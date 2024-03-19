The categories of Personal Data collected by GitLab change depending on the Services you use and whether those Services are free or paid. We have described below which Services correlate with the processing in each Personal Data category.

Information You Provide Directly

We collect the Personal Data you provide to us, for example:

Account Information: When you register for an account with GitLab, we collect information that identifies you such as your name, username, email address, country and/or region, and password. This is collected for free and paid users of the SaaS product.

Profile Information: We collect information that you voluntarily provide in your user profile; this may include your public avatar (which may be a photo), additional email addresses, company/organization name, job title, country, social media handles, and biography. Please note this information will be visible to other users of the Services and to the public, although you can limit the visibility of certain profile fields through your account and profile privacy settings. This is collected for free and paid users of the SaaS product.

Payment and Identity Verification Information: If you purchase a paid subscription from GitLab, we will collect payment information from you that may include your name, billing address and credit card or bank information. We may also use your credit card information and telephone number to verify your identity and prevent abuse of our pipelines. Please note that GitLab does not directly process or store your entire credit card number, but we do direct that information to our third-party payment processors for processing. This is collected for paid users of the Self-managed and SaaS products.

Contact Information: If you request GitLab to contact you, or sign up for marketing materials, events, or participate in user research and development, GitLab may collect information such as name, address, email address, telephone number, company name, and size of company. This may be collected through the Websites, such as through our live video and chat function on our marketing pages or during account registration.

Licensee Information: We collect licensee name, email address, and similar information associated with the individual that receives a license key for the paid users of the Self-managed product.

Content you provide through the use of the Services: Examples of content we collect and store include but are not limited to: the summary and description added to an issue, your repositories, commits, project contributions, profile metadata, activity data, comments, and any inputs and outputs generated by Artificial Intelligence (“AI”) and Machine-Learning (“ML”) powered features. Content also includes any code, files and links you upload to the Services. This is collected for the free and paid users of the SaaS product.

Customer Support and Professional Services Information: If you contact GitLab customer support or receive professional services, we will collect information about you related to your account and to the requests you are making or the services being provided. Customer Support information is collected through the Websites, such as the GitLab Community Forum and the GitLab Support Portal. For Community Programs, support will be provided through the Gitlab Service Desk.

Call Recordings: We may record and transcribe GitLab webinars, trainings, and online events. In addition, we may record and transcribe sales calls hosted on various videoconferencing technologies to enable our sales and support teams to share conversational insights, create training and presentations, and improve their internal processes.

Other Content You Submit: We may also collect other content that you submit to our Services. For example: feedback, comments and blog posts, or when you participate in any interactive features, surveys, contests, promotions, prize draws, activities or events. When you participate in interactive channels, we may collect and process information for demographic analysis. Such collection is not tied to any specific products, but may be collected through the Websites.

Information about Your Use of the Services We Collect Automatically

We may collect certain Personal Data automatically through your use of the Services, for example:

Device Information and Identifiers: When you access and use our Services, we automatically collect information about your device, which may include: device type, your device operating system, browser type and version, language preference, IP address, hardware identifiers, and mobile IDs. We may also derive your approximate location from this information, including country, city, state and postal code. This information may be collected through any use of the Services.

Subscription Data: We may automatically collect information about the number of active users, licensing timetables, historical user count, and IP address. This is collected for paid Self-managed and SaaS products. Subscription Data details can be found in the Metrics Dictionary.

Customer Product Usage Information: We may automatically collect Customer Product Usage Information to gather insights into the success of stages and features, track how value is delivered through the use of the Services, help generate optimal customer implementation of the Services, and understand end-to-end user behavior. Depending on the category of Customer Product Usage Information collected, the metrics are stored in an aggregated and/or pseudonymized format. Please see our Customer Product Usage Information page for more details regarding the purposes, de-identification, data elements, configuration and opt-out instructions for Customer Product Usage Information. This is collected for the free and paid users of the Self-managed and SaaS products.

Website Usage Data: When you visit our Websites, we automatically log information about how you interact with the sites, such as the referring site, date and time of visit, and the pages you have viewed or links you have clicked. For our Websites, GitLab uses session replay, which captures a de-identified log of the marketing Websites that you visit.

Cookies and Similar Tracking Technologies: GitLab uses cookies and similar technologies to provide functionality, such as storing your settings, and to recognize you as you use our Services. In addition, we use cookies to gather information to provide interest-based advertising which is tailored to you based on your online activity. Please review our Cookies Policy to learn about our practices and the controls we provide you.

Email Engagement Information: When we send you emails, they may include technology such as a web beacon, that tells us your device type, email client, and whether you have received and opened an email, or clicked on any links contained in the email.

Third-Party Integrations: The Services allow for integrations with third-party git applications, such as GitPod, or third-party extensions, such as those in the Visual Studio code marketplace. Further, the Services may contain buttons, links, tools and content from third-party services, such as Meta and X. We may collect information about your use of these integrated applications and extensions, and when you see or interact with these integrations some information may be automatically sent to these third-party companies. However, any third-party integrations’ policies and procedures are not controlled by GitLab, and this Privacy Statement does not cover how third-party integrations use your information. We recommend you read the privacy statements of any third-party companies before connecting to or using their applications or services.

Information from Third-Parties and Partners

We may collect Personal Data from other parties in the following ways:

Vendors and Partners: We may receive information about you from third-parties such as vendors, resellers, partners, or affiliates. For example, we receive information from our resellers about you and your orders, or we may supplement the data we collect with demographic information licensed from third-parties in order to personalize the Services and our offers to you. Likewise, our sales, marketing, and recruiting teams may receive access to third-party databases containing information to enrich and cleanse business contacts and other corporate data, which may include your email, phone number, and general geographic location through reverse IP lookup services. We may also receive social listening data from companies that monitor public social media posts.

Third-Party Services: GitLab allows you to sign up for/in to our Services using third-party accounts, such as Meta or Google. When you give permission for this to happen, GitLab will receive information about you from your third-party account, such as name, email address, location and demographic information. In addition, GitLab allows you to connect the Services through third-party applications, like Jira and Slack. As part of this interaction, third-party applications may send Personal Data to GitLab in accordance with the privacy settings of the third-party service. This Personal Data may include contact information, location, chat commands, and information related to your GitLab projects.

Other Users of the Services: Other users of the Services may provide information about you when they submit issues and comments, or we may receive information when you are designated as a representative or administrator on your company's account.

When you are asked to provide personal data, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain products or features, those products or features may not be available or function correctly.

Information Processed by AI-Powered Features

When you use the GitLab Duo suite of AI capabilities, including Code Suggestions, Suggested Reviewers, and other AI/ML features, your Personal Data will be processed in accordance with this Privacy Statement.

To provide these features, GitLab may transmit your code, supporting contextual information, and other prompts you submit to the Services to third-parties, such as private code modeling service providers. Further, GitLab may collect AI prompts and output to debug and troubleshoot the services and enforce our Website Terms of Use. We may also collect first-party usage data related to Duo features for the purposes of identifying and developing product improvements and assessing features engagement. However, we will not use your AI-inputs to train any language models without your instruction or prior consent. This data may be collected in both the SaaS and Self-managed products where AI-features are enabled.