Code of Business Conduct & Ethics and GitLab People Policy Directory

On this page

Code of Business Conduct & Ethics

GitLab is committed to serving our customers and employing individuals with personal standards consistent with that of our values. This Code is designed to deter wrongdoing and to promote:

Our Code applies to all directors, officers, employees, and contractors of GitLab and its affiliates and subsidiaries. Agents and vendors of GitLab are also expected to read, understand, and abide by this Code.

This Code should help guide your conduct in the course of our business. Many of the principles described in this Code are general in nature, and the Code does not cover every situation that may arise. Use common sense and good judgment in applying this Code. If you have any questions about applying the Code, please seek guidance. Not all information regarding the conduct of our business is found in this Code. Please review the applicable policies and procedures in specific areas as they apply as found in our Team Handbook.

Complying with the Code

To maintain the highest standards of integrity, we must dedicate ourselves to complying with this Code, company policies and procedures, and applicable laws and regulations. Violations of this Code not only damage our company’s standing in the communities we serve–they may also be illegal. Team members involved in violating this Code will likely face negative consequences. GitLab will take the appropriate disciplinary action in response to each case, up to and including termination. In addition, team members involved may be subject to government fines or criminal or civil liability.

Reporting Violations

If you think this Code or any GitLab policy is being violated, or if you have an ethics question, you have several reporting options:

All reports (formal or informal) made to a GitLab supervisor, manager or executive should be promptly escalated to People Operations and the Legal team. GitLab will then review the report promptly and thoroughly to determine if an investigation is warranted.

Investigation Process If Legal has determined it appropriate, GitLab will promptly initiate an appropriate investigation into all possible violations of law and GitLab policy. The Senior Director of Legal Affairs will engage the HR Business Partner assigned to the business department to investigate the report(s), unless the complaint is against a member of the People Operations team, in which case the investigation will be conducted by the Legal team. If the report is made against a member of the executive team or if there are multiple complainants regarding the same individual and/or issue, outside counsel will be retained by Legal to conduct the investigation. If the complaint is made against a member of the Legal team, the Chief Culture Officer will lead the investigation.

GitLab expects all employees and contractors to cooperate in investigations fully and candidly.

Investigation Timeline GitLab will make all reasonable efforts to initiate an investigation into the allegation(s) and conclude the investigation in a timely fashion. Depending on the type of investigation the steps and timeline for each investigation will vary.

Investigation Findings The investigation findings will be reported back to the Senior Director of Legal Affairs. Based on the investigation findings, Legal will make a determination as to whether the allegation(s) were founded, unfounded or inconclusive. This determination will be documented in writing and made part of the investigation report. The determinations are as follows: * Violation Found. Where a violation of GitLab policies, workplace rules or law is found to have occurred, Legal will review the findings and make a recommendation for corrective action to the Chief Culture Officer and the executive leader of the accused's reporting line. Together the CCO, the business unit and Legal will determine the proper corrective action. If the accused is a member of the executive team then Legal will confer with the CEO, and where necessary, the Board of Directors. Once a corrective action has been determined, the accused will be notified of the finding and of the specific corrective actions to be taken. The accused employee's manager will also be notified if appropriate. No details about the nature or extent of disciplinary or corrective actions will be disclosed to the complainant(s) or witness(es) unless there is as compelling reason to do so (e.g., personal safety) * No Violation Found. In this situation, the complainant (if known) and the accused should be notified that GitLab investigated the allegation(s) and found that the evidence did not support the claim. * Inconclusive investigation. In some cases, the evidence may not conclusively indicate whether the allegation(s) was founded or unfounded. If such a situation occurs, the complainant (if known) and the accused will be notified that a thorough investigation has been conducted, but GitLab has been unable to establish the truth or falsity of the allegation(s). GitLab will take appropriate steps to ensure that the persons involved understand the requirements of GitLab's policies and applicable law, and that GitLab will monitor the situation to ensure compliance in the future.

How to Contact GitLab's 24-hour hotline:

GitLab has engaged Lighthouse Services to provide an anonymous ethics and compliance hotline for all team members. The purpose of the service is to insure that any team member wishing to submit a report anonymously can do so without the fear of retribution.

Reports may cover but are not limited to the following topics: Ethical violations, Wrongful Discharge, Unsafe Working Conditions, Internal Controls, Quality of Service, Vandalism and Sabotage, Sexual Harassment, Theft, Discrimination, Conduct Violations, Alcohol and Substance Abuse, Threats, Fraud, Bribery and Kickbacks, Conflict of Interest, Improper Conduct, Theft and Embezzlement, Violation of Company Policy, Violation of the Law, Misuse of Company Property, Falsification of Contract, Reports or Records.

