GitLab is committed to serving our customers and employing individuals with personal standards consistent with that of our values. This Code is designed to deter wrongdoing and to promote:
Our Code applies to all directors, officers, employees, and contractors of GitLab and its affiliates and subsidiaries. Agents and vendors of GitLab are also expected to read, understand, and abide by this Code.
This Code should help guide your conduct in the course of our business. Many of the principles described in this Code are general in nature, and the Code does not cover every situation that may arise. Use common sense and good judgment in applying this Code. If you have any questions about applying the Code, please seek guidance. Not all information regarding the conduct of our business is found in this Code. Please review the applicable policies and procedures in specific areas as they apply as found in our Team Handbook.
To maintain the highest standards of integrity, we must dedicate ourselves to complying with this Code, company policies and procedures, and applicable laws and regulations. Violations of this Code not only damage our company’s standing in the communities we serve–they may also be illegal. Team members involved in violating this Code will likely face negative consequences. GitLab will take the appropriate disciplinary action in response to each case, up to and including termination. In addition, team members involved may be subject to government fines or criminal or civil liability.
If you think this Code is being violated, or if you have an ethics question, you have several options:
Once a report is received, GitLab will investigate it promptly and thoroughly. GitLab expects all employees to cooperate in investigations fully and candidly. GitLab will take corrective action, as appropriate, based on the findings of the investigation.
Investigation Process GitLab will promptly initiate an appropriate investigation into all possible violations of law and GitLab policy. The Chief Culture Officer (CCO) or the HR Business Partner assigned to the business will have the primary responsiblity for investigating complaints relating to employee misconduct.
In certain situations, the legal department may assume responsibility for certain investigations and instruct other GitLab personnel to gather information for the investigation.
Investigation Timeline GitLab will make all reasonable efforts to initiate an investigation into the allegation(s) and conclude the investigation in a timely fashion, as appropriate. Depending on the type of investigation the steps and timeline for each investigation will vary.
Investigation Findings Based on the investigation, GitLab investigator(s) will determine whether the allegation(s) were founded, unfounded or inconclusive. This determination will be documented in writing and made part of the investigation report. The determinations are as follows: * Violation Found. Where a violation of GitLab policies, workplace rules or law is found to have occurred, the accused should be notified of the finding and of the specific corrective actions to be taken. The accused employee's manager will also be notified if appropriate. No details about the nature or extent of disciplinary or corrective actions will be disclosed to the complainant(s) or witness(es) unless there is as compelling reason to do so (e.g., personal safety) * No Violation Found. In this situation, the complainant and the accused should be notified that GitLab investigated the allegation(s) and found that the evidence did not support the claim. * Inconclusive investigation. IN some cases, the evidence may not conclusively indicate whether the allegation(s) was founded or unfounded. If such a situation occurs, the notification a thorough investigation but has been unable to establish the truth or falsity of the allegation(s). GitLab will take appropriate steps to ensure that the persons involved understand the requirements of GitLab's policies and applicable law, and that GitLab will monitor the situation to ensure compliance in the future.
How to Contact GitLab's 24-hour hotline:
GitLab has engaged Lighthouse Services to provide an anonymous ethics and compliance hotline for all team members. The purpose of the service is to insure that any team member wishing to submit a report anonymously can do so without the fear of retribution.
Reports may cover but are not limited to the following topics: Ethical violations, Wrongful Discharge, Unsafe Working Conditions, Internal Controls, Quality of Service, Vandalism and Sabotage, Sexual Harassment, Theft, Discrimination, Conduct Violations, Alcohol and Substance Abuse, Threats, Fraud, Bribery and Kickbacks, Conflict of Interest, Improper Conduct, Theft and Embezzlement, Violation of Company Policy, Violation of the Law, Misuse of Company Property, Falsification of Contract, Reports or Records.
