GitHub vs Bitbucket

You keep ownership, but GitHub and its affiliates get broad rights to store, copy, analyze, display, and use your content to provide, develop, and improve services. For public content, these rights are extensive and continue until removal, with forks potentially keeping content available.

GitHub may use your AI inputs and outputs to develop, train, and improve AI systems unless you opt out in account settings. The opt-out is limited and does not cover broader licenses for public repository content.

GitHub provides the service 'as is,' disclaims warranties, and broadly limits liability for damages, including data loss and service interruptions. In practice, this makes it much harder to recover losses if something goes wrong.

GitHub expressly treats private repository contents as confidential and says staff will only access them for limited purposes like security, support, integrity, legal compliance, or with your consent. This is a strong protection for private code compared with many platforms.

GitHub states users may access, correct, delete, object to processing, and port personal data where applicable. These rights can be exercised by contacting [email protected], which is useful for users in regulated regions and some U.S. states.

GitHub uses cookies, web beacons, and similar tools for analytics and targeted advertising on enterprise marketing pages, and says it has 'shared' some personal information with ad networks and analytics providers under applicable law. This means some browsing data may be used for marketing profiling outside core product functions.

Paid monthly or yearly plans are billed in advance and are generally non-refundable, with no partial-month or unused-time refunds. This can be costly if you downgrade or cancel soon after renewal.

GitHub reserves the right to suspend or terminate access at any time, with or without cause or notice. That gives the company broad discretion over account access and continuity.

For AI feature inputs and outputs, GitHub gives individual users an account-level opt-out from model training and improvement use going forward. This is a meaningful control, though it does not apply to all other content licenses.

Users can manage non-essential cookies through settings, consent tools, browser controls, and GitHub says it honors DNT and GPC by not setting non-essential cookies or sharing data when those signals are detected. That is stronger than many services’ tracking disclosures.

The terms say account closure is available through settings with a 'simple, no questions asked cancellation link.' They also say most profile and repository content is deleted within 90 days, subject to legal and backup exceptions.

GitHub says it will give 30 days' notice of material changes to the terms and privacy statement. Advance notice gives users time to review updates and decide whether to keep using the service.

Most claims are capped at fees paid in the prior 12 months, and indirect damages are waived. For many users, that means limited recovery if something goes wrong.

Subscriptions renew automatically unless one side gives notice before the term ends. That means users need to track renewal dates to avoid being charged for another term.

You cannot resell, sublicense, provide third-party access, reverse engineer, or build competing products with the service. These restrictions are typical for SaaS, but they sharply limit downstream or competitive use.

Atlassian can modify the agreement by posting updates online, sometimes during your current term if it says the change is needed for legal or product reasons. If you object, your main remedy is to terminate and get a refund for the unused portion.

Atlassian may remove customer data or suspend access if it believes data violates law, rights, or usage restrictions, or if your use threatens security or operations. Users get an opportunity to remedy the issue when practical, but the power is broad.

For the initial order, you can terminate within 30 days for any or no reason and get a refund of the amount paid for that product and associated support. This is a meaningful trial-like exit right for new customers.

The terms say the documentation explains how customers can retrieve their customer data from the cloud products. This is a helpful portability signal, even though the actual export process is pushed to the docs.

Atlassian says it maintains an information security program with physical, technical, and organizational protections plus third-party audits and certifications. That is a meaningful security commitment for a cloud development platform.

After the agreement ends, Atlassian says it will delete customer data in line with the documentation unless law requires otherwise. That gives users some reassurance that data is not kept indefinitely after account closure.

If your employer or another organization provides the account, that organization controls the account and your personal information in that context. For individual users, this means your access and privacy rights may run through the organization rather than Atlassian.