GitHub offers meaningful privacy controls, deletion and portability rights, private-repo confidentiality promises, and advance notice for material changes. But the service also takes broad rights to use content for service improvement and AI training, collects extensive data, limits liability heavily, and allows sharing with affiliates and advertising partners in some contexts.
GitHub Copilot is governed by GitHub’s general terms and privacy rules. The documents are relatively transparent and include user rights like access, deletion, portability, cookie controls, and notice before material policy changes. Key tradeoffs are broad licenses over content and AI inputs/outputs, AI training by default unless you opt out, strong warranty/liability disclaimers, and broad data collection and sharing for product improvement and some advertising contexts.
Points of interest
The service is provided as-is, with broad warranty disclaimers and major limits on GitHub’s liability for losses, downtime, or data issues. If Copilot or GitHub causes harm, your remedies may be very limited.
"GitHub provides the Website and the Service “as is” and “as available,” without warranty of any kind."
Copilot inputs and outputs can be used to develop and improve GitHub and affiliate AI models unless you opt out. This matters if you do not want prompts, code context, or generated outputs used for model improvement.
"You also grant GitHub and its Affiliates a license to collect and use your Inputs and Outputs to develop, train and improve... unless (a) you opt out"
Even though you keep ownership, GitHub gets broad rights to host, copy, analyze, display, and use your content to run and improve the service, including AI-related improvement. For public content, other users can also view and fork it under platform rules.
"You grant GitHub and our Affiliates the right to store, host, archive, parse, display, and make copies of Your Content... including by training AI Features"
GitHub expressly says private repository contents are confidential and limits staff access to listed situations like security, support, service integrity, or legal compliance. This is a meaningful protection for non-public code.
"GitHub considers the contents of private repositories to be confidential to you."
GitHub says eligible users can access, correct, delete, restrict, object to processing, withdraw consent, and receive portable copies of their data. These are strong, user-helpful privacy rights.
"The right to receive your collected Personal Data in a structured, commonly used, and machine-readable format"
GitHub warns Copilot output may be inaccurate, incomplete, vulnerable, or resemble third-party code, and puts review responsibility on you. Users cannot rely on output being safe or license-clean.
"We do not guarantee that Output is free of errors, vulnerabilities, or intellectual property claims."
GitHub collects account data, content, device and usage data, cookies, support data, geolocation, and information from third parties. That gives the company a broad picture of your activity across the service.
"Personal Data is collected from you directly, automatically from your device, and also from third parties."
Data may be shared with affiliates including Microsoft, service providers, partners, authorities, and in some cases advertising and analytics networks. The policy also says some personal information is "shared" for marketing and audience measurement under applicable law.
"As defined by applicable law, we “shared” the following categories of personal information... to or with advertising networks, data analytics providers, and social networks."
You can opt out of having Copilot inputs and outputs used for AI model development going forward. This is a practical privacy control, though it does not undo broader repository-content licenses elsewhere in the terms.
"If you opt out, GitHub will not collect or use your Inputs and Outputs for the purposes described in this paragraph from the effective date of your opt-out"
Account cancellation is described as a simple self-serve flow, and GitHub says it will generally delete your full profile and repository contents within 90 days, subject to backups and legal exceptions. You can also request a copy of account contents within 90 days.
"The Account screen provides a simple, no questions asked cancellation link."
GitHub promises advance notice for material changes to both the terms and privacy statement. That gives users some time to review updates before they take effect.
"We may modify this agreement, but we will give you 30 days' notice of material changes."
Other AI services on AIgree
Compare GitHub Copilot with…
The 7 clauses that actually matter, the red flags to watch for, in 5 minutes.
Report a problem with this summary
Spot something wrong, missing, or misleading? Tell us — we review every report.
Spot something wrong, missing, or misleading? Tell us — we review every report.
Thanks — your report was submitted and will be reviewed.
Documents
Terms of Service
source ↗- •You must be at least 13, provide a valid email, use a human-created account, and keep login credentials secure.
- •You are responsible for all activity under your account and must promptly report unauthorized access or password use.
- •You must follow all applicable laws and GitHub’s acceptable use, community, export control, and sanctions rules.
- •You own your content, but you grant GitHub rights to host, copy, display, analyze, and use it to run and improve the service.
- •Public content may be viewed and forked by others, and content added to licensed repositories is licensed under the same terms.
- •Private repository content is treated as confidential, but GitHub may access it for security, support, legal compliance, or service integrity.
- •AI features may use your inputs and outputs to provide and improve models unless you opt out, and outputs may be inaccurate or infringe third-party rights.
- •Paid plans are billed in advance, generally non-refundable, and you are responsible for taxes, fees, and valid payment information.
- •You may cancel anytime, but GitHub may suspend or terminate access at any time; some content may be deleted within 90 days after cancellation.
- •The service is provided “as is,” liability is limited, disputes require you to indemnify GitHub, and California law with San Francisco courts applies.
Privacy Policy
source ↗- •GitHub collects account details, content you provide, device and usage data, support data, cookies, and information from third parties.
- •If an employer or school provides your account, that organization usually controls most personal data and its own privacy policies apply.
- •GitHub uses personal data to run and secure services, communicate with you, personalize experiences, troubleshoot, improve products, and train AI and machine learning systems.
- •GitHub may share data with affiliates, service providers, law enforcement, business partners, marketplace apps, and, depending on settings, other users and the public.
- •Third-party extensions, links, integrations, and embedded content can collect data under their own privacy policies.
- •GitHub uses required cookies for sign-in and site functions, and non-essential cookies for analytics, advertising, and marketing on some pages.
- •You can manage or reject non-essential cookies through settings, browser controls, Do Not Track, Global Privacy Control, or browser extensions.
- •You may have rights to access, correct, delete, limit, object to, or port your data, and can withdraw consent where applicable.
- •GitHub stores data in multiple countries, uses contractual safeguards for international transfers, keeps data while needed for active accounts and legal purposes, and applies security controls.
- •The service is not for children under 13, and GitHub may update this statement with at least 30 days' notice for material changes.