Please note that the information provided by you may be the basis of an internal and/or external investigation into the issue you are reporting and your anonymity will be protected to the extent possible by law by Lighthouse. However, your identity may become known during the course of the investigation because of the information you have provided. Reports are submitted by Lighthouse to a company designee for investigation according to our company policies.
Lighthouse Services toll free number and other methods of reporting are available 24 hours a day, 7 days a week for use by team members.
Any employee or contractor who reports a violation will be treated with dignity and respect and will not be subjected to any form of discipline or retaliation for reporting in good faith. Retaliation against anyone who provides information or otherwise assists in an investigation or proceeding will be treated as a violation of this Code.
Having a diverse workforce–made up of team members who bring a wide variety of skills, abilities, experiences and perspectives–is essential to our success. We are committed to the principles of equal opportunity, inclusion, and respect. All employment-related decisions must be based on company needs, job requirements, and individual qualifications. Always take full advantage of what our team members have to offer; listen and be inclusive.
Report suspected discrimination right away and never retaliate against anyone who raises a good faith belief that unlawful discrimination has occurred. Employees and contractors should refer to the GitLab Anti-Harassment Policy for more information.
Every employee or contractor has a right to a work environment free from harassment, regardless of whether the harasser is a co-worker, supervisor, manager, customer, vendor, or visitor. Please refer to the GitLab Anti-Harassment Policy for more information. As is the case with any violation of the Code, you have a responsibility to report any harassing behavior or condition regardless of if you are directly involved or just a witness.
Our company is committed to following all applicable wage and hour laws and regulations. To help ensure that all work performed for GitLab is compensated correctly, team members compensated on the basis of hours worked must report and record time accurately. For more information on compensation, please refer to our Compensation Principles.
GitLab strives to maintain a workplace that is free from illegal use, possession, sale, or distribution of alcohol or controlled substances. Legal or illegal substances shall not be used in a manner that impairs a person’s performance of assigned tasks. This will help to maintain the efficient and effective operation of the business, and to ensure customers receive the proper service. GitLab team members must also adhere the local laws of where they reside and where they travel to, including the GitLab Summit.
GitLab respects the confidentiality of the personal information of employees and contractors. This includes employee and contractor medical and personnel records. All team members records are kept in BambooHR. Team members have self service access to their profile. Where available, documents and information are shared with the team member within the platform. If the team member would like to view their entire profile from the admin view, please schedule a call with People Operations to walk through a screen share or request screenshots to be sent to your personal email address. Access to personal information is only authorized when there is a legitimate and lawful reason, and access is only granted to appropriate personnel. Requests for confidential employee or contractor information from anyone outside our company under any circumstances must be approved in accordance with applicable laws. It is important to remember, however, that employees and contractors should have no expectation of privacy with regard to normal course workplace communication or any personal property used for GitLab business.
In carrying out GitLab’s business, team members often learn confidential or proprietary information about our company, its customers, prospective customers, or other third parties. Team members must maintain the confidentiality of all information entrusted to them, except when disclosure is authorized or legally mandated.
Confidential or proprietary information includes:
GitLab’s confidentiality provisions can be found in the employee and contractor templates, but these may vary from what you agreed to at the time of your contract. For specific information about your obligations regarding confidentiality, please reference your contract.
All employees and contractors must protect our company assets, such as equipment, inventory, supplies, cash, and information. Treat company assets with the same care you would if they were your own. No employee or contractor may commit theft, fraud or embezzlement, or misuse company property.
Our company uses global electronic communications and resources as routine parts of our business activities. It is essential that electronic resources used to perform company business are protected to ensure that these resources are accessible for business purposes and operated in a cost-effective manner, that our company’s reputation is protected, and that we minimize the potential for legal risk.
In addition to following the Social Media Guidelines, when utilizing social media think about the effect of statements that you make. Keep in mind that these transmissions are permanent and easily transferable, and can affect our company’s reputation and relationships with team members and customers. When using social media tools like blogs, Facebook, Twitter or wikis, ensure that you do not make comments on behalf of GitLab without proper authorization. Also, you must not disclose our company’s confidential or proprietary information about our business, our suppliers, or our customers.
