Legal & Corporate Affairs

Information regarding the Legal & Corporate Affairs Team

Welcome to the Legal and Corporate Affairs Handbook! Use this page to learn more about our team, GitLab policies, and shared processes. Visit the sub-team pages linked below for more detailed information and procedures.

How to Reach Us

For quick questions that do not require legal advice, deliverables, or any discussion of confidential information, you can reach out to the GitLab Legal and Corporate Affairs Team in Slack at #legal. We find this channel best for questions regarding process, who handles what, or how to find certain things if the handbook has not yielded the right result for you after searching. #legal is not a private channel, so your inquiry will be visible to the entire company. One of our Team Members will do their best to answer your question in a timely fashion.

To open a general Legal Issue for questions related to deliverables and non-sensitive information, use this template. See the Legal Issue Tracker Workflow for more information.

For sensitive, private, or confidential requests, email legal_internal@gitlab.com.

Anonymous Internal Ethics and Compliance Reporting

We take employee concerns very seriously and encourage all GitLab Team Members to report any ethics and/or compliance violations by using EthicsPoint. Further details can be found in the People Group Handbook under How to Report Violations and in our Code of Business Conduct and Ethics.

Commercial

The Commercial Legal Team works with our Sales and Partnership Team Members to deliver GitLab software and services. In addition, this team is responsible for reviewing and approving all agreements with regards to the procurement of goods and services. Resources include the Sales Guide: Collaborating with GitLab Legal, Procurement Guide, and other resources which provide how best to engage the Commercial Team, as well as assist in efficiently reaching terms with our vendors, customers and partners, including negotiating terms and providing business and legal recommendations.

For all questions or requests related to a specific Partner and/or Customer, including non-standard NDA requests, contract review / negotiations and general legal questions, please open a Legal Request in SFDC.

For matters opened in GitLab Issues that require the Commercial Legal Team’s attention, follow the GitLab Commercial Legal labeling instructions to notify the team.

Corporate

The Corporate Team supports the compliance and corporate functions of GitLab, which includes regulatory filings with the U.S. Securities and Exchange Commission, review of internal and external communications with respect to GitLab’s SAFE Framework, review and preparation of board and committee materials, general corporate and governance matters, as well as compliance and corporate governance matters for GitLab’s direct and indirect wholly owned international and domestic subsidiaries.

Corporate Development

The Corporate Development Team prospects, pursues and integrates acquisitions to accelerate GitLab’s roadmap and offer better tools to customers more quickly. For information about GitLab’s acquisition strategy and approach, visit the Acquisitions Handbook.

Employment

The Employment Legal Team collaborates with GitLab People Group on a broad range of matters across the entire arc of the employment relationship, from recruiting to onboarding, compensation, performance management, leave management, separation, and where necessary, litigation.

Environment, Social, and Governance (ESG)

The ESG Team creates and maintains GitLab’s Corporate Sustainability strategy and programs. This includes ESG disclosures and public ESG reporting, identifying and prioritizing key issues to advance GitLab’s social and environmental goals, and creating partnerships with non-profit organizations that support GitLab’s values and mission.

Operations

Legal Operations supports Legal & Corporate Affairs processes with a focus on defining and driving initiatives that improve the team’s efficiency and effectiveness. Operations also includes Legal’s Procurement function, which reviews purchases made to ensure adequate terms are present for GitLab.

Privacy, Product, and Trade Compliance

The Privacy, Product and Trade Compliance Team collaborates with all GitLab teams including engineering, security, product, and marketing to provide guidance and direction in a broad range of matters relating to data privacy, open source licensing, intellectual property protection and export compliance.

Risk Management and Dispute Resolution

The Risk Management and Dispute Resolution team addresses dispute resolution across a wide range of topics, including active claims and disputes, external and internal investigations, subpoenas, and third-party discovery requests. RMDR also coordinates and collaborates cross-functionally with various GitLab teams to address, manage and mitigate company risk.

GitLab Policies

*Only available to GitLab Team Members.

Authorization Matrix

The Authorization Matrix designates who is authorized to sign legal documents. Only GitLab Team Members with signature authority can execute agreements on behalf of GitLab.