Please note that the information provided by you may be the basis of an internal and/or external investigation into the issue you are reporting and your anonymity will be protected to the extent possible by law by Lighthouse. However, your identity may become known during the course of the investigation because of the information you have provided. Reports are submitted by Lighthouse to a company designee for investigation according to our company policies.

Lighthouse Services toll free number and other methods of reporting are available 24 hours a day, 7 days a week for use by team members.

Commitment to Non-Retaliation

Any employee or contractor who reports a violation will be treated with dignity and respect and will not be subjected to any form of discipline or retaliation for reporting in good faith. Retaliation against anyone who provides information or otherwise assists in an investigation or proceeding will be treated as a violation of this Code.

Discrimination

Having a diverse workforce–made up of team members who bring a wide variety of skills, abilities, experiences and perspectives–is essential to our success. We are committed to the principles of equal opportunity, inclusion, and respect. All employment-related decisions must be based on company needs, job requirements, and individual qualifications. Always take full advantage of what our team members have to offer; listen and be inclusive.

Report suspected discrimination right away and never retaliate against anyone who raises a good faith belief that unlawful discrimination has occurred. Employees and contractors should refer to the GitLab Anti-Harassment Policy for more information.

Harassment

Every employee or contractor has a right to a work environment free from harassment, regardless of whether the harasser is a co-worker, supervisor, manager, customer, vendor, or visitor. Please refer to the GitLab Anti-Harassment Policy for more information. As is the case with any violation of the Code, you have a responsibility to report any harassing behavior or condition regardless of if you are directly involved or just a witness.

Fair Wages

Our company is committed to following all applicable wage and hour laws and regulations. To help ensure that all work performed for GitLab is compensated correctly, team members compensated on the basis of hours worked must report and record time accurately. For more information on compensation, please refer to our Compensation Principles.

Substance Abuse

GitLab strives to maintain a workplace that is free from illegal use, possession, sale, or distribution of alcohol or controlled substances. Legal or illegal substances shall not be used in a manner that impairs a person’s performance of assigned tasks. This will help to maintain the efficient and effective operation of the business, and to ensure customers receive the proper service. GitLab team members must also adhere the local laws of where they reside and where they travel to, including the GitLab Summit.

Employee Information Privacy

GitLab respects the confidentiality of the personal information of employees and contractors. This includes employee and contractor medical and personnel records. All team members records are kept in BambooHR. Team members have self service access to their profile. Where available, documents and information are shared with the team member within the platform. If the team member would like to view their entire profile from the admin view, please schedule a call with People Operations to walk through a screen share or request screenshots to be sent to your personal email address. Access to personal information is only authorized when there is a legitimate and lawful reason, and access is only granted to appropriate personnel. Requests for confidential employee or contractor information from anyone outside our company under any circumstances must be approved in accordance with applicable laws. It is important to remember, however, that employees and contractors should have no expectation of privacy with regard to normal course workplace communication or any personal property used for GitLab business.

If there is no requirement within someone's job description to be public-facing, then team members can opt-out of any public exposure. Team members can opt-out of being added to the team page or what content about them is shown on the team page and can use either only their initials or an alias if desired. Since GitLab publishes much of our content, including video calls and meetings, the only way to ensure no unwanted exposure from these videos is to have video turned off and initials or an alias added to the Zoom profile name whenever a call is being recorded. Zoom shows whether a call is being recorded at the top right of the video screen, and team members are always encouraged to ask if a video will be shared or not. For any GitLab livestreams through YouTube, a team member can watch and comment through YouTube instead of through the internal video call. Any questions can be sent directly to our People Ops and Legal teams.

Proprietary and Confidential Information

In carrying out GitLab’s business, team members often learn confidential or proprietary information about our company, its customers, prospective customers, or other third parties. Team members must maintain the confidentiality of all information entrusted to them, except when disclosure is authorized or legally mandated.

Confidential or proprietary information includes:

GitLab’s confidentiality provisions can be found in the employee and contractor templates, but these may vary from what you agreed to at the time of your contract. For specific information about your obligations regarding confidentiality, please reference your contract.

Physical Assets and Resources

All employees and contractors must protect our company assets, such as equipment, inventory, supplies, cash, and information. Treat company assets with the same care you would if they were your own. No employee or contractor may commit theft, fraud or embezzlement, or misuse company property.

GitLab Internal Acceptable Use Policy

The Gitlab Internal Acceptable Use Policy specifies requirements related to the use of GitLab computing resources and data assets by GitLab team members so as to protect our customers, team members, contractors, company, and other partners from harm caused by both deliberate and inadvertent misuse. Our intention in publishing this policy is not to impose restrictions but outline information security guidelines intended to protect GitLab assets.

