Anti-Corruption Policy

THIS POLICY WAS APPROVED BY THE BOARD OF DIRECTORS OF THE COMPANY ON SEPTEMBER 14, 2021. THIS POLICY IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. AN EXECUTABLE COPY OF THIS POLICY, INCLUDING THE TEAM MEMBERS CERTIFICATION REGARDING COMPLIANCE AND UNDERSTANDING, WILL BE REQUIRED TO BE SIGNED BY GITLAB TEAM MEMBERS.

PURPOSE

GitLab Inc., including any of its subsidiaries or affiliates (“GitLab’’, “we”, “our” or the “Company”) is committed to promoting the highest standards of ethical business conduct and to compliance with all applicable laws, rules, and regulations. As part of this commitment, all GitLab team members, including individuals employed by or acting on behalf of Company, its officers and member of its board of directors, consultants, agents, other representatives and channel partners (“Team Members and Partners”) are required to comply with the Foreign Corrupt Practices Act (“FCPA”), and anti-bribery laws and regulation in foreign jurisdictions, including but not limited to the UK Bribery Act 2010 and the European Commission on Anti-Corruption, other anti-bribery laws, and local laws designed to prevent improper bribes (collectively, all of these laws are referred to as the “Anti-Corruption Laws”). The policies set forth in this document are referred to as the Company’s “Anti-Corruption Policy.” In addition to compliance with the Anti-Corruption Laws, all Team Members and Partners are required to comply with the Anti-Corruption Policy and any procedures adopted by the Company to implement this Policy.

PROHIBITED CONDUCT

GitLab and Team Members and Partners are prohibited from authorizing, making, offering, promising, requesting, receiving or accepting bribes or accepting kickbacks in any form. This prohibition applies to all forms of bribery, including commercial bribery as well as bribery of government employees or officials.

The Anti-Corruption Laws prohibiting bribery are very broad, so that many kinds of gifts or entertainment provided to government employees or officials might be considered improper. For that reason, Team Members and Partners may not give anything of value to any government employee or official in order to wrongfully influence the government employee or official, obtain or retain business or receive any improper advantage. This prohibition applies regardless of whether the payment or offer of payment is made directly to the government employee or official or indirectly through a third party. As discussed in more detail below, it is critical to understand that, for purposes of the Anti-Corruption Laws, the terms “government official” generally includes any employee of a company that is owned or controlled by a government or governmental agency. By way of example, this means that someone working for a telecom, energy company, internet company or hospital in another country that is owned or controlled by that country’s government is a “government official.” In other words, for purposes of the Anti-Corruption Laws, this term is much broader than how we think about “government officials” in the United States.

Examples of prohibited conduct include:

1. payments made directly to a government employee or official for an improper purpose;
2. payments or gifts to third parties where Team Members and Partners know or have reason to know that at least a portion of the payments or gifts is likely to be offered by the third party to a government employee or official for an improper purpose;
3. acts “in furtherance of” an improper payment, such as arranging for funds to be available for the improper payment; and
4. payments to retain assets, such as an “under the table” payment to a tax official to settle a tax claim.

It is important to avoid even the appearance of impropriety. If you have any questions about whether a payment may be improper or violate this Policy, consult the Company’s Chief Legal Officer before any payment or offer is made.

IMPORTANT CONCEPTS

Who is a “government official”? “Government official” includes:

1. any official or employee of a government, including any political party, administrative agency, or government-owned business;
2. any person acting in an official capacity on behalf of a government entity;
3. employees or agents of a business which is owned or controlled by a government;
4. any person or firm employed by or acting for or on behalf of any government;
5. any political party official, employee or agent of a political party, or candidate for political office (or political party position); and
6. any family member or other representative of any of the above.

Any doubts about whether a particular person is a government official should be resolved by assuming that the individual involved is a government official for purposes of the FCPA or the Anti-Corruption Laws.