We take the protection of privacy for our customer’s, consumer’s, and other third parties that have entrusted us with information very seriously. Customer or third party information includes any information about a specific customer/third party, including such things as name, address, phone numbers, financial information, etc.
If you do not have a business reason to access this information, you should not do so. If you do, you must also take steps to protect the information against unauthorized use or release in line with our Security Best Practices.
Our intellectual property is among our most valuable assets. Intellectual property refers to creations of the human mind that are protected by various national laws and international treaties. Intellectual property includes copyrights, patents, trademarks, trade secrets, design rights, logos, expertise, and other intangible industrial or commercial property. We must protect and, when appropriate, enforce our intellectual property rights. We also respect the intellectual property belonging to third parties. It is our policy to not knowingly infringe upon the intellectual property rights of others.
Assignment of intellectual property is addressed in the employee and contractor templates, but these may vary from what you agreed to at the time of your contract. For specific information about your obligations regarding intellectual property rights and obligations, please reference your contract.
All directors, officers, employees, and contractors must comply with antitrust and competition laws which prohibit collusive or unfair business behavior that restricts free competition. These laws are quite complicated, and failure to adhere to these laws could result in significant penalties imposed on both GitLab and the employees and/or contractors who violated the law.
Unlawful behavior examples: enter agreements with competitors to fix prices, bid rigging, terms of sale, production output, divide markets or customers, attempts to discriminate in prices or terms of sale among our customers, otherwise restrict the freedom of our customers to compete, and refusing to deal with certain customers or competitors.
Such laws prohibit efforts and actions to restrain or limit competition between companies that otherwise would be competing for business in the marketplace. You must be particularly careful when you interact with any employees or contractors or representatives of GitLab’s competitors, especially at trade association meetings or other industry or trade events where competitors may interact. Under no circumstances should you discuss customers, prospects, pricing, or other business terms with any employees or contractors or representatives of our competitors. If you are not careful, you could find that you have violated antitrust and competition laws if you discuss or make an agreement with a competitor regarding:
Depending on business justification and effect on competition, other practices not involving competitors may also result in civil violations of the antitrust and competition laws. These practices include:
We engage in open and fair procurement activities regardless of nationality or the size of the transaction. Suppliers are selected on a competitive basis based on total value, which includes quality, suitability, performance, service, technology, and price. We strive toward establishing mutually beneficial relationships with our suppliers based on close cooperation and open communication. Terms and conditions defining our relationship with suppliers are communicated early in the supplier selection process. Any agreements to such terms and conditions, or any acceptable modifications, are reached before work begins.
It is our responsibility to accurately represent GitLab and our products in our marketing, advertising, and sales materials. Deliberately misleading messages, omissions of important facts or false claims about our products, individuals, competitors or their products, services, or employees or contractors are inconsistent with our values. Sometimes it is necessary to make comparisons between our products and our competitors. When we do, we will make factual and accurate statements that can be easily verified or reasonably relied upon.
Gathering information about our competitors, often called competitive intelligence, is a legitimate business practice. Doing so helps us stay competitive in the marketplace; however, we must never use any illegal or unethical means to get information about other companies.
Legitimate sources of competitive information include:
When working with consultants, vendors, and other partners, ensure that they understand and follow GitLab policy on gathering competitive information.
Money laundering is a global problem with far-reaching and serious consequences. Money laundering is defined as the process of converting illegal proceeds so that funds are made to appear legitimate, and it is not limited to cash transactions.
Complex commercial transactions may hide financing for criminal activity such as terrorism, illegal narcotics trade, bribery, and fraud. Involvement in such activities undermines our integrity, damages our reputation and can expose GitLab and individuals to severe sanctions.
Our company forbids knowingly engaging in transactions that facilitate money laundering or result in unlawful diversion. Anti-money laundering laws require transparency of payments and the identity of all parties to transactions. We are committed to full compliance with anti-money laundering laws throughout the world and will conduct business only with reputable customers involved in legitimate business activities and transactions.