Proper Use of Electronic Media

Our company uses global electronic communications and resources as routine parts of our business activities. It is essential that electronic resources used to perform company business are protected to ensure that these resources are accessible for business purposes and operated in a cost-effective manner, that our company’s reputation is protected, and that we minimize the potential for legal risk.

In addition to following the Social Media Guidelines, when utilizing social media think about the effect of statements that you make. Keep in mind that these transmissions are permanent and easily transferable, and can affect our company’s reputation and relationships with team members and customers. When using social media tools like blogs, Facebook, Twitter or wikis, ensure that you do not make comments on behalf of GitLab without proper authorization. Also, you must not disclose our company’s confidential or proprietary information about our business, our suppliers, or our customers.

Protecting Customer/Third Party Information Privacy

We take the protection of privacy for our customer’s, consumer’s, and other third parties that have entrusted us with information very seriously. Customer or third party information includes any information about a specific customer/third party, including such things as name, address, phone numbers, financial information, etc.

If you do not have a business reason to access this information, you should not do so. If you do, you must also take steps to protect the information against unauthorized use or release in line with our Security Best Practices.

Intellectual Property and Protecting IP

Our intellectual property is among our most valuable assets. Intellectual property refers to creations of the human mind that are protected by various national laws and international treaties. Intellectual property includes copyrights, patents, trademarks, trade secrets, design rights, logos, expertise, and other intangible industrial or commercial property. We must protect and, when appropriate, enforce our intellectual property rights. We also respect the intellectual property belonging to third parties. It is our policy to not knowingly infringe upon the intellectual property rights of others.

  1. Take proper care of any confidential information you get from our customers.
  2. As an employee or contractor, the things you create for GitLab belong to our company.
    • This work product includes inventions, discoveries, ideas, improvements, software programs, artwork, and works of authorship. This work product is our company’s property (it does not belong to individuals) if it is created or developed, in whole or in part, on company time, as part of your duties or through the use of company resources or information.
  3. If you copy code always check the license and attribute when needed or appropriate.
  4. Check community contributions and do not merge it when there can be doubt about the ownership.
  5. Only the CEO of the company signs legal documents such as NDAs. Sales people and the business office manager can upload them via HelloSign.
  6. View our DMCA policy in regards to copyright / intellectual property violations

Assignment of intellectual property is addressed in the employee and contractor templates, but these may vary from what you agreed to at the time of your contract. For specific information about your obligations regarding intellectual property rights and obligations, please reference your contract.

Antitrust and Fair Competition

All directors, officers, employees, and contractors must comply with antitrust and competition laws which prohibit collusive or unfair business behavior that restricts free competition. These laws are quite complicated, and failure to adhere to these laws could result in significant penalties imposed on both GitLab and the employees and/or contractors who violated the law.

Unlawful behavior examples: enter agreements with competitors to fix prices, bid rigging, terms of sale, production output, divide markets or customers, attempts to discriminate in prices or terms of sale among our customers, otherwise restrict the freedom of our customers to compete, and refusing to deal with certain customers or competitors.

Such laws prohibit efforts and actions to restrain or limit competition between companies that otherwise would be competing for business in the marketplace. You must be particularly careful when you interact with any employees or contractors or representatives of GitLab’s competitors, especially at trade association meetings or other industry or trade events where competitors may interact. Under no circumstances should you discuss customers, prospects, pricing, or other business terms with any employees or contractors or representatives of our competitors. If you are not careful, you could find that you have violated antitrust and competition laws if you discuss or make an agreement with a competitor regarding:

Depending on business justification and effect on competition, other practices not involving competitors may also result in civil violations of the antitrust and competition laws. These practices include:

We engage in open and fair procurement activities regardless of nationality or the size of the transaction. Suppliers are selected on a competitive basis based on total value, which includes quality, suitability, performance, service, technology, and price. We strive toward establishing mutually beneficial relationships with our suppliers based on close cooperation and open communication. Terms and conditions defining our relationship with suppliers are communicated early in the supplier selection process. Any agreements to such terms and conditions, or any acceptable modifications, are reached before work begins.

Honest Advertising and Marketing

It is our responsibility to accurately represent GitLab and our products in our marketing, advertising, and sales materials. Deliberately misleading messages, omissions of important facts or false claims about our products, individuals, competitors or their products, services, or employees or contractors are inconsistent with our values. Sometimes it is necessary to make comparisons between our products and our competitors. When we do, we will make factual and accurate statements that can be easily verified or reasonably relied upon.

Obtain Competitive Information Fairly

Gathering information about our competitors, often called competitive intelligence, is a legitimate business practice. Doing so helps us stay competitive in the marketplace; however, we must never use any illegal or unethical means to get information about other companies.