Non-Disclosure Agreements

Follow the Non-Disclosure Agreement Process to learn how to send an NDA in DocuSign or request an NDA if you do not have DocuSign access.

Note that this process is only for standard GitLab NDAs. In the event a non-standard NDA is needed, follow the steps here.

What is a legal hold?

A legal hold is the process GitLab uses to preserve all forms of relevant evidence, whether it be emails, instant messages, physical documents, handwritten or typed notes, voicemails, raw data, backup tapes, and any other type of information that could be relevant to an investigation, pending or imminent litigation or when litigation is reasonably anticipated. Legal holds are imperative in preventing spoliation (destruction, deletion, or alteration) of evidence which can have a severely negative impact on a company’s case, including leading to sanctions. Once GitLab becomes aware of an investigation or potential litigation, a GitLab attorney will provide notice to the impacted team members, instructing them not to delete or destroy any information relating to the subject matter of the investigation or potential litigation. The legal hold applies to paper and electronic documents. During a legal hold, all retention policies must be overridden.

Freedom of Information Act Requests

What is a Freedom of Information Act (FOIA) request?

The Freedom of Information Act (“FOIA”) provides public access to all United States federal agency records except for those records (or portions of those records) that are protected from disclosure by any of nine exemptions or three exclusions (reasons for which an agency may withhold records from a requestor). Occasionally the records of a federal agency under a FOIA request may include GitLab records in the possession of the agency (i.e. when the agency is a customer of GitLab). In such an event, the federal agency will notify GitLab of the FOIA request and provide GitLab with the documents that the federal agency intends to release in response to the FOIA request. A GitLab legal team member will review the list and content of the documents identified by the federal agency pursuant to the FOIA request and will provide the appropriate response and/or make redactions to those documents, as necessary, prior to their release.

In the event you receive a notification from a US federal agency pursuant to a FOIA request, indicating that GitLab documents or information have been identified for release by an agency , please immediately forward the request to FOIA@gitlab.com.

Foreign Corrupt Practices Act

What is the Foreign Corrupt Practices Act?

The Foreign Corrupt Practices Act (“FCPA”) is a United States federal law that prohibits U.S. citizens and entities from bribing foreign government officials to benefit their business interests. It is not only an invaluable tool to help fight corruption but one to which we must be compliant. As GitLab Inc. is a U.S. incorporated entity, we need to make sure our operations worldwide are compliant with the provisions of the Foreign Corrupt Practices Act. To that end, GitLab requires Team Members to complete an annual online course relating to anti-bribery and corruption at GitLab. In the training, learners will explore improper payments, including facilitation payments and personal safety payments, as well as policies on commercial bribery. The goal of the course is to ensure our Team Members understand what it takes to avoid corruption, especially in high-risk countries, and to ensure GitLab is compliant with legal and regulatory obligations.

For additional General Legal FAQs, please refer to the Internal Handbook.


