Sales Guide: Collaborating with GitLab Legal

1. You are here:
2. Handbook
3. Legal & Corporate Affairs
4. Sales Guide: Collaborating with GitLab Legal

OVERVIEW

🎥 Watch Overview Video

Learn about the purpose of this resource; 1:40 (Log into GitLab Unfiltered)

Thank you for visiting! The purpose of this resource is to provide Sales reps assistance on:

(1) Operational - How to work with, and engage, GitLab legal; Requirements to close a deal; General FAQ for legal ops, including some parallels to Finance and Deal Desk matters.

(2) Educational - Learning about how and why GitLab legal and our agreements work, to better serve you during a sales cycle; Proactive advice and education to enable you to feel more confident when / if your Customer has legal related questions.

ENGAGEMENT

• As part of this collaboration, we are measuring success by interaction with the field. For this reason, we ask that you please watch the videos and "thumbs-up" or "like" them.
• Please Note: All videos provided will be up on the GitLab Unfiltered YouTube Account. You will need to login to this Account in order to view.

REQUESTING CONTENT

• You are always encouraged to make requests for future content that will help you and the team. Simply complete the form here.

OPERATIONAL	EDUCATIONAL
How to reach Legal	Overview of GitLab Agreements
How do I get an Agreement signed (including NDAs)	When does GitLab negotiate
Clearing Export Review in SFDC	SKO 2021 Resources
Completing Vendor Request Forms	What is Open Source Software?
What's needed to close a deal?	GitLab Subscription Agreement 101
Requests for GitLab Financial Information, Tax and Insurance Certificates	Why GitLab does not sign BAAs (Business Associate Agreement)
How to get a Data Processing Agreement (DPA) Signed	Intro to GitLab Privacy Compliance and Data Processing Agreement (DPA)
Escalation Process	GitLab Legal Commercial Coverage Model & Best Practices for a Legal Call
CLM Process
RFP Process
Commercial Legal Issues

OPERATIONAL

How to reach Legal

🎥 Watch the "How to Reach Legal" Video

Learn about how to open a Legal Request, When to Open a Legal Request; 2:24 (Log into GitLab Unfiltered)

1. UPDATE TO PROCESS: Please note, the "Legal Request Button" will now be available exclusively in the Opportunity template layout. The purpose of this update was to enable Legal to gather more information regarding Legal Requests created and the applicable Opportunity information. If an Opportunity does not exists, please open a $0 Opportunity to then create the Legal Request following the steps within this Section and the video.
2. For all questions related to Partners and/or Customers, including: Non-standard NDA requests, Contract Review / Negotiations, Legal Questions…etc., please open a Legal Request in SFDC.
3. There is a:
   • $25K ARR opportunity minimum threshold to review edits to our terms; and
   • $100K ARR opportunity minimum threshold to review Customer.

• Please Note The above thresholds are based on a single opportunity and not the "total Account value" or "total Contract value", OR, potential investment size of a future opportunity. For clarity, if a Customer is purchasing $30,000USD over three (3) year term, this Opportunity WOULD NOT meet the threshold for negotiation(s).

• With respect to non-standard NDAs, the above thresholds do not apply. Simply follow the same process(es) and attach the Customer red-lined GitLab NDA, OR, the Customer's NDA template.

1. Step-by-Step directions on opening a Legal Request can be found here NOTE: Once you open a Legal Request for "Contract Review", DO NOT open another Legal Request when updated red-lines are provided. All red-lines / negotiated versions will be stored in one (1) Legal Request to ensure version history is maintained.
2. A presentation on this topic can be found here

Additional Resources: Field Operations Legal Request Overview

To Request a Legal Review for a Channel Partner Contract

For Channel and Alliance Partner contract reviews only, the process for the legal request is as follows:

1. Navigate to the partner account record in SFDC.
2. Click the legal request button.
3. Choose “Partner Agreement” in the dropdown menu
4. Follow the process as the system lays out

For any other channel partner legal request, please follow the standard legal request process.