Legitimate sources of competitive information include:

When working with consultants, vendors, and other partners, ensure that they understand and follow GitLab policy on gathering competitive information.

Anti-Money Laundering

Money laundering is a global problem with far-reaching and serious consequences. Money laundering is defined as the process of converting illegal proceeds so that funds are made to appear legitimate, and it is not limited to cash transactions.

Complex commercial transactions may hide financing for criminal activity such as terrorism, illegal narcotics trade, bribery, and fraud. Involvement in such activities undermines our integrity, damages our reputation and can expose GitLab and individuals to severe sanctions.

Our company forbids knowingly engaging in transactions that facilitate money laundering or result in unlawful diversion. Anti-money laundering laws require transparency of payments and the identity of all parties to transactions. We are committed to full compliance with anti-money laundering laws throughout the world and will conduct business only with reputable customers involved in legitimate business activities and transactions.

Selection and Use of Third Parties/Procurement (Fair Purchasing)

We believe in doing business with third parties that embrace and demonstrate high principles of ethical business behavior. We rely on suppliers, contractors, and consultants to help us accomplish our goals. They are part of the GitLab team and should be treated according to our values. To create an environment where our suppliers and consultants have an incentive to work with GitLab, they must be confident that they will be treated in an ethical manner. We offer fair opportunities for prospective third parties to compete for our business. The manner in which we select our suppliers and the character of the suppliers we select reflect on the way we conduct business.

Anti-corruption / Anti-bribery

Globally, many countries have laws that prohibit bribery, kickbacks, and other improper payments. No GitLab employee, contractor, officer, agent, or vendor acting on our behalf may offer or provide bribes or other improper benefits in order to obtain business or an unfair advantage. You must avoid participating in commercial bribery and kickbacks, or even the appearance of it, in all of our business dealings. Even in locations where such activity may not, technically speaking, be illegal, it is absolutely prohibited by our company policy.

Definitions

  1. Commercial bribery involves a situation where something of value is given to a current or prospective business partner with the intent to obtain business or influence a business decision.
  2. Kickbacks are agreements to return a sum of money to another party in exchange for making or arranging a business transaction.
  3. A bribe is defined as directly or indirectly offering anything of value to influence or induce action, or to secure an improper advantage.
  4. Anything of value is very broadly defined and can include such things as:
    • Cash
    • Gifts
    • Meals
    • Entertainment
    • Travel and lodging
    • Personal services
    • Charitable donations
    • Business opportunities
    • Favors
    • Offers of employment

Situations

  1. No employee or contractor shall make or promise to make, directly or indirectly, any payment of money or object of value to any foreign official of a government, political party, or a candidate for political office for the purpose of inducing or influencing actions in any way to assist our company in obtaining or retaining business for or with GitLab.
  2. The exchange of appropriate gifts and entertainment is often a way to build our business relationships. However, you must conduct business with customers, suppliers, and government agencies (including U.S. and non-U.S. governments) without giving or accepting bribes including (but not limited to) commercial bribery and kickbacks.

Gifts and Entertainment

Modest gifts, favors, and entertainment are often used to strengthen business relationships. However, no gift, favor, or entertainment should be accepted or given if it obligates, or appears to obligate, the recipient, or if it might be perceived as an attempt to influence fair judgment.

In general, unless you have supervisory approval you should not provide any gift or entertainment to customers, suppliers, or others that you would not be able to accept from a customer, supplier, or other applicable parties.

All directors, executives, and anyone else in the company participating in vendor selection, must disclose all gifts and entertainment valuing over US$250 for the six months prior to the vendor selection and during the term of the services and for a period of twelve months after services have been completed. The disclosure shall be made to the Legal department, and shall include the value of the gift or entertainment, the individual or company providing the gift, favor, or entertainment, and the date on which it was received. If you have any questions relating to this section, feel free to contact the Legal department.

Trade Compliance (Export/Import Control)

We comply with all import and export laws and regulations in countries in which we operate. These laws restrict transfers, exports, and sales of products or technical data to certain prescribed countries and persons as well as re-export of certain such items from one location to another.

If you are involved in importing and exporting goods and data, you are responsible for knowing and following these laws. We do not cooperate with foreign boycotts that are not approved by the respective government. If you receive a request related to any boycott, contact the Legal department and do not respond to the request.

Certain laws prohibit transactions with persons or entities that have violated export-related laws or are believed to pose a threat to national security. Additionally, doing business with certain countries may result in imposed economic sanctions. We must perform due diligence before any transaction that has an international element to determine whether such parties are on a restricted list.

