jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-22 11:26:57 -05:00
Code Issues Projects Releases Wiki Activity

copilot docset creation and github docset removal

Browse Source
This commit is contained in:
Jules Parker
2022-05-17 15:50:17 +02:00
parent 173c39ee4e
commit cba566d82a
22 changed files with 84 additions and 1785 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
content/copilot/configuring-github-copilot/index.md Normal file
View File

@@ -0,0 +1,10 @@
---
title: Configuring GitHub Copilot
shortTitle: Configure GitHub Copilot
intro: 'ADD INTRO.'
versions:
fpt: '*'
ghec: '*'
topics:
- Copilot
---

10
content/copilot/getting-started/index.md Normal file
View File

@@ -0,0 +1,10 @@
---
title: Getting started with GitHub Copilot
shortTitle: Get started with GitHub Copilot
intro: 'ADD INTRO.'
versions:
fpt: '*'
ghec: '*'
topics:
- Copilot
---

19
content/copilot/index.md Normal file
View File

@@ -0,0 +1,19 @@
---
title: GitHub Copilot
shortTitle: GitHub Copilot
intro: 'Learn how to setup and configure GitHub Copilot, to utilize AI pair programming and get autocomplete-style suggestions as you write code.'
redirect_from:
- /github/copilot
changelog:
label: copilot
layout: product-landing
versions:
fpt: '*'
ghec: '*'
children:
- /quickstart
- /overview-of-github-copilot
- /getting-started
- /configuring-github-copilot
---

2
content/github/copilot/about-github-copilot-telemetry.md → content/copilot/overview-of-github-copilot/about-github-copilot-telemetry.md
View File

@@ -4,7 +4,9 @@ intro: '{% data variables.product.prodname_copilot %} collects and relies on add
redirect_from:
- /early-access/github/copilot/about-github-copilot-telemetry
versions:
versions:
fpt: '*'
ghec: '*'
---
## What data is collected

10
content/copilot/overview-of-github-copilot/about-github-copilot.md Normal file
View File

@@ -0,0 +1,10 @@
---
title: About GitHub Copilot
intro: 'ADD INTRO.'
versions:
fpt: '*'
ghec: '*'
topics:
- Copilot
shortTitle: About GitHub Copilot
---

10
content/copilot/overview-of-github-copilot/github-copilot-in-practice.md Normal file
View File

@@ -0,0 +1,10 @@
---
title: GitHub Copilot in practice
intro: 'ADD INTRO.'
versions:
fpt: '*'
ghec: '*'
topics:
- Copilot
shortTitle: GitHub Copilot in practice
---

14
content/copilot/overview-of-github-copilot/index.md Normal file
View File

@@ -0,0 +1,14 @@
---
title: Overview of GitHub Copilot
shortTitle: Overview of GitHub Copilot
intro: 'ADD INTRO.'
versions:
fpt: '*'
ghec: '*'
topics:
- Copilot
children:
- /about-github-copilot-telemetry
- /about-github-copilot
- /github-copilot-in-practice
---

8
content/copilot/quickstart.md Normal file
View File

@@ -0,0 +1,8 @@
---
title: Quickstart for GitHub Copilot
intro: 'ADD INTRO.'
versions:
fpt: '*'
ghec: '*'
shortTitle: Quickstart
---

17
content/github/copilot/github-copilot-telemetry-terms.md
View File

@@ -1,17 +0,0 @@
---
title: GitHub Copilot Telemetry Terms
intro: 'Acceptance of the additional telemetry described below is a condition to joining the wait list for the technical preview of {% data variables.product.prodname_copilot %} and using {% data variables.product.prodname_copilot %} during the technical preview.'
redirect_from:
- /early-access/github/copilot/telemetry-terms
- /github/copilot/telemetry-terms
versions:
fpt: '*'
effectiveDate: '2021-10-04'
---
## Additional telemetry
If you use {% data variables.product.prodname_copilot %}, the {% data variables.product.prodname_copilot %} extension/plugin will collect usage information about events generated by interacting with the integrated development environment (IDE). These events include {% data variables.product.prodname_copilot %} performance, features used, and suggestions accepted, modified and accepted, or dismissed. This information may include personal data, including your User Personal Information, as defined in the [GitHub Privacy Statement](/github/site-policy/github-privacy-statement).
This usage information is used by {% data variables.product.company_short %}, and shared with Microsoft and OpenAI, to develop and improve the extension/plugin and related products. OpenAI also uses this usage information to perform other services related to {% data variables.product.prodname_copilot %}. For example, when you edit files with the {% data variables.product.prodname_copilot %} extension/plugin enabled, file content snippets, suggestions, and any modifications to suggestions will be shared with {% data variables.product.company_short %}, Microsoft, and OpenAI, and used for diagnostic purposes to improve suggestions and related products. {% data variables.product.prodname_copilot %} relies on file content for context, both in the file you are editing and potentially other files open in the same IDE instance. When you are using {% data variables.product.prodname_copilot %}, it may also collect the URLs of repositories or file paths for relevant files. {% data variables.product.prodname_copilot %} does not use these URLs, file paths, or snippets collected in your telemetry as suggestions for other users of {% data variables.product.prodname_copilot %}. This information is treated as confidential information and accessed on a need-to-know basis. You are prohibited from collecting telemetry data about other users of {% data variables.product.prodname_copilot %} from the {% data variables.product.prodname_copilot %} extension/plugin. For more details about {% data variables.product.prodname_copilot %} telemetry, please see "[About {% data variables.product.prodname_copilot %} telemetry](/github/copilot/about-github-copilot-telemetry)." You may revoke your consent to the telemetry and personal data processing operations described in this paragraph by contacting GitHub and requesting removal from the technical preview.

11
content/github/copilot/index.md
View File

@@ -1,11 +0,0 @@
---
title: GitHub Copilot
intro: 'You can use {% data variables.product.prodname_dotcom %} Copilot to assist with your programming in your editor'
versions:
fpt: '*'
children:
- /about-github-copilot-telemetry
- /github-copilot-telemetry-terms
- /research-recitation
---

141
content/github/copilot/research-recitation.md
View File

@@ -1,141 +0,0 @@
---
title: Research recitation
intro: 'A first look at rote learning in {% data variables.product.prodname_dotcom %} Copilot suggestions.'
redirect_from:
- /early-access/github/copilot/research-recitation
versions:
fpt: '*'
---
By: Albert Ziegler (@wunderalbert)
## {% data variables.product.prodname_dotcom %} Copilot: Parrot or Crow?
A first look at rote learning in {% data variables.product.prodname_dotcom %} Copilot suggestions.
## Introduction
{% data variables.product.prodname_dotcom %} Copilot is trained on billions of lines of public code. The suggestions it makes to you are adapted to your code, but the processing behind it is ultimately informed by code written by others.
How direct is the relationship between the suggested code and the code that informed it? In a recent thought-provoking paper<sup id="anchor1">[1](#footnote1)</sup>, Bender, Gebru et al. coined the phrase “stochastic parrots” for artificial intelligence systems like the ones that power {% data variables.product.prodname_dotcom %} Copilot. Or as a fellow machine learning engineer at {% data variables.product.company_short %}<sup id="anchor2">[2](#footnote2)</sup> remarked during a water cooler chat: these systems can feel like ”a toddler with a photographic memory.”
These are deliberate oversimplifications. Many {% data variables.product.prodname_dotcom %} Copilot suggestions feel pretty specifically tailored to the particular code base the user is working on. Often, it looks less like a parrot and more like a crow building novel tools out of small blocks<sup id="anchor3">[3](#footnote3)</sup>. But theres no denying that {% data variables.product.prodname_dotcom %} Copilot has an impressive memory:
![A movie demonstration of Copilot](/assets/images/help/copilot/resources_recitation_example_zen.gif)
Here, I intentionally directed<sup id="anchor4">[4](#footnote4)</sup> {% data variables.product.prodname_dotcom %} Copilot to recite a well known text it obviously knows by heart. I, too, know a couple of texts by heart. For example, I still remember some poems I learnt in school. Yet no matter the topic, not once have I been tempted to derail a conversation by falling into iambic tetrameter and waxing about daffodils.
So is that (or rather the coding equivalent of it) something {% data variables.product.prodname_dotcom %} Copilot is prone to doing? How many of its suggestions are unique, and how often does it just parrot some likely looking code it has seen during training?
## The Experiment
During {% data variables.product.prodname_dotcom %} Copilots early development, nearly 300 employees used it in their daily work as part of an internal trial. This trial provided a good dataset to test for recitation. I wanted to find out how often {% data variables.product.prodname_dotcom %} Copilot gave them a suggestion that was quoted from something it had seen before.
I limited the investigation to Python suggestions with a cutoff on May 7, 2021 (the day we started extracting that data). That left 453,780 suggestions spread out over 396 “user weeks”, i.e. calendar weeks during which a user actively used {% data variables.product.prodname_dotcom %} Copilot on Python code.
### Automatic Filtering
453,780 suggestions are a lot, but many of them can be dismissed immediately. To get to the interesting cases, consider sequences of “words” that occur in the suggestion in the same order as in the code {% data variables.product.prodname_dotcom %} Copilot has been trained on. In this context, punctuation, brackets, or other special characters all count as “words”, while tabs, spaces or even line breaks are ignored completely. After all, a quote is still a quote, whether its indented by 1 tab or 8 spaces.
For example, one of {% data variables.product.prodname_dotcom %} Copilots suggestions was the following regex for numbers separated by whitespace:
```
r'^\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+\s+\d+'
```
This would be exactly 100 “words” in the sense above, but its a particularly dense example: the average non-empty line of code has only 10 “words.” Ive restricted this investigation to cases where the overlap with the code {% data variables.product.prodname_dotcom %} Copilot was trained on contains at least 60 such “words”. We have to set the cut somewhere, and I think its rather rare that shorter sequences would be of great interest. In fact, most of the interesting cases identified later are well clear of that threshold of 60.
If the overlap extends to what the user has already written, that also counts for the length. After all, the user may have written that context with the help of {% data variables.product.prodname_dotcom %} Copilot as well!
In the following example, the user has started writing a very common snippet. {% data variables.product.prodname_dotcom %} Copilot completes it. Even though the completion itself is rather short, together with the already existing code it clears the threshold and is retained.
![Example code](/assets/images/help/copilot/example_last_straw.png)
This procedure is permissive enough to let many relatively “boring” examples through, like the two above. But its still effective at dialing in the human analysis to the interesting cases, sorting out over 99% of Copilot suggestions.
### Manual Bucketing
After filtering, there were 473 suggestions left. But they came in very different forms:
1. Some were basically just repeats of another case that passed filtering. For example, sometimes {% data variables.product.prodname_dotcom %} Copilot makes a suggestion, the developer types a comment line, and {% data variables.product.prodname_dotcom %} Copilot offers a very similar suggestion again. I removed these cases from the analysis as duplicates.
2. Some were long, repetitive sequences. Like the following example, where the repeated blocks of `<p>` are of course found somewhere in the training set: <br>![Example repetitions](/assets/images/help/copilot/example_repetitions.png)<br> Such suggestions can be helpful (test cases, regular expressions) or not helpful (like this case, I suspect). But in any case, they do not fit the idea of rote learning I had in mind when I started this investigation.
3. Some were standard inventories, like the natural numbers, or the prime numbers, or stock market tickers, or the Greek alphabet: <br>![Example of Greek alphabet](/assets/images/help/copilot/example_greek.png)
4. Some were common, straightforward ways, perhaps even universal ways, of doing things with very few natural degrees of freedom. For example, the middle part of the following strikes me as very much the standard way of using the BeautifulSoup package to parse a Wikipedia list. In fact, the best matching snippet found in {% data variables.product.prodname_dotcom %} Copilot's training data<sup id="anchor5">[5](#footnote5)</sup> uses such code to parse a different article and goes on to do different things with the results. <br>![Example of Beautiful Soup](/assets/images/help/copilot/example_beautiful_soup.png) <br>This doesnt fit my idea of a quote either. Its a bit like when someone says “Im taking out the trash; Ill be back soon” -- thats a matter of fact statement, not a quote, even though that particular phrase has been uttered many times before.
5. And then there are all other cases. Those with at least some specific overlap in either code or comments. These are what interests me most, and what Im going to concentrate on from now on.
This bucketing necessarily has some edge cases<sup id="anchor6">[6](#footnote6)</sup>, and your mileage may vary in how you think they should be classified. Maybe you even disagree with the whole set of buckets in the first place.
Thats why weve open sourced that dataset<sup id="anchor7">[7](#footnote7)</sup>. So if you feel a bit differently about the bucketing, or if youre interested in other aspects of GitHub Copilot parroting its training set, youre very welcome to just ignore my next section and draw your own conclusions.
## Results
![Overview Plot](/assets/images/help/copilot/plot_buckets.png)
For most of {% data variables.product.prodname_dotcom %} Copilot's suggestions, our automatic filter didnt find any significant overlap with the code used for training. But it did bring 473 cases to our attention. Removing the first bucket (cases that look very similar to other cases) left me with 185 suggestions. Of these, 144 got sorted out in buckets 2 - 4. This left 41 cases in the last bucket, the “recitations”, in the meaning of the term I have in mind.
That corresponds to **1 recitation event every 10 user weeks** (95% confidence interval: 7 - 13 weeks, using a Poisson test).
Of course, this was measured on the {% data variables.product.prodname_dotcom %} and Microsoft developers who tried out {% data variables.product.prodname_dotcom %} Copilot. If your coding behaviour is very different from theirs, your results might differ. In particular, some of these developers are only working part time on Python projects —— I could not distinguish that and so counted everyone who writes some Python in a given week as a user.
1 event in 10 weeks doesnt sound like a lot, but its not 0 either. And I found three things that struck me.
### {% data variables.product.prodname_dotcom %} Copilot quotes when it lacks specific context
If I want to learn the lyrics to a song, I have to listen to it many times. {% data variables.product.prodname_dotcom %} Copilot is no different: to learn a snippet of code by heart, it must see that snippet a lot. Each file is only shown to {% data variables.product.prodname_dotcom %} Copilot once, so the snippet needs to exist in many different files in public code.
Of the 41 main cases we singled out during manual labelling, none appear in less than 10 different files. Most (35 cases) appear over a hundred times. Once, {% data variables.product.prodname_dotcom %} Copilot suggested starting an empty file with something it had even seen more than a whopping 700,000 different times during training -- that was the GNU General Public License.
The following plot shows the number of matched files of the results in bucket 5 (one red mark on the bottom for each result) versus buckets 2-4. I left out bucket 1, which is really just a mix of duplicates of bucket 2-4 cases and duplicates of bucket 5 cases. The inferred distribution is displayed as a red line; it peaks between 100 and 1000 matches.
![Number of Matches Plot](/assets/images/help/copilot/plot_copies.png)
### {% data variables.product.prodname_dotcom %} Copilot mostly quotes in generic contexts
As time goes on, each file becomes unique. But {% data variables.product.prodname_dotcom %} Copilot doesnt wait for that<sup id="anchor8">[8](#footnote8)</sup>: it will offer its solutions while your file is still extremely generic. And in the absence of anything specific to go on, its much more likely to quote from somewhere else than it would be otherwise.
![Context Length Plot](/assets/images/help/copilot/plot_context.png)
Of course, software developers spend most of their time deep inside the files, where the context is unique enough that {% data variables.product.prodname_dotcom %} Copilot will offer unique suggestions. In contrast, the suggestions at the beginning are rather hit-and-miss, since {% data variables.product.prodname_dotcom %} Copilot cannot know what the program will be. But sometimes, especially in toy projects or standalone scripts, a modest amount of context can be enough to hazard a reasonable guess of what the user wanted to do. And sometimes it's still generic enough so that {% data variables.product.prodname_dotcom %} Copilot thinks one of the solutions it knows by heart looks promising:
![Example code](/assets/images/help/copilot/example_robot.png)
This is pretty much directly taken from coursework for a robotics class uploaded in different variations<sup id="anchor9">[9](#footnote9)</sup>.
### Detection is only as good as the tool that does the detecting
In its current form, the filter will turn up a good number of uninteresting cases when applied broadly. But it still should not be too much noise. For the internal users in the experiment, it would have been a bit more than one find per week on average (albeit likely in bursts!). Of these, about 17% (95% confidence interval using a binomial test: 14%-21%) would be in the fifth bucket.
And nothing is ever foolproof of course: so this too can be tricked. Some cases are rather hard to detect by the tool were building, but still have an obvious source. To return to the Zen of Python:
![Zen Variation](/assets/images/help/copilot/resources_recitation_example_zen_caw.gif)
## Conclusion and Next Steps
This investigation demonstrates that {% data variables.product.prodname_dotcom %} Copilot _can_ quote a body of code verbatim, but that it rarely does so, and when it does, it mostly quotes code that everybody quotes, and mostly at the beginning of a file, as if to break the ice.
But theres still one big difference between GitHub Copilot reciting code and me reciting a poem: I _know_ when Im quoting. I would also like to know when Copilot is echoing existing code rather than coming up with its own ideas. That way, Im able to look up background information about that code, and to include credit where credit is due.
The answer is obvious: sharing the prefiltering solution we used in this analysis to detect overlap with the training set. When a suggestion contains snippets copied from the training set, the UI should simply tell you where its quoted from. You can then either include proper attribution or decide against using that code altogether.
This duplication search is not yet integrated into the technical preview, but we plan to do so. And we will both continue to work on decreasing rates of recitation, and on making its detection more precise.
<br><br>
### Footnotes
<a name="footnote1">1</a>: [On the Dangers of Stochastic Parrots: Can Language Models Be Too Big?](https://dl.acm.org/doi/10.1145/3442188.3445922) [^](#anchor1)
<a name="footnote2">2</a>: [Tiferet Gazit](https://github.com/tiferet) [^](#anchor2)
<a name="footnote3">3</a>: see von Bayern et al. about the creative wisdom of crows: [Compound tool construction by New Caledonian crows](https://www.nature.com/articles/s41598-018-33458-z) [^](#anchor3)
<a name="footnote4">4</a>: see Carlini et al. about deliberately triggering the recall of training data: [Extracting Training Data from Large Language Models](https://arxiv.org/pdf/2012.07805.pdf) [^](#anchor4)
<a name="footnote5">5</a>: jaeteekae: [DelayedTwitter](https://github.com/jaeteekae/DelayedTwitter/blob/0a0b03de74c03cfbf36877ffded0cb1312d59642/get_top_twitter_accounts.py#L21) [^](#anchor5)
<a name="footnote6">6</a>: Probably not _too_ many though. Ive asked some developers to help me label the cases, and everyone was prompted to flag up any uncertainty with their judgement. That happened in only 34 cases, i.e. less than 10%. [^](#anchor6)
<a name="footnote7">7</a>: In the [public dataset](/assets/images/help/copilot/matched_snippets.csv), I list the part of Copilot's suggestion that was also found in the training set, how often it was found, and a link to an example where it occurs in public code. For privacy reasons, I don't include the not-matched part of the completion or the code context the user had typed (only an indication of its length). [^](#anchor7)
<a name="footnote8">8</a>: In fact, since this experiment has been made, {% data variables.product.prodname_dotcom %} Copilot _has_ changed to require a minimum file content. So some of the suggestions flagged here would not have been shown by the current version. [^](#anchor8)
<a name="footnote9">9</a>: For example jenevans33: [CS8803-1](https://github.com/jenevans33/CS8803-1/blob/eca1bbc27ca6f7355dbc806b2f95964b59381605/src/Final/ekfcode.py#L23) [^](#anchor9)

