned above, if the complaining party wishes to keep the content disabled after receiving a counter notice, they will need to initiate a legal action seeking a court order to restrain you from engaging in infringing activity relating to the content on GitHub. In other words, you might get sued (and you consent to that in the counter notice).
42 | 
43 | ***Your Counter Notice Will Be Published.*** <!-- markdownlint-disable-line emphasis-style -->
44 | As noted in our [DMCA Takedown Policy](/site-policy/content-removal-policies/dmca-takedown-policy#d-transparency), **after redacting personal information,** we publish all complete and actionable counter notices at <https://github.com/github/dmca>. Please also note that, although we will only publicly publish redacted notices, we may provide a complete unredacted copy of any notices we receive directly to any party whose rights would be affected by it. If you are concerned about your privacy, you may have a lawyer or other legal representative file the counter notice on your behalf.
45 | 
46 | ***GitHub Isn't The Judge.*** <!-- markdownlint-disable-line emphasis-style -->
47 | GitHub exercises little discretion in this process other than determining whether the notices meet the minimum requirements of the DMCA. It is up to the parties (and their lawyers) to evaluate the merit of their claims, bearing in mind that notices must be made under penalty of perjury.
48 | 
49 | ***Additional Resources.*** <!-- markdownlint-disable-line emphasis-style -->
50 | If you need additional help, there are many self-help resources online. Lumen has an informative set of guides on [copyright](https://www.lumendatabase.org/topics/5) and [DMCA safe harbor](https://www.lumendatabase.org/topics/14). If you are involved with an open-source project in need of legal advice, you can contact the [Software Freedom Law Center](https://www.softwarefreedom.org/about/contact/). And if you think you have a particularly challenging case, non-profit organizations such as the [Electronic Frontier Foundation](https://www.eff.org/pages/legal-assistance) may also be willing to help directly or refer you to a lawyer.
51 | 
52 | ## Your Counter Notice Must...
53 | 
54 | 1. **Include the following statement: "I have read and understand GitHub's Guide to Filing a DMCA Counter Notice."**
55 | We won't refuse to process an otherwise complete counter notice if you don't include this statement; however, we will know that you haven't read these guidelines and may ask you to go back and do so.
56 | 
57 | 1. ***Identify the content that was disabled and the location where it appeared.*** <!-- markdownlint-disable-line emphasis-style -->
58 | The disabled content should have been identified by URL in the takedown notice. You simply need to copy the URL(s) that you want to challenge.
59 | 
60 | 1. **Provide your contact information.**
61 | Include your email address, name, telephone number, and physical address.
62 | 
63 | 1. ***Include the following statement: "I swear, under penalty of perjury, that I have a good-faith belief that the material was removed or disabled as a result of a mistake or misidentification of the material to be removed or disabled."*** <!-- markdownlint-disable-line emphasis-style -->
64 | You may also choose to communicate the reasons why you believe there was a mistake or misidentification. If you think of your counter notice as a "note" to the complaining party, this is a chance to explain why they should not take the next step and file a lawsuit in response. This is yet another reason to work with a lawyer when submitting a counter notice.
65 | 
66 | 1. ***Include the following statement: "I consent to the jurisdiction of Federal District Court for the judicial district in which my address is located (if in the United States, otherwise the Northern District of California where GitHub is located), and I will accept service of process from the person who provided the DMCA notification or an agent of such person."*** <!-- markdownlint-disable-line emphasis-style -->
67 | 
68 | 1. **Include your physical or electronic signature.**
69 | 
70 | ## How to Submit Your Counter Notice
71 | 
72 | The fastest way to get a response is to enter your information and answer all the questions on our {% data variables.contact.contact_dmca %}.
73 | 
74 | You can also send an email notification to <copyright@github.com>. You may include an attachment if you like, but please also include a plain-text version of your letter in the body of your message.
75 | 
76 | If you must send your notice by physical mail, you can do that too, but it will take _substantially_ longer for us to receive and respond to it—and the 10-14 day waiting period starts from when we _receive_ your counter notice. Notices we receive via plain-text email have a much faster turnaround than PDF attachments or physical mail. If you still wish to mail us your notice, our physical address is:
77 | 
78 | ```text
79 | GitHub, Inc
80 | Attn: DMCA Agent
81 | 88 Colin P Kelly Jr St
82 | San Francisco, CA. 94107
83 | ```
84 | 


--------------------------------------------------------------------------------
/Policies/content-removal-policies/guide-to-submitting-a-dmca-takedown-notice.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: Guide to Submitting a DMCA Takedown Notice
 3 | redirect_from:
 4 |   - /dmca-notice-how-to
 5 |   - /articles/dmca-notice-how-to
 6 |   - /articles/guide-to-submitting-a-dmca-takedown-notice
 7 |   - /github/site-policy/guide-to-submitting-a-dmca-takedown-notice
 8 | versions:
 9 |   fpt: '*'
10 | topics:
11 |   - Policy
12 |   - Legal
13 | ---
14 | 
15 | This guide describes the information that GitHub needs in order to process a DMCA takedown request. If you have more general questions about what the DMCA is or how GitHub processes DMCA takedown requests, please review our [DMCA Takedown Policy](/site-policy/content-removal-policies/dmca-takedown-policy).
16 | 
17 | Due to the type of content GitHub hosts (mostly software code) and the way that content is managed (with Git), we need complaints to be as specific as possible. These guidelines are designed to make the processing of alleged infringement notices as straightforward as possible. Our form of notice set forth below is consistent with the form suggested by the DMCA statute, which can be found at the U.S. Copyright Office's official website: <https://www.copyright.gov>.
18 | 
19 | As with all legal matters, it is always best to consult with a professional about your specific questions or situation. We strongly encourage you to do so before taking any action that might impact your rights. This guide isn't legal advice and shouldn't be taken as such.
20 | 
21 | ## Before You Start
22 | 
23 | ***Tell the Truth.*** The DMCA requires that you swear to the facts in your copyright complaint _under penalty of perjury_. It is a federal crime to intentionally lie in a sworn declaration. (_See_ [U.S. Code, Title 18, Section 1621](https://www.gpo.gov/fdsys/pkg/USCODE-2011-title18/html/USCODE-2011-title18-partI-chap79-sec1621.htm).) Submitting false information could also result in civil liability — that is, you could get sued for money damages. The DMCA itself [provides for damages](https://en.wikipedia.org/wiki/Online_Copyright_Infringement_Liability_Limitation_Act#%C2%A7_512(f)_Misrepresentations) against any person who knowingly materially misrepresents that material or activity is infringing. <!-- markdownlint-disable-line emphasis-style -->
24 | 
25 | ***Investigate.*** Millions of users and organizations pour their hearts and souls into the projects they create and contribute to on GitHub. Filing a DMCA complaint against such a project is a serious legal allegation that carries real consequences for real people. Because of that, we ask that you conduct a thorough investigation and consult with an attorney before submitting a takedown to make sure that the use isn't actually permissible. <!-- markdownlint-disable-line emphasis-style -->
26 | 
27 | ***Ask Nicely First.*** A great first step before sending us a takedown notice is to try contacting the user directly. They may have listed contact information on their public profile page or in the repository's README, or you could get in touch by opening an issue or pull request on the repository. This is not strictly required, but it is classy. <!-- markdownlint-disable-line emphasis-style -->
28 | 
29 | ***Send In The Correct Request.*** We can only accept DMCA takedown notices for works that are protected by copyright, and that identify a specific copyrightable work. If you have a complaint about trademark abuse, please see our [trademark policy](/site-policy/content-removal-policies/github-trademark-policy). If you wish to remove sensitive data such as passwords, please see our [policy on sensitive data](/site-policy/content-removal-policies/github-private-information-removal-policy). If you are dealing with defamation or other abusive behavior, please see our [Community Guidelines](/site-policy/github-terms/github-community-guidelines). <!-- markdownlint-disable-line emphasis-style -->
30 | 
31 | ***Code Is Different From Other Creative Content.*** GitHub is built for collaboration on software code. This makes identifying a valid copyright infringement more complicated than it might otherwise be for, say, photos, music, or videos. <!-- markdownlint-disable-line emphasis-style -->
32 | 
33 | There are a number of reasons why code is different from other creative content. For instance:
34 | 
35 | * A repository may include bits and pieces of code from many different people, but only one file or even a sub-routine within a file infringes your copyrights.
36 | * Code mixes functionality with creative expression, but copyright only protects the expressive elements, not the parts that are functional.
37 | * There are often licenses to consider. Just because a piece of code has a copyright notice does not necessarily mean that it is infringing. It is possible that the code is being used in accordance with an open-source license.
38 | * A particular use may be [fair-use](https://www.lumendatabase.org/topics/22) if it only uses a small amount of copyrighted content, uses that content in a transformative way, uses it for educational purposes, or some combination of the above. Because code naturally lends itself to such uses, each use case is different and must be considered separately.
39 | * Code may be alleged to infringe in many different ways, requiring detailed explanations and identifications of works.
40 | 
41 | This list isn't exhaustive, which is why speaking to a legal professional about your proposed complaint is doubly important when dealing with code.
42 | 
43 | ***No Bots.*** You should have a trained professional evaluate the facts of every takedown notice you send. If you are outsourcing your efforts to a third party, make sure you know how they operate, and make sure they are not using automated bots to submit complaints in bulk. These complaints are often invalid and processing them results in needlessly taking down projects! <!-- markdownlint-disable-line emphasis-style -->
44 | 
45 | ***Matters of Copyright Are Hard.*** It can be very difficult to determine whether or not a particular work is protected by copyright. For example, facts (including data) are generally not copyrightable. Words and short phrases are generally not copyrightable. URLs and domain names are generally not copyrightable. Since you can only use the DMCA process to target content that is protected by copyright, you should speak with a lawyer if you have questions about whether or not your content is protectable. <!-- markdownlint-disable-line emphasis-style -->
46 | 
47 | ***You May Receive a Counter Notice.*** Any user affected by your takedown notice may decide to submit a [counter notice](/site-policy/content-removal-policies/guide-to-submitting-a-dmca-counter-notice). If they do, we will re-enable their content within 10-14 days unless you notify us that you have initiated a legal action seeking to restrain the user from engaging in infringing activity relating to the content on GitHub. <!-- markdownlint-disable-line emphasis-style -->
48 | 
49 | ***Your Complaint Will Be Published.*** As noted in our [DMCA Takedown Policy](/site-policy/content-removal-policies/dmca-takedown-policy#d-transparency), after redacting personal information, we publish all complete and actionable takedown notices at <https://github.com/github/dmca>. <!-- markdownlint-disable-line emphasis-style -->
50 | 
51 | ***GitHub Isn't The Judge.*** <!-- markdownlint-disable-line emphasis-style -->
52 | GitHub exercises little discretion in the process other than determining whether the notices meet the minimum requirements of the DMCA. It is up to the parties (and their lawyers) to evaluate the merit of their claims, bearing in mind that notices must be made under penalty of perjury.
53 | 
54 | ## Your Complaint Must ...
55 | 
56 | 1. **Include the following statement: "I have read and understand GitHub's Guide to Filing a DMCA Notice."** We won't refuse to process an otherwise complete complaint if you don't include this statement. But we'll know that you haven't read these guidelines and may ask you to go back and do so.
57 | 
58 | 1. **Identify the copyrighted work you believe has been infringed.** This information is important because it helps the affected user evaluate your claim and give them the ability to compare your work to theirs. The specificity of your identification will depend on the nature of the work you believe has been infringed. If you have published your work, you might be able to just link back to a web page where it lives. If it is proprietary and not published, you might describe it and explain that it is proprietary. If you have registered it with the Copyright Office, you should include the registration number. If you are alleging that the hosted content is a direct, literal copy of your work, you can also just explain that fact.
59 | 
60 | 1. **Identify the material that you allege is infringing the copyrighted work listed in item #2, above.** It is important to be as specific as possible in your identification. This identification needs to be reasonably sufficient to permit GitHub to locate the material. At a minimum, this means that you should include the URL to the material allegedly infringing your copyright. If you allege that less than a whole repository infringes, identify the specific file(s) or line numbers within a file that you allege infringe. If you allege that all of the content at a URL infringes, please be explicit about that as well.
61 |    * Please note that GitHub will _not_ automatically disable [forks](/site-policy/content-removal-policies/dmca-takedown-policy#b-what-about-forks-or-whats-a-fork) when disabling a parent repository. If you have investigated and analyzed the forks of a repository and believe that they are also infringing, please explicitly identify each allegedly infringing fork. Please also confirm that you have investigated each individual case and that your sworn statements apply to each identified fork. In rare cases, you may be alleging copyright infringement in a full repository that is actively being forked. If at the time that you submitted your notice, you identified all existing forks of that repository as allegedly infringing, we would process a valid claim against all forks in that network at the time we process the notice. We would do this given the likelihood that all newly created forks would contain the same content. In addition, if the reported network that contains the allegedly infringing content is larger than one hundred (100) repositories and thus would be difficult to review in its entirety, we may consider disabling the entire network if you state in your notice that, "Based on the representative number of forks you have reviewed, I believe that all or most of the forks are infringing to the same extent as the parent repository." Your sworn statement would apply to this statement.
62 | 
63 | 1. **Explain what the affected user would need to do in order to remedy the infringement.** Again, specificity is important. When we pass your complaint along to the user, this will tell them what they need to do in order to avoid having the rest of their content disabled. Does the user just need to add a statement of attribution? Do they need to delete certain lines within their code, or entire files? Of course, we understand that in some cases, all of a user's content may be alleged to infringe and there's nothing they could do short of deleting it all. If that's the case, please make that clear as well.
64 | 
65 | 1. **Provide your contact information.** Include your email address, name, telephone number and physical address.
66 | 
67 | 1. **Provide contact information, if you know it, for the alleged infringer.** Usually this will be satisfied by providing the GitHub username associated with the allegedly infringing content. But there may be cases where you have additional knowledge about the alleged infringer. If so, please share that information with us.
68 | 
69 | 1. **Include the following statement: "I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by the copyright owner, or its agent, or the law. I have taken fair use into consideration."**
70 | 
71 | 1. **Also include the following statement: "I swear, under penalty of perjury, that the information in this notification is accurate and that I am the copyright owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed."**
72 | 
73 | 1. **Include your physical or electronic signature.**
74 | 
75 | ## Complaints about Anti-Circumvention Technology
76 | 
77 | The Copyright Act also prohibits the circumvention of technological measures that effectively control access to works protected by copyright. If you believe that content hosted on GitHub violates this prohibition, please send us a report through our {% data variables.contact.contact_dmca %}. A circumvention claim must include the following details about the technical measures in place and the manner in which the accused project circumvents them. Specifically, the notice to GitHub must include detailed statements that describe:
78 | 1. What the technical measures are;
79 | 1. How they effectively control access to the copyrighted material; and
80 | 1. How the accused project is designed to circumvent their previously described technological protection measures.
81 | 
82 | ## How to Submit Your Complaint
83 | 
84 | The fastest way to get a response is to enter your information and answer all the questions on our {% data variables.contact.contact_dmca %}.
85 | 
86 | You can also send an email notification to <copyright@github.com>. You may include an attachment if you like, but please also include a plain-text version of your letter in the body of your message.
87 | 
88 | If you must send your notice by physical mail, you can do that too, but it will take _substantially_ longer for us to receive and respond to it. Notices we receive via plain-text email have a much faster turnaround than PDF attachments or physical mail. If you still wish to mail us your notice, our physical address is:
89 | 
90 | ```text
91 | GitHub, Inc
92 | Attn: DMCA Agent
93 | 88 Colin P Kelly Jr St
94 | San Francisco, CA. 94107
95 | ```
96 | 