We believe in doing business with third parties that embrace and demonstrate high principles of ethical business behavior. We rely on suppliers, contractors, and consultants to help us accomplish our goals. They are part of the GitLab team and should be treated according to our values. To create an environment where our suppliers and consultants have an incentive to work with GitLab, they must be confident that they will be treated in an ethical manner. We offer fair opportunities for prospective third parties to compete for our business. The manner in which we select our suppliers and the character of the suppliers we select reflect on the way we conduct business.
Globally, many countries have laws that prohibit bribery, kickbacks, and other improper payments. No GitLab employee, contractor, officer, agent, or vendor acting on our behalf may offer or provide bribes or other improper benefits in order to obtain business or an unfair advantage. You must avoid participating in commercial bribery and kickbacks, or even the appearance of it, in all of our business dealings. Even in locations where such activity may not, technically speaking, be illegal, it is absolutely prohibited by our company policy.
Modest gifts, favors, and entertainment are often used to strengthen business relationships. However, no gift, favor, or entertainment should be accepted or given if it obligates, or appears to obligate, the recipient, or if it might be perceived as an attempt to influence fair judgment.
In general, unless you have supervisory approval you should not provide any gift or entertainment to customers, suppliers, or others that you would not be able to accept from a customer, supplier, or other applicable parties. All directors, executives, and anyone else in the company participating in vendor selection, must disclose all gifts and entertainment valuing over US$250 for the six months prior to the vendor selection and during the term of the services and for a period of twelve months after services have been completed. The disclosure shall be made to the Legal department, and shall include the value of the gift or entertainment, the individual or company providing the gift, favor, or entertainment, and the date on which it was received. If you have any questions relating to this section, feel free to contact the Legal department.
We comply with all import and export laws and regulations in countries in which we operate. These laws restrict transfers, exports, and sales of products or technical data to certain prescribed countries and persons as well as re-export of certain such items from one location to another.
If you are involved in importing and exporting goods and data, you are responsible for knowing and following these laws. We do not cooperate with foreign boycotts that are not approved by the respective government. If you receive a request related to any boycott, contact the Legal department and do not respond to the request.
Certain laws prohibit transactions with persons or entities that have violated export-related laws or are believed to pose a threat to national security. Additionally, doing business with certain countries may result in imposed economic sanctions. We must perform due diligence before any transaction that has an international element to determine whether such parties are on a restricted list.
We must ensure all statements and representation to government procurement officials are accurate and truthful, including costs and other financial data. If your assignment directly involves the government or if you are responsible for someone working with the government on behalf of GitLab, be alert to the special rules and regulations applicable to our government customers. Additional steps should be taken to understand and comply with these requirements.
Any conduct that could appear improper should be avoided when dealing with government officials and employees or contractors. Payments, gifts, or other favors given to a government official or employee are strictly prohibited as it may appear to be a means of influence or a bribe. Failure to avoid these activities may expose the government agency, the government employee, our company, and you to substantial fines and penalties.
Accurate and reliable records are crucial to our business. Records will be maintained accurately to:
GitLab records include:
There is never a reason to make false or misleading entries. Undisclosed or unrecorded funds, payments, or receipts are inconsistent with our business practices and are prohibited.
Our records are our corporate memory, providing evidence of actions and decisions and containing data and information critical to the continuity of our business.
Records consist of all forms of information created or received by GitLab, whether originals or copies, regardless of media. Examples of company records include:
We are responsible for properly labeling and carefully handling confidential, sensitive, and proprietary information and securing it when not in use. We do not destroy official company documents or records before the retention time expires, but do destroy documents when they no longer have useful business purpose.
We have an obligation to make sound business decisions in the best interests of GitLab without the influence of personal interests or gain. Our company requires you to avoid any conflict, or even the appearance of a conflict, between your personal interests and the interests of our company.
