GitLab Cloud Services meet the specific requirements of data protection, including, without limitation, Article 28 of the General Data Protection Regulation and which are listed as SOC 2 Type 2 (Security & Confidentiality).
At a minimum, GitLab has implemented for the GitLab Cloud Services the technical and organizational measures and maintains security practices within the production environments as follows:
For additional details and supporting artifacts please see GitLab's Customer Assurance Package.