--------------------------------------------------------------------------------
/Policies/content-removal-policies/submitting-content-removal-requests.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: Submitting content removal requests
 3 | redirect_from:
 4 |   - /articles/submitting-content-removal-requests
 5 |   - /github/site-policy/submitting-content-removal-requests
 6 |   - /github/site-policy/github-terms-and-other-site-policies/submitting-content-removal-requests
 7 | versions:
 8 |   fpt: '*'
 9 | topics:
10 |   - Policy
11 |   - Legal
12 | ---
13 | 
14 | We understand that copyrighted, trademarked, or private content may get published on GitHub – either accidentally or on purpose – sometimes in repositories that you do not own. Because the nature of this content varies, and because of different applicable laws, each category has its own, distinct reporting requirements outlined in our policies.
15 | 
16 | If you'd like to request that content be removed from GitHub, please take some time to acquaint yourself with each of these policies and their respective reporting requirements before submitting a report. If we receive an incomplete report, we'll need to ask for clarifications or revisions and you’ll need to re-submit a revised report.
17 | 
18 | Please note that we're not able to help you determine which policy is appropriate for your specific situation. If you’ve reviewed the policies below and still have questions about whether or not content should be reported as copyright, trademark, or private information, we recommend consulting with independent legal counsel.
19 | 
20 | ## DMCA Takedown Policy
21 | 
22 | The [DMCA Takedown Policy](/site-policy/content-removal-policies/dmca-takedown-policy) can be used to report content that you believe infringes a copyright owned by you or your organization. Once you have reviewed the policy, you may also want to review our [Guide to Submitting a DMCA Takedown Notice](/site-policy/content-removal-policies/guide-to-submitting-a-dmca-takedown-notice) before submitting a report.
23 | 
24 | ## GitHub Trademark Policy
25 | 
26 | The [GitHub Trademark Policy](/site-policy/content-removal-policies/github-trademark-policy) can be used to report content that appears to use your company or business name, logo, or other trademark-protected materials in a manner that may mislead or confuse others about brand or business affiliation.
27 | 
28 | ## GitHub Private Information Removal Policy
29 | 
30 | The [GitHub Private Information Removal Policy](/site-policy/content-removal-policies/github-private-information-removal-policy) can be used to report data that is private (confidential and poses a security risk), but that is not necessarily protected by copyright or trademark.
31 | 
32 | Users in India can [contact GitHub's Grievance Officer](https://support.github.com/contact/india-grievance-officer).
33 | 


--------------------------------------------------------------------------------
/Policies/github-company-policies/github-anti-bribery-statement.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Anti-Bribery Statement
 3 | redirect_from:
 4 |   - /articles/github-anti-bribery-statement
 5 |   - /github/site-policy/github-anti-bribery-statement
 6 | versions:
 7 |   fpt: '*'
 8 | topics:
 9 |   - Policy
10 |   - Legal
11 | ---
12 | GitHub upholds our commitment to ethical business practices, including by prohibiting bribery and corruption. As [Transparency International](https://www.transparency.org/what-is-corruption) explains, the costs of corruption are
13 | * **political**, by posing a major obstacle to democracy and the rule of law
14 | * **economic**, by depleting national wealth
15 | * **social**, by undermining people’s trust in political society, institutions, and leaders
16 | * **environmental**, by facilitating non-enforcement of environmental laws and regulations.
17 | 
18 | ## GitHub policies prohibiting bribery
19 | 
20 | GitHub makes our anti-bribery commitment clear in a number of company policies. As part of the Microsoft family, GitHub is also committed to Microsoft's Anti-Corruption Policy, which applies to all GitHub employees and contractors, in addition to the policies described here.
21 | 
22 | GitHub's **Code of Ethics** prohibits employees and contractors from engaging in or contributing to bribery or corruption, and establishes record-keeping requirements:
23 | 
24 | >You must never pay, offer to pay, promise to pay, induce, accept, or authorize payment of anything else of value, to anyone—including to anyone in a position of power or authority, such as government officials, or in commercial transactions—in order to obtain or keep business, or secure any other improper advantage for GitHub or Microsoft. You also must not solicit or accept a bribe, kickback, or any other improper cash payment. ... [GitHub employees] are required to keep accurate and fair records of all transactions involving any expense made on GitHub’s behalf—for example, by keeping receipts and providing accurate descriptions of your expenses—or any other transaction involving the disposal or transfer of GitHub assets. Such actions are required by the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act of 2010, and anti-bribery laws of other jurisdictions in which GitHub does business and are also simply the right thing to do.
25 | 
26 | GitHub's Code of Ethics elaborates on certain situations, including gifts, travel, and entertainment; facilitating payments; charitable donations; jobs; and working with representatives, as well as on who is considered a government official.
27 | 
28 | GitHub's Standards of Conduct prohibit:
29 | >Bribing government officials or other individuals to gain an unfair advantage, and taking bribes from anyone.
30 | 
31 | GitHub’s **Gifts and Entertainment Policy** explains that bribery is not permitted in connection with travel or entertainment, and provides examples to illustrate improper conduct. The policy describes proper and improper gifts, travel, and entertainment expenses; company processes for gift-giving by GitHub’s directors, officers, employees, and agents and requirements for record-keeping, penalties; and reporting of violations. It includes clear monetary thresholds for gifts along with annual limitations, with limited exceptions for gifts approved by appropriate management. The policy is clear and easily accessible to GitHub employees and contractors.
32 | 
33 | ## Training for our employees
34 | 
35 | <!-- markdownlint-disable GHD034 -->
36 | 
37 | GitHub employees are required to participate in training on corruption, including bribery. We also provide additional training for particularly relevant people and teams, such as our sales team. The training explains relevant elements of the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act of 2010. For example,
38 | * definition and structural effects of corruption
39 | * who is covered, including
40 |    * public officials or others in a position of power
41 |    * third parties
42 | * what kind of activity is covered, including
43 |    * cash, gifts, travel, and entertainment
44 |    * facilitation payments
45 |    * charitable contributions and sponsorship
46 | * for what purpose, including
47 |    * intent
48 |    * improper advantage or influence
49 | * due diligence and red flags
50 | * record-keeping requirements
51 | 
52 | <!-- markdownlint-enable GHD034 -->
53 | 
54 | In addition, the training covers GitHub’s internal policies related to anti-corruption and bribery, including our non-retaliation (whistleblower) policy.
55 | 
56 | While the U.S. FCPA is focused on interactions with government officials, the U.K. Bribery Act is broader and extends to bribing anyone, regardless of whether they are a government official. Both laws can extend to GitHub’s actions elsewhere on the globe. GitHub’s policies prohibit bribing anyone, anywhere in the world.
57 | 
58 | ## Engaging our Partners
59 | 
60 | * GitHub’s standard **resale agreements with Channel Partners** include mandatory anti-corruption clauses. Going forward, GitHub now requires our Channel Partners to commit to complying with this Anti-Corruption Statement.
61 | * Going forward, GitHub’s **vendor contracts** now require a commitment to comply with Microsoft's Supplier Code of Conduct or this Anti-Corruption Statement.
62 | 


--------------------------------------------------------------------------------
/Policies/github-company-policies/github-gifts-and-entertainment-policy.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Gifts and Entertainment Policy
 3 | redirect_from:
 4 |   - /articles/github-gifts-and-entertainment-policy
 5 |   - /github/site-policy/github-gifts-and-entertainment-policy
 6 | versions:
 7 |   fpt: '*'
 8 | topics:
 9 |   - Policy
10 |   - Legal
11 | ---
12 | 
13 | GitHub recognizes that our business is built on positive and transparent relationships. While informal interactions and exchanges of gifts may be part of developing those relationships and may even be considered customary in some countries, we need to ensure that we’re following anti-bribery laws. We have a legal obligation to behave ethically, including by not using such interactions to create a special advantage or influence a deal.
14 | 
15 | ## Company policies
16 | 
17 | As a reminder, our Code of Ethics states:
18 | 
19 | >You must never pay, offer to pay, promise to pay, induce, accept, or authorize payment of anything else of value, to anyone—including to anyone in a position of power or authority, such as government officials, or in commercial transactions—in order to obtain or keep business, or secure any other improper advantage for GitHub or Microsoft. You also must not solicit or accept a bribe, kickback, or any other improper cash payment. ... [GitHub employees] are required to keep accurate and fair records of all transactions involving any expense made on GitHub’s behalf—for example, by keeping receipts and providing accurate descriptions of your expenses—or any other transaction involving the disposal or transfer of GitHub assets. Such actions are required by the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act of 2010, and anti-bribery laws of other jurisdictions in which GitHub does business and are also simply the right thing to do.
20 | 
21 | GitHub's Code of Ethics elaborates on certain situations, including gifts, travel, and entertainment; facilitating payments; charitable donations; jobs; and working with representatives, as well as on who is considered a government official.
22 | 
23 | Our Standards of Conduct prohibit:
24 | >Bribing government officials or other individuals to gain an unfair advantage, and taking bribes from anyone.
25 | 
26 | That means not only no cash or cash equivalent of any kind, but nothing of value, should be given to anyone (including civil servants, government officials, or anyone in a position of power or authority, as well as people not in any of those privileged positions) in order to influence them or taken from anyone to influence GitHub. Such activity is prohibited by the U.S. Foreign Corrupt Practices Act and UK Anti-Bribery laws, both of which govern GitHub’s actions globally.
27 | 
28 | ## Examples of acceptable and unacceptable gifts
29 | 
30 | So what does “of value” mean? Keep in mind that no gifts are acceptable for government officials (ok, maybe stickers). You should always ask them what their policies permit and prohibit. But if in doubt, please run it by Legal to make sure. For example, many U.S. congresspeople will not let you take them out for dinner and pay.
31 | 
32 | As for other customers or prospective customers, certain things might seem trivial but have great value to someone else. For example, although it might not seem like a big deal to you to get your friend’s daughter hired as an intern, it might be of huge value to them. But if she is not qualified and you pull strings to make it happen, then it isn't ok. In addition, if the intention is to improperly influence, anything, however small, might be considered "of value."
33 | 
34 | 🙅 _Here are some other things that aren't ok:_
35 | 
36 | * First class airfare to GitHub offices for Executive Briefings ✈️+🍾
37 | * Winery tours 🍷
38 | * Recommending a friend’s kid to a prestigious private school for admission 🎓
39 | * Tickets to Disneyland 👸, the World Cup 🥅, the Olympics 🏅
40 | * A futbol ⚽️ autographed by a famous player
41 | * A contribution to a charity
42 | 
43 | 🙆 _Here is some stuff that is actually ok for customers or prospective customers:_
44 | 
45 | * Swag
46 | * Economy class airfare to GitHub offices for Executive Briefings ✈️
47 | * Bleacher-type tickets to a sporting event ⚾️
48 | * A reasonably priced dinner in town 🍽
49 | * A small box of chocolates as an end of year thank you 🍫
50 | 
51 | All of the above applies to _taking_ bribes too. So if a vendor or prospective vendor sends you something “of value,” don’t accept it—or at least run it by Legal before you do.
52 | 
53 | ## Process
54 | 
55 | If you are planning to provide or accept an informal gift (that is not one of our promotional items like t-shirts and sticker swag), please make sure to follow the process below.
56 | 
57 | Keep in mind that what's an acceptable amount can vary. For example, spending $50 on dinner might be considered a lot of money in some countries but not as much in others. So, when in doubt, ask!
58 | 
59 | 1. Generally speaking, for any expenses exceeding $150, you'll need approval (each time) from Legal in writing. And for any gifts you receive exceeding $150, you'll need to report that (each time) to Legal in writing. (Legal is just weighing in on the bribery question. You might still need to check with Finance for other reasons.)
60 | 
61 | 1. When you submit your expense report for reimbursement, please:
62 |      * Indicate the recipient and the purpose of the gift in the notes; and
63 |      * Include a copy of the email approval
64 | 
65 | ## Consequences
66 | 
67 | What happens if you don’t follow the policy and GitHub ends up paying for a prospective customer and his family to fly first class to Japan and attend the Tokyo Olympics? Or if you drop off a suitcase of Euros for a government official in a pre-arranged train station locker?
68 | 
69 | FINES and JAIL. Not necessarily just for GitHub, either. You might get to spend a few years in jail, yourself, and it won’t matter if the customer ever submitted an order to GitHub after their trip to Japan or if the government official even picked up the suitcase of cash. Basically, it doesn’t matter whether you actually _made_ a bribe. Yoda notwithstanding, it’s the trying that counts.
70 | 
71 | ## More information
72 | 
73 | For more information and context on rules, enforcement, and penalties, the U.S. Department of Justice’s [Resource Guide to the U.S. Foreign Corrupt Practices Act](https://www.justice.gov/sites/default/files/criminal-fraud/legacy/2015/01/16/guide.pdf) is an excellent resource.
74 | 


--------------------------------------------------------------------------------
/Policies/github-company-policies/github-gpl-cooperation-commitment.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub GPL Cooperation Commitment
 3 | redirect_from:
 4 |   - /articles/github-gpl-cooperation-commitment
 5 |   - /github/site-policy/github-gpl-cooperation-commitment
 6 | versions:
 7 |   fpt: '*'
 8 | topics:
 9 |   - Policy
10 |   - Legal
11 | ---
12 | 
13 | This commitment pertains to GitHub contributions to Git, the Linux kernel, and other programs under covered licenses (scroll to the end for definitions).
14 | 
15 | We based our statement on the [template](https://github.com/gplcc/gplcc/blob/master/Company/GPL%20Cooperation%20Commitment-Company-Template.md) for companies. See the [GPL Cooperation Commitment site](https://gplcc.github.io/gplcc/) for how other companies, individuals, and projects can adopt this commitment.
16 | 
17 | ## Our Commitment
18 | 
19 | Before filing or continuing to prosecute any legal proceeding or claim (other than a Defensive Action) arising from termination of a Covered License, GitHub commits to extend to the person or entity (“you”) accused of violating the Covered License the following provisions regarding cure and reinstatement, taken from GPL version 3. As used here, the term ‘this License’ refers to the specific Covered License being enforced.
20 | 
21 | However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation.
22 | 
23 | Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice.
24 | 
25 | GitHub intends this Commitment to be irrevocable, and binding and enforceable against GitHub and assignees of or successors to GitHub’s copyrights.
26 | 
27 | GitHub may modify this Commitment by publishing a new edition on this page or a successor location.
28 | 
29 | Definitions
30 | 
31 | ‘Covered License’ means the GNU General Public License, version 2 (GPLv2), the GNU Lesser General Public License, version 2.1 (LGPLv2.1), or the GNU Library General Public License, version 2 (LGPLv2), all as published by the Free Software Foundation.
32 | 
33 | ‘Defensive Action’ means a legal proceeding or claim that GitHub brings against you in response to a prior proceeding or claim initiated by you or your affiliate.
34 | 
35 | ‘GitHub’ means GitHub, Inc. and its subsidiaries.
36 | 
37 | This work is available under a Creative Commons Attribution-ShareAlike 4.0 International license.
38 | 