17
content/github/index.md
View File

@@ -1,17 +0,0 @@
---
title: GitHub
redirect_from:
- /articles
- /common-issues-and-questions
- /troubleshooting-common-issues
intro: 'Documentation, guides, and help topics for software developers, designers, and project managers. Covers using Git, pull requests, issues, wikis, gists, and everything you need to make the most of GitHub for development.'
versions:
fpt: '*'
ghec: '*'
ghes: '*'
ghae: '*'
children:
- /copilot
- /site-policy-deprecated
---

70
content/github/site-policy-deprecated/amendment-to-github-terms-of-service-applicable-to-us-federal-government-users.md
View File

@@ -1,70 +0,0 @@
---
title: Amendment to GitHub Terms of Service Applicable to U.S. Federal Government Users
hidden: true
redirect_from:
- /articles/amendment-to-github-terms-of-service-applicable-to-government-users
- /articles/proposed-amendment-to-github-terms-of-service-applicable-to-u-s-federal-government-users
- /articles/amendment-to-github-terms-of-service-applicable-to-u-s-federal-government-users
- /articles/amendment-to-github-terms-of-service-applicable-to-us-federal-government-users
- /github/site-policy/amendment-to-github-terms-of-service-applicable-to-us-federal-government-users
versions:
fpt: '*'
---
_These terms apply to Customers who licensed the Products prior to January 4, 2021. Customers who purchase GitHub Products after that date are directed to https://www.github.com/enterprise-legal for current terms._
{% tip %}
This Amendment to GitHub's [Terms of Service](/articles/github-terms-of-service) applies only to users that are using GitHub on behalf of the United States federal government. If you are not using GitHub on behalf of the U.S. federal government, the standard [GitHub Terms of Service](/articles/github-terms-of-service) apply to you.
{% endtip %}
This Amendment is an agreement between GitHub, Inc. ("GitHub" or "Company") and U.S. federal government users of the GitHub.com web site (the “Service”) and applies solely to any U.S. federal government agency and its users who use or access the Service on behalf of the U.S. federal government (the "Government").
You, as a United States government entity, are required, when entering into agreements with other parties, to follow applicable federal laws and regulations, including those related to ethics; privacy and security; accessibility; records retention; limitations on indemnification; fiscal law constraints; advertising and endorsements; freedom of information; and governing law and dispute resolution forum.
GitHub and You (together, the "Parties") agree that modifications to the [GitHub Terms of Service](/articles/github-terms-of-service) (the "ToS") are appropriate to accommodate Your legal status, Your public (in contrast to private) mission, and other special circumstances. Accordingly, the ToS are hereby modified by this Amendment as they pertain to the Government's use of the Company web site and services:
## A. Public purpose
1. *Government entity* - "You" within the ToS shall mean the Government itself and shall not bind, in their individual capacity, the individual(s) who utilize the Company site or services on the Government's behalf. Company will look solely to the Government to enforce any violation or breach of the ToS by such individuals, subject to federal law.
2. *Advertisements* - Company hereby agrees not to serve or display any third-party commercial advertisements or solicitations on any pages within the Company site displaying content created by or under the control of the Government. This exclusion shall not extend to house ads, which Company may serve on such pages in a non-intrusive manner. The foregoing obligations are contingent upon the email address designated on Your account details page ending in `.gov`, `.mil`, or `.fed.us`.
## B. Your content on GitHub
1. *Access and use* - Company acknowledges that the Government's use of the Service may energize significant citizen engagement. Language in the ToS allowing Company to terminate service, refuse or remove any Content, or close the Government's account, at any time, for any reason, is modified to reflect the Parties' agreement that Company may unilaterally modify or discontinue service, temporarily or permanently, refuse or remove any Content, and/or terminate the Government's account only for breach of the Governments obligations under the ToS or its material failure to comply with the instructions and guidelines posted on the Service, or if Company ceases to operate the Service generally. Company will provide the Government with a reasonable opportunity to cure any breach or failure on the Government's part.
2. *No endorsement* - Company agrees that Your seals, trademarks, logos, service marks, trade names, and the fact that You have a presence on the Company site and use its services, shall not be used by Company in such a manner as to state or imply that Company's products or services are endorsed, sponsored or recommended by You or by any other element of the federal government, or are considered by these entities to be superior to any other products or services. Except for pages whose design and content is under the control of the Government, or for links to or promotion of such pages, Company agrees not to display any government seals or logos on the Company's homepage or elsewhere on the Company Site, unless permission to do so has been granted by the Government or by other relevant federal government authority. Company may list the Government's name in a publicly available customer list so long as the name is not displayed in a more prominent fashion than that of any other third-party name.
3. *Provision of data* - In case of termination of service, within 30 days of such termination, upon request, Company will provide you with all user-generated content that is publicly visible through the Sites You created at Company. Data will be provided in a commonly used file or database format as Company deems appropriate. Company will not provide data if doing so would violate its privacy policy, available at [https://docs.github.com/privacy](/privacy).
## C. Unpaid and paid plans
1. *No cost agreement* - Nothing in this Amendment or ToS obligates You to expend appropriations or incur financial obligations. The Parties acknowledge and agree that none of the obligations arising from this Amendment or ToS are contingent upon the payment of fees by one party to the other. At the Companys discretion, GitHub may offer a free account under a free usage plan, such as a Free for Open Source Plan, and in that case this Amendment will apply to the Governments usage under the free account/plan. This Amendment also applies when the Government uses one of GitHubs paid usage plans.
2. *Government responsibilities under paid usage plans* - You acknowledge that while Company will provide You with service under a free plan, Company reserves the right to begin charging for that service at some point in the future. Company will provide You with at least 30 days advance notice of a change involving the charging of fees for a free service. You also understand that Company offers paid plans for a fee. The Parties understand that fee-based services are categorically different than free products, and are subject to federal procurement rules and processes. Before the Government decides to enter into a business or enterprise subscription, or any other fee-based service that this Company or alternative providers may offer now or in the future, You agree: to determine the Government has a need for those additional services for a fee; to consider the subscription's value in comparison with comparable services available elsewhere; to determine that Government funds are available for payment; to properly use the Government Purchase Card if that Card is used as the payment method; to review any then-applicable ToS for conformance to federal procurement law; and in all other respects to follow applicable federal acquisition laws, regulations and agency guidelines (including those related to payments) when initiating that separate action.
3. *No business relationship created* - The Parties are independent entities and nothing in this Amendment or ToS creates an agency, partnership, joint venture, or employer/employee relationship.
## D. Federal Regulations
1. *Security* - Company will, in good faith, exercise due diligence using generally accepted commercial business practices for IT security, to ensure that systems are operated and maintained in a secure manner, and that management, operational and technical controls will be employed to ensure security of systems and data. Recognizing the changing nature of the Web, Company will continuously work with users to ensure that its products and services are operated and maintained in a secure manner. Company agrees to discuss implementing additional security controls as deemed necessary by the Government to conform to the Federal Information Security Management Act (FISMA), 44 U.S.C. 3541 et seq.
2. *Federal Records* - Government acknowledges that use of Company's site and services may require management of Federal records. Government and user-generated content may meet the definition of Federal records as determined by the agency. If the Company holds Federal records, the Government and the Company must manage Federal records in accordance with all applicable records management laws and regulations, including but not limited to the Federal Records Act (44 U.S.C. chs. 21, 29, 31, 33), and regulations of the National Archives and Records Administration (NARA) at 36 CFR Chapter XII Subchapter B). Managing the records includes, but is not limited to, secure storage, retrievability, and proper disposition of all Federal records including transfer of permanently valuable records to NARA in a format and manner acceptable to NARA at the time of transfer. The Government is responsible for ensuring that the Company is compliant with applicable records management laws and regulations through the life and termination of the Agreement.
## E. General Conditions
1. *Indemnification* - Any provisions in the ToS related to indemnification, damages, attorneys fees, and settlement are hereby waived. Liability of the Government for any breach of the ToS or this Agreement, or any claim, demand, suit or proceeding arising from the ToS or this Agreement, shall be determined under the Federal Tort Claims Act, or other governing authority. Liability of Company for any breach of the ToS or this Agreement, or any claim, demand, suit or proceeding arising from the ToS or this Agreement, shall be determined by applicable federal or state law.
2. *Limitation of liability* - The Parties agree that nothing in the Limitation of Liability clause or elsewhere in the ToS in any way grants Company a waiver from, release of, or limitation of liability pertaining to, any past, current or future violation of federal law.
3. *Governing law and Forum* - The dispute resolution provision in the ToS is hereby deleted. The ToS and this Amendment shall be governed, interpreted and enforced in accordance with applicable federal laws of the United States of America and exclusive jurisdiction shall be in the appropriate U.S. federal courts. To the extent permitted by federal law, the laws of the State of California will apply in the absence of federal law.
4. *Assignment* - Neither party may assign its obligations under this Amendment or ToS to any third-party without prior written consent of the other; however, GitHub may, without the Government's consent, assign its obligations to an Government using the service under a free usage plan under this Amendment or ToS to an affiliate or to a successor or acquirer, as the case may be, in connection with a merger, acquisition, corporate reorganization or consolidation, or the sale of all or substantially all of GitHub's assets.
## F. Changes to this agreement
1. *Precedence; Further Amendment; Termination* - This Amendment constitutes an amendment to the ToS; language in the ToS indicating it may not be modified or that it alone is the entire agreement between the Parties is waived. If there is any conflict between this Amendment and the ToS, or between this Amendment and other rules or policies on the Company site or services, this Amendment shall prevail. This Amendment may be further amended only upon written agreement executed by both Parties. The Government may close its account and terminate this agreement at any time. Company may close Government's account and terminate this agreement on 30 days written notice, but the Government shall not be entitled to a refund of any fees paid.
2. *Posting and availability of this Amendment* - The parties agree this Amendment contains no confidential or proprietary information, and either party may release it to the public at large.

