GitHub vs Bitbucket

You keep ownership, but GitHub and its affiliates get broad rights to store, copy, analyze, display, and use your content to provide, develop, and improve services. For public content, these rights are extensive and continue until removal, with forks potentially keeping content available.

GitHub may use your AI inputs and outputs to develop, train, and improve AI systems unless you opt out in account settings. The opt-out is limited and does not cover broader licenses for public repository content.

GitHub provides the service 'as is,' disclaims warranties, and broadly limits liability for damages, including data loss and service interruptions. In practice, this makes it much harder to recover losses if something goes wrong.

GitHub expressly treats private repository contents as confidential and says staff will only access them for limited purposes like security, support, integrity, legal compliance, or with your consent. This is a strong protection for private code compared with many platforms.

GitHub states users may access, correct, delete, object to processing, and port personal data where applicable. These rights can be exercised by contacting [email protected], which is useful for users in regulated regions and some U.S. states.

GitHub uses cookies, web beacons, and similar tools for analytics and targeted advertising on enterprise marketing pages, and says it has 'shared' some personal information with ad networks and analytics providers under applicable law. This means some browsing data may be used for marketing profiling outside core product functions.

Paid monthly or yearly plans are billed in advance and are generally non-refundable, with no partial-month or unused-time refunds. This can be costly if you downgrade or cancel soon after renewal.

GitHub reserves the right to suspend or terminate access at any time, with or without cause or notice. That gives the company broad discretion over account access and continuity.

For AI feature inputs and outputs, GitHub gives individual users an account-level opt-out from model training and improvement use going forward. This is a meaningful control, though it does not apply to all other content licenses.

Users can manage non-essential cookies through settings, consent tools, browser controls, and GitHub says it honors DNT and GPC by not setting non-essential cookies or sharing data when those signals are detected. That is stronger than many services’ tracking disclosures.

The terms say account closure is available through settings with a 'simple, no questions asked cancellation link.' They also say most profile and repository content is deleted within 90 days, subject to legal and backup exceptions.

GitHub says it will give 30 days' notice of material changes to the terms and privacy statement. Advance notice gives users time to review updates and decide whether to keep using the service.

Most claims are capped at the fees paid in the prior 12 months, and indirect damages like lost profits or lost data are waived. In practice, recovery may be limited even if the service causes significant business harm.

Disputes go to courts in Ireland or San Francisco depending on customer location, rather than mandatory arbitration. That preserves a more traditional path to sue, though venue may still be inconvenient.

The agreement says the customer owns its customer data and materials. That is an important protection against implied transfer of intellectual property rights in uploaded content.

The terms commit Atlassian to maintain an information security program with physical, technical, and organizational measures, plus independent audits and certifications. That is a meaningful transparency and security assurance.

Paid subscriptions renew automatically unless canceled before the term ends. Stored payment methods may also be charged for renewals and overages, so users need to monitor account settings and billing.

Atlassian can limit access to, remove customer data, or suspend users if it believes data may violate law, rights, or threaten security. It says it will give a chance to remedy issues when practicable, but the power is broad.

New customers can cancel within 30 days of the initial product order for any reason and request a full refund for that product and associated support. This softens the otherwise strict no-refund rule.

Atlassian states its documentation explains how customers can retrieve their data from cloud products. This is a useful portability and exit safeguard if you want to leave the service.

Atlassian may modify the agreement by posting updates online. For paid subscriptions, most changes apply at renewal, but some can take effect mid-term for legal compliance or product updates.

When Atlassian processes data on behalf of an employer or other customer, it disclaims responsibility for that customer’s privacy or security practices. If your organization misuses Bitbucket-related data, Atlassian points you back to the organization.

If your account is provided by your employer or organization, that organization controls the personal information and account management. Your privacy rights may need to be exercised through that organization instead of directly with Atlassian.

Atlassian says users have choices, including options to object to certain uses and to access or update certain information. The summary provided does not detail the full scope, but the policy does acknowledge these rights.