--------------------------------------------------------------------------------
/Policies/github-company-policies/github-statement-against-modern-slavery-and-child-labor.md:
--------------------------------------------------------------------------------
  1 | ---
  2 | title: GitHub Statement Against Modern Slavery and Child Labor
  3 | redirect_from:
  4 |   - /articles/github-statement-against-modern-slavery-and-child-labor
  5 |   - /github/site-policy/github-statement-against-modern-slavery-and-child-labor
  6 | versions:
  7 |   fpt: '*'
  8 | topics:
  9 |   - Policy
 10 |   - Legal
 11 | ---
 12 | _2018 statement_
 13 | 
 14 | According to the International Labour Organization (ILO), [40 million people were victims of modern slavery and 152 million children were subject to child labor](https://www.ilo.org/global/about-the-ilo/newsroom/news/WCMS_574717/lang--en/index.htm) globally in 2016. As the [ILO reports](https://www.ilo.org/topics-and-sectors/forced-labour-modern-slavery-and-trafficking-persons):
 15 |    * 1 in 4 victims of modern slavery are children.
 16 |    * Out of the 24.9 million people trapped in forced labour, 16 million people are exploited in the private sector such as domestic work, construction or agriculture; 4.8 million persons in forced sexual exploitation, and 4 million persons in forced labour imposed by state authorities.
 17 |    *	Women and girls are disproportionately affected by forced labour, accounting for 99% of victims in the commercial sex industry, and 58% in other sectors.
 18 | 
 19 | GitHub deplores the presence and persistence of modern slavery and child labor, and takes seriously its responsibility to ensure that neither modern slavery nor child labor takes place in its supply chain or in any part of its business. ("Modern slavery" in this statement refers to slavery, forced or compulsory labor, trafficking, servitude, and workers who are imprisoned, indentured, or bonded. "Child labor" refers to work performed by someone under 16 years of age, or under 14 for light work, provided it is not confined to periods that interfere with the child's schooling and not in conditions that interfere with the child's health or well-being.)
 20 | 
 21 | In accordance with the [UK Modern Slavery Act](https://www.legislation.gov.uk/ukpga/2015/30/section/54/enacted), and in alignment with the [ILO 2014 Protocol to its Forced Labour Convention](https://www.ilo.org/dyn/normlex/en/f?p=NORMLEXPUB:12100:0::NO::P12100_ILO_CODE:P029), [ILO Declaration on Fundamental Principles and Rights at Work](https://www.ilo.org/ilo-declaration-fundamental-principles-and-rights-work), and [United Nations Sustainable Development Goals target 8.7](https://www.unodc.org/roseap/en/sustainable-development-goals.html#:~:text=Target%208.7%20%2D%20Take%20immediate%20and,labour%20in%20all%20its%20forms), this 2018 Statement Against Modern Slavery and Child Labor ("the Statement") describes the steps GitHub has taken to prevent modern slavery and child labor from occurring in its business or supply chain.
 22 | 
 23 | ## GitHub's structure, business, and supply chains
 24 | 
 25 | GitHub is a software development platform with its headquarters in San Francisco, and employees and contractors working in numerous countries.
 26 | 
 27 | All GitHub employees and individual independent contractors are voluntary and at-will. GitHub has a largely distributed workforce, and strives to provide competitive compensation and benefits to its employees and contractors regardless of location. This is true whether we hire independent contractors directly or through an intermediary.
 28 | 
 29 | GitHub does not conduct manufacturing or produce hardware, nor does GitHub use recruitment agencies for the kinds of services often performed by migrant workers. The nature of GitHub's business does not subject it to sudden changes in workload or pricing pressures, which often drive demand for practices that increase the risk of forced labor in supply chains, such as forced overtime.
 30 | 
 31 | GitHub offers free and paid software and web-based software as a service to customers all over the world. GitHub's products include:
 32 |    * GitHub.com: web-based collaboration and code-hosting platform
 33 |    * GitHub Enterprise: on-premises collaboration and code hosting software
 34 |    * Electron: framework for writing cross-platform desktop apps
 35 |    * GitHub Desktop: desktop app for accessing GitHub.com and GitHub Enterprise
 36 | 
 37 | GitHub's supply chain consists of goods and services for our products and operations including computing services, event planning, purchase of retail and promotional items, office supplies, and leasing of facilities such as office space and data centers.
 38 | 
 39 | ## Policies in relation to modern slavery and child labor
 40 | 
 41 | ### Modern slavery and child labor
 42 | 
 43 | **GitHub's Code of Ethics** prohibits knowingly using, participating in, supporting, or tolerating modern slavery (slavery, forced or compulsory labor, trafficking, servitude, or workers who are imprisoned, indentured, or bonded) or child labor in its business operations. Any GitHub employee or contractor who violates this prohibition will be subject to termination of employment or business relationship.
 44 | 
 45 | **GitHub's Standards of Conduct** prohibit unsafe and illegal conduct, including knowingly using, participating in, supporting, or tolerating modern slavery (slavery, forced or compulsory labor, trafficking, servitude, or workers who are imprisoned, indentured, or bonded) or child labor.
 46 | 
 47 | GitHub complies with laws prohibiting trafficking and child labor in the jurisdictions in which it operates, including [U.S. Federal Acquisition Regulation 22.17 on combatting human trafficking](https://www.govinfo.gov/content/pkg/CFR-2009-title48-vol1/pdf/CFR-2009-title48-vol1-part22-subpart22-17.pdf).
 48 | 
 49 | In addition, GitHub established a partnership with the FairHotel Program, which means GitHub encourages its employees to choose FairHotel endorsed hotels-where workers have fair wages, adequate benefits, and a voice on the job. Being a FairHotel partner also signifies that GitHub provides business to hotels as a fair employer.
 50 | 
 51 | Going forward, GitHub will communicate this Statement to all employees, contractors, and suppliers, including recruiters and employment agencies. In addition, GitHub is developing training for all GitHub employees on modern slavery and child labor. GitHub posts its Statement Against Modern Slavery and Child Labor publicly.
 52 | 
 53 | GitHub has a non-retaliation policy for reporting workplace-related concerns. Consistent with this Statement, GitHub allows employees and contractors to report issues regarding modern slavery and child labor without fear of retaliation.
 54 | 
 55 | ## Labor laws and practices
 56 | 
 57 | GitHub's labor practices are
 58 | 
 59 | **fair:**
 60 |    * GitHub pays its employees and contractors a fair wage, in accordance with applicable legal wages
 61 |    * GitHub maintains humane working conditions
 62 |    * GitHub does not require workers to exceed the maximum hours of daily labor set by local and national laws or regulations
 63 |    * GitHub pays its employees and contractors in a timely manner, with documentation (such as a pay stub) stating the basis on which they are paid, and keeps employee records in accordance with local and national laws
 64 | 
 65 | **humane and ethical:**
 66 |    * GitHub uses only voluntary labor
 67 |    * GitHub prohibits child labor
 68 |    * GitHub does not engage in physical discipline or abuse
 69 |    * GitHub does not tolerate harassment or unlawful discrimination in the workforce or workplace
 70 | 
 71 | **respectful:**
 72 |    * GitHub protects its employees' rights to freedom of association and collective bargaining in accordance with legal requirements, including to post legal notices of employees' rights under the National Labor Relations Act
 73 |    * GitHub provides benefits to employees at or in excess of levels expected in the industry
 74 |    * GitHub encourages employees to report any workplace complaint and does not tolerate retaliation for reporting
 75 | 
 76 | ## Due diligence processes in relation to modern slavery and child labor in its business and supply chains
 77 | 
 78 | GitHub assesses its business and supply chain for risks related to modern slavery and child labor. Drawing on internal and external human rights expertise, GitHub engaged in a cross-functional analysis (including Policy, Legal, Procurement, Finance, and Operations, especially Human Resources) to determine where labor services exist in its business and supply chain and to identify potential risks related to modern slavery and child labor. GitHub prioritizes areas where those risks might be more significant in terms of severity, scale, or probability for greater due diligence, monitoring, and verification. GitHub continues to consider where risks may occur and how to address them. In addition, GitHub now obtains its suppliers' assurance that they have practices consistent with this Statement, including by complying with laws related to modern slavery or child labor.
 79 | 
 80 | ## Places in GitHub's business and supply chains where there is a risk of modern slavery and child labor, and steps GitHub has taken to assess and manage that risk
 81 | 
 82 | GitHub has not identified any high-risk suppliers; however, modern slavery or child labor would be more likely to occur with suppliers for services involving manual labor, such as event support, construction, facilities services, and food services. GitHub will audit its existing suppliers and require those in such higher risk areas to confirm that they provide services consistent with this Statement.
 83 | 
 84 | Although GitHub knows of no actual or alleged modern slavery or child labor in its business or supply chain, and has no credible basis to believe it is occurring, GitHub is committed to providing remedies if GitHub itself were to directly cause modern slavery or child labor and to remediation of broader patterns of non-conformance with this Statement caused by deficiencies in GitHub's systems or processes. GitHub's remediation to individual victims would include protocols for appropriate immediate action to eliminate the modern slavery and child labor practices, along with resources for reasonable and appropriate victim services designed to offset the harm experienced.
 85 | 
 86 | ## Effectiveness in ensuring neither modern slavery nor child labor is occurring in GitHub's business or supply chains
 87 | 
 88 | GitHub complies and will continue to comply with laws related to modern slavery and child labor.
 89 | 
 90 | Going forward, GitHub now requires its suppliers to comply with this Statement, as well as laws related to modern slavery and child labor. GitHub now also requires its suppliers to:
 91 |    * Not use, participate in, support, or tolerate modern slavery or child labor
 92 |    * Not use misleading or fraudulent recruitment or engagement practices for employees or contract workers
 93 |    * Not charge employees or contract workers recruitment or engagement fees
 94 |    * Not destroy, conceal, confiscate, or otherwise deny access by an employee or any contract worker to passport, driver's license, or other identity documents;
 95 |    * Allow us to terminate our agreements with them for any violation of its obligations related to modern slavery or child labor; and
 96 |    * Remediate any harms caused to any worker found to be subjected to any form of modern slavery or child labor, if required by law.
 97 | 
 98 | In addition, GitHub strongly encourages its suppliers to:
 99 |    * Conduct anti-modern slavery and child labor due diligence processes, including risk assessments, for their suppliers;
100 |    * Take steps to address risks identified; and
101 |    * Use similar anti-modern slavery and child labor language with their suppliers.
102 | 
103 | GitHub's procurement instructions to employees making company purchases now includes a reference to the requirement for suppliers to comply with Microsoft's Supplier Code of Conduct or this Statement.
104 | 
105 | ## Training for GitHub staff about modern slavery and human trafficking
106 | 
107 | GitHub is developing modern slavery and child labor training that will be mandatory for all employees, with a view to GitHub's business and supply chain. GitHub will emphasize suppliers providing services involving manual labor, such as event support, construction, facilities services, and food services, as areas of greater potential risk.
108 | 
109 | **GitHub's Board of Directors approved this Statement. See a [copy of this statement signed by GitHub's Chief Strategy Officer and General Counsel (PDF)](/assets/images/help/site-policy/github-statement-against-modern-slavery-and-child-labor.pdf).**
110 | 


--------------------------------------------------------------------------------
/Policies/github-terms/github-community-guidelines.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Community Guidelines
 3 | redirect_from:
 4 |   - /community-guidelines
 5 |   - /articles/github-community-guidelines
 6 |   - /github/site-policy/github-community-guidelines
 7 |   - /github/site-policy/acceptable-use-policies/github-community-guidelines
 8 | versions:
 9 |   fpt: '*'
10 | topics:
11 |   - Policy
12 |   - Legal
13 | ---
14 | 
15 | Millions of developers across the world host millions of projects—both open and closed source—on GitHub. We're fortunate to be able to play a part in enabling collaboration across the developer community every day, which is a responsibility we don’t take lightly. Together, we all have the exciting opportunity to make this a community we can be proud of.
16 | 
17 | Our diverse user base brings different perspectives, ideas, and experiences, and ranges from people who created their first "Hello World" project last week to the most well-known software developers in the world. We are committed to making GitHub an environment that welcomes all the different voices and perspectives our community has to offer, while maintaining a safe place for developers to do their best work.
18 | 
19 | By outlining what we think a [safe, welcoming, and productive community](https://opensource.guide/building-community/) looks like at GitHub, we hope to help you understand how best to interact and collaborate on our platform in line with our [Terms of Service](/site-policy/github-terms/github-terms-of-service) and [Acceptable Use Policies](/site-policy/acceptable-use-policies/github-acceptable-use-policies).
20 | 
21 | We encourage our community members to communicate expectations clearly, [moderate](#what-if-something-or-someone-offends-you) their projects where possible, and [report](https://github.com/contact/report-abuse) any content that may violate our [policies](/site-policy/github-terms/github-terms-of-service). GitHub Staff will investigate any reports of abuse, and may moderate public content on our site that we determine to be in violation of our Terms of Service.
22 | 
23 | ## Maintaining a strong community
24 | 
25 | The primary purpose of the GitHub community is to collaborate on software projects. We are committed to maintaining a community where users are free to express themselves and challenge one another's ideas, both technical and otherwise. At the same time, it's important that users remain respectful and allow space for others to contribute openly. In order to foster both a safe and productive environment, we encourage our community members to look to these guidelines to inform how they interact on our platform. Below, you’ll find some suggestions for how to have successful interactions as a valued member of the GitHub community.
26 | 
27 | * **Be welcoming and open-minded** - New users join our community each day. Some are well-established developers, while others are just beginning. Be open to other ideas and experience levels. Make room for opinions other than your own and be welcoming to new collaborators and those just getting started.
28 | 
29 | * **Be respectful** - Working in a collaborative environment means disagreements may happen. But remember to criticize ideas, not people. Share thoughtful, constructive criticism and be courteous to those you interact with. If you’re unable to engage respectfully, consider taking a step back or using some of our moderation tools to deescalate a tense situation.
30 | 
31 | * **Be empathetic** - GitHub is a global community with people from a wide variety of backgrounds and perspectives, many of which may not be your own. Try to put yourself in others’ shoes and understand their feelings before you address them. Do your best to help make GitHub a community where others feel safe to make contributions, participate in discussions, and share different ideas.
32 | 
33 | ## What if something or someone offends you?
34 | 
35 | While some disagreements can be resolved with direct, respectful communication between community members, we understand that is not always the case. We encourage our community to contact GitHub Support through the [GitHub Support portal](https://support.github.com/) when they believe content or activity they’ve encountered violates our policies. However, if you run into something or someone on the site that you find objectionable, here are some ways GitHub enables you to take action:
36 | 
37 | * **Communicate expectations** - Maintainers can set community-specific guidelines to help users understand how to interact with their projects, for example, in a repository’s README, [CONTRIBUTING file](/communities/setting-up-your-project-for-healthy-contributions/setting-guidelines-for-repository-contributors), or [dedicated code of conduct](/communities/setting-up-your-project-for-healthy-contributions/adding-a-code-of-conduct-to-your-project). You can find additional information on building communities on the [Communities](/communities) page.
38 | 
39 | * **Moderate Comments** - Users with [write-access privileges](/organizations/managing-user-access-to-your-organizations-repositories/repository-roles-for-an-organization) for a repository can [edit, delete, or hide anyone's comments](/communities/moderating-comments-and-conversations/managing-disruptive-comments) on commits, pull requests, and issues. Anyone with read access to a repository can view a comment's edit history. Comment authors and people with write access to a repository can also delete sensitive information from a [comment's edit history](/communities/moderating-comments-and-conversations/tracking-changes-in-a-comment). Moderating your projects can feel like a big task if there is a lot of activity, but you can [add collaborators](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/permission-levels-for-a-personal-account-repository#collaborator-access-for-a-repository-owned-by-a-personal-account) to assist you in managing your community.
40 | 
41 | * **Lock Conversations**  - If a discussion in an issue, pull request, or commit gets out of hand, off topic, or violates your project’s code of conduct or GitHub’s policies, owners, collaborators, and anyone else with write access can put a temporary or permanent lock on the conversation. For more information, see [AUTOTITLE](/communities/moderating-comments-and-conversations/locking-conversations).
42 | 
43 | * **Block Users**  - If you encounter a specific user who you would rather not engage with, you can [block the user from your personal account](/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-personal-account) or [from your organization](/communities/maintaining-your-safety-on-github/blocking-a-user-from-your-organization).
44 | 
45 | * **Limit Interactions** - If your public project is getting unwanted attention, being trolled, spammed, or otherwise, you have the option of setting [temporary interaction limits](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository) to keep certain users from interacting with your repository. You can even set [code review limits](https://github.blog/2021-11-01-github-keeps-getting-better-for-open-source-maintainers/#preventing-drive-by-pull-request-approvals-and-requested-changes) to ensure quality contributions on your projects.
46 | 
47 | While we are passionate about empowering maintainers to moderate their own projects, please contact {% data variables.contact.contact_support %} if you need additional support in dealing with a situation.
48 | 
49 | ## What happens if someone violates GitHub's policies?
50 | 
51 | We rely on reports from the community, as well as proactive detection, to help ensure that GitHub is a safe, welcoming, and productive platform for software developers. There are a variety of factors we consider when we’re made aware of behavior or content not in line with GitHub’s policies. However, our policy enforcement and content moderation approach prioritizes our vision to be the home for all developers. This means:
52 | 
53 | * We optimize for code collaboration. We recognize that code can have multiple uses and we distinguish between how the code is being used on the platform and other possible uses. We also think about how our enforcement actions can affect a potentially complicated web of interdependencies across the platform and aim to restrict as little legitimate content as possible.
54 | 
55 | * We take a human-centered approach to content moderation and we tailor our responses to meet the needs of a specific situation. Our global team investigates the reports we receive on a case-by-case basis—considering context and the surrounding facts—before taking action. This could include taking into account potentially offensive content being posted in a way that lacks context or makes it easy for other users to unwittingly view or interact with while using GitHub. In those instances, we may favor moderation in order to safeguard our community.
56 | 
57 | * Our decisions are rooted in our core belief that serving an interconnected community and empowering human progress through developer collaboration requires a commitment to diversity, inclusion, and belonging.
58 | 
59 | Where we have decided that moderation action is warranted, these are some of the ways we may respond:
60 | 
61 | * Removing the offending content
62 | * Blocking or disabling the offending content
63 | * Downgrading the visibility of the offending content
64 | * Hiding a user account or organization from public view
65 | * Suspending a user account or organization
66 | 
67 | ## Appeal and Reinstatement
68 | 
69 | If your content or account has been disabled or restricted and you seek reinstatement or wish to appeal, please see our [Appeal and Reinstatement page](/site-policy/acceptable-use-policies/github-appeal-and-reinstatement) for information about the process and use our [Appeal and Reinstatement form](https://support.github.com/contact/reinstatement) to submit a request.
70 | 
71 | ## Legal Notices
72 | 
73 | We dedicate these Community Guidelines to the public domain for anyone to use, reuse, adapt, or whatever, under the terms of [CC0-1.0](https://creativecommons.org/publicdomain/zero/1.0/).
74 | 
75 | These are only guidelines; they do not modify our [Terms of Service](/site-policy/github-terms/github-terms-of-service) and are not intended to be a complete list. Under those terms, GitHub retains full discretion to remove any content or terminate any accounts for activity that violates our [Acceptable Use Policies](/site-policy/acceptable-use-policies/github-acceptable-use-policies). These guidelines describe when we will exercise that discretion.
76 | 