How do I get an Agreement signed

Learn about how to get an Agreement Signed; Who can sign on behalf of GitLab

1. Sales Reps cannot sign any Agreements. Only certain individuals may execute on behalf of GitLab see Authorization Matrix here.
2. All Agreements require a GitLab Legal stamp in order to be executed. This stamp is placed by a Contract Manager when an executable version is reached.
3. Once the Agreement has been stamped by GitLab legal, follow the DocuSign Process to send the Agreement for signature within SFDC. Note: All Sales Team Members have DocuSign access, please work with Sales Ops for any questions on how to use.

Additional Resources:

• Visit Sales Order Processing for helpful information.

Need an NDA signed? Follow the process for Team Members with DocuSign access.

Letters of Authorization

Visit the Channel Operations page to learn how partners can request a Letter of Authorization.

Legal Team Steps:

• Once the Channel Account Manager has approved the LOA, the Legal Team will receive an email via DocuSign to loa@gitlab.com.
• The Legal Team will then follow the link to view the document, add the date and click “Approve” on the LOA to indicate that the information is correct and the partner is authorized, then click Finish to forward the signed LOA to the partner.

Clear Export Review in SFDC

1. See the Visual Compliance Overview
2. GitLab uses Visual Compliance to review all Accounts. The tool is continually reviewing and 'clearing' Accounts. In addition, any 'flags' / 'hits' are reviewed and cleared throughout the day by GitLab Legal.
3. If an export notice is presented, that requires immediate action, please tag "@legal" in SFDC Chatter for the Account and write "Please review for export compliance"
4. Legal will continually review all requests. Once cleared in Visual Compliance update(s) will reaching SFDC in 15-20 minutes.

Completing Vendor Request Forms

It is the sales team member responsibility to complete Vendor Request Forms

1. Much, if not all, of the Vendor Form information can be found at the Company Information Page

Included on the Company Information Page is:

• Address / information related to each GitLab entity
• All banking information
• ECCN Number
• NAICS Code
• Dun and Bradstreet Number …AND VARIOUS OTHER DETAILS
• W9 is located on the Finance Forms page
• For Customers that request an Insurance Certificate for evidence of coverage, please open a Legal Request.

1. If there are questions / elements that are not found in the Company Information Page, the Sales Rep should engage Deal Desk to organize requests of finance and tax. Information regarding contacting Deal Desk and overall process can be found at the Sales Order Process Page.

2. If there are Security related questions / elements that are not found at the GitLab Trust Center Page or the GitLab Customer Assurance Package Page, the Sales Rep should engage the Field Security Team per their process, which can be found at GitLab's Customer Assurance Activities Page.

3. ONLY OPEN A LEGAL REQUEST IF: There is a specific legal question / element being requested within the Vendor Form.

Example: Has GitLab, or board member / executed of GitLab, been subject to a lawsuit?

As a private company, we will not share the following information in a Vendor Request Form:

• Stock / Share ownership of the company
• Finances, including annual and/or historical performance

What's needed to close a Deal

🎥 Watch the "What's needed to close a Deal" Video

1. Visit the Sales Operations and Deal Desk Handbook materials to review how to create an Order Form.
2. An Order Form with a base Agreement referenced. This will either be the current Subscription Agreement as found at the Terms of Service, or, if an executed Agreement is signed, this will be referenced within the Order Form.
3. Visit the presentation on the Legal Requirements Note: This is locked for GitLab Team Members only
4. The fastest way to close a deal is to ensure the Customer signs the Order Form. If a Customer refuses to sign an Order Form, additional approvals will be required by both GitLab Legal and Finance team members. In addition, the Customer may need to make changes to their Purchase Order (PO).

Requests for GitLab Financial Information, Tax and Insurance Certificates

1. For Tax Certificate requests please email the Finance team at tax@gitlab.com
2. For Insurance Certificate requests, demonstrating evidence of coverage, please open a Legal Request
3. Regarding GitLab financial information, GitLab is a public company and its public filings can be found on SEC.gov or on GitLab's Investor Relations website

How to get a Data Processing Addendum (DPA) signed

GitLab includes a signed version of the DPA on the Terms of Service, as stated within the Subscription Agreement this DPA is applicable to all Enterprise Customer's and does not need to be counter-signed. In addition, as stated within the header of the DPA, a Customer’s acceptance of the Subscription Agreement shall be treated as its execution of the DPA.