Government Customers/Contracting

We must ensure all statements and representation to government procurement officials are accurate and truthful, including costs and other financial data. If your assignment directly involves the government or if you are responsible for someone working with the government on behalf of GitLab, be alert to the special rules and regulations applicable to our government customers. Additional steps should be taken to understand and comply with these requirements.

Any conduct that could appear improper should be avoided when dealing with government officials and employees or contractors. Payments, gifts, or other favors given to a government official or employee are strictly prohibited as it may appear to be a means of influence or a bribe. Failure to avoid these activities may expose the government agency, the government employee, our company, and you to substantial fines and penalties.

Maintain Accurate Financial Records / Internal Accounting Controls

Accurate and reliable records are crucial to our business. Records will be maintained accurately to:

GitLab records include:

There is never a reason to make false or misleading entries. Undisclosed or unrecorded funds, payments, or receipts are inconsistent with our business practices and are prohibited.

Manage Records Properly

Our records are our corporate memory, providing evidence of actions and decisions and containing data and information critical to the continuity of our business.

Records consist of all forms of information created or received by GitLab, whether originals or copies, regardless of media. Examples of company records include:

We are responsible for properly labeling and carefully handling confidential, sensitive, and proprietary information and securing it when not in use. We do not destroy official company documents or records before the retention time expires, but do destroy documents when they no longer have useful business purpose.

Avoiding Conflicts of Interest

We have an obligation to make sound business decisions in the best interests of GitLab without the influence of personal interests or gain. Our company requires you to avoid any conflict, or even the appearance of a conflict, between your personal interests and the interests of our company.

A conflict exists when your interests, duties, obligations or activities, or those of a family member are, or may be, in conflict or incompatible with the interests of GitLab. Conflicts of interest expose our personal judgment and that of our company to increased scrutiny and criticism and can undermine our credibility and the trust that others place in us.

Should any business or personal conflict of interest arise, or even appear to arise, you should disclose it immediately to leadership for review. In some instances, disclosure may not be sufficient and we may require that the conduct be stopped or that actions taken be reversed where possible. As it is impossible to describe every potential conflict, we rely on you to exercise sound judgment, to seek advice when appropriate, and to adhere to the highest standards of integrity.

Communicating with External Parties

GitLab employees and contractors are not authorized to speak with the media, investors, and analysts on behalf of our company unless authorized by our Marketing department. Unless authorized, do not give the impression that you are speaking on behalf of GitLab in any communication that may become public. This includes posts to online forums, social media sites, blogs, chat rooms, and bulletin boards. This policy also applies to comments to journalists about specific matters that relate to our businesses, as well as letters to the editor and endorsements of products or services.

Social Responsibility

We pride ourselves on being a company that operates with integrity, makes good choices, and does the right thing in every aspect of our business. We will continually challenge ourselves to define what being a responsible company means to us, and work to translate our definition into behavior and improvements at GitLab. We seek to align our social and environmental efforts with our business goals and continue to develop both qualitative and quantitative metrics to assess our progress.

Political Activities and Contributions

You may support the political process through personal contributions or by volunteering your personal time to the candidates or organizations of your choice. These activities, however, must not be conducted on company time or involve the use of any company resources. You may not make or commit to political contributions on behalf of GitLab.

Charitable Contributions

We support community development throughout the world. GitLab employees or contractors may contribute to these efforts, or may choose to contribute to organizations of their own choice. However, as with political activities, you may not use company resources to personally support charitable or other non-profit institutions not specifically sanctioned or supported by our company. You should consult the Legal department if you have questions about permissible use of company resources.

Human Rights

We are committed to upholding fundamental human rights and believe that all human beings around the world should be treated with dignity, fairness, and respect. Our company will only engage suppliers and direct contractors who demonstrate a serious commitment to the health and safety of their workers, and operate in compliance with human rights laws. GitLab does not use or condone the use of slave labor or human trafficking, denounces any degrading treatment of individuals or unsafe working condition, and supports our products being free of conflict minerals.

Code of Business Conduct & Ethics Acknowledgment Form

Team members will review and sign the Code of Business Conduct & Ethics Acknowledgment Form during onboarding as well as annually during the Global Compensation Annual Review cycle.

GitLab People Policy Directory

All of the policies listed below are important for GitLabbers to read and understand as they deal with people benefits, procedures, and requirements of the company. If you have any questions around the internal policies, please reach out to People Operations.

Sick Time - Taking and Reporting

In keeping with our values of freedom, efficiency, transparency, kindness, and boring solutions, we have crafted the following protocol around sick leave for all GitLabbers.

All GitLabbers

Details for specific groups of GitLabbers

Worker's Compensation

If you have been injured at work, please contact People Operations to determine what your benefits are.