Agile Planning Terms
(Additional Terms) These Agile Planning Terms (“Terms’’) are between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (or, if a different GitLab Affiliate as listed as “GitLab” on an Order Form) (“GitLab”), and the entity accepting these Terms (“Customer”). These Terms are effective as of the earlier of (a) Customer’s acceptance of these Terms within the (i) GitLab Software or (ii) via an Order Form, or (b) Customer’s use of any “Agile Planning Features” (“Effective Date”).
AI Functionality Terms
(Additional Terms) These AI Functionality Terms (“Terms’’) are between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (or, if a different GitLab Affiliate is listed as “GitLab” on an Order Form) (“GitLab”), and the entity accepting these Terms (“Customer”). These Terms are effective as of the earlier of (a) Customer’s acceptance of these Terms within the (i) GitLab Software or (ii) via an Order Form or (b) Customer’s use of any AI Functionality (“Effective Date”).
AI Functionality Terms V1
(Additional Terms) deprecated 2023-10-31 These AI Functionality Terms (“Terms’’) are between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (or, if a different GitLab Affiliate is listed as “GitLab” on an Order Form) (“GitLab”), and the entity accepting these Terms (“Customer”). These Terms are effective as of the earlier of (a) Customer’s acceptance of these Terms within the (i) GitLab Software or (ii) via an Order Form, or (b) Customer’s use of any AI Functionality (“Effective Date”).
Anti-Corruption Policy
Overview of Anti-Corruption Policy
Anti-Fraud Policy
GitLab's Anti-Fraud Policy
Anti-Retaliation Policy
GitLab's Anti-Retaliation Policy to establish guidance for reporting ethics or compliance concerns or other inappropriate behavior while providing protection against retaliation for reporting in good faith.
CCPA Reporting Metrics
Annual Metrics on Data Subject Requests pursuant to CCPA.
Code of Business Conduct & Ethics
Overview of the Code of Conduct and Ethics at GitLab.
Commercial Legal
Landing page for Commercial Legal handbook information
Corporate Communications Policy
Overview of the Corporate Communication Policy at GitLab.
Corporate Legal
This page offers a single source related to corporate legal information.
DMCA Policy
DMCA (Digital Millennium Copyright Act) takedown request requirements We take the intellectual property rights of others seriously and require that our Users do the same. The Digital Millennium Copyright Act (DMCA) established a process for addressing claims of copyright infringement. If you own a copyright or have authority to act on behalf of a copyright owner and want to report a claim that a third party is infringing that material on or through GitLab’s services, please send a notice that meets the minimum requirements of the DMCA, to dmca@gitlab.
Employment Law at GitLab
Employment law refers to the law that governs the relationship between employer and employee, so the Employment section of GitLab Legal interacts with the People Group on a regular basis to provide information and legal advice related to the entire arc of our team members’ relationship with GitLab. So what does that mean? It means we work closely with the Tax and People Operations team to determine scalable employment solutions for the Company as it hires across the globe, using a collaborative process for gathering and assessing relevant information on any particular country.
ESG
Information and processes related to ESG
External Materials Compliance Checklist
Checklist for use when developing materials for external use
Fulfillment Reseller Flow-Through Terms
These Fulfillment Reseller Flow-Through Terms (the “Agreement”) are made as of the date agreed to between the Authorized Partner (as defined below) and the Fulfillment Reseller (as defined below) (the “Effective Date”). Each shall be referred to herein as “Party”, or collectively as the “Parties”. For the avoidance of doubt, as further set forth in Section 10 (MISCELLANEOUS), GitLab Inc. or the applicable GitLab entity which has executed terms with the Authorized Partner (“GitLab”) shall be a third-party beneficiary to this Agreement between the Parties, and shall have the right to enforce any terms and conditions onto the Fulfillment Reseller.
GitLab Acceptable Use Policy
This policy helps us identify unacceptable use of our services, and applies to all users of all GitLab services including those on the Free, Premium, and Ultimate GitLab tiers. We refer to “our services” throughout – this means all services (including related websites) owned or operated by GitLab. We reserve the right to take any action we feel is appropriate to enforce this policy. We may take action to prevent use of our services which goes against the spirit of this policy, even if that use is not expressly forbidden.
GitLab API Terms of Use
Understand your rights and obligations when using GitLab’s publicly-available APIs
GitLab Data Processing Addendum and Standard Contractual Clauses
GitLab Data Processing Addendum Exhibit B - Standard Contractual Clauses