--------------------------------------------------------------------------------
/Policies/github-terms/github-event-code-of-conduct.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Event Code of Conduct
 3 | redirect_from:
 4 |   - /articles/github-event-code-of-conduct
 5 |   - /github/site-policy/github-event-code-of-conduct
 6 | versions:
 7 |   fpt: '*'
 8 | topics:
 9 |   - Policy
10 |   - Legal
11 | ---
12 | 
13 | ## Code of Conduct
14 | 
15 | By attending a GitHub event, including any of the events or activities organized by GitHub in association with the GitHub event (collectively the "Event"), you represent that you have read, understand, and agree to the following GitHub Event Code of Conduct (hereinafter “Code of Conduct”). This Code of Conduct applies to all attendees, speakers, exhibitors, sponsors, organizers, staff, and volunteers (collectively “Event Participants”) at the Event.
16 | 
17 | GitHub values the participation of all Event Participants and aims to create an event where all Event Participants have an enjoyable and fulfilling experience. Accordingly, all Event Participants are expected to show respect and courtesy to other Event Participants throughout the Event.
18 | 
19 | GitHub is dedicated to providing a positive and harassment-free experience for everyone, regardless of age, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, ethnicity, race, religion, nationality, or level of experience.
20 | 
21 | We do not tolerate harassment of Event Participants in any form, nor do we tolerate any behavior that would reasonably lead to an Event Participant being made to feel unsafe, insecure, or frightened for their physical or emotional well-being. All communication and behavior should be appropriate for a professional setting including people of many different backgrounds.
22 | 
23 | Examples of encouraged behavior that contributes to a positive environment include:
24 | 
25 | * Using welcoming and inclusive language
26 | * Being respectful of differing viewpoints and experiences
27 | * Gracefully accepting constructive criticism
28 | * Focusing on what is best for everyone at the Event
29 | * Showing empathy towards others and Event Participants
30 | 
31 | Unacceptable behavior includes, but is not limited to:
32 | 
33 | * The use of sexualized language or imagery
34 | * Inappropriate physical contact, sexual attention, or advances
35 | * Trolling, insulting or derogatory comments or behavior
36 | * Personal or political attacks toward Event Participants
37 | * Sustained disruption of talks or any other events or activities organized by GitHub in association with the Event
38 | * Intimidation, stalking, following, or harassing of Event Participants
39 | * Photography or recording of Event Participants without their consent
40 | * Harassment of any kind, even in a joking or ironic manner
41 | * Conduct which could reasonably be considered inappropriate in a professional setting
42 | 
43 | Each Event Participant is entirely responsible for their own actions.
44 | 
45 | Thank you for helping to make this a welcoming, friendly space for all.
46 | 
47 | ## Reporting an incident
48 | 
49 | If you are being harassed, notice that someone else is being harassed, have any other concerns, or if you believe an Event Participant is not acting in a way compliant with this Code of Conduct, please speak directly with a venue security officer or GitHub employee for urgent help, or email us at [events@github.com](mailto:events@github.com) for non-urgent issues. For life threatening situations, please dial 911 immediately.
50 | 
51 | GitHub employees will be happy to help Event Participants contact security or local law enforcement, escort to safety, or otherwise assist those experiencing harassment to feel safe for the duration of the Event.
52 | 
53 | ## Credit
54 | 
55 | Portions of this Code of Conduct are based on the example anti-harassment policy from the Geek Feminism wiki, created by the Ada Initiative and other volunteers, under a Creative Commons Zero license.
56 | 


--------------------------------------------------------------------------------
/Policies/github-terms/github-event-terms.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Event Terms
 3 | redirect_from:
 4 |   - /articles/github-event-terms
 5 |   - /github/site-policy/github-event-terms
 6 | versions:
 7 |   fpt: '*'
 8 | topics:
 9 |   - Policy
10 |   - Legal
11 | ---
12 | 
13 | By RSVP'ing to or attending a GitHub event, including any of the events or activities organized by GitHub in association with the GitHub event (collectively the "Event"), you represent that you have read, understand, and agree to the following GitHub Event Terms (hereinafter “Event Terms”).
14 | 
15 | ## 1. Basic requirements to attend - including the Event Code of Conduct
16 | 
17 | In order to participate in the Event, you represent that
18 | 
19 | * You have the requisite capacity and authority to enter into these Event Terms;
20 | * You have read and understood these Event Terms and the [AUTOTITLE](/site-policy/github-terms/github-terms-of-service);
21 | * You agree to abide by the [Event Code of Conduct](/site-policy/github-terms/github-event-code-of-conduct); and
22 | * If alcohol is being served at the Event, you are at least 21 years old or over the legal drinking age at the location where the Event is being held.
23 | 
24 | If asked to stop behavior deemed harassing or prohibited, you must comply immediately. If you violate the [Event Code of Conduct](/site-policy/github-terms/github-event-code-of-conduct) or these Event Terms, the Event organizers may take any action they deem appropriate in their discretion, including warnings or expulsion from the Event with no refund. You must at all times obey the instructions or directions of the Event organizers.
25 | 
26 | ## 2. Pictures and videos
27 | 
28 | GitHub and its partners, agents, or contractors sometimes take photos and videos at the Event. By participating or attending the Event, you agree that you may appear in some of these photos and videos, and you authorize GitHub's use of them during and after the Event.
29 | 
30 | Additionally, if you take any photos or videos at the Event and provide them to GitHub, you authorize us to use them in the same fashion, and represent that the individuals that appear in your photos and videos have consented to such use.
31 | 
32 | ## 3. Information sharing
33 | 
34 | Event sponsors, exhibitors, and other third parties may directly request your personal or other information at their exhibit booths, auxiliary events, or presentations. Providing any information to them is voluntary and optional, and you should review their privacy policies to determine how they will treat your personal information and whether you are comfortable with that treatment.
35 | 
36 | If during the event you provide your information to a sponsor, exhibitor, or third party, including but not limited to (1) RSVPing or attending a session or program hosted by a third party other than GitHub, (2) presenting your badge for scanning at an exhibitor booth or breakout session, (3) requesting that a sponsor contact you via their virtual page on githubuniverse.com, or (4) entering a raffle, sweepstakes, or promotional event put on by third party other than GitHub, you understand and agree that your information will go to a non-GitHub entity and GitHub takes no responsibility for how that company uses or processes your personal information. You should review their privacy policies to determine how they will treat your personal information and whether you are comfortable with that treatment.
37 | 
38 | Event sponsors and exhibitors are required to comply with GitHub’s privacy requirements and all applicable law including protecting Personal Data from unauthorized use, access or disclosure.
39 | 
40 | ## 4. Risk, liability, and indemnity
41 | 
42 | ### Assumption of risk
43 | 
44 | Although we try to create a safe environment at the Event, we cannot guarantee 100% safety for participants. Please do your part to help reduce your chance of being injured at the Event.
45 | 
46 | You agree to carefully consider the risks inherent in any activities you choose to take part in at the Event and to take reasonable precautions before you choose to attend or participate at the Event. You are responsible for your own actions and any resulting consequences. You agree to assume responsibility for your actions and your attendance to the fullest extent permitted by law. GitHub is not responsible for any injuries or accidents that you might sustain at the Event.
47 | 
48 | ### Release of liability
49 | 
50 | You (for yourself, your heirs, personal representatives, or assigns, and anyone else who could make a claim on your behalf) hereby release, waive, discharge and covenant not to sue GitHub and its parent companies, subsidiaries, affiliates, officers, directors, partners, shareholders, members, agents, employees, vendors, sponsors, and volunteers from any and all claims, demands, causes of action, damages, losses, or expenses (including court costs and reasonable attorneys' fees) which may arise out of, result from, or relate in any way to your attendance at the Event. This release will not apply if GitHub is grossly negligent or engages in willful misconduct.
51 | 
52 | ### Indemnity
53 | 
54 | You agree to indemnify and hold GitHub, its parents, subsidiaries, affiliates, officers, directors, employees, agents, and representatives harmless, including costs, liabilities, and legal fees, from any claim or demand made by any third party due to, related to, or connected with your attendance or conduct at the Event.
55 | 
56 | ## 5. Termination
57 | 
58 | GitHub reserves the right to revoke your permission to attend the Event or to otherwise prohibit or limit your attendance at the Event for any or no reason, without notice or liability of any kind. The entirety of Section 4 of these Event Terms will continue to apply if your participation at the Event is terminated.
59 | 
60 | ## 6. Choice of law and venue
61 | 
62 | California law will govern these Event Terms, as well as any claim, cause of action or dispute that might arise between you and GitHub (a "Claim"), without regard to conflict of law provisions. FOR ANY CLAIM BROUGHT BY EITHER PARTY, YOU AGREE TO SUBMIT AND CONSENT TO THE PERSONAL AND EXCLUSIVE JURISDICTION IN, AND THE EXCLUSIVE VENUE OF, THE STATE AND FEDERAL COURTS LOCATED WITHIN SAN FRANCISCO COUNTY, CALIFORNIA.
63 | 
64 | ## 7. Miscellaneous terms
65 | 
66 | You agree that you will not represent yourself as an employee, representative, or agent of GitHub (unless, of course, you are actually employed by GitHub).
67 | 
68 | We reserve the right to cancel the Event or any related event at any time, for any reason, and without liability or prejudice.
69 | 
70 | Any failure by GitHub to exercise or enforce any right or provision of these terms does not constitute a waiver of such right or provision. If any provision of these terms is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that the Event Terms shall otherwise remain in full force and effect and enforceable.
71 | 
72 | The views expressed by any event attendee, speaker, exhibitor, or sponsor are not necessarily those of GitHub. All attendees, speakers, exhibitors, and sponsors are solely responsible for the content of all presentations and any other material used at the Event.
73 | 
74 | GitHub reserves the right to update these Event Terms in its sole discretion and without prior notice. These Event Terms apply to all event participants (attendees, speakers, sponsors, exhibitors, staff, and crew). You are advised to review these Event Terms periodically.
75 | 
76 | These Event Terms were last updated on February 7th 2024.
77 | 


--------------------------------------------------------------------------------
/Policies/github-terms/github-marketplace-terms-of-service.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Marketplace Terms of Service
 3 | redirect_from:
 4 |   - /articles/github-marketplace-terms-of-service
 5 |   - /github/site-policy/github-marketplace-terms-of-service
 6 | versions:
 7 |   fpt: '*'
 8 | topics:
 9 |   - Policy
10 |   - Legal
11 | ---
12 | 
13 | Welcome to GitHub Marketplace ("Marketplace")! We're happy you're here. Please read these Terms of Service ("Marketplace Terms") carefully before accessing or using GitHub Marketplace. GitHub Marketplace is a platform that allows you to select developer apps or actions (for free or for a charge) that can be used with your GitHub.com account ("Developer Products"). Although offered by GitHub, Inc. ("GitHub", "we", "us"), Developer Products may be developed and maintained by either GitHub or by third-party software providers. Your selection or use of Developer Products is subject to these Marketplace Terms and any applicable fees, and may require you to agree to additional terms as provided by the third party licensor of that Developer Product (the "Product Provider"). Your use of GitHub Models is subject to the [GitHub Terms for Additional Products and Features](/site-policy/github-terms/github-terms-for-additional-products-and-features).
14 | 
15 | By using Marketplace, you are agreeing to be bound by these Marketplace Terms.
16 | 
17 | Effective Date: August 1, 2024
18 | 
19 | ## A. GitHub.com's Terms of Service
20 | 
21 | Marketplace is provided by GitHub, and is governed by these Marketplace Terms combined with your main agreement with us — the [GitHub Terms of Service](/site-policy/github-terms/github-terms-of-service) or GitHub Customer Agreement, or the [GitHub Corporate Terms of Service](/site-policy/github-terms/github-corporate-terms-of-service) or other legacy GitHub contract, or a Microsoft volume licensing agreement. If you configure the Developer Products to work with one or more accounts on the GitHub.com website, your use of the Developer Products will also be governed by your applicable GitHub Terms. Any capitalized terms not defined in this document will be defined in your applicable GitHub Terms.
22 | 
23 | You may not use a Developer Product to violate your applicable GitHub Terms. Many of these Developer Products are used exclusively for performing automated tasks. In addition, multiple Users may direct the actions of a Developer Product. However, if you purchase and/or set up a Developer Product on your account, or you are an owner of an account with an integrated Developer Product, then you will be responsible for the Developer Product's actions that are performed on or through your account.
24 | 
25 | ## B. Use Requirements
26 | 
27 | In order to use Marketplace, you must be 13 years of age or older (if you live in the United States; if you live in another country, you must comply with your country's minimum age laws), have a valid GitHub account, and have agreed to your applicable GitHub Terms and these Marketplace Terms.
28 | 
29 | If you are agreeing to these Marketplace Terms on behalf of a company, organization, or other legal entity, you represent that you have the authority to bind that entity, its affiliates, and all users who access the Marketplace on its behalf to these Marketplace Terms. If you do not have authority, you must not accept these Marketplace Terms and you may not use the Marketplace services.
30 | 
31 | ## C. Developer Products and Product Providers
32 | 
33 | If you install and/or purchase a Developer Product, then you are purchasing the Developer Products from GitHub and you are required to make the related payments directly to GitHub. However, you are receiving access to and the rights to use that Developer Product from a Product Provider, not from GitHub (unless it's a GitHub-owned Developer Product). The Product Provider is solely responsible for the Developer Product it provides, the content therein, and any claims that you or any other party may have relating to that Developer Product or your use of that Developer Product.
34 | 
35 | We are not a party to the agreement between you and the Product Provider with respect to that Developer Product. We are not responsible for that Developer Product, the content in it, or any claims that you or any other party may have relating to that Developer Product or your use of that Developer Product. However, we are a third party beneficiary of the agreement between you and the Product Provider for each Developer Product, and we will have the right (and will be deemed to have accepted the right) to enforce that agreement against you as a third party beneficiary.
36 | 
37 | ## D. Payment, Billing Schedule, and Cancellation
38 | 
39 | All payments for Developer Products will go through GitHub. The terms of your payment and fees will be governed by [Section K. Payment](/site-policy/github-terms/github-terms-of-service#k-payment), or the analogous section of your applicable GitHub Terms. By using the Marketplace, you agree to pay GitHub any charge incurred in connection with your purchase of the Developer Product. Each purchase is an electronic contract between you and GitHub, and you and the Product Provider. You are responsible for providing us with a valid means of payment for purchases of Developer Products. If you are only purchasing free Developer Products, you are not required to provide payment information.
40 | 
41 | **Billing Schedule; No Refunds.** Your payment schedule is determined by the payment schedule you chose when you created your GitHub account (e.g. free, monthly, annual). For monthly or yearly payment plans, Marketplace purchases are billed in advance on a monthly or yearly basis respectively and are non-refundable. There will be no refunds or credits for partial months of service, downgrade refunds, or refunds for months unused; however, the service will remain active for the length of the paid billing period. If you would like to cancel the Developer Product services, you can do so by going into your Settings in the global navigation bar at the top of the screen.
42 | 
43 | If you would have a question, concern, or dispute regarding your billing, please contact us through the [GitHub Support portal](https://support.github.com/).
44 | 
45 | ## E. Your Data and GitHub's Privacy Policy
46 | 
47 | **Privacy.** When you select or use a Developer Product, GitHub may share certain Personal Information (as defined in the [GitHub Privacy Statement](/site-policy/privacy-policies/github-privacy-statement)) with the Product Provider (if any such Personal Information is received from you) in order to provide you with the Developer Product, regardless of your privacy settings. Depending on the requirements of the Developer Product you choose, GitHub may share as little as your account name, ID, and primary email address or as much as access to the content in your repositories, including the ability to read and modify your private data. You will be able to view the scope of the permissions the Developer Product is requesting, and accept or deny them, when you grant it authorization via OAuth.
48 | 
49 | If you cease using the Developer Product and revoke access through your account settings, the Product Provider will no longer be able to access your account. The Product Provider is responsible for deleting your Personal Information from its systems within its defined window. Please contact the Product Provider to ensure that your account has been properly terminated.
50 | 
51 | **Data Security and Privacy Disclaimer.** When you select or use a Developer Product, the security of the Developer Product and the custodianship of your data, including your Personal Information (if any), is the responsibility of the Product Provider. You are responsible for understanding the security and privacy considerations of the selection or use of the Developer Product for your own security and privacy risk and compliance considerations.
52 | 
53 | ## F. Rights to Developer Products
54 | 
55 | The rights granted to you to use any Developer Product are personal to you, and are not transferrable to any third parties, such as your end users. Any rights to provide or resell Developer Products to third parties must be granted directly by the Product Provider.
56 | 
57 | ## G. Updates to Developer Products
58 | 
59 | From time to time, GitHub.com may check with remote servers (hosted by GitHub or by third parties) for available updates to Developer Products, including but not limited to bug fixes or enhanced functionality. You agree that such updates will be automatically requested, downloaded, and installed without further notice to you.
60 | 
61 | ## H. Developer Product Blocking
62 | 
63 | GitHub may block a Developer Product from our servers, or disable its functionality, for legal or policy reasons. In the event that we must block or disable a Developer Product, we will work with the Product Provider to notify affected users.
64 | 
65 | ## I. Disclaimer; Limitation of Liability; Release and Indemnification
66 | 
67 | **Disclaimer.** Your use of Marketplace and any Developer Products obtained through Marketplace is at your sole risk. Other than as expressly stated, GitHub provides Marketplace and Developer Products “AS IS” and “AS AVAILABLE.” GitHub does not make or imply any warranties or commitments about Marketplace and Developer Products, including but not limited to the specific functionality available through Marketplace and Developer Products, their reliability, availability, or ability to meet your need.
68 | 
69 | We reserve the right at any time and from time to time to modify or discontinue, temporarily or permanently, Marketplace (or any part of it) with or without notice.
70 | 
71 | **Limitation of Liability.** You understand and agree that GitHub will not be liable to you or any third party for any loss of profits, use, goodwill, or data, or for any incidental, indirect, special, consequential or exemplary damages, however arising, that result from: (i) your use or inability to use Marketplace or any Developer Products; (ii) any modification, price change, suspension or discontinuance of Marketplace or Developer Products; (iii) Marketplace generally or the software or systems that make Marketplace available; (iv) unauthorized access to or alterations of your transmissions or data; (v) statements or conduct of any third party, Product Provider, or Developer Product on Marketplace; (vi) any other user interactions that you input or receive through your use of Marketplace; or (vii) any other matter relating to Marketplace.
72 | 
73 | **Release and Indemnification.** If you have a dispute with one or more Product Providers, you agree to release GitHub from any and all claims, demands and damages (actual and consequential) of every kind and nature, known and unknown, arising out of or in any way connected with such disputes.
74 | 
75 | You agree to indemnify us, defend us, and hold us harmless from and against any and all claims, liabilities, and expenses, including attorneys’ fees, arising out of your use of Marketplace, including but not limited to your violation of these Marketplace Terms, provided that GitHub (1) promptly gives you written notice of the claim, demand, suit or proceeding; (2) gives you sole control of the defense and settlement of the claim, demand, suit or proceeding (provided that you may not settle any claim, demand, suit or proceeding unless the settlement unconditionally releases GitHub of all liability); and (3) provides to you all reasonable assistance, at your expense.
76 | 
77 | ## J. Miscellanea
78 | 
79 | 1. **Governing Law.** You agree that these Marketplace Terms and your use of the Developer Products are governed under California law and any dispute related to the Developer Products must be brought in a tribunal of competent jurisdiction located in or near San Francisco, California.
80 | 
81 | 1. **Non-Assignability.** GitHub may assign or delegate these Marketplace Terms and/or the [GitHub's Privacy Statement](/site-policy/privacy-policies/github-privacy-statement), in whole or in part, to any person or entity at any time with or without your consent. You may not assign or delegate any rights or obligations under the Marketplace Terms or Privacy Statement without our prior written consent, and any unauthorized assignment and delegation by you is void.
82 | 
83 | 1. **Severability, No Waiver, and Survival.** If any part of these Marketplace Terms are held invalid or unenforceable, that portion of the Marketplace Terms will be construed to reflect the parties’ original intent. The remaining portions will remain in full force and effect. The failure of GitHub to exercise or enforce any right or provision of these Marketplace Terms shall not constitute a waiver of such right or provision. Our rights under these Marketplace Terms will survive any termination of these Marketplace Terms.
84 | 
85 | 1. **No Modifications; Complete Agreement.** These Marketplace Terms may only be modified by a written amendment signed by an authorized representative of GitHub, or by the posting by GitHub of a revised version. These Marketplace Terms, together with [GitHub's Privacy Statement](/site-policy/privacy-policies/github-privacy-statement), represent the complete and exclusive statement of the agreement between you and us. These Marketplace Terms supersede any proposal or prior agreement oral or written, and any other communications between you and GitHub relating to the subject matter of these terms.
86 | 
87 | 1. **Section Headings.** Throughout these Marketplace Terms, each section includes titles of the following terms and conditions. These section titles are not legally binding.
88 | 
89 | 1. **License to GitHub Policies.** These Marketplace Terms are licensed under this [Creative Commons Zero license](https://creativecommons.org/publicdomain/zero/1.0/). For details, see our [site-policy repository](https://github.com/github/site-policy#license).
90 | 
91 | 1. **Contact Us.** Questions about the Marketplace Terms? Contact us through the [GitHub Support portal](https://support.github.com/).
92 | 