406
content/github/site-policy-deprecated/github-ae-data-protection-agreement.md
View File

@@ -1,406 +0,0 @@
---
title: GitHub AE Data Protection Agreement
hidden: true
versions:
fpt: '*'
redirect_from:
- /github/site-policy/ghem-data-protection-addendum
- /github/site-policy/github-ae-data-protection-agreement
---
_These terms apply to Customers who licensed the Products prior to January 4, 2021. Customers who purchase GitHub Products after that date are directed to https://www.github.com/enterprise-legal for current terms._
## INTRODUCTION
The parties agree that the GitHub AE Data Protection Agreement and Security Exhibit (together, the “**Data Protection Agreement**” or “**DPA**”) set forth obligations with respect to the processing and security of Customer Personal Data in connection with GitHub AE (the “**Online Service**”). GitHub makes the commitments in this DPA to all customers using the Online Service.
In the event of any conflict or inconsistency between the DPA and any other terms in Customers agreements with GitHub (“Agreement”), the DPA shall prevail. For clarity, consistent with Clause 10 of the Standard Contractual Clauses in Attachment 1, the Standard Contractual Clauses prevail over any other terms in the DPA.
## GITHUB DATA PROTECTION AGREEMENT
### 1. Definitions.
1.1 “**Applicable Data Protection Laws**” means certain laws, regulations, regulatory frameworks, or other legislations relating to the processing and use of Customer Personal Data, as applicable to Customers use of the Online Services, including:
a. The EU General Data Protection Regulation 2016/679 (“**GDPR**”), along with any implementing or corresponding equivalent national laws or regulations; and
b. The California Consumer Privacy Act of 2018, Cal. Civ. Code §§1798.100 et seq. ("**CCPA**").
1.2 “**Controller**,” “**Data Subject**,” “**Member State**,” “**Personal Data**,” “**Personal Data Breach**,” “**Processing**,” “**Processor**,” and “**Supervisory Authority**” have the meanings given to them in the Applicable Data Protection Laws. In the event of a conflict, the meanings given in the GDPR will supersede.
1.3 “**Customer Personal Data**” means any Personal Data for which Customer is a Controller, whether supplied by Customer for processing by GitHub or generated by GitHub in the course of performing its obligations under the Agreement. It includes data such as billing information, IP addresses, corporate email addresses, and any other Personal Data for which Customer is a Controller.
1.4 “**Customer Repository Data**” means any data or information that is uploaded or created by Customer into any of its Private Repositories.
1.5 “**Data Breach**” means a Personal Data Breach or any other confirmed or reasonably suspected breach of Customers Protected Data.
1.6 “**GitHub Legitimate Business Operations**” consist of the following, each as incident to delivery of the Service to Customer: (1) internal reporting and business modeling; (2) combating fraud, cybercrime, or cyber-attacks that may affect GitHub; (3) improving the core functionality of accessibility or privacy; and (4) financial reporting and compliance with legal obligations.
1.7 “**End User**” means the Customers End Users such as employees, contractors, or collaborators.
1.8 “**Permitted Purposes**” for data processing are those limited and specific purposes of providing the Online Service as set forth in the Agreement and this DPA, or the purposes for which a Data Subject has authorized the use of Customer Personal Data.
1.9 “**Protected Data**” includes any Customer Personal Data and any Customer Repository Data processed by GitHub on behalf of Customer under the Agreement.
1.10 “**Sensitive Data**” means any Personal Data revealing racial or ethnic origin; political opinions, religious or philosophical beliefs or trade union membership; processing of genetic data or biometric data for the purposes of uniquely identifying a natural person; data concerning health, a natural persons sex life or sexual orientation; and data relating to offences, criminal convictions, or security measures.
## 2. Status and Compliance.
#### 2.1 Data Processing.
GitHub acts as a Processor in regard to any Customer Personal Data it receives in connection with the Agreement, except where Customers acts as a Processor (in which case GitHub is a subprocessor). GitHub will process Customer Personal Data only for Permitted Purposes in accordance with Customers instructions as represented by the Agreement and other written communications. In the event that GitHub is unable to comply with Customers instructions, such as due to conflicts with the Applicable Data Protection Laws, or where processing is required by the Applicable Data Protection Laws or other legal requirements, GitHub will notify Customer to the extent permissible. GitHub processes all Customer Personal Data in the United States or in the European Union; however, GitHubs subprocessors may process data outside of the United States or the European Union. Additionally, GitHub acts as a Processor for any Customer Repository Data.
#### 2.2 Data Controllers.
Customer is a Controller only for the Customer Personal Data it transfers directly to GitHub or through the use of the Online Service except: (a) when Customer acts as a Processor of Customer Personal Data (in which case GitHub is a subprocessor); or (b) to the extent GitHub uses or otherwise processes Customer Personal Data for GitHubs Legitimate Business Operations. In which case, GitHub will comply with the obligation of an independent data controller under GDPR for such use.
#### 2.3 GitHub Compliance; Data Transfers.
GitHub will comply with Applicable Data Protection Laws in relation to the processing of Personal Data.
All transfers of Customer Personal Data out of the European Union, European Economic Area, United Kingdom, and Switzerland to provide the Online Service shall be governed by the Standard Contractual Clauses in Attachment 1 (Standard Contractual Clauses).
GitHub will abide by the requirements of European Economic Area and Swiss data protection law regarding the collection, use, transfer, retention, and other processing of Personal Data from the European Economic Area, United Kingdom, and Switzerland. All transfers of Personal Data to a third country or an international organization will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR.
In addition, GitHub is certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and the commitments they entail, although GitHub does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of Personal Data in light of the judgment of the Court of Justice of the EU in Case C-311/18. GitHub agrees to notify Customer if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield principles.
#### 2.4 Data Subject Rights; Assistance with Requests.
GitHub will make available to Customer, in a manner consistent with the functionality of the Online Service and GitHubs role as a processor of Customer Personal Data, the ability to fulfill data subject requests to exercise their rights under the Applicable Data Protection Laws, such as GDPR and CCPA. If GitHub receives a request from Customers data subject to exercise one or more of its rights in connection with the Online Service for which GitHub is a data processor or subprocessor, GitHub will redirect the data subject to make its request directly to Customer. Customer will be responsible for responding to any such request including, where necessary, by using the functionality or documentation provided by the Online Service. GitHub shall comply with reasonable requests by Customer to assist with Customers response to such a data subject request.
### 3. Data Protection.
#### 3.1 Purpose Limitation.
GitHub will process and communicate the Protected Data only for Permitted Purposes, unless the Parties agree in writing to an expanded purpose.
#### 3.2 Data Quality and Proportionality.
GitHub will keep the Customer Personal Data accurate and up to date, or enable Customer to do so. GitHub will take commercially reasonable steps to ensure that any Protected Data it collects on Customers behalf is adequate, relevant, and not excessive in relation to the purposes for which it is transferred and processed. In no event will GitHub intentionally collect Sensitive Data on Customers behalf. Customer agrees that the Online Service are not intended for the storage of Sensitive Data; if Customer chooses to upload Sensitive Data to the Online Service, Customer must comply with Article 9 of the GDPR, or equivalent provisions in the Applicable Data Protection Laws.
#### 3.3 Data Retention and Deletion.
Upon Customers reasonable request, unless prohibited by law, GitHub will return, destroy, or deidentify all Customer Personal Data and related data at all locations where it is stored after it is no longer needed for the Permitted Purposes within thirty days of request. GitHub may retain Customer Personal Data and related data to the extent required by the Applicable Data Protection Laws, and only to the extent and for such period as required by the Applicable Data Protection Laws, provided that GitHub will ensure that Customer Personal Data is processed only as necessary for the purpose specified in the Applicable Data Protection Laws and no other purpose, and Customer Personal Data remains protected by the Applicable Data Protection Laws.
#### 3.4 Data Processing.
GitHub provides the following information, required by Article 28(3) of the GDPR, regarding its processing of Customers Protected Data:
a. *The subject matter and duration of the processing* of Customer Personal Data are set out in the Agreement and the DPA.
b. *The nature and purpose of the processing* of Customer Personal Data is described in Section 3.1 of the DPA.
c. *The types of Customer Personal Data to be processed* are described in the Agreement, and include Customer Personal Data; or any type of Personal Data that Customer elects to include in Customer Personal Data. Customer may choose to supply GitHub with additional Customer Personal Data, such as in Customers profile settings or by uploading Customer Personal Data to its GitHub repositories.
d. *The categories of Data Subject to whom the Customer Personal Data relates* are the Customer itself and its End Users.
e. *The obligations and rights of Customer* are set out in the Agreement and the DPA.
### 4. Security and Audit Obligations.
#### 4.1 Technical and Organizational Security Measures.
Taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, GitHub will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks, such as against accidental or unlawful destruction, or loss, alteration, unauthorized disclosure or access, presented by processing the Protected Data. GitHub will regularly monitor compliance with these measures and will continue to take appropriate safeguards throughout the duration of the Agreement. Please see Section 1.1 of the Security Exhibit (below) regarding GitHubs responsibilities in relation to security safeguards.
#### 4.2 Incident Response and Breach Notification.
GitHub will comply with the Information Security obligations in the Security Exhibit and the Applicable Data Protection Laws, including Data Breach notification obligations. Please see Section 1.2 of the Security Exhibit regarding GitHubs responsibilities in relation to Data Breach response and notification.
#### 4.3 GitHub Personnel.
GitHub represents and warrants that it will take reasonable steps to ensure that all GitHub personnel processing Protected Data have agreed to keep the Protected Data confidential and have received adequate training on compliance with the DPA and the Applicable Data Protection Laws.
#### 4.4 Records.
GitHub will maintain complete, accurate, and up to date written records of all categories of processing activities carried out on behalf of Customer containing the information required under the Applicable Data Protection Laws. To the extent that assistance does not risk the security of GitHub or the privacy rights of individual Data Subjects, GitHub will make these records available to Customer on request as reasonably required, such as to help Customer demonstrate its compliance under the Applicable Data Protection Laws. To learn more about GitHubs requirements to provide assistance in the event of a security incident, please see Section 1.2 of the Security Exhibit.
#### 4.5 Compliance Reporting.
GitHub will provide security compliance reporting in accordance with Section 2.3 of the Security Exhibit. Customer agrees that any information and audit rights granted by the Applicable Data Protection Laws (including, where applicable, Article 28(3)(h) of the GDPR) will be satisfied by these compliance reports, and will only arise to the extent that GitHubs provision of a compliance report does not provide sufficient information, or to the extent that Customer must respond to a regulatory or Supervisory Authority audit. Section 3.1 of the Security Exhibit describes the Parties responsibilities in relation to a regulatory or Supervisory Authority audit.
#### 4.6 Assistance.
GitHub will provide reasonable assistance to Customer with concerns such as data privacy impact assessments, Data Subject rights requests, consultations with Supervisory Authorities, and other similar matters, in each case solely in relation to the processing of Customers Personal Data and taking into account the nature of processing.
### 5. Use and Disclosure of Protected Data.
No Use in Marketing and CCPA. GitHub will not use the Protected Data for the purposes of advertising third-party content. If GitHub is processing Customer Personal Data within the scope of the CCPA, GitHub will not retain, use, or disclose that data for any purpose other than for the purposes set out in the DPA and as permitted under the CCPA, including under any “sale” exemption. In no event will GitHub sell any such data.
### 6. Subprocessing and Onward Transfer.
#### 6.1 Protection of Data.
GitHub is liable for onward transfers of Protected Data to its subprocessors, such as its third-party payment processor. In the event that GitHub does transfer the Protected Data to a third-party subprocessor, or GitHub installs, uses, or enables a third party or third-party services to process the Protected Data on GitHubs behalf, GitHub will ensure that the third-party subprocessor is bound by written agreement that requires them to provide at least the same level of confidentiality, security, and privacy protection as is required of GitHub by this DPA and the Applicable Data Protection Laws.
#### 6.2 Acceptance of GitHub Subprocessors.
Customer authorizes GitHub and its subprocesors to appoint and use subprocessors in accordance with this Section 6 and the Agreement.
#### 6.3 General Consent for Onward Subprocessing.
Customer provides a general consent for GitHub to engage onward subprocessors, conditional on GitHubs compliance with the following requirements:
a. Any onward subprocessor must agree in writing to only process data in a country that the European Commission has declared to have an “adequate” level of protection; or to only process data on terms equivalent to the Standard Contractual Clauses, or pursuant to a Binding Corporate Rules approval granted by competent European data protection authorities, or pursuant to compliant and valid EU-US Privacy Shield and Swiss-U.S. Privacy Shield certifications; and
b. GitHub will restrict the onward subprocessors access to Customer Personal Data only to what is strictly necessary to perform its services, and GitHub will prohibit the subprocessor from processing the Customer Personal Data for any other purpose.
#### 6.4 Disclosure of Subprocessor Agreements.
GitHub maintains a list of onward subprocessors it has engaged to process Customer Personal Data on its website, including the categories of Customer Personal Data processed, a description of the type of processing the subprocessor performs, and the location of its processing. GitHub will, upon Customers written request, provide Customer with this list of subprocessors and the terms under which they process the Customer Personal Data. Pursuant to subprocessor confidentiality restrictions, GitHub may remove any confidential or commercially sensitive information before providing the list and the terms to Customer. In the event that GitHub cannot disclose confidential or sensitive information to Customer, the Parties agree that GitHub will provide all information it reasonably can in connection with its subprocessing agreements.
#### 6.5 Objection to Subprocessors.
GitHub will provide thirty days prior written notice of the addition or removal of any subprocessor, including the categories listed in Section 6.4, by announcing changes on its website. If Customer has a reasonable objection to GitHubs engagement of a new subprocessor, Customer must notify GitHub promptly in writing. Where possible, GitHub will use commercially reasonable efforts to provide an alternative solution to the Online Services to avoid processing of data by the objectionable subprocessor. In the event that GitHub is unable to provide an alternative solution and the Parties cannot resolve the conflict within ninety days, Customer may terminate the Agreement.
### 7. Termination.
#### 7.1 Suspension.
In the event that GitHub is in breach of its obligations to maintain an adequate level of security or privacy protection, Customer may temporarily suspend the transfer of all Customer Personal Data or prohibit collection and processing of Customer Personal Data on Customers behalf until the breach is repaired or the Agreement is terminated.
#### 7.2 Termination with Cause.
In addition to any termination rights Customer has under the Agreement, Customer may terminate the Agreement without prejudice to any other claims at law or in equity in the event that:
a. GitHub notifies Customer that it can no longer meet its privacy obligations;
b. the transfer, collection, or processing of all Customer Personal Data has been temporarily suspended for longer than one month pursuant to Section 7.1;
c. GitHub is in substantial or persistent breach of any warranties or representations under the DPA;
d. GitHub is no longer carrying on business, is dissolved, enters receivership, or a winding up order is made on behalf of GitHub; or
e. Customer objects to a subprocessor pursuant to Section 6.5, and GitHub has not been able to provide an alternative solution within ninety days.
#### 7.3 Breach.
Failure to comply with the material provisions of the DPA is considered a material breach under the Agreement.
#### 7.4 Failure to perform.
In the event that changes in law or regulation render performance of the DPA impossible or commercially unreasonable, the Parties may renegotiate the DPA in good faith. If renegotiation would not cure the impossibility, or if the Parties cannot reach an agreement, the Parties may terminate the Agreement after thirty days.
#### 7.5 Notification.
In the event that GitHub determines that it can no longer meet its privacy obligations under the DPA, GitHub will notify Customer in writing immediately.
#### 7.6 Modifications.
GitHub may modify the DPA from time to time as required by the Applicable Data Protection Laws, with thirty days notice to Customer.
#### 7.7 Termination Requirements.
Upon Termination, GitHub must:
a. take reasonable and appropriate steps to stop processing the Customer Personal Data;
b. within ninety days of termination, delete or deidentify any Customer Personal Data GitHub stores on Customers behalf pursuant to Section 3.3; and
c. provide Customer with reasonable assurance that GitHub has complied with its obligations in Section 7.7.
### 8. Liability for Data Processing.
#### 8.1 Limitations.
Except as limited by the Applicable Data Protection Laws, any claims brought under the DPA will be subject to the terms of the Agreement regarding Limitations of Liability.
## Attachment 1 The Standard Contractual Clauses (Processors)
Execution of the Agreement by Customer includes execution of this Attachment 1 to the GitHub Data Protection Addendum, which is countersigned by GitHub, Inc.
In countries where regulatory approval is required for use of the Standard Contractual Clauses, the Standard Contractual Clauses cannot be relied upon under European Commission 2010/87/EU (of February 2010) to legitimize export of data from the country, unless Customer has the required regulatory approval.
For the purposes of Article 46 (2) of the General Data Protection Regulation (EU 2016/679) for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, Customer (as data exporter) and GitHub (as data importer, whose signature appears below), each a “party,” together “the parties”, have agreed on the following Contractual Clauses (the “Clauses” or “Standard Contractual Clauses”) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
#### Clause 1: Definitions
(a) 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in the General Data Protection Regulation (EU 2016/679) on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
(b) 'the data exporter' means the controller who transfers the personal data;
(c) 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 45(2) of the General Data Protection Regulation (EU 2016/679);
(d) 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) 'technical and organizational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
#### Clause 2: Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 below which forms an integral part of the Clauses.
#### Clause 3: Third-party beneficiary clause
1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
#### Clause 4: Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 2 below;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of the General Data Protection Regulation (EU 2016/679);
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
#### Clause 5: Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organizational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorized access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11; and
(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
#### Clause 6: Liability
1. The parties agree that any data subject who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
#### Clause 7: Mediation and jurisdiction
1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
#### Clause 8: Cooperation with supervisory authorities
1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
#### Clause 9: Governing Law.
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
#### Clause 10: Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
#### Clause 11: Subprocessing
1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
#### Clause 12: Obligation after the termination of personal data processing services
1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
### Appendix 1 to the Standard Contractual Clauses
Data exporter: Customer is the data exporter.
**Data importer:** The data importer is GitHub, Inc., a global producer of software and services.
**Data subjects:** Data subjects include the data exporters representatives and end-users including employees, contractors, collaborators, and customers of the data exporter. Data subjects may also include individuals attempting to communicate or transfer personal information to users of the services provided by data importer. GitHub acknowledges that, depending on Customers use of the Online Service, Customer may elect to include personal data from any of the following types of data subjects in the Customer Personal Data:
- Employees, contractors and temporary workers (current, former, prospective) of data exporter;
- Dependents of the above;
- Data exporter's collaborators/contact persons (natural persons) or employees, contractors or temporary workers of legal entity collaborators/contact persons (current, prospective, former);
- Users (e.g., customers, clients, patients, visitors, etc.) and other data subjects that are users of data exporter's services;
- Partners, stakeholders or individuals who actively collaborate, communicate or otherwise interact with employees of the data exporter and/or use communication tools such as apps and websites provided by the data exporter;
- Stakeholders or individuals who passively interact with data exporter (e.g., because they are the subject of an investigation, research or mentioned in documents or correspondence from or to the data exporter); or
- Professionals with professional privilege (e.g., doctors, lawyers, notaries, religious workers, etc.).
**Categories of data:** The personal data transferred that is included in e-mail, documents and other data in an electronic form in the context of the Online Service. GitHub acknowledges that, depending on Customers use of the Online Service, Customer may elect to include personal data from any of the following categories in the Customer Personal Data:
- Authentication data (for example, username, email, password);
- Contact information (for example, email);
- Unique identification numbers and signatures (IP addresses, unique identifier in tracking cookies or similar technology).
- Other unique identifying information. Data subjects may include more data such as real names, avatar images, and other personal information;
**Special categories of data (if appropriate):** The data importer does not intentionally collect or process any special categories of data in carrying out its services to the data exporter.
However, because the data importer provides storage services and does not control the categories of data it stores, the data exporter may choose to transfer special categories of data. Consequently, the data exporter is solely responsible for ensuring that it complies with all obligations imposed by applicable laws and regulations relating to the collection and processing of any special categories of data, including obtaining the explicit consent of the data subject prior to processing sensitive personal data.
**Processing operations:** The personal data transferred will be subject to the following basic processing activities:
GitHub uses personal data for the limited purposes set forth in the GitHub Privacy Statement, available at https://docs.github.com/articles/github-privacy-statement/, and the “Data Processing” section of the DPA.
**Subcontractors:** In accordance with the DPA, the data importer may hire other companies to provide limited services on data importers behalf, such as providing customer support. Any such subcontractors will be permitted to obtain Customer Personal Data only to deliver the services the data importer has retained them to provide, and they are prohibited from using Customer Personal Data for any other purpose.
### Appendix 2 to the Standard Contractual Clauses
Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c):
**1. Personnel.** Data importers personnel will not process Customer Personal Data without authorization. Personnel are obligated to maintain the confidentiality of any Customer Personal Data and this obligation continues even after their engagement ends.
**2. Data Privacy Contact.** The data privacy officer of the data importer can be reached at the following address:
GitHub, Inc.
Attn: Privacy
88 Colin P. Kelly Jr. Street
San Francisco, CA 94107 USA
**3. Technical and Organization Measures.** The data importer has implemented and will maintain appropriate technical and organizational measures, internal controls, and information security routines intended to protect Customer Personal Data, as defined in the GitHub Security Exhibit, against accidental loss, destruction, or alteration; unauthorized disclosure or access; or unlawful destruction as follows: The technical and organizational measures, internal controls, and information security routines set forth in the GitHub Security Exhibit are hereby incorporated into this Appendix 2 by this reference and are binding on the data importer as if they were set forth in this Appendix 2 in their entirety.
Signature of GitHub, Inc. appears below.
Signing the Standard Contractual Clauses, Appendix 1 and Appendix 2 on behalf of the data importer
![Lynn Hashimoto](/assets/images/lynn_hashimoto.png)
Lynn Hashimoto, Head of Product & Regulatory Legal
GitHub, Inc.
## SECURITY EXHIBIT
### 1. Information Security Program.
#### 1.1 Security Management.
GitHub will implement and maintain appropriate technical and organizational measures to protect Customer Content and Protected Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed (“**Security Program**”). Those measures shall be set forth in a GitHub Security Policy. GitHub will provide written descriptions of the security controls and other information reasonably requested by Customer regarding GitHubs security practices and policies for the Online Service.
a. Operational Policy. GitHub maintains security documents describing its security measures and the relevant procedures and responsibilities of its personnel who have access to Customer Content and Protected Data.
b. Security Training. GitHub informs its personnel about relevant security procedures and their respective roles. GitHub also informs its personnel of possible consequences of breaching the security rules and procedures. GitHub will only use anonymous data in training.
#### 1.2 Security Incident Management.
GitHub will provide a Security incident management program for the Online Service as follows:
a. Security Availability and Escalation. GitHub will maintain appropriate security contact and escalation processes on a 24-hours-per-day, 7-days-per-week basis to ensure customers and employees can submit issues to the GitHub Security team.
b. Incident Response. If GitHub becomes aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data or Personal Data (each a "Security Incident"), GitHub will promptly and without undue delay (1) notify Customer of the Security Incident; (2) investigate the Security Incident and provide Customer with detailed information about the Security Incident; (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident.
c. Notification. Notification(s) of Security Incidents will be delivered to one or more of Customer's administrators by any means GitHub selects. It is Customer's sole responsibility to ensure Customer's administrators monitor for and respond to any notifications. Customer is solely responsible for complying with its obligations under incident notification laws applicable to Customer and fulfilling any third-party notification obligations related to any Security Incident.
d. Reasonable Assistance. GitHub will make commercially reasonable efforts to assist Customer in fulfilling Customer's obligation under applicable law or regulation to notify the relevant supervisory authority and data subjects about such Security Incident.
#### 1.3 Due Diligence over Subcontractors and Vendors.
GitHub will maintain appropriate due diligence when utilizing subcontractors and vendors. GitHub will maintain vendor assessment reports and any assessment work for a minimum of three years.
#### 1.4 Physical and Environmental Safeguards.
a. Physical Access to Facilities. GitHub limits access to facilities where information systems that process Customer Content and Protected Data are located to identified authorized individuals.
b. Physical Access to Components. GitHub maintains records of the incoming and outgoing media containing Customer Content and Protected Data, including the kind of media, the authorized sender/recipients, date and time, the number of media and the types of Customer Content and Protected Data they contain.
c. Protection from Disruptions. GitHub uses industry standard systems to protect against loss of data due to power supply failure or line interference.
#### 2. Requests for Information.
Upon Customer's written request and no more than once annually, GitHub will respond to one request for information to assess security and compliance risk-related information. The response will be provided in writing within thirty days of receipt of the request, pending needed clarifications of any request.
#### 3. Cooperation with Regulatory Audits.
Should Customer realize a regulatory audit or an audit in response to a Supervisory Authority that requires participation from GitHub, GitHub will fully cooperate with related requests by providing access to relevant knowledgeable personnel, documentation, and application software. Customer has the following responsibilities regarding any such regulatory or Supervisory Authority audits:
a. Customer must ensure use of an independent third party (meaning the regulator or regulator's delegate), and that findings and data not relevant to Customer are restricted from Customers access.
b. Notification of such audit must be written and provided to GitHub in a timely fashion, pending regulator notification, and in a manner that allows for appropriate personnel to be made available to assist. Where regulators provide no advance notice to Customer of audit or investigation, GitHub will respond in as timely a fashion as required by regulators.
c. Any third party auditor must disclose to GitHub any findings and recommended actions where allowed by the regulator.
d. In the event of a regulatory audit, access will be permitted only during regular business hours, Pacific time.
e. To the extent permitted by law, Customer must keep confidential any information gathered through any such audit of GitHub that, by its nature, should be confidential.

