We are glad you are here! GitLab's LegalTeam is small but mighty and entirely at your service.
Please take a moment to read through the below, where we’ve tried to address the best ways to engage GitLab Legal depending upon your specific request. Alternatively, please feel free to check out this tutorial video, featuring our very own Rob Nalen. If you still have questions, you can always reach us at
We take employee concerns very seriously and encourage all GitLab Team Members to report any ethics and/or compliance violations by using Lighthouse. Futher details are found on the People Ops Handbook page.
For quick questions that do not require legal advice, deliverables, or any discussion of confidential information, you can reach out to the GitLab Legal Team at
#legal. We find this channel best for questions regarding process, who handles what or how to find certain things if the Handbook has not yielded the right result for you after searching.
#legal is not a private channel, so your inquiry will be visible to the entire company. One of our Team Members will do their best to answer your question in a timely fashion. If your request is for legal advice, deliverables, or any discussion of confidential information, please keep reading.
If you have a request that involves confidential and/or sensitive information, please email email@example.com.
For more information on Attorney-Client Privilege, see the General Legal FAQs below.
Are you a member of GitLab Sales? Everything you're looking for can be found in the Sales Guide: Collaborating with GitLab Legal
Is your need marketing related? Everything you're looking for can be found in the Marketing Guide: Collaborating with GitLab Legal
If you are making a request that requires some sort of deliverable, please use the list below to determine how you should reach out. If you are unsure where your non-Slack request fits, refer #3 below.
If you need an insurance certificate (other than for worker's compensation) you can send an email request directly to our insurance broker at ABD. You will need to include contact information for the customer seeking to be added to the certificate and any other specific requirements relating to the coverage. If you require an insurance certificate for worker's compensation email: firstname.lastname@example.org with the same information.
For a summary of GitLab's insurance coverage please refer to this link.
We use issues to track all other requests that are not customer-related, but require input from the Legal Team or a deliverable, such as:
Please tag the relevant Legal Team Member and ask your questions in the issue that relates to your question. If there is not an issue related to your question, please create an issue in the Legal and Compliance Issue Tracker using issue templates. All Legal and Compliance issues should be marked as confidential. GitLab team members will be able to access these issues directly. For more specific instructions, see our issue tracker workflow.
If you are unsure where your request fits, an issue is where your journey begins.
Please be sure to include sufficient detail regarding your request, including: time-sensitive deadlines, relevant documents, and background information necessary to respond.
Prior to entering into the Related Party Transaction, the Related Party (or if the Related Party has an immediate family member who is a Related Party) must provide written notice to the Corporate Secretary of the facts and circumstances of the proposed Related Party Transaction. The written notice should include:
The Corporate Secretary will determine whether the proposed transaction is a Related Party Transaction for purposes of this policy and may meet with the relevant business unit or function leader to confirm and supplement the information in the notice. Any proposed transaction determined to be a Related Party Transaction will be submitted to the disinterested members of the Audit Committee for consideration at its next meeting. If the Corporate Secretary, in consultation with the Chief Executive Officer or the Chief Financial Officer, determines that it is not practical for the Company to wait until the next Audit Committee meeting, the Chair of the Audit Committee has the authority to act between Committee meetings unless the Chair of the Audit Committee is a Related Party in the Related Party Transaction.
The Audit Committee will consider all the relevant facts and circumstances, including the benefits to the Company, the potential effect on a director’s independence of entering into the transaction, the availability of other sources for the products or services, the terms of the transaction and the terms available to unrelated third parties generally. The Audit Committee may approve Related Party Transactions that it determines in good faith are not in consistent with the best interests of the Company and its shareholders. The Chair of the Audit Committee will report to the Audit Committee at its next meeting with regard to any approval of a proposed transaction between Committee meetings under this policy. In the event multiple members of the Audit Committee, including the Chair of the Audit Committee, are Related Parties, the Related Party Transaction will be considered by the disinterested members of the Board in place of the Audit Committee.
If the Company or a Related Party becomes aware that any Related Party Transaction exists that has not been previously approved or ratified under this policy, it will promptly submit the transaction to the Audit Committee or Chair of the Committee or disinterested members of the Board for consideration.
If the Company enters into a transaction that (i) the Company was not aware a Related Party Transaction at the time it was entered into but which it subsequently determines is a Related Party Transaction prior to full performance there of or (ii) did not constitute a Related Party Transaction at the time such transaction was entered into but thereafter becomes a Related Party Transaction prior to full performance thereof, then in either such case the Related Party Transaction shall be presented for consideration in the manner set forth above. The Audit Committee or Chair of the Committee or Board will evaluate the transaction considering the criteria set out in the approval process under this policy and will consider all options, including ratification, amendment or termination of the Related Party Transaction.