GitLab for Education Program Agreement
Education Program Agreement Date of last revision: 2022/11/16 This Education Program Agreement (“Agreement”) is between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (“GitLab”), and the Educational Institution (as defined below) electronically accepting this Agreement (“Member”). This Agreement is entered into on the earlier of, (a) Member clicking “Agree” or “Yes” to the terms of this Agreement to gain initial access to, or use of, the Software or (b) Member is given access to the Software pursuant to the requirements of the GitLab for Education Program (“Effective Date”).
GitLab for Open Source Program Agreement
Open Source Program Agreement Date of last revision: 2022/08/19 This Open Source Program Agreement (“Agreement”) is between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (“GitLab”), and the Open Source Project on behalf of which this Agreement is executed. This Agreement is entered into on the earlier of, (a) Member clicking “Agree” or “Yes” to the terms of this Agreement to gain initial access to, or use of, the Software or (b) Member being given access to the Software pursuant to the requirements of the GitLab for Open Source Program (“Effective Date”).
GitLab Inc. Philanthropy Policy
View GitLab's Philanthropy Policy
GitLab Legal Team READMEs
Get to know the Legal Team in our individual README pages
GitLab Modern Slavery Act Transparency Statement
This is the up to date Modern Slavery Act Transparency Statement
GitLab Privacy
This page helps GitLab Team Members understand the privacy practices at GitLab and to facilitate a culture that respects and prioritizes the privacy of our Team Members and users
GitLab Professional Services Agreement
This Professional Services Agreement, including any exhibits, schedules, appendices and addenda (collectively, the “Agreement”) is between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104, or a different GitLab Affiliate listed as “GitLab” on an Order Form, (in each case, “GitLab”), and the individual or entity signing any SOW, or any Order Form, that references this Agreement (“Customer”). This Agreement is entered into (the “Effective Date”) on the earlier of (a) GitLab’s acceptance of an Order Form referencing this Agreement, or (b) GitLab and Customer executing an SOW referencing this Agreement.
GitLab Related Party Transactions Policy
Overview of the Related Party Transactions Policy at GitLab.
GitLab SAFE Framework
Overview of the SAFE Framework at GitLab.
GitLab Subscription Agreement
Subscription Agreement This Subscription Agreement (“Agreement”) is between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (or, if a different corporate entity is listed as “GitLab” on an Order Form [as defined below], (“GitLab”), and the individual or entity signing or electronically accepting this Agreement, or any Order Form that references this Agreement (“Customer”). This Agreement is entered into on the earlier of, (a) Customer clicking “Agree” or “Yes” to the terms of this Agreement to gain initial access to, or use of, the Software, (b) GitLab and Customer agreeing to an Order Form referencing this Agreement, or (c) Customer is given access to the Software (“Effective Date”).
GitLab Testing Agreement
GitLab Testing Agreement This Testing Agreement (“Agreement”) is between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (“GitLab”), and either (i) the entity electronically accepting this Agreement; or (ii) the entity on behalf of which the Testing Features are enabled, as applicable and in either case, “Customer”. This Agreement is effective as of the earlier date on which (i) Customer clicks to accept this Agreement within the GitLab software; or (ii) an individual acting on behalf of Customer opts to enable the Testing Features (“Effective Date”).
GitLab Testing Agreement v1
GitLab Testing Agreement Deprecated: 2023-05-18 This Testing Agreement (“Agreement”) is between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (“GitLab”), and the entity electronically accepting this Agreement (“Customer”). This Agreement is effective as of the date Customer clicks to accept this Agreement within the GitLab software (“Effective Date”). The parties agree to the following terms and conditions related to Customer’s use of applicable Testing Feature.
GitLab Testing Agreement v2
GitLab Testing Agreement Deprecated: 2023-06-29 This Testing Agreement (“Agreement”) is between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (“GitLab”), and either (i) the entity electronically accepting this Agreement; or (ii) the entity on behalf of which the Testing Features are enabled, as applicable and in either case, “Customer”. This Agreement is effective as of the earlier date on which (i) Customer clicks to accept this Agreement within the GitLab software; or (ii) an individual acting on behalf of Customer opts to enable the Testing Features (“Effective Date”).
GitLab’s Ethics and Compliance Program