A conflict exists when your interests, duties, obligations or activities, or those of a family member are, or may be, in conflict or incompatible with the interests of GitLab. Conflicts of interest expose our personal judgment and that of our company to increased scrutiny and criticism and can undermine our credibility and the trust that others place in us.
Should any business or personal conflict of interest arise, or even appear to arise, you should disclose it immediately to leadership for review. In some instances, disclosure may not be sufficient and we may require that the conduct be stopped or that actions taken be reversed where possible. As it is impossible to describe every potential conflict, we rely on you to exercise sound judgment, to seek advice when appropriate, and to adhere to the highest standards of integrity.
GitLab employees and contractors are not authorized to speak with the media, investors, and analysts on behalf of our company unless authorized by our Marketing department. Unless authorized, do not give the impression that you are speaking on behalf of GitLab in any communication that may become public. This includes posts to online forums, social media sites, blogs, chat rooms, and bulletin boards. This policy also applies to comments to journalists about specific matters that relate to our businesses, as well as letters to the editor and endorsements of products or services.
We pride ourselves on being a company that operates with integrity, makes good choices, and does the right thing in every aspect of our business. We will continually challenge ourselves to define what being a responsible company means to us, and work to translate our definition into behavior and improvements at GitLab. We seek to align our social and environmental efforts with our business goals and continue to develop both qualitative and quantitative metrics to assess our progress.
You may support the political process through personal contributions or by volunteering your personal time to the candidates or organizations of your choice. These activities, however, must not be conducted on company time or involve the use of any company resources. You may not make or commit to political contributions on behalf of GitLab.
We support community development throughout the world. GitLab employees or contractors may contribute to these efforts, or may choose to contribute to organizations of their own choice. However, as with political activities, you may not use company resources to personally support charitable or other non-profit institutions not specifically sanctioned or supported by our company. You should consult the Legal department if you have questions about permissible use of company resources.
We are committed to upholding fundamental human rights and believe that all human beings around the world should be treated with dignity, fairness, and respect. Our company will only engage suppliers and direct contractors who demonstrate a serious commitment to the health and safety of their workers, and operate in compliance with human rights laws. GitLab does not use or condone the use of slave labor or human trafficking, denounces any degrading treatment of individuals or unsafe working condition, and supports our products being free of conflict minerals.
Team members will review and sign the Code of Business Conduct & Ethics Acknowledgment Form during onboarding as well as annually during the Global Compensation Annual Review cycle.
All of the policies listed below are important for GitLabbers to read and understand as they deal with people benefits, procedures, and requirements of the company. If you have any questions around the internal policies, please reach out to People Operations.
In keeping with our values of freedom, efficiency, transparency, kindness, and boring solutions, we have crafted the following protocol around sick leave for all GitLabbers.
Details for specific groups of GitLabbers
If you have been injured at work, please contact People Operations to determine what your benefits are.
GitLab is committed to protecting the position rights of team members absent on military leave. No team member or prospective team member will be subjected to any form of discrimination on the basis of membership in or obligation to perform service for any of the uniformed services of their country of residency. If any team member believes that he or she has been subjected to discrimination in violation of this policy, immediately contact People Operations for assistance. For any questions about how to initiate a military leave, please contact People Operations.
GitLab is committed to a policy of employment and advancement based on qualifications and merit and does not discriminate in favor of or in opposition to the employment of significant others or relatives. Due to the potential for perceived or actual conflicts, such as favoritism or personal conflicts from outside the work environment, which can be carried into the daily working relationship, GitLab will hire or consider other employment actions concerning significant others and/or relatives of persons currently employed or contracted only if: a) candidates for employment will not be working directly for or supervising a significant other or relative, and b) candidates for employment will not occupy a position in the same line of authority in which employees can initiate or participate in decisions involving a direct benefit to the significant other or relative. Such decisions include hiring, retention, transfer, promotion, wages, and leave requests.
This policy applies to all current employees and candidates for employment.