--------------------------------------------------------------------------------
/Policies/github-terms/github-open-source-applications-terms-and-conditions.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Open Source Applications Terms and Conditions
 3 | redirect_from:
 4 |   - /articles/github-open-source-applications-terms-and-conditions
 5 |   - /github/site-policy/github-open-source-applications-terms-and-conditions
 6 | versions:
 7 |   fpt: '*'
 8 | topics:
 9 |   - Policy
10 |   - Legal
11 | ---
12 | 
13 | These GitHub Open Source Applications Terms and Conditions ("Application Terms") are a legal agreement between you (either as an individual or on behalf of an entity) and GitHub, Inc. regarding your use of GitHub's applications, such as GitHub Desktop™ and associated documentation ("Software"). These Application Terms apply to the executable code version of the Software. Source code for the Software is available separately and free of charge under open source software license agreements. If you do not agree to all of the terms in these Application Terms, do not download, install, use, or copy the Software.
14 | 
15 | ## Connecting to GitHub
16 | 
17 | If you configure the Software to work with one or more accounts on the GitHub.com website or with a deployment of GitHub Enterprise Server, your use of the Software will also be governed by your applicable GitHub.com website Terms of Service and/or the license agreement applicable to your deployment of GitHub Enterprise Server ("GitHub Terms").
18 | 
19 | Any use of the Software that violates your applicable GitHub Terms will also be a violation of these Application Terms.
20 | 
21 | ## Open Source Licenses and Notices
22 | 
23 | The open source license for the Software is included in the "Open Source Notices" documentation that is included with the Software. That documentation also includes copies of all applicable open source licenses.
24 | 
25 | To the extent the terms of the licenses applicable to open source components require GitHub to make an offer to provide source code in connection with the Software, such offer is hereby made, and you may exercise it by contacting GitHub: https://github.com/contact
26 | 
27 | Unless otherwise agreed to in writing with GitHub, your agreement with GitHub will always include, at a minimum, these Application Terms. Open source software licenses for the Software's source code constitute separate written agreements. To the limited extent that the open source software licenses expressly supersede these Application Terms, the open source licenses govern your agreement with GitHub for the use of the Software or specific included components of the Software.
28 | 
29 | ## GitHub's Logos
30 | 
31 | The license grant included with the Software is not for GitHub's trademarks, which include the Software logo designs. GitHub reserves all trademark and copyright rights in and to all GitHub trademarks. GitHub's logos include, for instance, the stylized designs that include "logo" in the file title in the "logos" folder.
32 | 
33 | The names GitHub, GitHub Desktop, GitHub for Mac, GitHub for Windows, the Octocat, and related GitHub logos and/or stylized names are trademarks of GitHub. You agree not to display or use these trademarks in any manner without GitHub's prior, written permission, except as allowed by GitHub's Logos and Usage Policy: https://github.com/logos.
34 | 
35 | ## Privacy
36 | 
37 | The Software may collect personal information. You may control what information the Software collects in the settings panel. If the Software does collect personal information on GitHub's behalf, GitHub will process that information in accordance with the [GitHub Privacy Statement](/site-policy/privacy-policies/github-privacy-statement).
38 | 
39 | ## Additional Services
40 | 
41 | **Auto-Update Services**
42 | 
43 | The Software may include an auto-update service ("Service"). If you choose to use the Service or you download Software that automatically enables the Service, GitHub will automatically update the Software when a new version is available.
44 | 
45 | **Disclaimers and Limitations of Liability**
46 | 
47 | THE SERVICE IS PROVIDED ON AN "AS IS" BASIS, AND NO WARRANTY, EITHER EXPRESS OR IMPLIED, IS GIVEN. YOUR USE OF THE SERVICE IS AT YOUR SOLE RISK. GitHub does not warrant that (i) the Service will meet your specific requirements; (ii) the Service is fully compatible with any particular platform; (iii) your use of the Service will be uninterrupted, timely, secure, or error-free; (iv) the results that may be obtained from the use of the Service will be accurate or reliable; (v) the quality of any products, services, information, or other material purchased or obtained by you through the Service will meet your expectations; or (vi) any errors in the Service will be corrected.
48 | 
49 | YOU EXPRESSLY UNDERSTAND AND AGREE THAT GITHUB SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES (EVEN IF GITHUB HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES) RELATED TO THE SERVICE, including, for example: (i) the use or the inability to use the Service; (ii) the cost of procurement of substitute goods and services resulting from any goods, data, information or services purchased or obtained or messages received or transactions entered into through or from the Service; (iii) unauthorized access to or alteration of your transmissions or data; (iv) statements or conduct of any third-party on the Service; (v) or any other matter relating to the Service.
50 | 
51 | GitHub reserves the right at any time and from time to time to modify or discontinue, temporarily or permanently, the Service (or any part thereof) with or without notice. GitHub shall not be liable to you or to any third-party for any price change, suspension or discontinuance of the Service.
52 | 
53 | ## Miscellanea
54 | 
55 | 1. No Waiver. The failure of GitHub to exercise or enforce any right or provision of these Application Terms shall not constitute a waiver of such right or provision.
56 | 
57 | 1. Entire Agreement. These Application Terms, together with any applicable Privacy Notices, constitutes the entire agreement between you and GitHub and governs your use of the Software, superseding any prior agreements between you and GitHub (including, but not limited to, any prior versions of the Application Terms).
58 | 
59 | 1. Governing Law. You agree that these Application Terms and your use of the Software are governed under California law and any dispute related to the Software must be brought in a tribunal of competent jurisdiction located in or near San Francisco, California.
60 | 
61 | 1. Third-Party Packages. The Software supports third-party "Packages" which may modify, add, remove, or alter the functionality of the Software. These Packages are not covered by these Application Terms and may include their own license which governs your use of that particular package.
62 | 
63 | 1. No Modifications; Complete Agreement. These Application Terms may only be modified by a written amendment signed by an authorized representative of GitHub, or by the posting by GitHub of a revised version. These Application Terms, together with any applicable Open Source Licenses and Notices and GitHub's Privacy Statement, represent the complete and exclusive statement of the agreement between you and us. These Application Terms supersede any proposal or prior agreement oral or written, and any other communications between you and GitHub relating to the subject matter of these terms.
64 | 
65 | 1. License to GitHub Policies. These Application Terms are licensed under this [Creative Commons Zero license](https://creativecommons.org/publicdomain/zero/1.0/). For details, see our [site-policy repository](https://github.com/github/site-policy#license).
66 | 
67 | 1. Contact Us. Questions about the Terms of Service? Contact us through the [GitHub Support portal](https://support.github.com/).
68 | 


--------------------------------------------------------------------------------
/Policies/github-terms/github-pre-release-license-terms.md:
--------------------------------------------------------------------------------
  1 | ---
  2 | title: GitHub Pre-release License Terms
  3 | allowTitleToDifferFromFilename: true
  4 | redirect_from:
  5 |   - /site-policy/github-terms/github-copilot-chat-pre-release-terms
  6 |   - /site-policy/github-terms/github-copilot-pre-release-terms
  7 |   - /site-policy/github-terms/github-copilot-pre-release-license-terms
  8 | versions:
  9 |   fpt: '*'
 10 | topics:
 11 |   - Policy
 12 |   - Legal
 13 | ---
 14 | 
 15 | ## GitHub Pre-release License Terms
 16 | 
 17 | These terms apply to the pre-release software made available to you by GitHub. To the extent there is a conflict between these terms and any other Agreement you have with us, these terms govern.
 18 | 
 19 | ## 1. Pre-Release Software.
 20 | 
 21 |   The software provided is a pre-release version. “Pre-release” means software, online services, and additional products and features that are provided for preview, evaluation, demonstration, or trial purposes, as well as prerelease versions of those such as alpha, beta, or early access versions.
 22 | 
 23 |   Pre-release software may not operate correctly. It may delete your data, corrupt your data, or have other bugs. It also may not work the way a final commercial version of the software will.
 24 | 
 25 |   GitHub may change or discontinue pre-release software at any time, for any reason, without notice to you. GitHub may change the software for the final commercial version, or may not release a commercial version at all. GitHub is not obligated to provide to you any maintenance, technical support, or updates for the software.
 26 | 
 27 | ## 2. Installation and Use Rights.
 28 | 
 29 |   a. **General**. GitHub grants you a limited right to use a non-production instance of the software. You may use any number of copies of the software to develop and test your applications, including deployment within your internal corporate network. You may also use the software in demonstrating your applications.
 30 | 
 31 |   b. **Inclusion of Third-Party Components.** The software may include third-party components with separate legal notices or governed by other agreements, as may be described in a license file accompanying the software.
 32 | 
 33 |   c. **Optional Extensions.** The software may give you the option to download other GitHub and third-party software packages. Any third-party software packages are provided for your convenience only, and are governed by any applicable agreements between you and the third party. GitHub is not responsible or liable for any third-party software.
 34 | 
 35 | ## 3. Scope of License.
 36 | 
 37 |   GitHub reserves all rights not expressly granted to you in these terms, including retaining ownership of all aspects of the pre-release software as well as all related intellectual property rights.
 38 | 
 39 |   Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this Agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not:
 40 | 
 41 |   a. work around any technical limitations in the software;
 42 | 
 43 |   b. reverse engineer, decompile, or disassemble the software, or otherwise attempt to derive the source code for the software, except to the extent required by applicable third party licensing terms governing use of certain open source components that may be included in the software;
 44 | 
 45 |   c. remove, minimize, block, or modify any notices of GitHub or its suppliers in the software;
 46 | 
 47 |   d. share, publish, or lease the software;
 48 | 
 49 |   e. provide the software as a stand-alone offering or combine it with any of your applications for others to use;
 50 | 
 51 |   f. transfer the software or these terms to any third party; or
 52 | 
 53 |   g. use the software to create or propagate malware, or in any way that is against the law
 54 | 
 55 | ## 4. Data Collection and Usage.
 56 | 
 57 |   a. **Consent to Data Collection.** The pre-release software may collect information about you and your use of the software, and send that information to GitHub. GitHub may use this information to provide services, to improve our products and services, or for any other purpose permitted under the GitHub Data Protection Agreement or GitHub Privacy Statement. Your use of the pre-release software operates as your consent to these practices.
 58 | 
 59 |   b. **Use of Collected Data.** GitHub will use collected data for analytics and measurement to understand how our pre-release software and related products are used. The software will collect data and usage information about events generated when interacting with it. These events help us analyze and measure performance and features used. This usage information is used by GitHub and may be shared with affiliates and other third parties to help deliver, develop, evaluate, and improve the software and related products. We analyze data to ensure the pre-release software is working as intended, to evaluate the safety, reliability, and user experience of the software, and to investigate and detect potential abuse. We may combine the information we collect from the pre-release software with other data.
 60 | 
 61 |   c. **Processing of Personal Data.** GitHub is the data controller in relation to the Personal Data processed in connection with the pre-release software.
 62 | 
 63 |   d. **Data Collection by You.** There may be some features in the pre-release software that enable you and GitHub to collect data from users of your applications. If you use these features, you must comply with all applicable laws on data collection, including providing appropriate notices to users of your applications as well as a copy of GitHub’s Privacy Statement. You can learn more about data collection and use in the software documentation.
 64 | 
 65 |   e. **Revocation of Consent to Data Collection.** You may revoke your consent to data collection by the prerelease software by contacting GitHub and requesting removal from the technical preview. Please note that, if you request removal from the preview, you will no longer be able to use the pre-release software.
 66 | 
 67 | ## 5. Updates.
 68 | 
 69 |   You may obtain updates to the pre-release software only from GitHub or GitHub-authorized sources. The software may install automatic updates and download and install them for you. You agree to these automatic updates without any additional notice. Software updates may not include or support all existing software features, platforms, services, or peripheral devices. These updates are generally meant to improve and evolve the software, but they may also change or disable any part of the software, including potentially removing features and services, or revoking support for certain platforms or hardware.
 70 | 
 71 | ## 6. Time-Bound Software.
 72 | 
 73 |   Your use of the pre-release software will end upon any of _(i)_ commercial release of the software, or _(ii)_ at the discretion of GitHub to discontinue the support or development of the software, or _(iii)_ termination of the technical preview by either party. You may not be able to access data used in the software when it stops running.
 74 | 
 75 | ## 7. Feedback.
 76 | 
 77 |   If you give feedback about the pre-release software to GitHub, you give to GitHub the right to use, share, and commercialize your feedback in any way and for any purpose, without payment to you. You agree that you will not give feedback that is subject to any license that would require GitHub to license its software or documentation to third parties if we included your feedback in them.
 78 | 
 79 | ## 8. Communications.
 80 | 
 81 |   By using pre-release software, you agree to be contacted by GitHub and Microsoft regarding your participation in the technical preview, including email request(s) for feedback about the software.
 82 | 
 83 | ## 9. No Warranties.
 84 | 
 85 | You bear the sole risk of using the pre-release software.
 86 | 
 87 |   The pre-release software is licensed “as is” without any warranty of any kind or sort, whether such warranty would be express, implied, or statutory. To the extent permitted under your local laws, GitHub and Microsoft disclaim all warranties in the pre-release software, including implied warranties of merchantability, fitness for a particular purpose, title, quiet enjoyment, accuracy, course of dealing, usage of trade, and non-infringement.
 88 | 
 89 |   Neither GitHub nor Microsoft give any express warranties, guarantees, or commitments about the pre-release software or its quality, reliability, availability, security, or function. The software may contain errors, may delete or corrupt your data, and may have defects or other bugs.
 90 | 
 91 | ## 10. No Indemnity.
 92 | 
 93 |   Neither GitHub nor Microsoft will have any obligation to defend, indemnify, or hold you harmless from any claim against you relating to your use of the pre-release software.
 94 | 
 95 | ## 11. No Uptime Guarantees.
 96 | 
 97 |   The pre-release software is not subject to an uptime guarantee or similar service level agreement. The software may be unavailable or stop working entirely at any time for any reason.
 98 | 
 99 | ## 12. Limitation of Liability.
100 | 
101 |   GitHub’s maximum liability for any claim related to your use of the pre-release software is limited to direct damages up to five hundred dollars ($500.00 USD).
102 | 
103 | ## 13. Compliance with Export Restrictions.
104 | 
105 |   You must comply with all domestic and international export laws and regulations that apply to the pre-release software, including any applicable restrictions on destinations, end users, and end use.
106 | 
107 | ## 14. Confidentiality.
108 | 
109 |   The pre-release software is non-public, confidential information of GitHub. Your use is subject to the confidentiality obligations between you and GitHub in the Agreement.
110 | 
111 |   Please do not _(i)_ disclose or share the software with anyone who is not subject to these terms and a non-disclosure agreement; _(ii)_ post or allow others to post any photos or videos of the pre-release software on or via any online platform, including personal social media websites; or _(iii)_ describe or discuss any part of the software on or via any online platform, unless given advance and express permission by GitHub to do so.
112 | 
113 | ## 15. Nature of Terms for Microsoft Customers.
114 | 
115 |   If you license GitHub through Microsoft, these terms shall be considered an amendment to the Microsoft Product Terms for GitHub Offerings for the duration of your use of the pre-release software.
116 | 