60
content/github/site-policy-deprecated/github-ae-product-specific-terms.md
View File

@@ -1,60 +0,0 @@
---
title: GitHub AE Product Specific Terms
hidden: true
versions:
fpt: '*'
redirect_from:
- /github/site-policy/ghem-supplemental-terms-for-microsoft-volume-licensing
- /github/site-policy/github-ae-product-specific-terms
---
_These terms apply to Customers who licensed the Products prior to January 4, 2021. Customers who purchase GitHub Products after that date are directed to https://www.github.com/enterprise-legal for current terms._
The Agreement consists of these GitHub AE Product Specific Terms, the General Terms that Customer accepted, and any additional terms GitHub or its Affiliates present when an order is placed.
## 1. Accounts.
**Account Responsibility.** Customer controls and is responsible for End User accounts and Content.
**Account Security.** Customer is responsible for maintaining the security of its account login credentials.
**Use Policies.** Customers End Users must comply with the Acceptable Use Policy.
**Suspension.** GitHub may suspend use of the Online Service during any period of Customers material breach.
**Access.** GitHub does not access Customer Content unless required for support matters or security purposes.
**DMCA.** GitHub has a Digital Millennium Copyright Act (DMCA) Takedown Policy which applies to copyright infringement claims.
## 2. Content.
**Ownership of Content.** Customer owns Content it creates and will fully comply with any third-party licenses relating to Content that Customer posts.
**License Grant to GitHub.** Unless Customer Content comes with a separate license granting GitHub the rights it needs to run the Online Service, Customer grants to GitHub the right to use Customer Content and make incidental copies as necessary to provide the Online Service or support, or for security reasons. In addition, GitHub may be compelled by law to disclose Customer Content.
## 3. Non-GitHub Products.
GitHub may make non-GitHub products available through the Online Service. If Customer uses any non-GitHub products with the Online Service, Customer may not do so in any way that would subject GitHubs intellectual property to obligations beyond those expressly included in the Agreement. GitHub assumes no responsibility or liability for any non-GitHub products. Customers use of non-GitHub products is governed by the terms between Customer and the publisher of the non-GitHub products (if any).
## 4. Support and SLA.
The Online Service includes Support and the SLA.
## 5. Data Protection and Security.
The terms of the Data Protection Agreement apply to the Online Service.
## 6. Notices.
Notices to GitHub must be sent to: GitHub, Inc. Attn: Legal Dept., 88 Colin P. Kelly St, San Francisco, CA 94107 USA.
## 7. Definitions.
“**Acceptable Use Policy**” means, when purchasing from GitHub, the Acceptable Use Policy available on Site-Policy and when purchasing from Microsoft, the Acceptable Use Policy in the Microsoft Online Services Terms.
“**Content**” means text, data, software, images and any other materials that are displayed or otherwise made available through the Online Service.
“**Customer Content**” means Content that Customer creates, owns, or to which Customer holds the rights.
“**Data Protection Agreement**” means the GitHub AE Data Protection Agreement, available on https://docs.github.com/github/site-policy.
“**Digital Millennium Copyright Act Takedown Policy**” means GitHubs process for handling notices of copyright infringement, available on https://docs.github.com/github/site-policy.
“**SLA**” means GitHubs uptime commitment for the Online Service, available on https://docs.github.com/github/site-policy.
“**Support**” means GitHubs Premium Plus Support program, further described on https://docs.github.com/github/site-policy.