If your permanent address is changing, notify People Operations of the new address before the pay cycle of the move. The best way to do this is by logging in to BambooHR and changing your address under the Personal tab. This triggers a message to the BambooHR admin to review the change and "accept" it.
If you are going to spend six months or more in one location this will be considered as a relocation and your compensation will be evaluated based on the new metro region.
GitLab supports team members who wish to continue their education and growth within their professional career. If you are a full-time GitLabber and have been employed for more than three months, you are eligible to participate in this program. To be eligible for reimbursement, courses must be a requirement of a degree or certification program and delivered through a credentialed college or university.
GitLabbers are eligible for a reimbursement of up to 4,000 USD per calendar year (January 1st - December 31st). There is no limit to the number of years a team member can participate in the program. Courses eligible for reimbursement include for credit classes resulting in a grade (not pass/fail), courses providing continuing education credits, and/or courses taken as part of a certification program. You must earn a passing grade equivalent to a “B” or obtain a successful completion certification to submit for reimbursement. The program will cover only the tuition and enrollment related fees. Additional fees related to parking, books, supplies, technology, or administrative charges are not covered as part of the program. Tuition will be validated by receipt of payment. A description of the course(s) and degree or certification program along with a final grade report or satisfactory certificate of completion are required to receive reimbursement.
To receive tuition reimbursement, GitLabbers should follow the following process:
In some countries, tuition reimbursement may be considered as taxable income. Please reach out to your tax professional for clarification.
Any questions or concerns? Please feel free to speak with anyone in People Ops.
We will obtain employment and criminal background checks for team members based on specific project, client, and/or department assignments. Team members in Support Engineer and Solutions Architect positions, People Ops, Finance, Sales (client-dependent), and the Executive team have been selected to go through this process. Other positions/departments may be added in the future based on business requirements.
We have contracted with Checkr to perform these background checks, which will cover criminal history for the last 7 years and employment history for the last 5 years and/or the three most recent employers. GitLab may use the returned background check information to make decisions regarding employment; therefore, the employment of those in the affected positions is contingent upon a successful completion of the background check. Due to the remote nature of our company, offenses involving driving or motor vehicles are not considered actionable violations.
Incoming candidates will receive an email to fill out the background check application following an offer. The application process includes signing a disclosure and a consent form which explains the rights of an individual undergoing a background examination. The application process is designed to take less than fifteen minutes to complete.
All team members in the affected positions will be required to complete the background check process, regardless of location. Candidates outside of the US or non-citizens will be required to provide a passport number and national ID number as part of their criminal background check. At this time, Checkr does not support non-US employment verification, so People Ops will be reaching out to collect the appropriate information.
To prepare for the employment application process, please gather each previous employer's name and address, your position title held, employment start and end dates, manager’s name and title, their phone number, and email address. Details for a Human Resources contact can be entered instead of a manager's contact details. If you have been self-employed, you must provide backup documentation to act as proof of employment. This documentation can be in the form of tax returns (e.g. W2s), pay stubs, LLC documentation, official company registrations, etc.
Candidates may be required to submit a form of picture ID to process their background check. For security purposes, documentation via email will not be accepted; candidates should check their email for the secure link that Checkr will automatically send in order to upload their document.
Background checks will act as an additional mechanism of transparency and will help to build trust with our clients. We will continue to develop this draft policy to ensure we apply a fair and consistent process which is as respectful to the privacy of our team members as possible while remaining compliant.
Finance team members only will be required to participate in a credit check, due to the nature of their work with company finances. The credit checks will be performed through Checkr.
US Candidates Only
When a team member is absent from work for three consecutive workdays, there is no entry on the availability calendar for time off, and fails to contact his or her supervisor, they can be terminated for job abandonment unless otherwise required by law. If a manager is unable to reach an employee via email or slack within a 24 hour period they should contact their HR Business Partner. The HR Business partner will access the employees information to obtain additional contact methods and numbers. The manager and HR Business Partner will create an action plan to make all attempts to contact the employee.