GitHub offers notable positives such as clear notice of material changes, confidentiality commitments for private repositories, privacy rights including deletion and portability, and a simple cancellation flow. However, these are balanced by broad content and AI training licenses, strong warranty/liability disclaimers, discretionary termination rights, and some tracking/advertising data sharing.
GitHub’s legal terms are relatively transparent and include some meaningful user protections, especially for private repositories, privacy rights requests, portability, and clear account cancellation. At the same time, the service claims broad rights to use uploaded content and AI inputs for service improvement, uses cookies and some advertising-related tracking on marketing pages, limits refunds and liability, and allows account suspension at its discretion.
Points of interest
You keep ownership, but GitHub and its affiliates get broad rights to store, copy, analyze, display, and use your content to provide, develop, and improve services. For public content, these rights are extensive and continue until removal, with forks potentially keeping content available.
"You grant GitHub and our Affiliates the right to store, host, archive, parse, display, and make copies of Your Content..."
GitHub may use your AI inputs and outputs to develop, train, and improve AI systems unless you opt out in account settings. The opt-out is limited and does not cover broader licenses for public repository content.
"You also grant GitHub and its Affiliates a license to collect and use your Inputs and Outputs to develop, train and improve..."
GitHub provides the service 'as is,' disclaims warranties, and broadly limits liability for damages, including data loss and service interruptions. In practice, this makes it much harder to recover losses if something goes wrong.
"GitHub provides the Website and the Service “as is” and “as available,” without warranty of any kind."
GitHub expressly treats private repository contents as confidential and says staff will only access them for limited purposes like security, support, integrity, legal compliance, or with your consent. This is a strong protection for private code compared with many platforms.
"GitHub considers the contents of private repositories to be confidential to you."
GitHub states users may access, correct, delete, object to processing, and port personal data where applicable. These rights can be exercised by contacting [email protected], which is useful for users in regulated regions and some U.S. states.
"The right to receive your collected Personal Data in a structured, commonly used, and machine-readable format"
GitHub uses cookies, web beacons, and similar tools for analytics and targeted advertising on enterprise marketing pages, and says it has 'shared' some personal information with ad networks and analytics providers under applicable law. This means some browsing data may be used for marketing profiling outside core product functions.
"we “shared” the following categories of personal information... to or with advertising networks, data analytics providers, and social networks"
Paid monthly or yearly plans are billed in advance and are generally non-refundable, with no partial-month or unused-time refunds. This can be costly if you downgrade or cancel soon after renewal.
"the Service is billed in advance on a monthly or yearly basis respectively and is non-refundable"
GitHub reserves the right to suspend or terminate access at any time, with or without cause or notice. That gives the company broad discretion over account access and continuity.
"GitHub has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause"
For AI feature inputs and outputs, GitHub gives individual users an account-level opt-out from model training and improvement use going forward. This is a meaningful control, though it does not apply to all other content licenses.
"unless (a) you opt out through your account settings"
The terms say account closure is available through settings with a 'simple, no questions asked cancellation link.' They also say most profile and repository content is deleted within 90 days, subject to legal and backup exceptions.
"The Account screen provides a simple, no questions asked cancellation link."
GitHub says it will give 30 days' notice of material changes to the terms and privacy statement. Advance notice gives users time to review updates and decide whether to keep using the service.
"We may modify this agreement, but we will give you 30 days' notice of material changes."
Other Dev services on AIgree
Compare GitHub with…
The 7 clauses that actually matter, the red flags to watch for, in 5 minutes.
Report a problem with this summary
Spot something wrong, missing, or misleading? Tell us — we review every report.
Spot something wrong, missing, or misleading? Tell us — we review every report.
Thanks — your report was submitted and will be reviewed.
Documents
Terms of Service
source ↗- •You must be at least 13, create your account as a human, provide a valid email, and keep login credentials secure.
- •You are responsible for all activity, content, and security issues that happen under your account, and you must report unauthorized access promptly.
- •You must follow applicable laws, GitHub Acceptable Use Policies, Community Guidelines, export controls, and sanctions rules.
- •You keep ownership of your content, but you grant GitHub broad rights to host, copy, display, analyze, and improve services and AI features.
- •Public repositories can be viewed and forked by others, and content you add to licensed repositories is generally licensed under those same terms.
- •GitHub treats private repository content as confidential and only accesses it for security, support, integrity, legal compliance, or with your consent.
- •API use is subject to extra rules, including rate limits, no token sharing, and no using GitHub data for spam or personal-data selling.
- •Paid plans are billed in advance and generally non-refundable; you authorize GitHub to charge approved payment methods and must pay taxes and fees.
- •You may cancel anytime, but GitHub may suspend or terminate accounts; after cancellation, most repository data is deleted within 90 days, subject to exceptions.
- •GitHub provides the service and AI outputs 'as is,' limits liability for damages, requires indemnification for your use, and applies California law and San Francisco courts.
Privacy Policy
source ↗- •GitHub collects account details, content you upload, support requests, usage data, device data, cookies, and information from third parties and linked services.
- •If your account is provided by a school or employer, that organization may control most personal data and set its own privacy rules.
- •GitHub uses personal data to provide and improve services, communicate with you, prevent fraud, secure the platform, comply with law, and deliver professional services.
- •GitHub may share data with affiliates, service providers, law enforcement, your organization, other users, public settings, and third-party apps you connect.
- •GitHub uses cookies, web beacons, and similar tools for essential functions, analytics, personalization, advertising on enterprise marketing pages, and email tracking.
- •You can manage non-essential cookies through settings, browser tools, consent banners, DNT or GPC signals, and some ad industry opt-out tools.
- •You may have rights to access, correct, delete, limit, object to, or port your personal data, and to withdraw consent where used.
- •To make a privacy request, contact [email protected]; GitHub may verify your identity and may keep some data for legal claims or obligations.
- •GitHub stores data in the United States and other countries, uses transfer safeguards like standard contractual clauses, and follows EU, UK, and Swiss Data Privacy Frameworks.
- •The services are not intended for children under 13, GitHub may update the statement with notice, and disputes about DPF complaints may go to arbitration or authorities.