51
content/github/site-policy-deprecated/github-enterprise-cloud-evaluation-agreement.md
View File

@@ -1,51 +0,0 @@
---
title: GitHub Enterprise Cloud Evaluation Agreement
hidden: true
redirect_from:
- /articles/github-enterprise-cloud-evaluation-agreement
- /github/site-policy/github-enterprise-cloud-evaluation-agreement
versions:
fpt: '*'
---
_These terms apply to Customers who licensed the Products prior to January 4, 2021. Customers who purchase GitHub Products after that date are directed to https://www.github.com/enterprise-legal for current terms._
THANK YOU FOR CHOOSING GITHUB FOR YOUR COMPANY'S BUSINESS NEEDS. PLEASE READ THESE TERMS CAREFULLY AS IT GOVERNS YOUR EVALUATION USE OF THE SERVICE, UNLESS GITHUB HAS EXECUTED A SEPARATE WRITTEN AGREEMENT WITH YOU FOR THAT PURPOSE. BY CLICKING ON THE "I AGREE" OR SIMILAR BUTTON OR BY ACCESSING THE SERVICE ON A TRIAL BASIS, YOU ACCEPT ALL THE TERMS AND CONDITIONS OF THIS EVALUATION AGREEMENT. IF YOU ARE ENTERING INTO THIS EVALUATION AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY (HEREINAFTER REFERRED TO AS "**CUSTOMER**"), CUSTOMER REPRESENTS THAT IT HAS THE LEGAL AUTHORITY TO BIND THE COMPANY OR OTHER LEGAL ENTITY TO THIS EVALUATION AGREEMENT. ALSO, BY ACCEPTING THESE TERMS, CUSTOMER AGREES THAT IT HAS READ GITHUB'S PRIVACY STATEMENT.
## 1. Corporate Terms of Service
Customer must have a Corporate Account on GitHub.com in order to have evaluation access. Customer's evaluation of Enterprise Cloud will be governed by these terms and the Corporate Terms of Service (found at [https://docs.github.com/articles/github-corporate-terms-of-service](/articles/github-corporate-terms-of-service)) (together, the "**Evaluation Agreement**"). However, any supplemental terms associated with [Enterprise Cloud Addendum](/articles/github-enterprise-cloud-addendum) **will not** apply until Customer upgrades its purchase to a paid subscription to Enterprise Cloud.   Any capitalized terms not defined in this Evaluation Agreement are defined in the Corporate Terms of Service.
## 2. Term and Termination
*2.1 Term.* "Evaluation Agreement Effective Date" is the date on which Customer agrees to the terms and conditions of this Evaluation Agreement. This Agreement begins on the Evaluation Agreement Effective Date and continues in effect for fourteen (14) days ("**Evaluation Term**").
*2.2 Termination.* Either party may terminate this Evaluation Agreement for any reason, without cause. Section 2.3 will apply to either party's election to terminate this Evaluation Agreement. This Evaluation Agreement will terminate immediately, without the requirement of notice, if Customer breaches any terms of the Evaluation Agreement.
*2.3 Effect of Termination.* Upon expiration of the Evaluation Term, any Subscription Licenses will automatically terminate; Customer will no longer have the right to use Enterprise Cloud; and Customer may lose access to Content, features, or capacity of its account. Please see the "Effect of Termination" section of the Corporate Terms of Service for information on obtaining a copy of that Content.
## 3. Warranties and Disclaimers
CUSTOMER UNDERSTANDS AND AGREES THAT ANY MATERIALS OR INFORMATION THAT GITHUB PROVIDES OR THAT CUSTOMER HAS ACCESS TO UNDER THIS EVALUATION AGREEMENT (INCLUDING, WITHOUT LIMITATION, ANY CONFIDENTIAL INFORMATION OR EVALUATION ACCOUNT MATERIALS) ARE PROVIDED "**AS IS**", AND WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. GITHUB SPECIFICALLY DISCLAIMS ANY AND ALL IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
## 4. Limitation of Liability
IN NO EVENT WILL GITHUB BE LIABLE TO CUSTOMER OR TO ANY THIRD PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOST DATA, LOST PROFITS OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, TORT (INCLUDING WITHOUT LIMITATION PRODUCTS LIABILITY, STRICT LIABILITY AND NEGLIGENCE), OR ANY OTHER THEORY, AND WHETHER OR NOT THE PARTY KNEW OR SHOULD HAVE KNOWN ABOUT THE POSSIBILITY OF SUCH DAMAGE. IN NO EVENT WILL  GITHUB'S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS EVALUATION AGREEMENT FOR ANY CAUSE WHATSOEVER, AND REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT OR IN TORT, EXCEED FIVE HUNDRED DOLLARS ($500.00) USD. THE FOREGOING LIMITATIONS WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY STATED IN THIS EVALUATION AGREEMENT.
## 5. Privacy
5.1 As part of the development and evaluation of our evaluation programs, GitHub needs to collect information about how Customer uses services and programs and how GitHub can improve them. GitHub may collect certain additional personal information from Customer. For example, GitHub may invite Customer to provide Feedback (as explained in Section 6 below). GitHub might ask questions about Customer's  experiences, familiarity with the product, or demographic information. GitHub uses this information to improve its products and services and does not sell Feedback to third parties or advertisers. Customer may decline to provide Feedback, decline to answer specific questions, or contact GitHub to delete or alter the information it has collected about Customer.
5.2 GitHub's servers are located in the United States. GitHub processes Customer's data in the United States. However, Customer is responsible for determining what personal data it submits to GitHub. Please see the [Privacy Statement](/articles/github-privacy-statement) for more information.
## 6. Feedback
GitHub is always trying to improve its products and services, and Customer's Feedback about its evaluation account will help do that. If Customer chooses to provide GitHub with any Feedback, Customer acknowledges and agrees that GitHub will have a royalty-free, fully paid-up, worldwide, transferable, sub-licensable, irrevocable and perpetual license to implement, use, modify, commercially exploit and/or incorporate the Feedback into GitHub products, services, and documentation.
## 7. Amendments; Waivers; No Third-Party Beneficiaries
This Evaluation Agreement may not be changed, except by a writing signed by both parties or by an update to the Generally Applicable Terms. If any term, condition, or provision in this Evaluation Agreement is found to be invalid or unenforceable, the remaining terms will continue to be valid and enforceable to the fullest extent permitted by law. The parties expressly agree that there are no third-party beneficiaries to this Evaluation Agreement.
## 8. Entire Agreement; Order of Precedence
The Generally Applicable Terms together with this Evaluation Agreement contain the entire agreement of the parties with respect to its subject matter and supersede all prior communications, representations, understandings and agreements, whether written or oral. The terms or conditions of any of Customer's purchase orders, acknowledgements, or other documents sent to GitHub in connection with this Evaluation Agreement will be null and void, and of no effect. In the event of a conflict between this Evaluation Agreement and the Generally Applicable Terms, this Evaluation Agreement will govern with respect to the relevant provision for the Evaluation Term of the Evaluation Agreement.

187
content/github/site-policy-deprecated/github-enterprise-server-license-agreement.md
View File