Military Leave

GitLab is committed to protecting the position rights of team members absent on military leave. No team member or prospective team member will be subjected to any form of discrimination on the basis of membership in or obligation to perform service for any of the uniformed services of their country of residency. If any team member believes that he or she has been subjected to discrimination in violation of this policy, immediately contact People Operations for assistance. For any questions about how to initiate a military leave, please contact People Operations.

Hiring Significant Others or Family Members

GitLab is committed to a policy of employment and advancement based on qualifications and merit and does not discriminate in favor of or in opposition to the employment of significant others or relatives. Due to the potential for perceived or actual conflicts, such as favoritism or personal conflicts from outside the work environment, which can be carried into the daily working relationship, GitLab will hire or consider other employment actions concerning significant others and/or relatives of persons currently employed or contracted only if: a) candidates for employment will not be working directly for or supervising a significant other or relative, b) candidates for employment will not occupy a position in which they may be privy to confidential, highly sensitive information that the significant other or relative should not have access to, and c) candidates for employment will not occupy a position in the same line of authority in which employees can initiate or participate in decisions involving a direct benefit to the significant other or relative. Such decisions include hiring, retention, transfer, promotion, wages, and leave requests.

This policy applies to all current employees and candidates for employment.

Relocation

If your permanent address is changing, notify People Operations of the new address before the pay cycle of the move. The best way to do this is by logging in to BambooHR and changing your address under the Personal tab. This triggers a message to the BambooHR admin to review the change and "accept" it.

If you are going to spend six months or more in one location this will be considered as a relocation and your compensation will be evaluated based on the new metro region.

Tuition Reimbursement

GitLab supports team members who wish to continue their education and growth within their professional career. If you are a full-time GitLabber and have been employed for more than three months, you are eligible to participate in this program. To be eligible for reimbursement, courses must be a requirement of a degree or certification program and delivered through a credentialed college or university.

GitLabbers are eligible for a reimbursement of up to 4,000 USD per calendar year (January 1st - December 31st). There is no limit to the number of years a team member can participate in the program. Courses eligible for reimbursement include for credit classes resulting in a grade (not pass/fail), courses providing continuing education credits, and/or courses taken as part of a certification program. You must earn a passing grade equivalent to a “B” or obtain a successful completion certification to submit for reimbursement. The program will cover only the tuition and enrollment related fees. Additional fees related to parking, books, supplies, technology, or administrative charges are not covered as part of the program. Tuition will be validated by receipt of payment. A description of the course(s) and degree or certification program along with a final grade report or satisfactory certificate of completion are required to receive reimbursement.

Tuition Reimbursement Process

To receive tuition reimbursement, GitLabbers should follow the following process:

  1. GitLabber first discusses their interest in professional development with their manager.
  2. If the manager agrees that the degree or certification program is aligned with the business and growth opportunities within GitLab, a minimum of three weeks prior to the course start date, the GitLabber fills out a Tuition Reimbursement Agreement and forwards it to People Ops to stage for the proper signatures (GitLabber, Manager, People Operations) in HelloSign.
  3. The People Ops Analyst will confirm there are no additional tax implications for reimbursement in the team member's country.
  4. People Ops will file the application and signed agreement in BambooHR.
  5. People Ops will also log the tuition reimbursement in the "Tuition Reimbursement Log" found on the Google Drive.
  6. Once the course is completed, an official grade report or successful certification of completion must be submitted to People Operations.
  7. After grades are verified, People Operations will ensure the reimbursement is processed through the applicable payroll by the second pay cycle after submission.

Tax Implications for Tuition Reimbursement by Country

In some countries, tuition reimbursement may be considered as taxable income. Please reach out to your tax professional for clarification.