Escalation Process

In instances where a Customer or a Partner has requested material non-standard terms that are not generally accepted, and where the transaction may merit additional consideration, please follow the Escalation Process Overview. Included in the Overview are the steps required to meet threshold requirements, ensure the matter receives the appropriate level of review, and provide guidance to complete the applicable Escalation Form(s) Note This document is only available for GitLab Team Members.

CLM Process

• Contract Lifecycle Management (CLM) is a tool that enables the Commercial Legal Team to capture and report data related to legal and business terms. The ultimate goal of the CLM is to make the Legal process more efficient during the CPQ / quote-to-cash process and provide more visibility into the internal request process. Steps the Commercial Legal Team follows after an Agreement has been fully executed include:
  1. Upload the fully executed version, which is to be saved in the SFDC Legal Request by the Sales Team Member, into the CLM tool via the Legal Request Case;
  2. Complete the "Upload Intake Form" with the elements / information related to the Agreement being uploaded; and
  3. Hit "Save"
• By uploading / saving the document in the CLM, the information supplied via the Intake Form will be stored in both the CLM, as well as in the Account details in SFDC. In addition, the fully executed version will be stored in the CLM Repository for ease of retrieval.

RFP Process

With regards to completing RFPs, sometimes referred to as RFIs, RFQs or RFXs, please find information in the RFP Process handbook page.

Commercial Legal Issues

For issues that are being handled outside of Salesforce (e.g., project-based work) and require the Commercial Legal team's attention, apply the label legal-commercial::to-do. This will update the Commercial Legal Issue Board and allow the team to assign appropriately. We also use the following labels:

• legal-commercial::in progress means the Commercial Legal team is actively working on the issue
• legal-commercial::pending requester means the Commercial Legal team has a requirement or task that must be met by the requester before the issue progresses
• legal-commercial::done means the Commercial Legal team has finished their portion of the issue

EDUCATIONAL

Overview of GitLab Agreements

🎥 Watch the "Overview of GitLab Agreements" Video

Learn about what Agreements GitLab has; 2:45 (Log into GitLab Unfiltered)

1. GitLab provides our Software pursuant to the GitLab Subscription Agreement, and Professional Services pursuant to GitLab Professional Services Terms;
2. GitLab has a Master Partner Agreement that includes multiple Exhibits to enable Partners to, (i) Reseller, (ii) Refer, and (iii) Distribute GitLab Products and Services;
3. Other than web-portal purchases, GitLab enters into an Order Form with a Customer which outlines the Products and Services being sold;
4. Any modification(s) to Order Forms, or standard Terms and Conditions, require GitLab Legal Approval.

When does GitLab negotiate

🎥 Watch the "When does GitLab Negotiate Video"

Learn about when GitLab negotiates; 3:20 (Log into GitLab Unfiltered)

Note: The updated NDA process may not be referenced in the video, please follow most recent directions in this Sales Guide

1. GitLab will negotiate NDAs with our prospects. You can always send the prospect the GitLab NDA template (following the steps within this Sales Guide) and ask for them to sign. If they want to use their template, simply open a Legal Request for "Contract Review".
2. GitLab will negotiate changes to our terms and conditions provided the [current] Opportunity is greater than $25K (USD).
3. GitLab will negotiate using a Customer terms and conditions-if they are applicable to our Software and business-if the [current] Opportunity is greater than $100K (USD).
4. Why don't we negotiate with all Customers? Using resources to negotiate on all deals would not be a good use of GitLab resources and instead, we created our terms to be reasonable and in line with industry standards which allows us to place our resources into creating better products and services.

GitLab Legal SKO 2021 Resources

Look through the GitLab Legal "Legalize IT!" Presentation

1. Learn about the GitLab Legal Team! Look through basic questions and answers which will help you collaborate with legal and close deals faster!