@@ -1,187 +0,0 @@
---
title: GitHub Enterprise Server License Agreement
hidden: true
redirect_from:
- /articles/github-enterprise-server-license-agreement
- /github/site-policy/github-enterprise-server-license-agreement
versions:
fpt: '*'
---
_These terms apply to Customers who have executed agreements in place referencing them. All other corporate customers are directed to https://www.github.com/customer-terms for current terms._
This Agreement applies to the following GitHub offerings, as further defined below (collectively, the **“Products”**):
- The Software (which may include Add-on Software, such as Advanced Security, Insights and Learning Lab for Enterprise Server);
- Any related Support; and
- Any related Professional Services.
If Customer has purchased the Products from a GitHub Partner, the following provisions of this Agreement will be superseded by the terms between Customer and the GitHub Partner: Section 8, Payment; Section 9, Delivery; Section 10, Verification; and Section 17, Term and Termination.
**1. Definitions.** Capitalized words not listed here will be defined within the Agreement.
”**Add-On Software**” means Advanced Security, Insights, Learning Lab for Enterprise Server and other additional Software add-on products that GitHub may offer from time to time.
“**Advanced Security**” means the Software feature which enables Customer to identify security vulnerabilities through customizable and automated semantic code analysis.
"**Agreement Effective Date**" is the earlier of the date that Customer either clicks "I Agree" to the terms and conditions of this Agreement, or that it first places an order for the Products.
"**Affiliate**" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party where "control" means having more than fifty percent (50%) ownership or the right to direct the management of the entity.
"**Beta Previews** means software, services, or features identified as alpha, beta, preview, early access, or evaluation, or words or phrases with similar meanings.
"**Customer**" means the company or organization that has entered into this Agreement with GitHub by clicking on the "I AGREE" or similar button or by accessing the Products.
"**Customer Modifications**" means Software modifications Customer may make solely for the purpose of developing bug fixes, customizations, or additional features to any libraries licensed under open source licenses that may be included with or linked to by the Software.
"**Documentation**" means any manuals, documentation and other supporting materials related to the Software that GitHub provides or makes available to Customer. Documentation is considered part of the Software.
"**Feedback**" means any ideas, know-how, algorithms, code contributions, suggestions, enhancement requests, recommendations or any other feedback on GitHub products or services.
"**Fees**" means the fees Customer is required to pay GitHub to use the Products during the applicable Subscription Term or Professional Services, as such fees are reflected on an Order Form or SOW.
"**GitHub Insights**" or “**Insights**” means the Software feature which provides Customer with metrics, analytics, and recommendations relating to their use of the Software. GitHub Insights does not include legacy features of GitHub including Organization insights and repository insights.
"**GitHub Partner**" means a company authorized to resell GitHub Products under the terms and conditions of GitHub's Channel Partner Agreement.
"**Learning Lab for Enterprise Server**" means the Software feature that enables Users to learn about GitHub functionality, including associated Documentation.
"**License Effective Date**" means the effective date of each Order Form as stated therein.
"**License Key**" means the data file used by the Software's access control mechanism that allows you to install, operate, and use the Software is delivered via a secure, password-protected website.
"**Order Form**" means written or electronic documentation (including a quote) that the Parties use to order the Products.
"**Parties**" means references to GitHub and Customer collectively. Each may be referred to individually as a "**Party**".
"**Professional Services**" means training, consulting, or implementation services that GitHub provides to Customer pursuant to a mutually executed SOW. Professional Services do not include Support.
"**Release**" means a Software release that GitHub makes generally available to its customers, along with any corresponding changes to Documentation, that contains enhancements, new features, or new functionality, generally indicated by a change in the digit to the right of the first decimal point (e.g., x.x.x to x.y.x) or to the left of the first decimal point (e.g., x.x.x to y.x.x).
"**Software**" means GitHub's proprietary Enterprise Server software. Software includes any applicable Documentation, any Updates to the Software that GitHub provides to Customer or that Customer can access under this Agreement, and, if included in Customers subscription, Add-On Software.
**"SOW"** means a mutually executed statement of work detailing the Professional Services GitHub will perform, any related Fees, and each Party's related obligations.
**“Subscription License”** means the license assigned to each User to install, operate, access, and use the Software on Customers behalf. Customer may only assign one Subscription License per User across its GitHub Enterprise Server instances. Each User will have access to as many of Customers Enterprise Server instances, as Customer permits. For clarity, however, once Customer assigns a Subscription License to a User, Customer will not be authorized to bifurcate the Subscription License so that one User can use a Subscription License on Enterprise Server while another User uses the same Subscription License on another instance of GitHub Enterprise Server.
"**Subscription Term**" means the period of one (1) year from the License Effective Date unless an alternate period is specified in an Order Form. GitHub will provide Customer with a renewal notice at least sixty (60) days before the expiration of the Subscription Term and will generate a new Order Form for renewal. GitHub will provide a new License Key for Customer to download that will allow continued use of the Software in accordance with the Order Form.
"**Support**" means technical support for the Software that GitHub may provide.
"**Update**" means a Software release that GitHub makes generally available to its customers, along with any corresponding changes to Documentation, that contains error corrections or bug fixes, generally indicated by a change in the digit to the right of the second decimal point (e.g., x.x.x to x.x.y).
"**User**" means a single person or Machine Account that initiates the execution of the Software or interacts with or directs the Software in the performance of its functions.
**2. Software License Grant.** GitHub grants to Customer a non-exclusive, non-transferable, worldwide, royalty-free, limited-term license to install and use the Software for Customers internal business purposes during the applicable Subscription Term, in accordance with the Documentation, and only for the number of Subscription Licenses stated in Customers Order Form. The Software includes components licensed to GitHub by third parties, including software whose licenses require GitHub to make the source code for those components available. The source code for such components will be provided upon request. Without limiting the foregoing, this license permits Customer to download and run Microsoft SQL Server Standard Edition container image for Linux files (“**SQL Server Images**”), which may be used only with the Software as documented. Customers right to use the SQL Server Images ends when Customer no longer has rights to use the Software, and Customer must uninstall the SQL Server Images when its right to use them ends. Microsoft Corporation may disable SQL Server Images at any time.
**3. License Restrictions.** Except as expressly permitted by law or by applicable third-party license, Customer and its Affiliates must not and must not allow any third party to: (i) sublicense, sell, rent, lease, transfer, assign, or redistribute the Software; (ii) host the Software for the benefit of third parties; (iii) disclose or permit any third party to access the Software, except as expressly permitted in Section 2; (iv) hack or modify the License Key, or avoid or change any license registration process; (v) except for Customer Modifications, modify or create derivative works of the Software, or merge the Software with other software; (vi) disassemble, decompile, bypass any code obfuscation, or otherwise reverse engineer the Software or attempt to derive any of its source code, in whole or in part; (vii) modify, obscure, or delete any proprietary rights notices included in or on the Software or Documentation; or (viii) otherwise use or copy the Software or Documentation in a manner not expressly permitted by this Agreement.
**4. Intellectual Property Rights.** As between the Parties, GitHub owns all right, title and interest, including all intellectual property rights, in and to the Products. GitHub reserves all rights in and to the Products not expressly granted to Customer under this Agreement.
**5. Feedback.** Customer may provide Feedback to GitHub regarding the Products. Feedback is voluntary and is not Customer Confidential Information, even if designated as such. GitHub may fully exercise and exploit such Feedback for the purpose of (i) improving the operation, functionality and use of GitHubs existing and future product offerings and commercializing such offerings; and (ii) publishing aggregated statistics about the quality of the Products, provided that no data in any such publication will be used to specifically identify Customer, its employees or Customers proprietary software code.
**6. Subscription Licenses.** Subscription Licenses are granted on a per User basis and multiple Users may not use the same Subscription License. Customer may reassign a Subscription License to a new User only after ninety (90) days from the last reassignment of that same Subscription License, unless the reassignment is due to (i) permanent hardware failure or loss, (ii) termination of the Users employment or contract, or (iii) temporary reallocation of Subscription Licenses to cover a Users absence. When Customer reassigns a Subscription License from one User to another, Customer must block the former Users access to the Subscription License.
**7. Affiliates.** Customers Affiliates are authorized to use the Software in accordance with this Agreement, so long as Customer remains fully responsible for their access and use of the Software.
**8. Payment**
**8.1** *Fees.* Customer agrees to pay the Fees in full, up front without deduction or setoff of any kind, in U.S. Dollars. Customer must pay the Fees within thirty (30) days of the GitHub invoice date. Amounts payable under this Agreement are non-refundable, except as provided in Sections 13 and 14.1. If Customer fails to pay any Fees on time, GitHub reserves the right, in addition to taking any other action at law or equity, to (i) charge interest on past due amounts at 1.0% per month or the highest interest rate allowed by law, whichever is less, and to charge all expenses of recovery, and (ii) terminate the applicable Order Form or SOW. Customer is solely responsible for all taxes, fees, duties and governmental assessments (except for taxes based on GitHub's net income) that are imposed or become due in connection with this Agreement.
**8.2** *Purchasing Additional Subscription Licenses.* Customer may obtain additional Subscription Licenses under this Agreement by submitting a request through GitHubs website or via its sales team. A new Order Form will then be generated and if Customer purchases the additional Subscription Licenses, Customer must pay the then-currently applicable Fees for them, prorated for the balance of the applicable Subscription Term. Upon renewal of Customers Subscription Licenses for another Subscription Term, GitHub will invoice all Subscription Licenses at once on an annual basis unless otherwise specified in an Order Form.
**8.3** *Add-On Software.* Add-On Software is licensed on a per User basis. For the avoidance of doubt, and unless otherwise set forth in an Order Form, the number of Subscription Licenses Customer has at any given time for Add-On Software must equal the number of Subscription Licenses Customer has for the Products under this Agreement. For example, if Customer wishes to purchase a subscription to Advanced Security and already holds Subscription Licenses for 100 Users for the Products, it must purchase Subscription Licenses for 100 Users for Advanced Security.
**9. Delivery.** GitHub will make the License Key available for Customer to download on a secure, password-protected website. All deliveries under this Section 9 will be electronic. For the avoidance of doubt, Customer is responsible for installation of any Software and acknowledge that GitHub has no further delivery obligation with respect to the Software after delivery of the License Key. As Updates become available, GitHub will make those available for download on the same website. Customer must Update the Software on a commercially reasonable basis but no less than one (1) time per year. Customer is responsible for maintaining the confidentiality of Customers usernames and passwords.
**10. Verification.** At GitHub's request, Customer will promptly provide GitHub with a Software-generated report verifying that Customer is using the Software in accordance with this Agreement. GitHub will invoice Customer for any additional use, effective from the date its use first exceeded the terms of the Agreement.
**11. Support.**
**11.1** *Standard Support.* GitHub will provide standard technical Support for the Software at no additional charge twenty-four (24) hours per day, five (5) days per week, excluding weekends and national U.S. holidays. Standard Support is only offered via web-based ticketing through GitHub Support, and Support requests must be initiated from a User with which GitHub's Support team can interact. GitHub may provide premium Support (subject to the [Premium Support for Enterprise Server terms](/enterprise/admin/enterprise-support/about-github-premium-support-for-github-enterprise-server)) or dedicated technical Support for the Software at the Support level, Fees, and Subscription Term specified in an Order Form or SOW.
**11.2** *Enhanced Support Offerings.* GitHub may provide enhanced Support offerings for the Software (including the Premium, Premium Plus, and Engineering Direct Support offerings) in accordance with the [Support terms](/enterprise/admin/enterprise-support/about-github-premium-support-for-github-enterprise), and at the Support level, Fees, and Subscription Term specified in an Order Form or SOW.
**11.3** *Exclusions.* GitHub will use reasonable efforts to correct any material, reproducible errors in the Software of which Customer notifies GitHub. However, GitHub will not be responsible for providing Support where (i) someone (other than GitHub) modifies the Software; (ii) Customer changes its operating system or environment in a way that adversely affects the Software or its performance; (iii) Customer uses the Software in a manner other than as authorized under this Agreement or the Documentation; or (iv) there is negligence or misuse by Customer of the Software.
**11.4** *Updates; Releases.* GitHub will only Support a given Release of the Software for one (1) year from the original Release date, or six (6) months from the last Update of the Release, whichever is longer. If Customer requires Support for earlier Releases of the Software, then Customer must pay for that Support in accordance with the terms of a mutually agreed upon Order Form or SOW.
**12. Professional Services.** Upon Customers request for Professional Services, GitHub will provide an SOW detailing such Professional Services. GitHub will perform the Professional Services described in each SOW. GitHub will control the manner and means by which the Professional Services are performed and reserves the right to determine personnel assigned. GitHub may use third parties to perform the Professional Services, provided that GitHub remains responsible for their acts and omissions. Customer acknowledges and agrees that GitHub retains all right, title and interest in and to anything used or developed in connection with performing the Professional Services, including software, tools, specifications, ideas, concepts, inventions, processes, techniques, and know-how. To the extent GitHub delivers anything to Customer while performing the Professional Services, GitHub grants to Customer a non-exclusive, non-transferable, worldwide, royalty-free, limited-term license to use those deliverables during the term of this Agreement, solely in conjunction with Customers use of the Software.
**13. Limited Warranties.**
**13.1** *Limited Software Warranties*. GitHub warrants that: (i) the unmodified Software, at the time it is made available to Customer for download, will not contain or transmit any malware, viruses, or worms (otherwise known as computer code or other technology specifically designed to disrupt, disable, or harm Customers software, hardware, computer system, or network) and (ii) for ninety (90) days from the date it is made available for initial download, the unmodified Software will substantially conform to its Documentation. GitHub does not warrant that Customers use of the Software will be uninterrupted, or that the operation of the Software will be error-free. The warranty in this Section 13.1 will not apply if Customer modifies or uses the Software in any way that is not expressly permitted by this Agreement and the Documentation. GitHub's only obligation, and Customers only remedy, for any breach of this warranty will be, at GitHub's option and expense, to either (a) repair the Software; (b) replace the Software; or (c) terminate this Agreement with respect to the defective Software, and refund the unused, prepaid Fees for the defective Software during the then-current Subscription Term.
**13.2** *Professional Services Warranty.* GitHub warrants to Customer that any Professional Services performed under this Agreement will be performed in a professional and workmanlike manner by appropriately qualified personnel. GitHub's only obligation, and Customers only remedy, for a breach of this warranty will be, at GitHub's option and expense, to either: (i) promptly re-perform any Professional Services that fail to meet this warranty or (ii) if the breach cannot be cured, terminate the SOW and refund the unused, prepaid Fees.
**13.3** *General Warranty.* Each Party represents and warrants that it has the legal power and authority to enter into this Agreement, and that this Agreement and each Order Form is entered into by an employee or agent of such Party with all necessary authority to bind such Party to the terms and conditions of this Agreement.
**13.4** *Beta Previews.* Customer may choose to use Beta Previews in its sole discretion. Beta Previews may not be supported and may be changed at any time without notice. Beta Previews may not be as reliable or available as the Software. Beta Previews are not subject to the same security measures to which the Software has been and is subject. GitHub will have no liability arising out of or in connection with Beta Previews. **CUSTOMER USERS BETA PREVIEWS AT ITS OWN RISK.**
**13.5** *Warranty Disclaimer.* THE LIMITED WARRANTIES DESCRIBED ABOVE ARE THE ONLY WARRANTIES GITHUB MAKES WITH RESPECT TO THE SOFTWARE, PROFESSIONAL SERVICES, AND SUPPORT. GITHUB DOES NOT MAKE ANY OTHER WARRANTIES AND REPRESENTATIONS OF ANY KIND, AND HEREBY SPECIFICALLY DISCLAIMS ANY OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR ANY WARRANTIES OR CONDITIONS ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, PROVIDED BY GITHUB OR ANYWHERE ELSE WILL CREATE ANY WARRANTY OR CONDITION NOT EXPRESSLY STATED IN THIS AGREEMENT.
**14. Defense of Claims; Release.**
The Parties will defend each other against third-party claims, as and to the extent set forth in this Section 14 and will pay the amount of any resulting adverse final judgment or approved settlement, but only if the defending Party is promptly notified in writing of the claim and has the right to control the defense and any settlement of it. The Party being defended must provide the defending Party with all requested assistance, information, and authority. The defending Party will reimburse the other Party for reasonable out-of-pocket expenses it incurs in providing assistance, and will not settle or make any admissions with respect to a third-party claim without the other Partys prior written consent, not to be unreasonably withheld or delayed. This Section 14 describes the Parties sole remedies and entire liability for such claims.
**14.1** *GitHub*. GitHub will defend Customer against any claim brought by an unaffiliated third party to the extent it alleges Customers authorized use of the Software infringes a copyright, patent, or trademark or misappropriates a trade secret of an unaffiliated third party. If GitHub is unable to resolve any such claim under commercially reasonable terms, it may, at its option, either: (a) modify, repair, or replace the Software (as applicable); or (b) terminate Customers subscription and refund any prepaid, unused subscription Fees. GitHub will have no obligation under this Section 14.1 for any such claim arising from: (i) the modification of the Software, or the combination, operation, or use of the Software with equipment, devices, software, systems, or data, other than as expressly authorized by this Agreement (including the Documentation); (ii) Customers failure to stop using the Software after receiving notice to do so; (iii) Customers obligations under Section 14.2; (iv) products or services (including use of the Software) that are provided by GitHub free of charge; or (v) access or use of Beta Previews. For purposes of GitHubs obligation under this Section 14.1, the Software includes open source components incorporated by GitHub therein.
**14.2** *Customer*. Customer will defend GitHub against any claim brought by an unaffiliated third party arising from: (i) Customer Content that Customer uploads to the Software; (ii) Customer's violation of this Agreement, including Customers breach of confidentiality; (iii) Customer Modifications to the Software; or (iv) any third party-branded equipment, devices, software, systems, or data that Customer combines, operates, or uses with the Software.
**15. LIMITATION OF LIABILITY.**
**15.1** *No Indirect Damages*. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY OR TO ANY THIRD PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING FOR LOSS OF PROFITS, REVENUE, OR DATA) OR FOR THE COST OF OBTAINING SUBSTITUTE PRODUCTS ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, HOWEVER CAUSED, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED UPON CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, AND WHETHER OR NOT A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
**15.2** *Limitation of Total Liability*. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL EITHER PARTYS TOTAL CUMULATIVE LIABILITY UNDER THIS AGREEMENT FROM ALL CAUSES OF ACTION AND ALL THEORIES OF LIABILITY EXCEED THE FEES CUSTOMER HAS ACTUALLY PAID TO GITHUB DURING THE TWELVE (12) MONTHS PRECEDING THE CLAIM GIVING RISE TO SUCH LIABILITY. FOR PRODUCTS AND SERVICES THAT ARE PROVIDED FREE OF CHARGE, GITHUBS LIABILITY IS LIMITED TO DIRECT DAMAGES UP TO $5,000.00 USD. FOR BETA PREVIEWS, GITHUBS LIABILITY IS LIMITED TO DIRECT DAMAGES UP TO $500.00 USD.
**15.3** *Exceptions*. The exclusions and limitations set forth in this Section 15 will not apply to liability arising out of (1) Customers non-compliance with the license grant or license restrictions in Sections 2 and 3; (2) a Partys defense obligations in Section 14; or (c) a Partys breach of its confidentiality obligations in Section 16.
**16. Confidentiality.**
**16.1** *Definition of Confidential Information*. For the purposes of this Agreement, "Confidential Information" means any business or technical information that either Party discloses to the other, in writing, orally, or by any other means, including disclosures like computer programs, code, algorithms, data, know-how, formulas, processes, ideas, inventions (whether patentable or not), schematics and other technical, business, financial, and product development plans, names and expertise of employees and consultants, and customer lists. For the purposes of this Agreement, except as expressly set forth in Section 2.1, the source code of the Software will be deemed to be GitHub's Confidential Information, regardless of whether it is marked as such.
**16.2** *Restrictions on Use and Disclosure.* Neither Party will use the other Party's Confidential Information, except as permitted under this Agreement. Each Party agrees to maintain in confidence and protect the other Party's Confidential Information using at least the same degree of care as it uses for its own information of a similar nature, but in all events at least a reasonable degree of care. Each Party agrees to take all reasonable precautions to prevent any unauthorized disclosure of the other Party's Confidential Information, including, without limitation, disclosing Confidential Information only to its employees, independent contractors, consultants, and legal and financial advisors (collectively, "Representatives") (i) with a need to know such information, (ii) who are parties to appropriate agreements sufficient to comply with this Section 16, and (iii) who are informed of the non-disclosure obligations imposed by this Section 16. Each Party is responsible for all acts and omissions of its Representatives. The foregoing obligations will not restrict either Party from disclosing Confidential Information of the other Party pursuant to the order or requirement of a court, administrative agency, or other governmental body, provided that the Party required to make such a disclosure gives reasonable notice to the other Party to enable them to contest such order or requirement. The restrictions set forth in this Section 16 will survive the termination or expiration of this Agreement.
**16.3** *Exclusions*. The restrictions set forth in Section 16.2 will not apply with respect to any Confidential Information that: (i) was or becomes publicly known through no fault of the receiving party; (ii) was rightfully known or becomes rightfully known to the receiving party without confidential or proprietary restriction from a source other than the disclosing party who has a right to disclose it; (iii) is approved by the disclosing party for disclosure without restriction in a written document which is signed by a duly authorized officer of such disclosing party; or (iv) the receiving party independently develops without access to or use of the other Party's Confidential Information.
**17. Term and Termination.**
**17.1** *Agreement* *Term*. This Agreement starts on the Agreement Effective Date and will continue in effect until this Agreement is terminated by a Party in accordance with this Section 17. If this Agreement is terminated before the expiration or termination of a Subscription Term, then any active Order Forms will remain in force pursuant to the terms of this Agreement.
**17.2** *Termination for Convenience*. Either Party may terminate an Order Form, with or without cause, upon at least thirty (30) days written notice before the end of the then-current Subscription Term.
**17.3** *Termination for Material Breach*. Either Party may terminate this Agreement immediately upon notice if the other Party breaches a material obligation under this Agreement and fails to cure the breach within thirty (30) days from the date it receives notification. Either Party reserves the right to terminate this Agreement immediately upon written notice, but without giving the other Party a cure period, if Customer breaches any of the terms of this Agreement relating to GitHub's intellectual property (including Customer's compliance with the license grant and any license restrictions) or either Party's Confidential Information.
**17.4** *Effect of Termination; Survival.* When this Agreement terminates or expires, Customer may not execute additional Order Forms; however, the Agreement will remain in full force and effect for the remainder of any active Order Forms. When an Order Form terminates or expires, as to that Order Form: (i) the Subscription Term for any Software will immediately end; (ii) Customer will no longer have the right to use the Software, and any Subscription Licenses granted in the Order Form will automatically cease to exist as of the date of termination or expiration; (iii) if any Fees were owed prior to termination, Customer must pay those Fees immediately; (iv) Customer must destroy all copies of the Software in its possession or control, and certify in writing to GitHub that it has done so; and (v) each Party will promptly return to the other (or, if the other party requests it, destroy) all Confidential Information belonging to the other. Notwithstanding the foregoing, Customer may continue to access the Software to migrate its data for ninety (90) days after termination or expiration of this Agreement or an Order Form; however, Customer must not use the Software on a production basis during that time. Any terms or sections which by their nature should reasonably survive will survive the termination or expiration of this Agreement or an Order Form.
**18. General Provisions.**
**18.1** *Compliance with Laws and Regulations.* Customer will comply with all applicable laws and regulations, including, but not limited to, data protection and employment laws and regulations, in its use of the Products.
**18.2** *Data Protection Considerations for Use of GitHub Insights and Learning Lab for Enterprise Server.* If Customers planned use of GitHub Insights or Learning Lab for Enterprise Server involves processing personal data, Customer is solely responsible for determining whether or not to complete a data protection impact assessment or otherwise secure formal legal analysis of Customers planned use. It is in Customers sole discretion whether to use GitHub Insights or Learning Lab for Enterprise Server to process Customers employees and/or users data, and if Customer does so, Customer is solely responsible for conducting such processing in compliance with applicable law.
**18.3** *Governing Law; Venue.* For Customers domiciled in the United States, Canada, Mexico, or a country in Central or South America or the Caribbean (the "Americas"), this Agreement will be governed by and construed in accordance with the laws of the State of California, as if performed wholly within the state and without giving effect to the principles of conflict of law. For such Customers, any legal action or proceeding arising under this Agreement will be brought exclusively in the federal or state courts located in the Northern District of California and the parties hereby consent to personal jurisdiction and venue therein. If Customers principal office is outside the Americas, this Agreement will be governed by the laws of Ireland, any legal action or proceeding arising under this Agreement will be brought exclusively in the courts located in Dublin, and the Parties hereby consent to personal jurisdiction and venue therein. The Parties expressly agree that the United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transactions Act will not apply to this Agreement. Notwithstanding the foregoing, GitHub may bring a claim for equitable relief in any court with proper jurisdiction.
**18.4** *Government Users.* The Products and Documentation were developed solely with private funds and are considered "Commercial Computer Software" and "Commercial Computer Software Documentation" as described in Federal Acquisition Regulations 12.212 and 27.405-3, and Defense Federal Acquisition Regulation Supplement 227.7202-3. The Products are licensed to the United States Government end user as restricted computer software and limited rights data. No technical data or computer software is developed under this Agreement. Any use, disclosure, modification, distribution, or reproduction of the Products or Documentation by the United States Government or its contractors is subject to the restrictions set forth in this Agreement. All other use is prohibited.
**18.5** *Export.* The Products are subject to export and sanctions restrictions administered by the U.S. Government and import restrictions by certain foreign governments, and Customer will comply with all applicable export and import laws and regulations in Customers use of the Products. Customer must not, and must not allow any third party to, remove or export from the United States or allow the export or re-export of any part of the Products or any direct product thereof: (i) into (or to a national or resident of) any embargoed or terrorist-supporting country or territory; (ii) to anyone on the U.S. Commerce Departments Entity List or Table of Denial Orders, anyone blocked pursuant to rules administered by the U.S. Office of Foreign Assets Control, including anyone on the List of Specially Designated Nationals or sanctioned country “Government” entities, or anyone subject to other applicable prohibited or sanctioned persons lists; (iii) to any country or territory to which such export or re-export is restricted or prohibited, or as to which the U.S. government or any agency thereof requires an export license or other governmental approval at the time of export or re-export without first obtaining such license or approval; or (iv) otherwise in violation of any export, sanctions, or import restrictions, laws or regulations of any United States or foreign agency or authority. Customer represents and warrants that Customer is not located in under the control of, or a national or resident of any such prohibited country or territory or on any such prohibited party list. GitHub Enterprise Server is a self-hosted virtual appliance that can be run within Customers own datacenter or virtual private cloud. As such, GitHub Enterprise Server can be used to store ITAR or other export-controlled information. However, Customer is responsible for ensuring such compliance. Customer acknowledges and agrees that the Products are restricted from being used for the design or development of nuclear, chemical, or biological weapons or missile technology without the prior required permission of the U.S. government.
**18.6** *No Publicity without Permission.* GitHub may identify Customer as a customer to current and prospective customers. However, GitHub may not use Customers name or logo in any advertising or marketing materials without Customers permission.
**18.7** *Assignment*. Neither Party may assign or otherwise transfer this Agreement, in whole or in part, without the other Party's prior written consent, such consent not to be unreasonably withheld, and any attempt to do so will be null and void, except that GitHub may assign this Agreement in its entirety, upon notice to the other party but without the other Party's consent, in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of the assigning party's business or assets.
**18.8** *Notices*. Unless otherwise stated herein, any notice, request, demand or other communication under this Agreement must be in writing (e-mail is acceptable), must reference this Agreement, and will be deemed to be properly given: (i) upon receipt, if delivered personally; (ii) one (1) business day following confirmation of receipt by the intended recipient, if by e-mail; (iii) five (5) business days after it is sent by registered or certified mail, with written confirmation of receipt and email; or (iv) three (3) business days after deposit with an internationally recognized express courier and email, with written confirmation of receipt. Notices can be sent to the address(es) set forth in this Agreement, unless a Party notifies the other that those addresses have changed.
**18.9** *Force Majeure*. GitHub will be excused from liability to the extent that it is unable to perform any obligation under this Agreement due to extraordinary causes beyond its reasonable control, including acts of God, natural disasters, strikes, lockouts, riots, acts of war, epidemics, or power, telecommunication or network failures.
**18.10** *Independent Contractors*. The Parties are each independent contractors with respect to the subject matter of this Agreement. Nothing contained in this Agreement will be deemed or construed in any manner to create a legal association, partnership, joint venture, employment, agency, fiduciary, or other similar relationship between the Parties, and neither Party can bind the other contractually.
**18.11** *Waiver*. A Party's obligations under this Agreement must only be waived in a writing signed by an authorized representative of the other Party, which waiver will be effective only with respect to the specific obligation described. No failure or delay by a Party to this Agreement in exercising any right hereunder will operate as a waiver thereof, nor will any single or partial exercise thereof preclude any other or further exercise thereof or the exercise of any right hereunder at law or equity.
**18.12** *Entire Agreement*. This Agreement, including each Order Form and SOW, constitutes the entire agreement and understanding of the Parties with respect to its subject matter, and supersedes all prior or contemporaneous understandings and agreements, whether oral or written, between the Parties with respect to its subject matter. The terms of any purchase order, written terms or conditions, or other document that Customer submits to GitHub that contains terms that are different from, in conflict with, or in addition to the terms of this Agreement, SOW or any Order Form will be void and of no effect.
**18.13** *Amendments; Order of Precedence*. GitHub reserves the right to amend this Agreement at any time and will update the terms and conditions of this Agreement in the event of any such amendments. Changes to this Agreement will become effective upon the anniversary of Customer's then-current Subscription Term. In the event of a conflict between this Agreement and an Order Form, an Order Form will govern with respect to that order only. This Agreement and any addenda, including an Order Form, must control and no modification, change, or amendment of this Agreement will be binding upon the Parties or supersede the terms of this Agreement unless it is in writing, and is duly signed by each Party's authorized representative.
**18.14** *Severability*. If any provision of this Agreement is deemed by a court of competent jurisdiction to be illegal, invalid, or unenforceable, the court will modify or reform this Agreement to give as much effect as possible to that provision. Any provision that cannot be modified or reformed in this way will be deemed deleted and the remaining provisions of this Agreement will continue in full force and effect.