Mental Health Awareness

  1. What is Mental Health?
  1. Why is awareness of Mental Health important at GitLab?
    • It can affect any and all of us. The statistics from the WHO are that 1 in 4 of us will be affected by mental or neurological disorders at some point in our life. That said, we are all subject to periods where we or those around us find the "the normal stresses of life" harder than usual to deal with.
    • The more aware we are of mental health, the more inclusive we are. That will help encourage any colleagues currently experiencing mental health issues to talk about it.
    • Our business at its core is a group of people working together towards a common goal. With awareness of what might affect our colleagues, we are better equipped to help them if they do discuss it with us and therefore help our business.
    • Mental health has so much emotional baggage as a topic that it can initially seem scary to talk about. Promoting mental health awareness helps to remove the stigma and taboo associated with it.
    • GitLab can offer "productive and fruitful" work for all of our employees. That should not be underestimated.
    • In the cold-light of business metrics, the healthier we are, the more productive we are.
  2. At GitLab we strive to create a Stigma-Free Workplace. In accordance with the National Mental Health Association and the National Council for Behavioral Health we would like to:
    • Educate employees about the signs and symptoms of mental health disorders.
    • Encourage employees to talk about stress, workload, family commitments, and other issues.
    • Communicate that mental illnesses are real, common, and treatable.
    • Discourage stigmatizing language, including hurtful labels such as “crazy,” “loony” or “nuts.”
    • Help employees transition back to work after they take leave.
    • Consult with your employee assistance program.
  3. What are we doing to get there?
    • Per an open issue, People Operations will be developing training for managers on this topic.
    • Talk about mental health issues and ideas in the #mental_health_aware Slack channel.
    • GitLab would also like to encourage GitLabbers to take their time off to properly take care of themselves. We encourage the team to go to yoga, take a long lunch, or anything else in their day to day life that assists in their mental and emotional well-being.
    • In addition to our current EAP programs available for employees, we encourage GitLabbers to take a look at Working Through It for insight into reclaiming well-being at work, off work, and return to work.
    • We believe that our values and culture lends itself to being able to discuss mental health open and honestly without being stigmatized, but let's work together to make it even more inclusive.
    • For example, Finding the right words:
      • "How can we help you do your job?"
      • "You’re not your usual self."
      • "Do you want to talk about it?"
      • "It's always OK to ask for help."
      • "It’s hard for me to understand exactly what you’re going through, but I can see that it’s distressing for you."

Any questions or concerns? Please feel free to speak with anyone in People Ops.

Background Checks

GitLab is concerned about the safety of its employees and about maintaining appropriate controls to ensure that assets of GitLab and our customer relationships and information are protected. To reduce these risks, GitLab will obtain and review background information of covered prospective, and, as applicable, current employees.

All candidates for employment with GitLab to whom conditional offers have been made must undergo a background screen according to this policy as part of the employment screening process. All contracts will state that employment is subject to obtaining results from an approved background screen that are satisfactory to GitLab.

In the event the background check is not available at the time of hire (switching vendors or delays in processing), GitLab will run the background check as soon as possible. The same adjudication guidelines will apply to current employees as they do with prospective employees. The results will be reviewed by People Operations and Legal to determine if the results warrant any adverse action, which could include termination of employment.

We have contracted with Sterling Talent Solutions to perform these background checks, which will cover criminal history for the last 7 years and employment history for the last 5 years and/or the three most recent employers. GitLab may use the returned background check information to make decisions regarding employment; therefore, the employment of team members is contingent upon a successful completion of the background check, per language in the contract. For certain positions where the candidates financial history is relevant to the position, we may also run a check in the federal database for any financial related offenses.

Disclosure and Authorization

Candidates/employees will receive an email to fill out the background check application following the completion of their contract. The application process includes signing a disclosure and a consent form which explains the rights of an individual undergoing a background examination. The application process is designed to take less than fifteen minutes to complete. People Operations will initiate all background screens.

To prepare for the employment verification, candidates should gather each previous employer's name and address, position title held, employment start and end dates, manager’s name and title, their phone number, and email address. Details for a Human Resources contact can be entered instead of a manager's contact details.

Occasionally, Sterling will reach out to the candidate to retrieve additional information, such as backup documentation to act as proof of previous employment or picture IDs. Proof of employment can typically be provided in various ways, such as tax returns (e.g. W2s), pay stubs, LLC documentation, official company registrations, etc.

Background checks will act as an additional mechanism of transparency and will help to build trust with our clients.

Review Criteria

Once the background check is completed, People Operations will review the report and determine if any negative information has a direct connection with an applicant’s ability to fulfill the employee’s duties with competence and integrity. Matters that might raise a concern include but are not limited to: criminal history, recent felony convictions, theft, violent crimes, drug related crimes, and sex offenses. In addition, the report should be carefully reviewed for any omissions or inaccuracies contained in the employment application or made during the interview process.

Step 1: Disclosure and Authorization

The applicant must give the employer consent to have a third party service conduct a background check. The Disclosure and Authorization form can be presented to the applicant at the time he/she completes the employment application form. The form should grant the employer permission to conduct an initial background check (and, subject to state law, subsequent background checks if the applicant is hired) utilizing a third party service. Also, a “Summary Of Your Rights Under The Fair Credit Reporting Act” should be enclosed with the consent and disclosure form. For New York applicants, a copy of Article 23-A of the Correctional Law also should be enclosed and any other relevant state summary of rights.

The background investigation cannot be lawfully conducted without a signed Disclosure and Authorization form. Applicants can be advised that they will not be considered for employment without submitting the signed form. Equally for current team members, they can be advised that their employment may be impacted if they do not consent to the background check.