What does “anything of value” mean? “Anything of value” includes money and monetary equivalents (such as gambling chips and gift cards), entertainment, accommodations, and any other benefit. There is no “minimum” required under the FCPA – any amount can be sufficient to trigger a violation.

What is an “improper advantage”? An “improper advantage” includes payments intended to wrongfully:

1. influence a decision by a government official, including a failure to perform their official functions;
2. induce a government official to use their influence to affect a decision by someone else in their government; and
3. induce a government official to use their influence to affect or influence any act or decision.

In addition to obtaining or retaining business, “improper advantage” includes reducing taxes, or duties, “looking the other way” at minor code or rule violations, and any form of preferential treatment.

GIFTS, ENTERTAINMENT, TRAVEL & PROMOTIONAL EXPENDITURES

Gifts in the business context can be an appropriate way for businesspeople to display respect for each other. GitLab expects the use of good judgment and moderation when giving or receiving entertainment or gifts. No gift or entertainment should ever be offered, given, provided or accepted by Team Members and Partners unless it:

1. is reasonable and not extravagant;
2. is appropriate under the circumstances and serves a valid business purpose;
3. is customary and appropriate under U.S. and local customs;
4. is not being offered for any improper purpose, and could not be construed as a bribe, kickback or payoff;
5. does not violate any Company policy;
6. does not violate any U.S., local or international laws or regulations; and
7. is accurately described in your expense or other reports and Company’s books and records.

It is essential that Team Members and Partners accurately report expenditures for gifts or entertainment so that the purpose, amount, and recipient of the gift are obvious (i.e., transparent) to personnel in the Company’s Finance Team and other personnel who have responsibility for ensuring that our financial books and records are accurate and reviewing these books and records. Expense reports should accurately state the purpose of the expenditures and the identities of the individuals receiving the gifts or entertainment and state whether the gift or entertainment was given to a government employee or official.

1. Significant legal restrictions apply with regard to providing gifts, entertainment, travel and promotional expenditures related to government officials. Team Members and Partners must make sure they fully understand all such restrictions and associated policies and procedures. In each instance:
   1. all gifts, entertainment, or promotional expenses which are intended to induce a government employee or official to misuse their position or to obtain an improper advantage are prohibited, regardless of their value;
   2. expenses must have a valid business purpose and be reasonable and necessary under the circumstances;
   3. gifts must be of token value (such as shirts or tote bags that reflect Company’s business name and/or logo), legal and customary, and openly given; and
   4. expenses and gifts must be fully and accurately reflected in the Company’s books and records and backed by receipts.

Team Members and Partners should avoid even the appearance of impropriety. Any gift or expense that is lavish or might otherwise prove embarrassing for the Company is prohibited. If Team Members and Partners have any question regarding the appropriateness of any gift or expense, they should consult the CLO prior to giving the gift or incurring the expense.

FACILITATING PAYMENTS

The FCPA and other anti-bribery laws may provide limited exceptions for certain minor payments for the purpose of facilitating or expediting routine, lawful services or non-discretionary administrative actions, such as telephone installation. However, other anti-corruption laws prohibit such payments. Any and all facilitating payments require prior written approval from the CLO.

REPRESENTATIVES, PARTNERS, CONSULTANTS, DISTRIBUTORS, AGENTS AND OTHER THIRD PARTIES

Before initiating a relationship with a representative, partner, consultant, distributor, agent, or other third party, Team Members and Partners must conduct appropriate due diligence to assure that the representative will not engage in any improper conduct. This is for several important reasons, including that the Company can be held responsible for a third party’s conduct in certain circumstances under the Anti-Corruption Laws. Due diligence typically will include considering such factors as:

• the third party’s qualifications for the position or task at issue;
• whether the third party has personal or professional ties to the government or any government official;
• the number and reputation of the third party’s clientele and the representative’s reputation with the United States Embassy or Consulate, local bankers, clients, and other business associates; and
• the reasonableness of the compensation.