35
content/github/site-policy-deprecated/github-enterprise-service-level-agreement.md
View File

@@ -1,35 +0,0 @@
---
title: GitHub Enterprise Service Level Agreement
hidden: true
redirect_from:
- /github-enterprise-cloud-addendum
- /github-business-cloud-addendum
- /articles/github-enterprise-cloud-addendum
- /github/site-policy/github-enterprise-service-level-agreement
versions:
fpt: '*'
---
_These terms apply to Customers who licensed the Products prior to January 4, 2021. Customers who purchase GitHub Products after that date are directed to https://www.github.com/enterprise-legal for current terms._
**Short version:** GitHub guarantees a 99.9% quarterly uptime commitment for the applicable GitHub service (the “**Service Level**” or “**SLA**”). If GitHub does not meet the SLA, then Customer will be entitled to a service credit to Customers account (“**Service Credits**”).
For definitions of each Service feature (“**Service Feature**”) and to review historical and current Uptime, visit the [GitHub Status Page](https://www.githubstatus.com/). Capitalized terms used but not defined in this SLA have the meaning assigned in Customers applicable agreement.
## Uptime Guarantee
“**Uptime**” is the percentage of total possible minutes the applicable GitHub service was available in a given calendar quarter. GitHub commits to maintain at least 99.9% Uptime for the applicable GitHub service. The Uptime calculation for each Service Feature that may be included with the applicable GitHub service is described below (“**Uptime Calculation**”). If GitHub does not meet the SLA, Customer will be entitled to Service Credits based on the calculation below (“**Service Credits Calculation**”). Note, Downtime does not affect every customer at the same time or in the same way.
| **Service Feature** | **Uptime Calculation** | **Definitions** | **Service Credits Calculation** |
|---|---|---|---|
| **Issues**,<br>**Pull&nbsp;Requests**,<br>**Git&nbsp;Operations**,<br>**API&nbsp;Requests (for Service Features only)**,<br>**Webhooks**,<br>**Pages** | (total minutes in a calendar quarter - Downtime) / total minutes in a calendar quarter | “**Downtime**” is a period of time where either (a) the error rate exceeds five percent (5%) in a given minute for any Service Feature or (b) the Service was unavailable as determined by a combination of GitHub's internal and external monitoring systems. | A Service Credits claim may be based on either (not both) of the following calculations: <ul><li>10% of the amount Customer paid for a Service Feature in a calendar quarter where the Uptime for that Service Feature was less than or equal to 99.9%, but greater than 99.0%. <BR><BR>OR <BR><BR></li><li>25% of the amount Customer paid for a Service Feature in a calendar quarter where the Uptime of that Service Feature was less than 99.0%.</li></ul> | |
| **Actions** | (Total Triggered Executions Unavailable Executions) / (Total Triggered Executions) x 100 | “**Total Triggered Executions**” is the total number of all Actions executions triggered by Customer in a calendar quarter. <br><br> “**Unavailable Executions**” is the total number of executions within Total Triggered Executions which failed to run in a calendar quarter. An execution failed to run when the Actions history log did not capture any output five (5) minutes after the trigger was successfully fired. | Same as above |
| **Packages** | Transfers Uptime = same as Actions <br> <br> Storage Uptime = 100% - Average Error Rate* <br> <br> *The Uptime Calculation excludes public usage and storage transactions that do not count toward either Total Storage Transactions or Failed Storage Transactions (including pre-authentication failures; authentication failures; attempted transactions for storage accounts over their prescribed quotas). | “**Error Rate**” is the total number of Failed Storage Transactions divided by the Total Storage Transactions during a set time interval (currently set at one hour). If the Total Storage Transactions in a given one-hour interval is zero, the error rate for that interval is 0%. <br><br> “**Average Error Rate**” is the sum of Error Rates for each hour in a calendar quarter divided by the total number of hours in a calendar quarter. | Same as above |
## Exclusions
Excluded from the Uptime Calculation are Service Feature failures resulting from (i) Customers acts, omissions, or misuse of the applicable GitHub service including violations of the Agreement; (ii) failure of Customers internet connectivity; (iii) factors outside GitHub's reasonable control, including force majeure events; or (iv) Customers equipment, services, or other technology.
## Service Credits Redemption
If GitHub does not meet this SLA, Customer may redeem Service Credits only upon written request to GitHub within thirty (30) days of the end of the calendar quarter. Written requests for Service Credits redemption and GitHub Enterprise Cloud custom monthly or quarterly reports should be sent to [GitHub Support](https://support.github.com/contact?tags=docs-policy).
Service Credits may take the form of a refund or credit to Customers account, cannot be exchanged into a cash amount, are limited to a maximum of ninety (90) days of paid service per calendar quarter, require Customer to have paid any outstanding invoices, and expire upon termination of Customers agreement with GitHub. Service Credits are the sole and exclusive remedy for any failure by GitHub to meet any obligations in this SLA.

451
content/github/site-policy-deprecated/github-enterprise-subscription-agreement.md
View File