--------------------------------------------------------------------------------
/Policies/github-terms/github-research-program-terms.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Research Program Terms
 3 | redirect_from:
 4 |   - /articles/github-research-program-terms
 5 |   - /github/site-policy/github-research-program-terms
 6 | versions:
 7 |   fpt: '*'
 8 | topics:
 9 |   - Policy
10 |   - Legal
11 | ---
12 | 
13 | Welcome to the GitHub Research Program (the "Program")! To participate, we’ll need you to agree to a special set of terms, the GitHub Research Program Agreement (“Agreement”).
14 | 
15 | This Agreement is a legal agreement between you (“you”, "your") and GitHub, Inc. (“GitHub”, “we”, or “us”). Be sure to read this Agreement carefully – you can only be a Program participant if you accept all the terms of this Agreement. By participating in the Program in any way – for example, by accessing information about GitHub products or services that aren’t yet available to the general public – you’re agreeing to be bound by all the terms of this Agreement.
16 | 
17 | ## A. Your Feedback
18 | 
19 | We’re always trying to improve our products and services, and your feedback as a Program participant will help us do that. If you choose to give us any ideas, know-how, algorithms, code contributions, suggestions, enhancement requests, recommendations or any other feedback for our products or services through the Program (collectively, “Feedback”), then we need the legal rights to use and analyze that information for those purposes. In legalese, that means you grant GitHub a royalty-free, fully paid-up, worldwide, transferable, sub-licensable, irrevocable and perpetual license to implement, use, modify, commercially exploit and/or incorporate the Feedback into our products, services, and documentation.
20 | 
21 | ## B. Confidentiality
22 | 
23 | GitHub may provide you with access to special information that isn’t available to the rest of the world for the purpose of providing feedback to us through the Program (the "Purpose"). Due to the sensitive nature of this information, it’s important for us to make sure that you keep that information secret.
24 | 
25 | You agree that any non-public information we share with you or that you may have access to as a Program participant will be considered GitHub’s confidential information (collectively, “Confidential Information”), regardless of whether it is marked or identified as such. You agree to only use such Confidential Information for the Purpose stated above, and not for any other purpose. You should use the same degree of care as you would with your confidential information but no less than reasonable precautions to prevent any unauthorized use, disclosure, publication, or dissemination of our Confidential Information. You promise not to disclose, publish, or disseminate any Confidential Information to any third party.
26 | 
27 | You understand that unauthorized disclosure or use of our Confidential Information could cause us irreparable harm, and significant injury that may be difficult for us to quantify. Accordingly, you agree that we’ll have the right to seek immediate injunctive relief to make sure you comply with this Agreement, in addition to any other rights and remedies we may have. If you are required by law, regulation or a valid binding order of a court of competent jurisdiction to disclose our Confidential Information, you may do so, but only if you notify us before you do, and do your best to limit such disclosure and to seek confidential, protective treatment of such information.
28 | 
29 | The obligations in this Section 2 won’t apply to information that you can prove: (i) was generally available to the public before we disclosed it to you; (ii) became generally available to the public after we disclosed it to you, through no action or inaction on your part, or on the part of your employees or contractors; (iii) you knew about before we disclosed it to you; (iv) was disclosed to you by a third party, who didn’t have any confidentiality obligations with respect to it; (v) you independently developed without breach of any confidentiality obligation to us or any third party; or (vi) we gave you permission to disclose, in a writing signed by one of our authorized representatives.
30 | 
31 | ## C. Reservation of Rights
32 | 
33 | All Confidential Information remains the sole and exclusive property of GitHub. Neither party acquires any intellectual property rights under this Agreement, unless expressly specified herein.
34 | 
35 | ## D. Privacy
36 | 
37 | By participating in this Program, you consent to our use of your personal information for research purposes, and not for any other purposes. As part of the Program, we may use your personal information to contact you, or retain your information, to contact you at a later date. Personal information does not include aggregated, non-personally identifying information. We may use aggregated or other non-personally identifying information collected through the program to operate, analyze, and improve our products and services.
38 | 
39 | You can withdraw your consent at any time, and request access to or the deletion of the personal information that we hold about you. For more information about how you can access, update, alter, or delete the personal information GitHub collects through the Program, please see the [GitHub Privacy Statement](/site-policy/privacy-policies/github-privacy-statement) or contact us through our {% data variables.contact.contact_privacy %}.
40 | 
41 | ## E. GitHub Services and Software Terms
42 | 
43 | If access to GitHub's services or software are required to participate in certain Program studies or activities, then the applicable services or software agreement will apply to your use of those products (the "Generally Applicable Terms"). In the event of a direct conflict between this Agreement and the Generally Applicable Terms, your Generally Applicable Terms will control, except with respect to any use of Confidential Information (as defined below), in which case this Agreement will control.
44 | 
45 | ## F. Disclaimer of Warranties
46 | 
47 | All Confidential Information and other materials you receive through the Program are provided “as is” and without warranty of any kind. Without limiting this, we expressly disclaim all warranties, whether express, implied or statutory, regarding the Program including without limitation any warranty of merchantability, fitness for a particular purpose, title, security, accuracy and non-infringement.
48 | 
49 | ## G. Limitation of Liability
50 | 
51 | Except as prohibited by law, you understand and agree that we will not be liable to you or any third party for any loss of profits, use, goodwill, or data, or for any incidental, indirect, special, consequential or exemplary damages.
52 | 
53 | Our liability is limited whether or not we have been informed of the possibility of such damages, and even if a remedy set forth in this Agreement is found to have failed of its essential purpose. We will have no liability for any failure or delay due to matters beyond our reasonable control.
54 | 
55 | ## H. Miscellaneous
56 | 
57 | ### 1. Governing Law
58 | 
59 | Except to the extent applicable law provides otherwise, this Agreement between you and GitHub and any access to or use of the Website or the Service are governed by the federal laws of the United States of America and the laws of the State of California, without regard to conflict of law provisions. You and GitHub agree to submit to the exclusive jurisdiction and venue of the courts located in the City and County of San Francisco, California.
60 | 
61 | ### 2. Non-Assignability
62 | 
63 | GitHub may assign or delegate this Agreement, in whole or in part, to any person or entity at any time with or without your consent, including the license grant in Section A. You may not assign or delegate any rights or obligations under this Agreement without our prior written consent, and any unauthorized assignment and delegation by you is void.
64 | 
65 | ### 3. Severability, No Waiver, and Survival
66 | 
67 | If any part of this Agreement is held invalid or unenforceable, that portion of the Agreement will be construed to reflect the parties’ original intent. The remaining portions will remain in full force and effect. Any failure on the part of GitHub to enforce any provision of this Agreement will not be considered a waiver of our right to enforce such provision. Our rights under this Agreement will survive any termination of this Agreement.
68 | 
69 | ### 4. Amendments; Complete Agreement
70 | 
71 | This Agreement may only be modified by a written amendment signed by an authorized representative of GitHub. This Agreement, together with the Generally Applicable Terms and the GitHub Privacy Statement, represent the complete and exclusive statement of the agreement between you and us. This Agreement supersedes any proposal or prior agreement oral or written, and any other communications between you and GitHub relating to the subject matter of these terms including any confidentiality or nondisclosure agreements.
72 | 


--------------------------------------------------------------------------------
/Policies/other-site-policies/github-account-recovery-policy.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Account Recovery Policy
 3 | versions:
 4 |   fpt: '*'
 5 | topics:
 6 |   - 2FA
 7 |   - Policy
 8 |   - Legal
 9 | ---
10 | 
11 | GitHub provides [a number of account recovery methods](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials) including an [automated recovery process](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials#authenticating-with-a-verified-device-ssh-token-or-personal-access-token) if you have lost access to your GitHub.com account. **If you cannot use any of the provided recovery methods, you have permanently lost access to your account.**
12 | 
13 | You can, however, [unlink email addresses](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/unlinking-your-email-address-from-a-locked-account) from a locked account in order to create a new account or use the email on another existing account.
14 | 
15 | ## Can I open a support ticket to recover my account?
16 | 
17 | For security reasons, **GitHub Support will not restore access to accounts with two-factor authentication enabled if you lose your two-factor authentication credentials or lose access to your account recovery methods.** You must use existing [account recovery methods](/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials).
18 | 
19 | GitHub does not support any other means of account recovery, including social or ID verification, by members of GitHub’s staff. This policy is in place to protect your account from unauthorized access through social engineering.
20 | 
21 | ## How can I retrieve my email from a locked account?
22 | 
23 | See [Unlinking your email address from a locked account](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/unlinking-your-email-address-from-a-locked-account).
24 | 
25 | ## How can I remove a payment method from a locked account?
26 | 
27 | Please contact Support to request removal of a payment method from a locked out account. Remember, **GitHub Support will not restore your account** if you lose access to your account recovery methods.
28 | 
29 | ## Can I recover the contents of a user or organization account I lost access to?
30 | 
31 | If you have lost access to a user account, you may [clone](/repositories/creating-and-managing-repositories/cloning-a-repository) or [fork](/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo) any content that is public.
32 | 
33 | If you have lost access to an organization account, you may clone or fork any content that is public and you may be able to request that remaining members of the organization clone or fork any private content.
34 | 
35 | GitHub Support will not recover the contents of a user or organization account that is locked.
36 | 


--------------------------------------------------------------------------------
/Policies/other-site-policies/github-deceased-user-policy.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Deceased User Policy
 3 | versions:
 4 |   fpt: '*'
 5 | topics:
 6 |   - Policy
 7 |   - Legal
 8 | redirect_from:
 9 |   - /github/site-policy/github-deceased-user-policy
10 |   - /github/site-policy/github-terms-and-other-site-policies/github-deceased-user-policy
11 | ---
12 | 
13 | In the event that a GitHub user passes away, we can work with an authorized individual to determine what happens to the account's content.
14 | 
15 | If you are next of kin, a [pre-designated successor](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories), or other authorized individual (which could include a collaborator or business partner) of a deceased user and would like to make a request regarding their account, you can reach out to us through the [GitHub Support portal](https://support.github.com/). In the portal, click **Contact us**, and provide the following information in your message:
16 | 
17 | * Name
18 | * Contact Information
19 | * Name of the deceased account holder
20 | * GitHub username of the deceased account holder
21 | * Your relationship to the deceased account holder (please include whether you have been designated as the account successor on GitHub.com)
22 | * If designated as account successor, the username of your GitHub account
23 | * What action you are seeking (e.g. transfer public repositories, cancel billing on account)
24 | 
25 | Once we have received your request, we may follow up with a request for additional information, such as a copy of your photo identification, copy of the death certificate, and documentation confirming you are authorized to act in relation to the deceased user’s account, to verify that we are properly authorized to process your request.
26 | 
27 | Please note, the information you provide in your request is collected in accordance with our [Privacy Statement](/site-policy/privacy-policies/github-privacy-statement), and we will retain the information only as necessary to comply with our legal obligations and resolve disputes.
28 | 


--------------------------------------------------------------------------------
/Policies/other-site-policies/github-government-takedown-policy.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Government Takedown Policy
 3 | versions:
 4 |   fpt: '*'
 5 | topics:
 6 |   - Policy
 7 |   - Legal
 8 | redirect_from:
 9 |   - /github/site-policy/github-government-takedown-policy
10 |   - /github/site-policy/github-terms-and-other-site-policies/github-government-takedown-policy
11 | ---
12 | 
13 | ## What is this?
14 | 
15 | From time to time, GitHub receives requests from governments to remove content that has been declared unlawful in their local jurisdiction. Although we may not always agree with those laws, we may need to block content if we receive a complete request from a government official so that our users in that jurisdiction may continue to have access to GitHub to collaborate and build software.
16 | 
17 | ## What is a complete government takedown request?
18 | 
19 | <!-- markdownlint-disable GHD034 -->
20 | 
21 | To count as a complete request, a request or notice must
22 | * come from a relevant, official government agency
23 | * identify illegal content
24 | * specify the source of illegality in that jurisdiction (law or court order).
25 | 
26 | ## What happens when we receive a complete takedown request from a government?
27 | 
28 | When we receive a notice from a relevant, official government agency that identifies illegal content and specifies the source of the illegality, we
29 | * notify the affected users of the specific content that allegedly violates the law, and that this is a legal takedown request
30 | * allow the affected users to appeal the decision as part of that notification
31 | * limit the geographic scope of the takedown when possible and include that as part of the notification
32 | * post the official request that led to the takedown in our public [gov-takedowns repository](https://github.com/github/gov-takedowns).
33 | 
34 | <!-- markdownlint-enable GHD034 -->
35 | 
36 | ## Why do we publicly post takedown notices?
37 | 
38 | We are concerned about Internet censorship, and believe that transparency on a specific and ongoing level is essential to good governance. By publicly posting the notices, we can better inform the public about what content is being withheld from GitHub, and why. We post takedown notices to document their potential to chill speech.
39 | 
40 | ## What does it mean if we post a notice in our gov-takedowns repository?
41 | 
42 | It means that we received the notice on the indicated date. It does _not_ mean that the content was unlawful or wrong. It does _not_ mean that the user identified in the notice has done anything wrong. We don't make or imply any judgment about the merit of the claims they make. We post these notices and requests only for informational purposes.
43 | 
44 | ## Government takedowns based on violations of GitHub's Terms of Service
45 | 
46 | In some cases, GitHub receives reports from government officials of violations of GitHub's Terms of Service. We process those violations as we would process a Terms-of-Service violation reported by anyone else. However, we notify the affected users that the report came from a government and, as with any other case, allow them the opportunity to appeal.
47 | 
48 | ## Transparency reporting
49 | 
50 | In addition to posting government takedown notices in our `github/gov-takedowns` repository, we report on them in our transparency report. We also track and report in our transparency report on government takedowns based on violations of GitHub's Terms of Service.
51 | 