Step 2: Pre-Adverse Action: Notify the Applicant of Negative Report BEFORE Adverse Action is taken

If the consumer reporting agency reports information which may be used, in whole or in part as a basis for an adverse employment action (e.g., rescinding a conditional offer of employment), the applicant must receive notification before a final decision is made to deny employment. As a result, the employer must provide a copy of the consumer report, a pre-adverse action letter, and another copy of the FCRA notice of rights (and for New York applicants, the Article 23-A notice). The applicant shall also receive any applicable state rights as required.

If the disqualification decision is not based on a misrepresentation or omission in the employment application, it is a best practice to discuss the potentially disqualifying information with the individual prior to issuing the pre-adverse action notice. This practice supports the individual job-related nature of any disqualification decision.

Step 3: Wait for a Reasonable Period of Time to Find Out What, if Any, Explanation is Offered by the Applicant

If the applicant does not respond at all to the notification within a reasonable period of time (5 days), the employer may proceed with its decision to rescind the conditional offer. If the applicant responds, the employer should carefully consider the information submitted and then make a decision. If the explanation is reasonable under the circumstances, then it may still be possible to go forward with the new hire (e.g., a case of mistaken identity). However, if the applicant's explanation is determined to be insufficient, then the employer should proceed to the next step.

Step 4: Notify Applicant of Adverse Action

The employer must provide the applicant with written notice of the adverse action and the name, address, and telephone number of the consumer reporting agency. The Adverse Action Notice form should be sent along with the federal summary of rights and any applicable state summary of rights. The notice includes a statutorily required statement that the consumer reporting agency did not make the decision and does not know why the decision was made should be included as well as a notice of the applicant's right to obtain the report and dispute the information.

Step 5: Maintain Documentation

For all adverse decisions, document each step taken. Keep copies of all consent and disclosure forms and other documentation sent to the applicant in the event the company has to defend its decision at some later point.

Record Retention

All documents related to the background check process must be retained for at least five years.

Equal Employment Laws

GitLab will adhere to all equal employment laws. When reviewing any criminal record information that appears on a background check, the company shall factor in any known factors relating to:

  1. The facts and circumstances surrounding the offense.
  2. The number of offenses for which the individual was convicted.
  3. The age of the individual at the time of conviction or release from prison.
  4. Evidence that the individual has performed the same type of work, post-conviction, with the same or a different employer, without incidents of criminal conduct.
  5. The length and consistency of employment history before and after the offense.
  6. Any efforts of the application towards rehabilitation.
  7. Employment or character references obtained regarding the individual’s fitness for the particular position.
  8. Whether the individual will be bonded for the position.

Financial Checks

Finance team members only will be required to participate in a federal check through Sterling, which searches for any tax-related or financial offenses.

Initiating a Background Check through Greenhouse

US Candidates Only

  1. Log in to Greenhouse and go to the candidate's profile.
  2. Click the "Private" tab.
  3. Click "Export to TalentWise".
  4. Click "Complete Report", which will redirect you to the Sterling website.
  5. Scroll down and click "Add Screening".
  6. Next to "Comprehensive Criminal" click on "Ticket". If you need to run a financial check as well for Finance team members, after you click "Ticket", click "Add Products" on the right and search for and include "Federal Criminal District Search".
  7. Check off that you agree to your obligations as a user.
  8. Under "Disclosure and Authorization Options", select the first option to have Sterling send the candidate a disclosure form.
  9. Click "Generate Ticket".

Initiating a Background Check through Sterling Talent Solutions

US Candidates Only

  1. Log in to Sterling and select "Quick Launch".
  2. Click "Launch Screening".
  3. Next to "Comprehensive Criminal" click on "Ticket". If you need to run a credit check as well, after you click "Ticket" click "Add Products" on the right and search for "Federal Criminal Check".
  4. Check off that you agree to your obligations as a user.
  5. Enter the candidate's name and personal email address.
  6. Select the first option to have Sterling send the candidate a disclosure form, and click "Generate Ticket".

Non-US Candidates Only

  1. Repeat the first step from the list above.
  2. Next to Additional Products click on Ticket. In the search box, search for the word International and select both Employment Verification (U.S. & International) and International Criminal Search, then click Add.
  3. Repeat the third step from the list above.

Job Abandonment

When a team member is absent from work for three consecutive workdays, there is no entry on the availability calendar for time off, and fails to contact his or her supervisor, they can be terminated for job abandonment unless otherwise required by law. If a manager is unable to reach an employee via email or slack within a 24 hour period they should contact their HR Business Partner. The HR Business partner will access the employees information to obtain additional contact methods and numbers. The manager and HR Business Partner will create an action plan to make all attempts to contact the employee.

Other People Policies