Open Source

1. For a general introduction to Open Source, including lists of acceptable and unacceptable Open Source licenses for use in GitLab, see Open Source at GitLab.
2. Helpful external resources on Open Source Software can be found at Opensource.com and the Open Source Inititiave.
3. The Open Source project for GitLab can be found at gitlab.com/gitlab-org/gitlab.
4. GitLab uses Open Source Software as part of its Open Core Business Model. Learn more about the GitLab Open Core Business Model.

GitLab Subscription Agreement 101

🎥 Watch the "Subscription Agreement Basics" Video

Please Note: The purpose of this content is to understand where to find GitLab's terms, as well as, basic knowlege about the rights and obligations stated

1. GitLab terms can be found at our Terms of Service
2. GitLab provides full transparency by including historic versions of the Terms. This can be found within the Agreement History section
3. The Subscription Agreement can be used for the sale of both On-Premise and SaaS Software
4. The Subscription Agreement is agreed to by either, (i) Clicking-through when purchasing (or downloading) via the GitLab Website, (ii) Referenced in an Order Form that is signed by a Customer, or (iii) Passed through a Reseller if a Customer is buying through an Authorized Partner

Why GitLab does not sign BAAs

1. GitLab will not sign a Business Associate Agreement (BAA)

2. Resources to provide your Customer if they request a BAA:

What do the GitLab Terms say?

• GitLab is transparent with respect to information it requires, or does not require, in order to provide our products and services. Please view Section 14.3 of the Subscription Agreement, which specifically highlights that GitLab will not receive Personal Heatlh Information.

Why does GitLab not sign BAAs?

• GitLab does not require nor is designed to be used to store Personal Health Information (PHI). In addition, GitLab, as an organiztion, does not desire or need to receive, process, store, transact or otherwise possess PHI in order to provide our products and servcies. As such, GitLab does not meet, or desire to meet, the definition of a "Business Associate" as defined under the Health Insurance Portability and Accountability Act (HIPAA).
• In the event a Customer questions "incidental dislcosures", please highlight the HIPAA definition itself, which states: “Business associate functions or activities on behalf of a covered entity include claims processing, data analysis, utilization review, and billing. Business associate services to a covered entity are limited to legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services. However, persons or organizations are not considered business associates if their functions or services do not involve the use or disclosure of protected health information, and where any access to protected health information by such persons would be incidental, if at all.”

Intro to Data Privacy and the GitLab Data Processing Addendum

1. The GitLab Privacy Policy explains how GitLab collects, uses and shares customers' personal information, and how they may exercise their rights in respect of that information. More information about privacy compliance at GitLab, including answers to a number of frequently asked questions concerning the GDPR, can be found on the GitLab Privacy Compliance handbook page.
2. The GitLab Data Processing Addendum, usually referred to as the "DPA", can be accessed from the GitLab Terms of Service page. As stated in the GitLab Subscription Agreement, the terms of the DPA automatically apply to corporate customers.
3. When asking questions about data privacy, Customers may also raise questions about security. Generally, such questions are best directed to the Field Security Team. However, the following resources may be useful in the first instance:
   • The Security Practices handbook page gives details about GitLab's organizational security.
   • GitLab's Customer Assurance Package provides details of GitLab's current Security and Compliance posture.
   • GitLab documentation explaining how to Secure your application, Secure your installation and the GitLab permissions guide are useful for helping customers understand steps they can take to secure the personal data processed in GitLab.

GitLab Legal Commercial Coverage Model and Best Practices for a Legal Call

GitLab Legal Commercial Coverage Model

1. Please review the GitLab Legal Coverage Model which provides an overview of the GitLab Legal Commercial coverage model by region & segment. NOTE: This is available to GitLab Team Members only
2. Even though this resource provides individual contact information, please follow the steps and open a Legal Request if you have a need related to a Customer.

Best Practices for a Legal Call

Please review the GitLab Legal Best Practices Resource which outlines best practices when contemplating a call between GitLab Legal and Customer & Partner counsel. NOTE: This is available to GitLab Team Members only

Additional Resources

Field Operations Negotiation Overview