1. You are here:
2. Handbook
3. Legal & Corporate Affairs

On this page

• Legal and Corporate Affairs Handbook
• Overview
  • Legal and Corporate Affairs Team Functional Groups
    • Commercial
    • Corporate
    • Corporate Development
    • Employment
    • Environment, Social, and Governance (ESG)
    • Operations
    • Privacy, Product, and Trade Compliance
• GitLab Policies
• Authorization Matrix
• Non-Disclosure Agreements
• General Legal FAQs
  • The U.S. Attorney-Client Relationship
  • Legal Holds
  • Freedom of Information Act Requests
  • Foreign Corrupt Practices Act

Legal and Corporate Affairs Handbook

Overview

Welcome to the Legal and Corporate Affairs Handbook! Use this page to learn more about our team, GitLab policies, and shared processes. Visit the sub-team pages linked below for more detailed information and procedures.

How to Reach Us

For quick questions that do not require legal advice, deliverables, or any discussion of confidential information, you can reach out to the GitLab Legal and Corporate Affairs Team in Slack at #legal. We find this channel best for questions regarding process, who handles what, or how to find certain things if the handbook has not yielded the right result for you after searching. #legal is not a private channel, so your inquiry will be visible to the entire company. One of our Team Members will do their best to answer your question in a timely fashion.

To open a general Legal Issue for questions related to deliverables and non-sensitive information, use this template. See the Legal Issue Tracker Workflow for more information.

For sensitive, private, or confidential requests, email legal_internal@gitlab.com.

Anonymous Internal Ethics and Compliance Reporting

We take employee concerns very seriously and encourage all GitLab Team Members to report any ethics and/or compliance violations by using EthicsPoint. Further details can be found in the People Group Handbook under How to Report Violations and in our Code of Business Conduct and Ethics.

Legal and Corporate Affairs Team Functional Groups

Commercial

The Commercial Legal Team works with our Sales and Partnership Team Members to deliver GitLab software and services. In addition, this team is responsible for reviewing and approving all agreements with regards to the procurement of goods and services. Resources include the Sales Guide: Collaborating with GitLab Legal, Procurement Guide, and other resources which provide how best to engage the Commercial Team, as well as assist in efficiently reaching terms with our vendors, customers and partners, including negotiating terms and providing business and legal recommendations.

Corporate

The Corporate Team supports the compliance and corporate functions of GitLab, which includes regulatory filings with the U.S. Securities and Exchange Commission, review of internal and external communications with respect to GitLab’s SAFE Framework, review and preparation of board and committee materials, general corporate and governance matters, as well as compliance and corporate governance matters for GitLab’s direct and indirect wholly owned international and domestic subsidiaries.

Corporate Development

The Corporate Development Team prospects, pursues and integrates acquisitions to accelerate GitLab’s roadmap and offer better tools to customers more quickly. For information about GitLab’s acquisition strategy and approach, visit the Acquisitions Handbook.

Employment

The Employment Legal Team collaborates with GitLab People Group on a broad range of matters across the entire arc of the employment relationship, from recruiting to onboarding, compensation, performance management, leave management, separation, and where necessary, litigation.

Environment, Social, and Governance (ESG)

The ESG Team creates and maintains GitLab’s Corporate Sustainability strategy and programs. This includes ESG disclosures and public ESG reporting, identifying and prioritizing key issues to advance GitLab’s social and environmental goals, and creating partnerships with non-profit organizations that support GitLab’s values and mission.

Operations

Legal Operations supports Legal & Corporate Affairs processes with a focus on defining and driving initiatives that improve the team’s efficiency and effectiveness. Operations also includes Legal’s Procurement function, which reviews purchases made to ensure adequate terms are present for GitLab.

Privacy, Product, and Trade Compliance

The Privacy, Product and Trade Compliance Team collaborates with all GitLab teams including engineering, security, product, and marketing to provide guidance and direction in a broad range of matters relating to data privacy, open source licensing, intellectual property protection and export compliance.

GitLab Policies

• Anti-Corruption Policy
• Anti-Fraud Policy
• Anti-Harassment Policy
• Code of Business Conduct and Ethics
• Corporate Communication Policy
• Employee Privacy Policy
• GitLab Terms of Service
• Insider Trading Policy*
• Internal Acceptable Use Policy
• Modern Slavery Act Transparency Statement
• Partner Code of Ethics
• Privacy Policy
• Records Retention Policy
• Related Party Transactions Policy
• Social Media Policy
• Whistleblower Policy*

*Only available to GitLab Team Members.

Authorization Matrix

The Authorization Matrix designates who is authorized to sign legal documents. Only GitLab Team Members with signature authority can execute agreements on behalf of GitLab.

Non-Disclosure Agreements

Follow the Non-Disclosure Agreement Process to learn how to send an NDA in DocuSign or request an NDA if you do not have DocuSign access.

Note that this process is only for standard GitLab NDAs. In the event a non-standard NDA is needed, follow the steps here.

General Legal FAQs

The U.S. Attorney-Client Relationship

This discussion is limited to the practice of law in the U.S. As we continue to grow globally, we will update this and expand how privilege applies in other jurisdictions.

What is Attorney-Client Privilege?