Mission GitLab Inc. (collectively with its subsidiaries,“GitLab”, “we”, “our”) is committed to lawful and ethical behavior in all we do and expects members of GitLab’s Board of Directors (“Board”) and officers, employees, and contractors (collectively, “Team Members”) to conduct business ethically, with integrity, and in accordance with all applicable laws and regulations. GitLab’s culture is based on our VALUES, which are reflected in and reinforced by our Code of Business Conduct and Ethics and various supporting policies, such as our Anti-Fraud Policy and Anti-Retaliation Policy (collectively, “Compliance Standards”).
Guidelines for Use of Third-party IP in External Materials
Guidelines for the use of third-party content in external materials
Guidelines on public discussion of competitor product features
Guidelines applicable to discussion of competitor product features and sharing of screenshots of competitor products in public issues and other public-facing media.
Legacy Terms and Agreements
Legal Issue Tracker Workflows
These internal instructions will help GitLab Team Members engage with Legal in the Legal and Compliance issue tracker
Legal Operations
Information and processes related to Legal Operations
Marketing Guide: Collaborating with GitLab Legal
This page provides educational resources and process guides to GitLab Marketing for recurring Legal requests
Materials Legal Review Process
Follow this process to obtain legal review of materials for internal and external use
Non-Disclosure Agreement Process
How to complete an NDA Request
Partner Code of Ethics
GitLab Partner Code of Ethics and Due Diligence
Patents
Learn about Patents and GitLab's Patent Program
Policies
Procurement Guide: Collaborating with GitLab Legal
Thank you for visiting! The purpose of this resource is to provide GitLab team members with information on how legal assists and interacts with the procurement of products and services at GitLab. For information on the Procurement Team, policies and process, visit The Procurement Page For general questions that do not require legal advice, deliverables, or any discussion of confidential information, you can reach out to the GitLab Legal Team at #legal.
Product
Legal Product team page
Publicity Waiver and Release Guidelines and Process
Guidelines and process for use of Publicity Waiver and Release agreements
Record Retention Policy
This Records Retention Policy promotes and assists with the implementation of procedures, best practices, and tools to promote consistent life cycle management of GitLab records
Reseller Agreement
Before submitting a Deal Registration, please review the Master Partner Agreement. PLEASE READ THIS AGREEMENT CAREFULLY BEFORE ACCESSING GITLAB’S PARTNER PORTAL OR OTHERWISE, USING, ACCESSING, CONSUMING, PURCHASING, RESELLING OR OTHERWISE DISTRIBUTING THE SOFTWARE OR SERVICES FROM GITLAB. BY CLICKING YOUR ASSENT BELOW OR USING, ACCESSING OR CONSUMING THE GITLAB SOFTWARE OR SERVICES, YOU SIGNIFY YOUR ASSENT TO AND ACCEPTANCE OF THIS AGREEMENT AND ACKNOWLEDGE YOU HAVE READ AND UNDERSTAND THE TERMS.
Risk Management and Dispute Resolution
RMDR processes, policies, and resources
Sales Guide | Collaborating with GitLab Legal
This resource provides assistance to the GitLab Sales Team on operational and educational elements of working with GitLab Legal for Customer negotiations
Technology Partner Agreement
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING ACCESSING OR CONSUMING THE SOFTWARE OR SERVICES FROM GITLAB. BY CLICKING YOUR ASSENT BELOW OR USING, ACCESSING OR CONSUMING THE GITLAB SOFTWARE OR SERVICES, YOU SIGNIFY YOUR ASSENT TO AND ACCEPTANCE OF THIS AGREEMENT AND ACKNOWLEDGE YOU HAVE READ AND UNDERSTAND THE TERMS. AN INDIVIDUAL ACTING ON BEHALF OF AN ENTITY REPRESENTS THAT HE OR SHE HAS THE AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF THAT ENTITY.
Trade Compliance
What are trade control laws? Trade control laws, which often consist of sanctions, export controls, and import laws, govern how and under what circumstances technology, software, and technical assistance may be exported. Trade control laws vary from country to country but usually exist to protect national security and further foreign policy and economic interests. Under United States law, exports, re-exports, and transfers, can take many forms, including oral, written, and visual disclosure, physical shipment, and electronic transfer or transmission.
Trademarks Training Materials
Trademarks training materials for GitLab team members
Uploading Executed Contracts to ContractWorks
These instructions will walk GitLab Team Members through how to file your contract or other related-vendor documents after they are fully executed.
UX Research Pilot Program for Promotional Games
Pilot Program for Promotional Games
UX Research Team Promotional Rules
Standard Official Rules
Vendor Data Processing Addendum
Vendor Data Processing Addendum and Standard Contractual Clauses
Whistleblowing at GitLab
GitLab's Whistleblowing Handbook page, with links to whistleblowing policies.
Last modified December 18, 2023: Reword Gitlab to GitLab (bfdb0ea4)