--------------------------------------------------------------------------------
/Policies/other-site-policies/github-logo-policy.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Logo Policy
 3 | redirect_from:
 4 |   - /articles/i-m-developing-a-third-party-github-app-what-do-i-need-to-know
 5 |   - /articles/using-an-octocat-to-link-to-github-or-your-github-profile
 6 |   - /articles/github-logo-policy
 7 |   - /github/site-policy/github-logo-policy
 8 |   - /github/site-policy/github-terms-and-other-site-policies/github-logo-policy
 9 | versions:
10 |   fpt: '*'
11 | topics:
12 |   - Policy
13 |   - Legal
14 | ---
15 | 
16 | You can add {% data variables.product.prodname_dotcom %} logos to your website or third-party application in some scenarios. For more information and specific guidelines on logo usage, see the [{% data variables.product.prodname_dotcom %} Logos and Usage page](https://github.com/logos).
17 | 
18 | You can also use an octocat as your personal avatar or on your website to link to your {% data variables.product.prodname_dotcom %} account, but not for your company or a product you're building. {% data variables.product.prodname_dotcom %} has an extensive collection of octocats in the [Octodex](https://octodex.github.com/). For more information on using the octocats from the Octodex, see the [Octodex FAQ](https://octodex.github.com/faq/).
19 | 


--------------------------------------------------------------------------------
/Policies/other-site-policies/github-username-policy.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Username Policy
 3 | redirect_from:
 4 |   - /articles/name-squatting-policy
 5 |   - /articles/github-username-policy
 6 |   - /github/site-policy/github-username-policy
 7 |   - /github/site-policy/github-terms-and-other-site-policies/github-username-policy
 8 | versions:
 9 |   fpt: '*'
10 | topics:
11 |   - Policy
12 |   - Legal
13 | ---
14 | 
15 | GitHub account names are available on a first-come, first-served basis, and are intended for immediate and active use.
16 | 
17 | ## What if the username I want is already taken?
18 | 
19 | Keep in mind that not all activity on GitHub is publicly visible; accounts with no visible activity may be in active use.
20 | 
21 | If the username you want has already been claimed, consider other names or unique variations. Using a number, hyphen, or an alternative spelling might help you identify a desirable username that's still available.
22 | 
23 | ## Trademark Policy
24 | 
25 | If you believe someone's account is violating your trademark rights, you can find more information about making a trademark complaint on our [Trademark Policy](/site-policy/content-removal-policies/github-trademark-policy) page.
26 | 
27 | ## Name Squatting Policy
28 | 
29 | GitHub prohibits account name squatting, and account names may not be reserved or inactively held for future use. Accounts violating this name squatting policy may be removed or renamed without notice. Attempts to sell, buy, or solicit other forms of payment in exchange for account names are prohibited and may result in permanent account suspension.
30 | 


--------------------------------------------------------------------------------
/Policies/privacy-policies/github-candidate-privacy-policy.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Candidate Privacy Policy
 3 | versions:
 4 |   fpt: '*'
 5 | topics:
 6 |   - Policy
 7 |   - Legal
 8 | redirect_from:
 9 |   - /github/site-policy/github-candidate-privacy-policy
10 | ---
11 | 
12 | Effective Date: March 8, 2021
13 | 
14 | This GitHub Candidate Privacy Policy explains what information we collect about you during the application or recruitment process for employment with GitHub, as well as the purposes for which we collect and use that information.
15 | 
16 | For the purposes of this policy:
17 | 
18 | “Candidate” includes applicants and candidates who are part of the GitHub application or recruitment process; and
19 | 
20 | "Candidate Personal Information" refers to any information we collect about one of our Candidates during the application or recruitment process which could, alone or together with other information, personally identify them or otherwise be reasonably linked or connected with them.
21 | 
22 | This policy does not apply to the use of GitHub services, which are covered under our [GitHub Privacy Statement](/site-policy/privacy-policies/github-privacy-statement).
23 | 
24 | ## What Candidate Personal Information do we collect?
25 | 
26 | The Candidate Personal Information we collect, use, and maintain (or “process”) can include the following, but is not limited to:
27 | 
28 | **Identification and contact information**, including your name, email address, phone number, location, GitHub profile, and any other information you provide (such as referrals and references).
29 | 
30 | **National identifiers**, such as your citizenship status, residency and work permit status.
31 | 
32 | **Employment and education history**, such as your resume or CV, cover letter, details of how you heard about the position you are applying for, information about any previous employment at GitHub or affiliates of GitHub, or other information you provide to us in support of an application and/or the application and recruitment process.
33 | 
34 | **Professional or employment information**, including your desired salary or terms related to benefits, willingness to relocate, other job preferences, interview details, reference information and/or information received from background checks (where applicable), and information from publicly available resources (such as your LinkedIn profile or website).
35 | 
36 | **Sensitive or demographic information**, such as your gender, medical or health information, veteran status, or your racial or ethnic origin.
37 | 
38 | ## How do we use the Candidate Personal Information we collect?
39 | 
40 | We use the Candidate Personal Information for the following purposes:
41 |  * To assess your skills, qualifications and interests for employment opportunities with GitHub;
42 |  * To verify the information provided by you or others, including checking your references;
43 |  * To communicate with you about your application and the recruitment process, including informing you of other potential employment opportunities at GitHub;
44 |  * If you were referred, to inform the referrer of the status of your application;
45 |  * If you are offered a position, to prepare your offer letter and conduct a background check (to the extent permitted by applicable law);
46 |  * If you are offered a position and where requested by you, to assist you with obtaining an immigration visa or work permit;
47 |  * To comply with local laws, regulations, legal processes or enforceable government requests; and
48 |  * To prepare and submit reports as required under local laws and regulations;
49 |  * To manage and improve our application and recruitment process (such as making the application process more efficient and improving our diversity practices).
50 | 
51 | ## How do we share your Candidate Personal Information?
52 | 
53 | GitHub will share your Candidate Personal Information with those who have a legitimate business need for it. Whenever we permit a third party to access your Candidate Personal Information, we will make sure the information is used in a manner consistent with this policy. Your Candidate Personal Information may be shared with our affiliates (such as Microsoft) and other third parties (such as vendors) for the following purposes:
54 | 1. In order to carry out the uses of Candidate Personal Information described above;
55 | 1. To enable third parties to provide products or services to us or on our behalf (such as to facilitate the application process or conduct background checks).
56 | 1. To comply with our legal obligations, regulations or contracts, or to respond to a court order, administrative or judicial process (such as subpoena, government audit or search warrant) or, in response to lawful requests by public authorities (such as national security or law enforcement);
57 | 1. As necessary to establish, exercise, or defend against potential or pending litigation;
58 | 1. Where necessary to protect GitHub, your vital interests (such as safety and security), or those of another person; or
59 | 1. With your consent (such to contact your references). It is your responsibility to obtain consent from references before providing their personal information to GitHub.
60 | 
61 | ## Your rights to your Candidate Personal Information
62 | 
63 | In some locations, Candidates may have certain rights under applicable local privacy laws (such as the European General Data Protection Regulation). However, regardless of your location, we provide the same high standard of privacy protection to all of our Candidates around the world.
64 | 
65 | This includes the rights to request access or correct your information, request that your information be deleted, or object to or restrict GitHub from using it for certain purposes.
66 | 
67 | You can make a request to do so by contacting privacy@github.com. We will respond to all requests in accordance with applicable data protection laws.
68 | 
69 | ## How long do we retain your Candidate Personal Information?
70 | 
71 | Candidate Personal Information will be stored for one year after your application to comply with our legal obligations. After that time, we will contact you and ask for your consent to continue to retain your personal information so that we can consider you for any future job opportunities at GitHub.
72 | 
73 | If you are hired for a position at GitHub, we will retain the information provided during the application and recruitment process as part of your employee record.
74 | 
75 | ## Changes to this Policy
76 | 
77 | We may occasionally update this GitHub Candidate Privacy Policy. When we do make changes to this page, we will update the "last updated" date.
78 | 


--------------------------------------------------------------------------------
/Policies/privacy-policies/github-codespaces-privacy-statement.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Codespaces Privacy Statement
 3 | redirect_from:
 4 |   - /github/site-policy/github-codespaces-privacy-policy
 5 |   - /github/site-policy/github-codespaces-privacy-statement
 6 | versions:
 7 |   fpt: '*'
 8 | topics:
 9 |   - Policy
10 |   - Legal
11 | ---
12 | 
13 | Effective Date: August 10, 2021
14 | 
15 | Use of GitHub Codespaces is subject to the [GitHub Privacy Statement](/site-policy/privacy-policies/github-privacy-statement).
16 | 
17 | Activity on github.dev is subject to [GitHub's Beta Previews terms](/site-policy/github-terms/github-terms-of-service#j-beta-previews)
18 | 
19 | ## Using {% data variables.product.prodname_vscode %}
20 | 
21 | GitHub Codespaces and github.dev allow for use of {% data variables.product.prodname_vscode %} in the web browser. When using {% data variables.product.prodname_vscode_shortname %} in the web browser, some telemetry collection is enabled by default and is [explained in detail on the {% data variables.product.prodname_vscode_shortname %} website](https://code.visualstudio.com/docs/configure/telemetry). Users can opt out of telemetry by going to File > Preferences > Settings under the top left menu.
22 | 
23 | If a user chooses to opt out of telemetry capture in {% data variables.product.prodname_vscode_shortname %} while inside of a codespace as outlined, this will sync the disable telemetry preference across all future web sessions in GitHub Codespaces and github.dev.
24 | 


--------------------------------------------------------------------------------
/Policies/privacy-policies/github-cookies.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Cookies
 3 | redirect_from:
 4 |   - /github-tracking
 5 |   - /github-cookies
 6 | versions:
 7 |   fpt: '*'
 8 | topics:
 9 |   - Policy
10 |   - Legal
11 | ---
12 | 
13 | GitHub uses cookies to provide and secure our websites, as well as to analyze the usage of our websites, in order to offer you a great user experience. Please take a look at our [Privacy Statement](/site-policy/privacy-policies/github-privacy-statement#our-use-of-cookies-and-tracking) if you’d like more information about cookies, and on how and why we use them.
14 | 
15 | You can view the current list of cookies on GitHub, and sign up to receive cookie list updates, at [https://github.com/privacy/cookies](https://github.com/privacy/cookies).
16 | 
17 | If you have questions or concerns about a new subprocessor, please contact us via {% data variables.contact.contact_privacy %}.
18 | 


--------------------------------------------------------------------------------
/Policies/privacy-policies/github-subprocessors.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Subprocessors
 3 | redirect_from:
 4 |   - /subprocessors
 5 |   - /github-subprocessors
 6 |   - /articles/github-subprocessors-and-cookies
 7 |   - /github/site-policy/github-subprocessors-and-cookies
 8 |   - /site-policy/privacy-policies/github-subprocessors-and-cookies
 9 | versions:
10 |   fpt: '*'
11 | topics:
12 |   - Policy
13 |   - Legal
14 | ---
15 | 
16 | GitHub defines customer data as all data provided by the customer to GitHub through their use of GitHub services. Some customer data is personal data as defined under GDPR.
17 | 
18 | The GitHub Subprocessor List identifies subprocessors authorized to subprocess customer or personal data on behalf of GitHub to provide services to our Enterprise customers. This list is applicable for all GitHub services governed by the [GitHub Data Protection Agreement](https://github.com/customer-terms/github-data-protection-agreement).
19 | 
20 | GitHub publishes the names of any new subprocessors for its online services at least 30 days in advance of the subprocessor’s authorization to perform services that may involve access to customer data or personal data.
21 | 
22 | To receive notifications of updates to this Subprocessor list, please follow the instructions provided in [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/about-notifications).
23 | 
24 | If you have questions about this list, please contact us at <privacy@github.com>.
25 | 
26 | ## Third Party Subprocessors
27 | 
28 | | Name of Subprocessor        | Description of Processing                                                      | Location of Processing  | Corporate Location |
29 | | --------------------------- | ------------------------------------------------------------------------------ | ----------------------- | ------------------ |
30 | | Amazon Web Services Inc (AWS)   | Cloud Hosted Infrastructure, Data Hosting, AI Inference and AI Services        | United States                                     | United States      |
31 | | Anthropic PBC                   | AI Inference and AI Services                                                   | United States                                     | United States      |
32 | | Cloudflare                      | Content delivery service                                                       | United States                                     | United States      |
33 | | Fastly                          | Content delivery service                                                       | United States                                     | United States      |
34 | | Google Cloud Platform (GCP)     | Cloud Hosted Infrastructure, AI Inference and AI Services                      | United States, Belgium, Singapore                            | United States      |
35 | | Microsoft (Azure)               | Cloud Hosted Infrastructure, Data Hosting, AI Inference and AI Services        | United States                                     | United States      |
36 | | Microsoft (Azure)               | Cognitive Services and customer support ticketing analysis                     | United States                                     | United States      |
37 | | Microsoft                       | Technical Services                                                             | Australia, Brazil, Canada, France, Japan, Norway, Spain, Sweden, Switzerland, United Kingdom, United States | United States      |
38 | | Moveworks                       | Customer support ticketing analysis                                            | United States                                     | United States      |
39 | | NexMo Inc (aka Vonage)          | SMS notification provider for 2 Factor Authentication                          | United States                                     | United States      |
40 | | Obsidian Security               | Security management                                                            | United States                                     | United States      |
41 | | OpenAI                          | AI Inference and AI Services                                                   | United States                                     | United States      |
42 | | Pusher                          | Building and managing real-time infrastructure for web and mobile applications | United States                                     | United States      |
43 | | Twilio     (SendGrid)           | SMS notification provider for 2 Factor Authentication                          | United States                                     | United States      |
44 | | VividCortex                     | Monitor database performance, efficiency, and uptime                           | United States                                     | United States      |
45 | | Zendesk                         | Customer support ticketing system                                              | United States                                     | United States      |
46 | 
47 | ## GitHub Subsidiaries
48 | 
49 | | Name of Subprocessor        | Description of Processing                                                      | Location of Processing  | Corporate Location |
50 | | --------------------------- | ------------------------------------------------------------------------------ | ----------------------- | ------------------ |
51 | | GitHub Australia Pty Ltd    | GitHub Subsidiary                                                              | Australia                                         | Australia          |
52 | | GitHub BV                   | GitHub Subsidiary                                                              | Netherlands                                       | Netherlands        |
53 | | GitHub Canada ULC           | GitHub Subsidiary                                                              | Canada                                            | Canada             |
54 | | GitHub Germany GmbH         | GitHub Subsidiary                                                              | Germany                                           | Germany            |
55 | | GitHub India Pty Ltd        | GitHub Subsidiary                                                              | India                                             | India              |
56 | | npm Inc 	                  | GitHub Subsidiary	                                                             | United States	                                   | United States      |
57 | | Semmle Inc	                | GitHub Subsidiary	                                                             | United States	                                   | United States      |
58 | 


--------------------------------------------------------------------------------
/Policies/security-policies/coordinated-disclosure-of-security-vulnerabilities.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: Coordinated Disclosure of Security Vulnerabilities
 3 | redirect_from:
 4 |   - /responsible-disclosure
 5 |   - /coordinated-disclosure
 6 |   - /articles/responsible-disclosure-of-security-vulnerabilities
 7 |   - /github/site-policy/responsible-disclosure-of-security-vulnerabilities
 8 |   - /github/site-policy/coordinated-disclosure-of-security-vulnerabilities
 9 | versions:
10 |   fpt: '*'
11 | topics:
12 |   - Policy
13 |   - Legal
14 | ---
15 | We want to keep GitHub safe for everyone. If you've discovered a security vulnerability in GitHub, we appreciate your help in disclosing it to us in a coordinated manner.
16 | 
17 | ## Bounty Program
18 | 
19 | Like several other large software companies, GitHub provides a bug bounty to better engage with security researchers. The idea is simple: hackers and security researchers (like you) find and report vulnerabilities through our coordinated disclosure process. Then, to recognize the significant effort that these researchers often put forth when hunting down bugs, we reward them with some cold hard cash.
20 | 
21 | Check out the [GitHub Bug Bounty](https://bounty.github.com) site for bounty details, review our comprehensive [Legal Safe Harbor Policy](/site-policy/security-policies/github-bug-bounty-program-legal-safe-harbor) terms as well, and happy hunting!
22 | 


