Welcome to the Legal and Corporate Affairs Handbook! Use this page to learn more about our team, GitLab policies, and shared processes. Visit the sub-team pages linked below for more detailed information and procedures.
How to Reach Us
For quick questions that do not require legal advice, deliverables, or any discussion of confidential information, you can reach out to the GitLab Legal and Corporate Affairs Team in Slack at #legal. We find this channel best for questions regarding process, who handles what, or how to find certain things if the handbook has not yielded the right result for you after searching. #legal is not a private channel, so your inquiry will be visible to the entire company. One of our Team Members will do their best to answer your question in a timely fashion.
For sensitive, private, or confidential requests, email email@example.com.
Anonymous Internal Ethics and Compliance Reporting
We take employee concerns very seriously and encourage all GitLab Team Members to report any ethics and/or compliance violations by using EthicsPoint. Further details can be found in the People Group Handbook under How to Report Violations and in our Code of Business Conduct and Ethics.
The Commercial Legal Team works with our Sales and Partnership Team Members to deliver GitLab software and services. In addition, this team is responsible for reviewing and approving all agreements with regards to the procurement of goods and services. Resources include the Sales Guide: Collaborating with GitLab Legal, Procurement Guide, and other resources which provide how best to engage the Commercial Team, as well as assist in efficiently reaching terms with our vendors, customers and partners, including negotiating terms and providing business and legal recommendations.
For all questions or requests related to a specific Partner and/or Customer, including non-standard NDA requests, contract review / negotiations and general legal questions, please open a Legal Request in SFDC.
For matters opened in GitLab Issues that require the Commercial Legal Team's attention, follow the GitLab Commercial Legal labeling instructions to notify the team.
The Corporate Team supports the compliance and corporate functions of GitLab, which includes regulatory filings with the U.S. Securities and Exchange Commission, review of internal and external communications with respect to GitLab’s SAFE Framework, review and preparation of board and committee materials, general corporate and governance matters, as well as compliance and corporate governance matters for GitLab’s direct and indirect wholly owned international and domestic subsidiaries.
The Corporate Development Team prospects, pursues and integrates acquisitions to accelerate GitLab’s roadmap and offer better tools to customers more quickly. For information about GitLab’s acquisition strategy and approach, visit the Acquisitions Handbook.
The Employment Legal Team collaborates with GitLab People Group on a broad range of matters across the entire arc of the employment relationship, from recruiting to onboarding, compensation, performance management, leave management, separation, and where necessary, litigation.
The ESG Team creates and maintains GitLab’s Corporate Sustainability strategy and programs. This includes ESG disclosures and public ESG reporting, identifying and prioritizing key issues to advance GitLab’s social and environmental goals, and creating partnerships with non-profit organizations that support GitLab’s values and mission.
Legal Operations supports Legal & Corporate Affairs processes with a focus on defining and driving initiatives that improve the team’s efficiency and effectiveness. Operations also includes Legal’s Procurement function, which reviews purchases made to ensure adequate terms are present for GitLab.
The Privacy, Product and Trade Compliance Team collaborates with all GitLab teams including engineering, security, product, and marketing to provide guidance and direction in a broad range of matters relating to data privacy, open source licensing, intellectual property protection and export compliance.
The Risk Management and Dispute Resolution team addresses dispute resolution across a wide range of topics, including active claims and disputes, external and internal investigations, subpoenas, and third-party discovery requests. RMDR also coordinates and collaborates cross-functionally with various GitLab teams to address, manage and mitigate company risk.
*Only available to GitLab Team Members.
The Authorization Matrix designates who is authorized to sign legal documents. Only GitLab Team Members with signature authority can execute agreements on behalf of GitLab.
Follow the Non-Disclosure Agreement Process to learn how to send an NDA in DocuSign or request an NDA if you do not have DocuSign access.
Note that this process is only for standard GitLab NDAs. In the event a non-standard NDA is needed, follow the steps here.
A legal hold is the process GitLab uses to preserve all forms of relevant evidence, whether it be emails, instant messages, physical documents, handwritten or typed notes, voicemails, raw data, backup tapes, and any other type of information that could be relevant to an investigation, pending or imminent litigation or when litigation is reasonably anticipated. Legal holds are imperative in preventing spoliation (destruction, deletion, or alteration) of evidence which can have a severely negative impact on a company's case, including leading to sanctions. Once GitLab becomes aware of an investigation or potential litigation, a GitLab attorney will provide notice to the impacted team members, instructing them not to delete or destroy any information relating to the subject matter of the investigation or potential litigation. The legal hold applies to paper and electronic documents. During a legal hold, all retention policies must be overridden.
The Freedom of Information Act (“FOIA”) provides public access to all United States federal agency records except for those records (or portions of those records) that are protected from disclosure by any of nine exemptions or three exclusions (reasons for which an agency may withhold records from a requestor). Occasionally the records of a federal agency under a FOIA request may include GitLab records in the possession of the agency (i.e. when the agency is a customer of Gitlab). In such an event, the federal agency will notify GitLab of the FOIA request and provide GitLab with the documents that the federal agency intends to release in response to the FOIA request. A GitLab legal team member will review the list and content of the documents identified by the federal agency pursuant to the FOIA request and will provide the appropriate response and/or make redactions to those documents, as necessary, prior to their release.
In the event you receive a notification from a US federal agency pursuant to a FOIA request, indicating that GitLab documents or information have been identified for release by an agency , please immediately forward the request to [email protected].
The Foreign Corrupt Practices Act (“FCPA”) is a United States federal law that prohibits U.S. citizens and entities from bribing foreign government officials to benefit their business interests. It is not only an invaluable tool to help fight corruption but one to which we must be compliant. As GitLab Inc. is a U.S. incorporated entity, we need to make sure our operations worldwide are compliant with the provisions of the Foreign Corrupt Practices Act. To that end, GitLab requires Team Members to complete an annual online course relating to anti-bribery and corruption at GitLab. In the training, learners will explore improper payments, including facilitation payments and personal safety payments, as well as policies on commercial bribery. The goal of the course is to ensure our Team Members understand what it takes to avoid corruption, especially in high-risk countries, and to ensure GitLab is compliant with legal and regulatory obligations.