Consult the CLO regarding the appropriate due diligence procedure for your situation.

The Company must terminate contracts with any third party who is unwilling or unable to represent the Company in a manner consistent with this Anti-Corruption Policy.

RED FLAGS RELATED TO THIRD PARTIES

While conducting due diligence and throughout any subsequent relationship with third parties, Team Members and Partners must monitor for any “red flags.” A “red flag” is a fact or circumstance that requires additional consideration and extra caution. Red flags must be considered in context rather than in isolation. Red flags may appear in many forms and can include:

1. payments in a country with a history or reputation for corruption;
2. refusal to provide a certification of compliance with the FCPA or other anti-bribery laws;
3. unusual payment patterns or requests, including payments to third parties, in cash, and payments made to bank accounts outside the country;
4. representations or boasting about influence or connections;
5. use of a shell or holding company that obscures ownership without credible explanation;
6. accusations of improper business practices (credible rumors or media reports, etc.);
7. family or business relationship with the government or a government official;
8. requests for payments “up front” or statements that a particular amount of money is needed to “get the business,” “make the necessary arrangements,” or similar expressions;
9. unusually high commissions, agents’ fees, or payments for goods or services;
10. apparent lack of qualifications or resources;
11. whether the representative or joint venture partner has been recommended by an official of the potential government customer;
12. requests to be able to make agreements without the Company’s approval; and
13. requests that agreements or communications be kept secret (other than a customary nondisclosure or confidentiality agreement).

Team Members and Partners are responsible for monitoring their email and other communications and documents for red flags. Any red flags should be brought promptly to the attention of your supervisor or the CLO. Failure to do so is considered a violation of this Anti-Corruption Policy.

POLITICAL CONTRIBUTIONS

The Company reserves the right to communicate its position on important issues to elected representatives and other government officials. It is, however, always the Company’s policy to comply fully with all applicable laws regarding political contributions. Donations to political campaigns or causes could violate campaign finance laws and Anti-Corruption Laws, especially if contributions are made to a campaign at the request or suggestion of a government official.

To mitigate the risk of an improper payment or the appearance of an improper payment, no Company funds, facilities, or services of any kind may be provided to any government official, including any candidate or prospective candidate for public office, to any political party, or to any political initiative, referendum, or other form of political campaign unless pre-approved in writing by the CLO.

CHARITABLE CONTRIBUTIONS

The Company is committed to improving and promoting the interests of the communities where it operates. Donations to charitable organizations, however, can, like political contributions, present a risk under the Anti-Corruption Laws, particularly if they are made at the request or suggestion of a government official. Therefore, Team Members and Partners must obtain prior written approval from the CLO before making any charitable donation on behalf of the Company or using Company funds, directly or indirectly.

BOOKS AND RECORDS

All Team Members must maintain accurate records of all transactions and assist in ensuring that the Company’s books and records accurately and fairly reflect, with appropriate detail, all transactions, expenses, or other dispositions of assets. To that end, all Team Members are prohibited from falsifying any business or accounting record and must truthfully report and record all dispositions of assets. Undisclosed or unrecorded funds or assets—for any purpose—are prohibited.

Any questions on how to record transactions should be referred to the CLO.

In addition to the guidelines set forth above, all Team Members and Partners must comply with the Company’s Code of Business Conduct and Ethics.

REPORTING BREACHES OF THIS ANTI-CORRUPTION POLICY

Compliance with this Anti-Corruption Policy is, first and foremost, the individual responsibility of each and every Team Member and Partner. All Team Members and Partners must report, in person or in writing, any known or suspected violations of this Policy to the CLO or in a manner consistent with the Company’s Whistleblower Policy. Per the Company’s Whistleblower Policy, concerns regarding improper or illegal conduct can be reported in several ways, including by: (i) reporting the known or suspected violation to your manager and/or supervisor; (ii) reporting your concerns to the CLO, Robin Schulman, at CLO@gitlab.com (iii) calling the Company’s Whistleblower Reporting Hotline at 1-833-756-0853 or online at http://gitlab.ethicspoint.com/ and/or by email addressed to the Company’s Audit Committee or Legal Team, sent to the Company’s Corporate Secretary, Robin Schulman, CLO@gitlab.com marked Attention: “Audit Committee” or “Chief Legal Officer”.