--------------------------------------------------------------------------------
/Policies/security-policies/github-bug-bounty-program-legal-safe-harbor.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: GitHub Bug Bounty Program Legal Safe Harbor
 3 | redirect_from:
 4 |   - /articles/github-bug-bounty-program-legal-safe-harbor
 5 | versions:
 6 |   fpt: '*'
 7 | topics:
 8 |   - Policy
 9 |   - Legal
10 | ---
11 | 
12 | ## Summary
13 | 
14 | 1. We want you to coordinate disclosure through our bug bounty program, and don't want researchers put in fear of legal consequences because of their good faith attempts to comply with our bug bounty policy. We cannot bind any third party, so do not assume this protection extends to any third party. If in doubt, ask us before engaging in any specific action you think _might_ go outside the bounds of our policy.
15 | 1. Because both identifying and non-identifying information can put a researcher at risk, we limit what we share with third parties. We may provide non-identifying substantive information from your report to an affected third party, but only after notifying you and receiving a commitment that the third party will not pursue legal action against you. We will only share identifying information (name, email address, phone number, etc.) with a third party if you give your written permission.
16 | 1. If your security research as part of the bug bounty program violates certain restrictions in our site policies, the safe harbor terms permit a limited exemption.
17 | 
18 | ## 1. Safe Harbor Terms
19 | 
20 | To encourage research and coordinated disclosure of security vulnerabilities, we will not pursue civil or criminal action, or send notice to law enforcement for accidental or good faith violations of this policy. We consider security research and vulnerability disclosure activities conducted consistent with this policy to be “authorized” conduct under the Computer Fraud and Abuse Act, the DMCA, and other applicable computer use laws such as Cal. Penal Code 502(c). We waive any potential DMCA claim against you for circumventing the technological measures we have used to protect the applications in this bug bounty program's scope.
21 | 
22 | Please understand that if your security research involves the networks, systems, information, applications, products, or services of a third party (which is not us), we cannot bind that third party, and they may pursue legal action or law enforcement notice. We cannot and do not authorize security research in the name of other entities, and cannot in any way offer to defend, indemnify, or otherwise protect you from any third party action based on your actions.
23 | 
24 | You are expected, as always, to comply with all laws applicable to you, and not to disrupt or compromise any data beyond what this bug bounty program permits.
25 | 
26 | Please contact us before engaging in conduct that may be inconsistent with or unaddressed by this policy. We reserve the sole right to make the determination of whether a violation of this policy is accidental or in good faith, and proactive contact to us before engaging in any action is a significant factor in that decision. If in doubt, ask us first!
27 | 
28 | ## 2. Third Party Safe Harbor
29 | 
30 | If you submit a report through our bug bounty program which affects a third party service, we will limit what we share with any affected third party. We may share non-identifying content from your report with an affected third party, but only after notifying you that we intend to do so and getting the third party's written commitment that they will not pursue legal action against you or initiate contact with law enforcement based on your report. We will not share your identifying information with any affected third party without first getting your written permission to do so.
31 | 
32 | Please note that we cannot authorize out-of-scope testing in the name of third parties, and such testing is beyond the scope of our policy. Refer to that third party's bug bounty policy, if they have one, or contact the third party either directly or through a legal representative before initiating any testing on that third party or their services. This is not, and should not be understood as, any agreement on our part to defend, indemnify, or otherwise protect you from any third party action based on your actions.
33 | 
34 | That said, if legal action is initiated by a third party, including law enforcement, against you because of your participation in this bug bounty program, and you have sufficiently complied with our bug bounty policy (i.e. have not made intentional or bad faith violations), we will take steps to make it known that your actions were conducted in compliance with this policy. While we consider submitted reports both confidential and potentially privileged documents, and protected from compelled disclosure in most circumstances, please be aware that a court could, despite our objections, order us to share information with a third party.
35 | 
36 | ## 3. Limited Waiver of Other Site Policies
37 | 
38 | To the extent that your security research activities are inconsistent with certain restrictions in our [relevant site policies](/site-policy) but consistent with the terms of our bug bounty program, we waive those restrictions for the sole and limited purpose of permitting your security research under this bug bounty program. Just like above, if in doubt, ask us first!
39 | 


--------------------------------------------------------------------------------
/Policies/security-policies/github-sirt-description-rfc-2350.md:
--------------------------------------------------------------------------------
  1 | ---
  2 | title: GitHub SIRT description RFC 2350
  3 | versions:
  4 |   fpt: '*'
  5 | topics:
  6 |   - Policy
  7 |   - Legal
  8 | ---
  9 | <!-- markdownlint-disable search-replace -->
 10 | 
 11 | ## 1. Document Information
 12 | 
 13 | TLP:CLEAR
 14 | 
 15 | ### 1.1 Date of Last Update
 16 | 
 17 | Version 1.01, updated 2025-01-30.
 18 | 
 19 | ### 1.2 Distribution List for Notifications
 20 | 
 21 | There is no distribution list for changes to this document.
 22 | 
 23 | ### 1.3 Locations where this Document May Be Found
 24 | 
 25 | The current version of this document may be found at:
 26 | 
 27 | https://docs.github.com/site-policy/security-policies/github-sirt-description-rfc-2350
 28 | 
 29 | ## 2. Contact Information
 30 | 
 31 | ### 2.1 Name of the Team
 32 | 
 33 | GitHub Security Incident Response Team (SIRT)
 34 | 
 35 | Subteams:
 36 | 
 37 | * Corporate Security Incident Response Team (CSIRT)
 38 | * Product Security Incident Response Team (PSIRT)
 39 | * Bug Bounty
 40 | 
 41 | ### 2.2 Address
 42 | 
 43 | GitHub SIRT
 44 | 88 Colin P. Kelly Jr. St.
 45 | San Francisco, CA 94107
 46 | United States
 47 | 
 48 | ### 2.3 Time Zone
 49 | 
 50 | Our team mainly works in the contiguous United States and keeps to these hours:
 51 | 
 52 | * EST/EDT
 53 | * CST/CDT
 54 | * MST/MDT
 55 | * PST/PDT
 56 | 
 57 | ### 2.4 Telephone Number
 58 | 
 59 | None available.
 60 | 
 61 | ### 2.5 Facsimile Number
 62 | 
 63 | None available.
 64 | 
 65 | ### 2.6 Other Telecommunication
 66 | 
 67 | None available.
 68 | 
 69 | ### 2.7 Electronic Mail Address
 70 | 
 71 | security(at)github(dot)com
 72 | 
 73 | This relays email to the human(s) on duty for GitHub SIRT.
 74 | 
 75 | ### 2.8 Public Keys and Encryption Information
 76 | 
 77 | GitHub SIRT has a PGP public key:
 78 | 
 79 | * Key ID: `78DCCCE9923E5CFB3CAA5D5AB79DBDA3BE944D9E`
 80 | * Key expiry: `2025-09-12`
 81 | 
 82 | ```text
 83 | -----BEGIN PGP PUBLIC KEY BLOCK-----
 84 | 
 85 | mDMEZQHKOxYJKwYBBAHaRw8BAQdAzvtu6OfJTspbWTVVU2uDeljmfEr1qYkvD25w
 86 | NKB2twq0JUdpdEh1YiBTZWN1cml0eSA8c2VjdXJpdHlAZ2l0aHViLmNvbT6ImQQT
 87 | FgoAQRYhBHjczOmSPlz7PKpdWredvaO+lE2eBQJlAco7AhsDBQkDwmcABQsJCAcC
 88 | AiICBhUKCQgLAgQWAgMBAh4HAheAAAoJELedvaO+lE2e1voA/31lJyof7nWI1Mxs
 89 | x3MHhwp5sFh2P/pFucuNKb7ciwMMAQCCAk39cSFs2WWw8aZC7lqXNJcFiMn0r+wm
 90 | i6I3pWjiA7g4BGUByjsSCisGAQQBl1UBBQEBB0C0jKXWh6G8atXCJi2xsy71+NzX
 91 | 0Y2WN8yj3f59MGHYfAMBCAeIfgQYFgoAJhYhBHjczOmSPlz7PKpdWredvaO+lE2e
 92 | BQJlAco7AhsMBQkDwmcAAAoJELedvaO+lE2eozABAIbzLwvaACiKFzXYjp9Zpenv
 93 | GEHeqggLGzHpEheyoBMkAP96NI0kzYvj+zhJZ/4Y3TIDZaOD8OXezwia9E2Bxf5O
 94 | Aw==
 95 | =4+TC
 96 | -----END PGP PUBLIC KEY BLOCK-----
 97 | ```
 98 | 
 99 | ### 2.9 Team Members
100 | 
101 | The list of team members is not publicly available.
102 | 
103 | ### 2.10 Other Information
104 | 
105 | None available.
106 | 
107 | ### 2.11 Points of Customer Contact
108 | 
109 | Vulnerabilities should be reported to our bug bounty program:
110 | 
111 | https://bounty.github.com
112 | 
113 | GitHub customers should contact their account manager or GitHub Support for first level support and escalations:
114 | 
115 | https://support.github.com
116 | 
117 | Other security related communications can be directed to our email address detailed in Section 2.7.
118 | 
119 | ## 3. Charter
120 | 
121 | ### 3.1 Mission Statement
122 | 
123 | GitHub is committed to maintaining the confidentiality, integrity, and availability of both its platform and the intellectual property and personal information of its users, customers, and employees. In order to ensure these principles are upheld, GitHub maintains robust vulnerability management, incident response, and threat hunting capabilities.
124 | 
125 | ### 3.2 Constituency
126 | 
127 | Our constituency is any individual or organization that uses a GitHub product or service, as well as GitHub employees, contractors, and GitHub Inc.
128 | 
129 | Some examples of GitHub products and services are:
130 | 
131 | * GitHub.com
132 | * GitHub Enterprise Server
133 | * GitHub Actions
134 | * GitHub Desktop
135 | * GitHub CLI
136 | * GitHub API
137 | * npm <!-- markdownlint-disable-line GHD034 -->
138 | 
139 | ### 3.3 Sponsorship and/or Affiliation
140 | 
141 | GitHub SIRT is a team within GitHub. Funding is provided by GitHub.
142 | 
143 | ### 3.4 Authority
144 | 
145 | GitHub SIRT operates under the authority of the Chief Information Security Officer of GitHub.
146 | 
147 | ## 4. Policies
148 | 
149 | ### 4.1 Types of Incidents and Level of Support
150 | 
151 | GitHub SIRT is authorized to address all types of computer security incidents which occur, or threaten to occur, within its constituency.
152 | 
153 | The level of support depends on the type and severity of the given security incident, the number of affected entities within our constituency, and our resources at the time.
154 | 
155 | ### 4.2 Co-operation, Interaction and Disclosure of Information
156 | 
157 | GitHub SIRT takes every effort to safely and securely share information with affected parties during incident response situations while respecting the privacy and trust of our constituents.
158 | 
159 | ### 4.3 Communication and Authentication
160 | 
161 | GitHub SIRT makes use of the Traffic Light Protocol (TLP) for information sharing.
162 | 
163 | Email is the preferred method of communication. All sensitive information should be encrypted using the GitHub SIRT PGP key (as detailed in Section 2.8) prior to sending.
164 | 
165 | ## 5. Services
166 | 
167 | ### 5.1 Incident Response
168 | 
169 | GitHub SIRT is responsible for incident response internally at GitHub where at least one member of the constituency is affected.
170 | 
171 | GitHub SIRT does not provide incident response services for customers. Every effort is made to provide timely and accurate information during security incidents to affected customers so they can conduct their own investigations and respond appropriately. See section 2.11 for customer points of contact.
172 | 
173 | #### 5.1.1 Incident Triage
174 | 
175 | GitHub SIRT carries out the following activities for incident triage:
176 | 
177 | * Security signals are collected and interpreted to determine risk, severity, and priority.
178 | * Investigation as to whether an incident occurred and what its effect and impact was.
179 | 
180 | This list is not exhaustive.
181 | 
182 | #### 5.1.2 Incident Coordination
183 | 
184 | GitHub SIRT carries out the following activities for incident coordination:
185 | 
186 | * Situational awareness and analysis for stakeholders such as engineering, legal, and support teams.
187 | * Command role with authority to direct resources as required.
188 | * External coordination with affected or involved third-parties.
189 | 
190 | This list is not exhaustive.
191 | 
192 | #### 5.1.3 Incident Resolution
193 | 
194 | GitHub SIRT carries out the following activities for incident resolution:
195 | 
196 | * Engages relevant internal teams to eradicate, restore, and secure.
197 | * Collection and storage of evidence for internal use as well as potential law enforcement involvement.
198 | * Notification to affected constituents.
199 | * Postmortem authoring with lessons learned and post-incident repair items.
200 | 
201 | This list is not exhaustive.
202 | 
203 | ### 5.2 Proactive Activities
204 | 
205 | GitHub SIRT develops, maintains, and operates threat hunting and detection tools and techniques to proactively identify risks and threats.
206 | 
207 | Work is also done on education, preparation, workflow development, and community outreach.
208 | 
209 | ## 6. Incident Reporting Forms
210 | 
211 | None available. Please review Section 2.11 for reporting guidance.
212 | 
213 | ## 7. Disclaimers
214 | 
215 | While every precaution will be taken in the preparation of information, notifications and alerts, GitHub SIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.
216 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## Site Policy on GitHub
 2 | The universe of policies and procedures that govern the use of GitHub, open-sourced for your use and inspiration. We created this repository as a place for people to fork, contribute to, and provide feedback on our policies. While this is our official repo of open-sourced policies, it may not reflect the exact policies that are live on GitHub because this site is updated separately from the Help site.
 3 | 
 4 | ### What can I do here?
 5 | 
 6 | #### First, you can use and adapt our policies!
 7 | 
 8 | We are proud to offer the policies in this repository under [CC0-1.0](#license). That means that if any of them are useful to you, even in part, you're welcome to use them, without restriction. Of course, keep in mind that we wrote these policies as they apply to GitHub, so you'll need to make sure the content applies to what you're using it for, and adapt it as appropriate. See the [license section](#license) for use guidelines.
 9 | 
10 | Because we are providing these policies to our community, we believe it is only responsible to also provide the history and insight that a repository of commits, pull requests, and issues can offer. Over time, the repository's commits, pull requests, and issues will allow anyone wanting to use our policies to see the discussions and alterations that have gone into them.
11 | 
12 | #### Second, you can contribute to making our policies even better.
13 | 
14 | We host collaborative development on GitHub's site policies, procedures, and guidelines here. That means you’re welcome to provide feedback via a pull request or by opening an issue. When opening an issue, please look over the [Contribution Guidelines](CONTRIBUTING.md). This will help us respond to your concern more quickly.
15 | 
16 | ### That seems like great power! What about the great responsibility?
17 | 
18 | That's easy: just be responsible. Follow our [Code of Conduct](CODE_OF_CONDUCT.md), and help us maintain a respectful environment for all contributors.
19 | 
20 | #### There are a few things you should _not_ post in this repository:
21 | 
22 | - Please don't post legal complaints or ask for technical support. We may not respond to issues promptly. If you need help, [contact Support](https://github.com/contact) and they'll get you an answer.
23 | -	Please avoid hypotheticals. We can't give you legal advice, which means we often can't tell you if a hypothetical situation would or wouldn't be a violation of our policies. We also can't tell you what you should or shouldn't do. We can tell you how we interpret our policies.
24 | - Please don't give other users legal advice, to avoid confusion.
25 | 
26 | ### How often will GitHub review these policies?
27 | 
28 | We continually review and modify the policies in this repository. Our review and modification process allows for discussion about upcoming changes before they go into effect and lets our community rely on our policies. Of course, GitHub may alter our policies outside that schedule if necessary, such as when we have new product releases.
29 | 
30 | #### What's the process? 
31 | 
32 | Policies will be open for [discussion and feedback](CONTRIBUTING.md) throughout the year. You can expect that someone from GitHub's legal department will see your feedback, but we might not respond immediately. If you need an immediate answer on a legal matter, [contact Support](https://github.com/contact).
33 | 
34 | When _we_ open a pull request, in most cases, we'll leave it open for 24 hours before the changes go into effect. Comments on and review of our pull requests are welcome, just like in any open source project. For material changes to our [Privacy Statement](https://docs.github.com/github/site-policy/github-privacy-statement#changes-to-our-privacy-statement) or [Terms of Service](https://docs.github.com/github/site-policy/github-terms-of-service#q-changes-to-these-terms) (including our Acceptable Use Policies), we'll post the updates 30 days before they go into effect, as stated in those docs. (We had previously applied a 30-day comment period for most docs in this repo but found that we tend to get feedback soon after we post the changes and were unnecessarily delaying ships.)
35 | 
36 | For those who are following this repository, the posting of the updated policy will provide a notice of any modifications to the policy. Please note, links will not resolve in the rendering of the policies in this repository.
37 | 
38 | ## License
39 | 
40 | [CC0-1.0](LICENSE.md). Note that CC0-1.0 does not grant any trademark permissions.
41 | 
42 | You're under no legal obligation to do so, but in the spirit of transparency and collaboration these policies are developed and shared with, you're encouraged to:
43 | 
44 | - Share your adapted policies under CC0-1.0 or other open terms
45 | - Make your adaptations transparent by using a public repo to show changes you've made
46 | - [Let us know](CONTRIBUTING.md#help-wanted) how you're using adapted policies
47 | 
48 | ## The official legal disclaimer part:
49 | 
50 | - The information in this repository is for informational purposes only and is not intended to convey or constitute legal advice. It is not intended as a solicitation, and your use of this information does not create an attorney-client relationship between you and GitHub. GitHub is not a law firm. (You know that, though, right?)
51 | - These policies and procedures may not suit your organization's needs. Please consult a lawyer if you want to adopt these policies for your own uses.
52 | 


--------------------------------------------------------------------------------