Attorney-Client Privilege is a principle that provides protections for certain communications between clients and their attorneys that meet specific criteria. First of all, the communications must be for the purpose of seeking legal guidance and advice. For this reason, the underlying facts may not be protected if they are available from another source. Opinions and analysis of the facts, and discussions thereof, with the attorney are protected. Secondly, communications must be confidential. Information is also not protected if it is available from another source meaning that simply telling your attorney or copying your attorney on a communication does not protect the information.

What is Work Product Privilege?

Work Product is a U.S. doctrine in which an attorney’s notes, observations, thoughts, and research prepared by, or at the direction of, an attorney in anticipation of litigation are protected from being discoverable during the litigation process.

What is the purpose of these Privileges?

Attorney-Client and Work Product privileges allow clients to speak freely with their attorneys and encourage full disclosure so they can receive accurate and competent legal advice without the fear of having their attorney compelled to testify against them and disclose the information shared by the client.

Who do these Privileges apply to at GitLab?

There is not one uniform answer that covers all jurisdictions in the U.S. However, most jurisdictions will use at least one of the following tests to see if the individuals involved have privileged communication. The Control Group Test is quite restrictive and only allows for the protection of corporate communications to the corporation's controlling executives and managers. This test cannot be used in federal courts, but is still used in some states. Instead of looking solely at the roles of the employees involved, the Subject Matter Test looks at the subject matter of the employees’ communications. If an employee has been directed by a supervisor to discuss a subject matter that relates to the employees job with an attorney, this may be covered by subject matter privilege. The Upjohn Test is a modified version of the Subject Matter Test requires additional criteria to be met. In addition to the subject matter being relevant to the employee’s duties, the employee must also have awareness and intent concerning the legal advice being sought and/or given. A company’s attorney does not represent an employee individually, but instead represents the interests of the company. A company can waive its privilege at any time, meaning the company could choose to disclose information the attorney received from a covered employee in confidence for use as evidence in a legal proceeding in order to protect the company from liability.

How do you protect the Privileges that apply to you when seeking Legal advice?

Direct the communication to a practicing licensed attorney. Privilege does not apply to other non-attorney members of the Legal Team. It is best practice to have privileged conversations with the attorney via Zoom. If other individuals will need to participate in the discussion, consult with the attorney, and only include the minimum necessary individuals in the conversation, in other words, keep the circle of trust small. If it is necessary to communicate by email, in the “Subject” line, and at the top of the body of the communication, include the phrase “AC PRIV”. Do not overuse the claim of privilege. Limit its use to when actually seeking legal guidance and advice and not on any and every correspondence with the attorney. You must keep the information discussed confidential, and not share it with anyone outside the circle of trust without first consulting with the attorney. Do not forward protected emails to anyone outside the circle of trust. Do not copy anyone outside the circle of trust on emails with the attorney.

For more questions and answers about Attorney-Client Privilege in the corporate setting, search “AC Priv tests” in Drive.

Legal Holds

What is a legal hold?

A legal hold is the process GitLab uses to preserve all forms of relevant evidence, whether it be emails, instant messages, physical documents, handwritten or typed notes, voicemails, raw data, backup tapes, and any other type of information that could be relevant to an investigation, pending or imminent litigation or when litigation is reasonably anticipated. Legal holds are imperative in preventing spoliation (destruction, deletion, or alteration) of evidence which can have a severely negative impact on a company's case, including leading to sanctions. Once GitLab becomes aware of an investigation or potential litigation, a GitLab attorney will provide notice to the impacted team members, instructing them not to delete or destroy any information relating to the subject matter of the investigation or potential litigation. The legal hold applies to paper and electronic documents. During a legal hold, all retention policies must be overridden.

Freedom of Information Act Requests

What is a Freedom of Information Act (FOIA) request?

The Freedom of Information Act (“FOIA”) provides public access to all United States federal agency records except for those records (or portions of those records) that are protected from disclosure by any of [nine exemptions or three exclusions](https://www.dhs.gov/foia-exemptions) (reasons for which an agency may withhold records from a requestor). Occasionally the records of a federal agency under a FOIA request may include GitLab records in the possession of the agency (i.e. when the agency is a customer of Gitlab). In such an event, the federal agency will notify GitLab of the FOIA request and provide GitLab with the documents that the federal agency intends to release in response to the FOIA request. A GitLab legal team member will review the list and content of the documents identified by the federal agency pursuant to the FOIA request and will provide the appropriate response and/or make redactions to those documents, as necessary, prior to their release. In the event you receive a notification from a US federal agency pursuant to a FOIA request, indicating that GitLab documents or information have been identified for release by an agency , please immediately forward the request to FOIA@gitlab.com.

Foreign Corrupt Practices Act

What is the Foreign Corrupt Practices Act?

The Foreign Corrupt Practices Act (“FCPA”) is a United States federal law that prohibits U.S. citizens and entities from bribing foreign government officials to benefit their business interests. It is not only an invaluable tool to help fight corruption but one to which we must be compliant. As GitLab Inc. is a U.S. incorporated entity, we need to make sure our operations worldwide are compliant with the provisions of the Foreign Corrupt Practices Act. To that end, GitLab requires Team Members to complete an annual online course relating to anti-bribery and corruption at GitLab. In the training, learners will explore improper payments, including facilitation payments and personal safety payments, as well as policies on commercial bribery. The goal of the course is to ensure our Team Members understand what it takes to avoid corruption, especially in high-risk countries, and to ensure GitLab is compliant with legal and regulatory obligations.