You can also submit any questions you may have regarding the Anti-Corruption Policy to the Company’s Whistleblower Reporting Hotline number or email address. Any questions or reports of concerns regarding improper or illegal conduct will be addressed promptly and can be made anonymously.

GitLab will not allow any retaliation against any Team Members and Partners who act in good faith in reporting any violation of this Policy. The Company encourages and highly values reporting of conduct that may violate the Anti-Corruption Laws. Per the Company’s Whistleblower Policy, the Company will investigate reported violations and will determine an appropriate response, including corrective action and preventive measures as appropriate. For further information regarding the manner in which the Company handles reports related to concerns of improper or illegal conduct, please review the Company’s Whistleblower Policy.

PERIODIC REVIEW

The CLO or a designee will conduct a periodic review to confirm the adequacy and effective implementation of this Anti-Corruption Policy.

CERTIFICATION AND ENFORCEMENT

From time to time, GitLab’s Team Members and Partners may be required to complete training regarding the FCPA and, more broadly, the Anti-Corruption Laws and sign a certification acknowledging commitment to, full understanding of, and compliance with this Anti-Corruption Policy. The acknowledgment statement shall be included in the personnel file of each Team Member and Partner. Any Team Member or Partners who violate this Policy or who fail to make or falsify any certification required under this Policy may be subject to disciplinary action, up to and including termination of employment or of the business relationship.

TEAM MEMBER CERTIFICATION REGARDING COMPLIANCE WITH ANTI-CORRUPTION POLICY

I have read and understand the Anti-Corruption Policy (the “Anti-Corruption Policy”) of GitLab Inc. (“GitLab” or “Company”). I undertake to comply with the provisions of the Anti-Corruption Policy. I hereby represent that:

1. Except as disclosed below, I have not participated in, and am not aware of, any violation of the Foreign Corrupt Practices Act (“FCPA”) or the Anti-Corruption Policy by myself or any other Team Member, agent, individual, or entity acting on behalf of or as a representative, channel partner, vendor, consultant, or business partner of GitLab. I hereby represent that:
   • I have not paid, offered, promised to pay (or authorized any payment or offer of) money or anything of value, directly or indirectly, to any government employee or official in order to wrongfully influence the government official, obtain or retain business, direct business to any person, induce a government official to use his or her influence to affect or influence any act or decision, or receive any improper advantage.
   • I am not aware of, and have no reason to believe that, any Team Member, agent, individual, or entity acting on behalf of or as a representative, channel partner, vendor, consultant, or business partner of GitLab has paid, offered, promised to pay (or authorized any payment or offer of) money or anything of value, directly or indirectly, to any government employee or official in order to wrongfully influence the government employee or official, obtain or retain business, direct business to any person, induce a government employee or official to use his or her influence to affect or influence any act or decision, or receive any improper advantage.
   • I shall not pay, offer, promise to pay (or authorize any payment or offer of) money or anything of value, directly or indirectly, to any government employee or official in order to wrongfully influence the government official, obtain or retain business, direct business to any person, induce a government official to use his or her influence to affect or influence any act or decision, or receive an improper advantage.
2. Should I ever obtain information giving me reason to believe that any Team Member, agent, individual, or entity acting on behalf of GitLab may have engaged in conduct that violates the FCPA or the Anti-Corruption Policy, I undertake to report that information promptly to the Chief Legal Officer of the Company.

I have engaged in or observed the following incidents of potential non-compliance:

I understand that a false, misleading or incomplete statement in this certification of compliance or other violation of the Anti-Corruption Policy may be grounds for termination of employment or of the business relationship.