At the Audit Committee’s first meeting of each fiscal year, the committee will evaluate any continuing Related Party Transactions that have remaining amounts receivable of more than $120,000 to determine if it is in the best interests of the Company and its shareholders to continue, modify or terminate the Related Party Transaction.
All Related Party Transactions will be disclosed to the Audit Committee and any material Related Party Transaction will be disclosed to the Board.
This discussion is limited to the practice of law in the U.S. As we continue to grow globally we will update this and expand how privilege applies in other jurisdictions.
Attorney-Client Privilege is a principle that provides protections for certain communications between clients and their attorneys that meet specific criteria.
First of all, the communications must be for the purpose of seeking legal guidance and advice. For this reason, the underlying facts may not be protected if they are available from another source. Opinions and analysis of the facts, and discussions thereof, with the attorney are protected.
Secondly, communications must be confidential. Information is also not protected if it is available from another source meaning that simply telling your attorney or copying your attorney on a communication does not protect the information.
Work Product is a U.S. doctrine in which an attorney’s notes, observations, thoughts, and research prepared by, or at the direction of, an attorney in anticipation of litigation are protected from being discoverable during the litigation process.
Attorney-Client and Work Product privileges allow clients to speak freely with their attorneys and encourage full disclosure so they can receive accurate and competent legal advice without the fear of having their attorney compelled to testify against them and disclose the information shared by the client.
There is not one uniform answer that covers all jurisdictions in the U.S. However, most jurisdictions will use at least one of the following tests to see if the individuals involved have privileged communication.
For more questions and answers about Attorney-Client Privilege in the corporate setting, search “AC Priv tests” in Drive.
A litigation hold is the process a company uses to preserve all forms of relevant evidence, whether it be emails, instant messages, physical documents, handwritten or typed notes, voicemails, raw data, backup tapes, and any other type of information that could be relevant to pending or imminent litigation or when litigation is reasonably anticipated. Litigation holds are imperative in preventing spoliation (destruction, deletion, or alteration) of evidence which can have a severely negative impact on the company's case, including leading to sanctions.
Once the company becomes aware of potential litigation, the company's attorney will provide notice to the impacted employees, instructing them not to delete or destroy any information relating to the subject matter of the litigation. The litigation hold applies to paper and electronic documents. During a litigation hold, all retention policies must be overridden.
We are committed to upholding fundamental human rights and believe that all human beings around the world should be treated with dignity, fairness, and respect. Our company will only engage suppliers and direct contractors who demonstrate a serious commitment to the health and safety of their workers, and operate in compliance with human rights laws. GitLab does not use or condone the use of slave labor or human trafficking, denounces any degrading treatment of individuals or unsafe working condition, and supports our products being free of conflict minerals.
Slavery and Human Trafficking are crimes and violations of fundamental human rights. These violations take various forms, such as slavery, servitude, forced and compulsory labour, and/or human trafficking, all of which have in common the deprivation of a person’s liberty by another in order to exploit them for personal or commercial gain. GitLab is committed to acting ethically and with integrity in our business dealings and relationships by implementing and enforcing systems/controls to ensure modern slavery or human trafficking are not taking place in our business, or with those with whom we do business.
GitLab is also committed to ensuring there is transparency in our business and in our approach to tackling slavery and human trafficking throughout our supply chains and overall organization, consistent with disclosure obligations we may have under applicable law. To that end, we prohibit the use of forced, compulsory or trafficked labor, or anyone held in slavery or servitude, whether adults or children by anyone working for or with GitLab.
All employees, directors, officers, agents, interns, vendors, distributors, resellers, contractors, external consultants, third-party representatives and business partners are expected to comply with this policy.
Every Team Member is responsible to assist in the prevention, detection and reporting of slavery and human trafficking by those working for or with GitLab. Each Team Member is encouraged to raise concerns about any known or suspected incidents of slavery or human trafficking in any parts of our business or supply chains at the earliest possible stage. If you are unsure about whether a particular act, the treatment of workers more generally, or their working conditions within any tier of our supply chains or business partners constitutes any of the various forms of modern slavery/human trafficking, raise it at Compliance@Gitlab.com.
We may terminate our relationship with individuals and/or Business Partners if they breach this policy.
The Foreign Corrupt Practices Act is a United States federal law that prohibits U.S. citizens and entities from bribing foreign government officials to benefit their business interests. It is not only an invaluable tool to help fight corruption but one to which we must be compliant. As GitLab Inc. is a U.S. incorporated entity, we need to make sure our operations worldwide are compliant with the provisions of the Foreign Corrupt Practices Act. To that end, GitLab requires Team Members to complete an annual online course relating to anti-bribery and corruption at GitLab. In the training, learners will explore improper payments, including facilitation payments and personal safety payments, as well as policies on commercial bribery.
The goal of the course is to ensure our Team Members understand what it takes to avoid corruption, especially in high-risk countries, and to ensure GitLab is compliant with legal and regulatory obligations.