@@ -1,451 +0,0 @@
---
title: GitHub Enterprise Subscription Agreement
hidden: true
redirect_from:
- /articles/github-enterprise-agreement
- /articles/github-enterprise-subscription-agreement
- /github/site-policy/github-enterprise-subscription-agreement
versions:
fpt: '*'
---
_These terms apply to Customers who have executed agreements in place referencing them. All other corporate customers are directed to https://www.github.com/customer-terms for current terms._
This Agreement applies to the following GitHub offerings, as further defined below (collectively, the **"Products"**):
- GitHub Enterprise (comprised of GitHub Enterprise Server, which may include Add-On Software, and GitHub Enterprise Cloud);
- Any Beta Previews;
- Any related Support; and
- Any related Professional Services.
This Agreement includes the following Sections and Exhibits, each of which is incorporated by reference herein:
* SECTION 1: General Terms and Conditions;
* SECTION 2: GitHub Enterprise Server License Terms;
* SECTION 3: GitHub Enterprise Cloud Terms of Service;
* EXHIBIT A: Definitions.
If Customer has purchased any Products from an authorized GitHub reseller, the following Sections of this Agreement are superseded by the terms Customer has agreed upon with the GitHub reseller: Section 1.1 (Term and Termination); 1.2 (Payment); Section 2.3 (Delivery); and Section 2.4 (Verification).
## SECTION 1: GENERAL TERMS AND CONDITIONS
This Section 1 sets forth the terms and conditions applicable to Customers purchase and use of any of the Products. Capitalized terms used but not defined in the body of this Agreement are defined in Exhibit A.
### 1.1 Term and Termination.
#### 1.1.1 Term.
This Agreement starts on the Effective Date and will continue in effect until terminated by a Party in accordance with this Section 1.1.
#### 1.1.2 Termination for Convenience. Account Cancellation.
Either Party may terminate an Order Form or this Agreement, without cause, upon at least thirty (30) days' prior written notice before the end of the then-current Subscription Term. If Customer elects to terminate an Order Form or Agreement, it is Customer's responsibility to properly cancel its account with GitHub by going into Settings in the global navigation bar at the top of the screen. GitHub cannot cancel accounts in response to an email or phone request.
#### 1.1.3 Termination for Material Breach.
Either Party may terminate this Agreement immediately upon notice if the other Party breaches a material obligation under this Agreement and fails to cure the breach within thirty (30) days from the date it receives notification. Each Party also reserves the right to terminate this Agreement immediately upon written notice, without giving the other Party a cure period, as follows: by GitHub, if Customer breaches any of the terms of this Agreement relating to GitHub's intellectual property (including Customers non-compliance with the license grant or any license restrictions), or if Customers account has been suspended for more than ninety (90) days; or by either Party, if the other breaches its confidentiality obligations in Section 1.4.
#### 1.1.4 Effect of Termination; Survival.
Upon termination of this Agreement, Customer may not execute additional Order Forms; however, this Agreement will remain in effect for the remainder of any active Order Forms. When an Order Form terminates or expires, as to that Order Form: (i) the Subscription Term for the Software and/or Service will immediately end; (ii) any Subscription Licenses in the Order Form will automatically terminate, and Customer will no longer have the right to use the Products; (iii) if any Fees were owed prior to termination, Customer must pay those Fees immediately; (iv) Customer must destroy all copies of the Software in Customers possession or control, and certify in writing to GitHub that Customer has done so; and (v) each Party will promptly return (or, if the other party requests it, destroy) all Confidential Information belonging to the other to the extent permitted by the Service. Notwithstanding the foregoing, Customer may continue to access the Software to migrate Customers data and may request migration of the data in its repositories for up to ninety (90) days after termination or expiration of this Agreement or an Order Form; however, Customer may not use the Software or Service on a production basis during that time. Any provisions which by their nature should reasonably survive will survive the termination or expiration of this Agreement or an Order Form.
### 1.2 Payment.
#### 1.2.1 Fees.
Customer agrees to pay the Fees in full, up front without deduction or setoff of any kind, in U.S. Dollars. Customer must pay the Fees within thirty (30) days of the GitHub invoice date. Amounts payable under this Agreement are non-refundable, except as provided in Sections 1.5.1 and 1.6.2. If Customer fails to pay any Fees on time, GitHub reserves the right, in addition to taking any other action at law or equity, to (i) charge interest on past due amounts at 1.0% per month or the highest interest rate allowed by law, whichever is less, and to charge all expenses of recovery, and (ii) terminate the applicable Order Form or SOW. Customer is solely responsible for all taxes, fees, duties and governmental assessments (except for taxes based on GitHub's net income) that are imposed or become due in connection with this Agreement.
#### 1.2.2 Purchasing Additional Subscription Licenses.
Customer may obtain additional Subscription Licenses under this Agreement by submitting a request through GitHubs website or via its sales team. If Customer purchases the additional Subscription Licenses, Customer must pay the then-currently applicable Fees for them, prorated for the balance of the applicable Subscription Term. Upon renewal of Customers Subscription Licenses for another Subscription Term, GitHub will invoice all Subscription Licenses at once on an annual basis unless otherwise specified in an Order Form.
#### 1.2.3 Add-On Software.
Add-On Software is licensed on a per User basis. For the avoidance of doubt, and unless otherwise set forth in an Order Form, the number of Subscription Licenses Customer has at any given time for Add-On Software must equal the number of Subscription Licenses Customer has for the Products under this Agreement. For example, if Customer wishes to purchase a subscription to Advanced Security and already holds Subscription Licenses for 100 Users for the Products, it must purchase Subscription Licenses for 100 Users for Advanced Security.
### 1.3 Professional Services.
Upon Customers request for Professional Services, GitHub will provide an SOW detailing such Professional Services. GitHub will perform the Professional Services described in each SOW. GitHub will control the manner and means by which the Professional Services are performed and reserves the right to determine personnel assigned. GitHub may use third parties to perform the Professional Services, provided that GitHub remains responsible for their acts and omissions. Customer acknowledges and agrees that GitHub retains all right, title and interest in and to anything used or developed in connection with performing the Professional Services, including software, tools, specifications, ideas, concepts, inventions, processes, techniques, and know-how. To the extent GitHub delivers anything to Customer while performing the Professional Services, GitHub grants to Customer a non-exclusive, non-transferable, worldwide, royalty-free, limited-term license to use those deliverables during the term of this Agreement, solely in conjunction with Customers use of the Software or Service.
### 1.4 Confidentiality.
Neither Party will use the other Party's Confidential Information, except as permitted under this Agreement. Each Party agrees to maintain in confidence and protect the other Party's Confidential Information using at least the same degree of care as it uses for its own information of a similar nature, but in any event at least a reasonable degree of care. Each Party agrees to take all reasonable precautions to prevent any unauthorized disclosure of the other Party's Confidential Information, including, without limitation, disclosing such Confidential Information only to its Representatives who (i) have a need to know such information, (ii) are parties to appropriate agreements sufficient to comply with this Section 1.4, and (iii) are informed of the restrictions on use and disclosure set forth in this Section 1.4. Each Party is responsible for all acts and omissions of its Representatives. The foregoing obligations will not restrict either Party from disclosing Confidential Information of the other Party pursuant to the order or requirement of a court, administrative agency, or other governmental body, provided that the Party required to make such a disclosure gives reasonable notice to the other Party to enable such Party to contest such order or requirement, unless such notice is prohibited by law. The restrictions set forth in this Section 1.4 will survive the termination or expiration of this Agreement.
### 1.5 Defense of Claims.
The Parties will defend each other against third-party claims, as and to the extent set forth in this Section 1.5 and will pay the amount of any resulting adverse final judgment or approved settlement, but only if the defending Party is promptly notified in writing of the claim and has the right to control the defense and any settlement of it. The Party being defended must provide the defending Party with all requested assistance, information, and authority. The defending Party will reimburse the other Party for reasonable out-of-pocket expenses it incurs in providing assistance, and will not settle or make any admissions with respect to a third-party claim without the other Partys prior written consent, not to be unreasonably withheld or delayed. This Section 1.5 describes the Parties sole remedies and entire liability for such claims.
#### 1.5.1 GitHub.
GitHub will defend Customer against any claim brought by an unaffiliated third party to the extent it alleges Customers authorized use of the Software or Service infringes a copyright, patent, or trademark or misappropriates a trade secret of an unaffiliated third party. If GitHub is unable to resolve any such claim under commercially reasonable terms, it may, at its option, either: (i) modify, repair, or replace the Software or Service (as applicable); or (ii) terminate Customers subscription and refund any prepaid, unused subscription fees. GitHub will have no obligation under this Section 1.5.1 for any such claim arising from: (a) the modification of the Software or Service, or the combination, operation, or use of the Software or Service with equipment, devices, software, systems, or data, other than as expressly authorized by this Agreement (including the Documentation); (b) Customers failure to stop using the Software or Service after receiving notice to do so; (c) Customers obligations under Section 1.5.2; (d) products or services (including use of the Software or Service) that are provided by GitHub free of charge; or (e) access or use of Beta Previews. For purposes of GitHubs obligation under this Section 1.5.1, the Software and the Service include open source components incorporated by GitHub therein.
#### 1.5.2 Customer.
Customer will defend GitHub against any claim brought by an unaffiliated third party arising from: (i) Customer Content that Customer uploads to the Software or the Service; (ii) Customer's violation of this Agreement, including Customers breach of confidentiality or violation of GitHub's acceptable use terms; (iii) Customer Modifications to the Software; or (iv) any third party-branded equipment, devices, software, systems, or data that Customer combines, operates, or uses with the Software or Service.
### 1.6 Representations and Warranties; Disclaimer; Limitations of Liability.
#### 1.6.1 General Warranty.
Each Party represents and warrants to the other that it has the legal power and authority to enter into this Agreement, and that this Agreement and each Order Form and SOW is entered into by an employee or agent of such Party with all necessary authority to bind such Party to the terms and conditions of this Agreement.
#### 1.6.2 Limited Warranties.
**(i) Software.** GitHub warrants that: (1) the unmodified Software, at the time it is made available to Customer for download, will not contain or transmit any malware, viruses, or worms (otherwise known as computer code or other technology specifically designed to disrupt, disable, or harm Customers software, hardware, computer system, or network); and (2) for ninety (90) days from the date it is made available for initial download, the unmodified Software will substantially conform to its Documentation. GitHub does not warrant that Customers use of the Software will be uninterrupted, or that the operation of the Software will be error-free. The warranty in this Section 1.6.2(i) will not apply if Customer modifies or uses the Software in any way that is not expressly permitted by Section 2 and the Documentation. GitHub's only obligation, and Customers only remedy, for any breach of this warranty will be, at GitHub's option and expense, to either (a) repair the Software; (b) replace the Software; or (c) terminate this Agreement with respect to the defective Software, and refund the unused, prepaid Fees for the defective Software during the then-current Subscription Term.
**(ii) Professional Services.** GitHub warrants to Customer that any Professional Services performed under this Agreement will be performed in a professional and workmanlike manner by appropriately qualified personnel. GitHub's only obligation, and Customers only remedy, for a breach of this warranty will be, at GitHub's option and expense, to either: (1) promptly re-perform any Professional Services that fail to meet this warranty; or (2) if the breach cannot be cured, terminate the SOW and refund the unused, prepaid Fees.
#### 1.6.3 Disclaimer.
**(i) Generally.** Except as expressly provided in this Agreement, GitHub does not make any other warranties and representation of any kind, and hereby specifically disclaims any other warranties, whether express, implied, or statutory, including but not limited to warranties of merchantability, fitness for a particular purpose, non-infringement, or any warranties or conditions arising out of course of dealing or usage of trade. No advice or information, whether oral or written, provided by GitHub or anywhere else will create any warranty or condition not expressly stated in this Agreement.
**(ii) Service.** GitHub provides the Service **“AS IS”** and **“AS AVAILABLE”** without warranty of any kind. Without limiting this, GitHub expressly disclaims all warranties, whether express, implied or statutory, regarding the Service, including, without limitation, any warranty of merchantability, fitness for a particular purpose, title, security, accuracy and non-infringement. GitHub does not warrant that the Service will meet Customer's requirements; that the Service will be uninterrupted, timely, secure, or error-free; that the information provided through the Service is accurate, reliable or correct; that any defects or errors will be corrected; that the Service will be available at any particular time or location; or that the Service is free of viruses or other harmful components. GitHub will not be responsible for any risk of loss resulting from Customer's downloading and/or use of files, information, Content or other material obtained from the Service.
**(iii) Beta Previews.** Customer may choose to use Beta Previews in its sole discretion. Beta Previews may not be supported and may be changed at any time without notice. Beta Previews may not be as reliable or available as the Service. Beta Previews are not subject to the same security measures and auditing to which the Service has been and is subject. GitHub will have no liability arising out of or in connection with Beta Previews. **Customer uses Beta Previews at its own risk.**
#### 1.6.4 Limitations of Liability.
**(i) Indirect Damages. To the maximum extent permitted by applicable law, in no event will either party be liable to the other party or to any third party for any indirect, special, incidental, punitive, or consequential damages (including for loss of profits, revenue, or data) or for the cost of obtaining substitute products arising out of or in connection with this Agreement, however caused, whether such liability arises from any claim based upon contract, warranty, tort (including negligence), strict liability or otherwise, and whether or not a party has been advised of the possibility of such damages.**
**(ii) Limitation of Total Liability. To the maximum extent permitted by applicable law, in no event will either party's total cumulative liability under this Agreement from all causes of action and all theories of liability exceed the Fees Customer has actually paid to GitHub during the 12 months preceding the claim giving rise to such liability. For products and services (including use of the Products) that are provided free of charge, GitHubs liability is limited to direct damages up to $5,000.00 USD. For Beta Previews, GitHub's liability is limited to direct damages up to $500.00 USD.**
**(iii) Exceptions. The exclusions and limitations set forth in this Section 1.6.4 will not apply to liability arising out of (1) a Partys breach of its confidentiality obligations in Section 1.4 (except for all liability related to Content (excluding GitHub Content), which will remain subject to the limitations and exclusions above); (2) a Partys defense obligations in Section 1.5; or (3) Customers non-compliance with the license grant or license restrictions in Sections 2.1 and 2.2.**
### 1.7 Subscription Licenses.
Subscription Licenses are granted on a per User basis and multiple Users may not use the same Subscription License. Customer may reassign a Subscription License to a new User only after ninety (90) days from the last reassignment of that same Subscription License, unless the reassignment is due to (i) permanent hardware failure or loss, (ii) termination of the Users employment or contract, or (iii) temporary reallocation of Subscription Licenses to cover a Users absence. When Customer reassigns a Subscription License from one User to another, Customer must block the former Users access to the Subscription License and Customers Organizations.
### 1.8 Affiliates.
Customers Affiliates are authorized to use the Software and Service in accordance with this Agreement, so long as Customer remains fully responsible for their access and use of the Software and Service.
### 1.9 Support.
GitHub will provide Support for the Software and Service as follows:
#### 1.9.1 Standard Support.
GitHub will provide standard technical Support for the Software and Service at no additional charge twenty-four (24) hours per day, five (5) days per week, excluding weekends and national U.S. holidays. Standard Support is only offered via web-based ticketing through GitHub Support, and Support requests must be initiated from a User with which GitHub's Support team can interact.
#### 1.9.2 Enhanced Support Offerings.
GitHub may provide enhanced Support offerings for the Software and Service (including the Premium, Premium Plus, and Engineering Direct Support offerings) in accordance with the [Support terms](/enterprise/admin/enterprise-support/about-github-premium-support-for-github-enterprise), and at the Support level, Fees, and Subscription Term specified in an Order Form or SOW.
#### 1.9.3 Exclusions.
GitHub will use reasonable efforts to correct any material, reproducible errors in the Software of which Customer notifies GitHub. However, GitHub will not be responsible for providing Support where (i) someone (other than GitHub) modifies the Software; (ii) Customer changes its operating system or environment in a way that adversely affects the Software or its performance; (iii) Customer uses the Software in a manner other than as authorized under this Agreement or the Documentation; or (iv) there is negligence or misuse by Customer of the Software.
### 1.10 Intellectual Property Rights.
As between the Parties, GitHub owns all right, title and interest, including all intellectual property rights, in and to the Products. GitHub reserves all rights in and to the Products not expressly granted to Customer under this Agreement. GitHub may use, modify, and incorporate into its Products, any Feedback, comments, or suggestions that Customer may provide or post in forums without any obligation to Customer.
### 1.11 Feedback.
Customer may provide Feedback to GitHub regarding the Products. Feedback is voluntary and is not Customer Confidential Information, even if designated as such. GitHub may fully exercise and exploit such Feedback for the purpose of (i) improving the operation, functionality and use of GitHubs existing and future product offerings and commercializing such offerings; and (ii) publishing aggregated statistics about the quality of the Products, provided that no data in any such publication will be used to specifically identify Customer, its employees or Customers proprietary software code.
### 1.12 Compliance with Laws and Regulations.
Customer will comply with all applicable laws and regulations, including, but not limited to, data protection and employment laws and regulations, in its use of the Products.
### 1.13 General Provisions.
#### 1.13.1 Governing Law; Venue.
If Customers principal office is in the Americas, this Agreement will be governed by and construed in accordance with the laws of the State of California, without giving effect to the principles of conflict of law, any legal action or proceeding arising under this Agreement will be brought exclusively in the federal or state courts located in the Northern District of California, and the Parties hereby consent to personal jurisdiction and venue therein. If Customers principal office is outside the Americas, this Agreement will be governed by the laws of Ireland, any legal action or proceeding arising under this Agreement will be brought exclusively in the courts located in Dublin, and the Parties hereby consent to personal jurisdiction and venue therein. The Parties expressly agree that the United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transactions Act will not apply to this Agreement. Notwithstanding anything to the contrary in the foregoing, GitHub may bring a claim for equitable relief in any court with proper jurisdiction.
#### 1.13.2 U.S. Government Users.
The Products were developed solely with private funds and are considered "Commercial Computer Software" and "Commercial Computer Software Documentation" as described in Federal Acquisition Regulations 12.212 and 27.405-3, and Defense Federal Acquisition Regulation Supplement 227.7202-3. The Products are licensed to the U.S. Government end user as restricted computer software and limited rights data. No technical data or computer software is developed under this Agreement. Any use, disclosure, modification, distribution, or reproduction of the Products or Documentation by the U.S. Government or its contractors is subject to the restrictions set forth in this Agreement. All other use is prohibited.
#### 1.13.3 Export.
The Products are subject to export restrictions by the U.S. Government and import restrictions by certain foreign governments, and Customer will comply with all applicable export and import laws and regulations in Customers use of the Products. Customer must not, and must not allow any third party to, remove or export from the United States or allow the export or re-export of any part of the Products or any direct product thereof: (i) into (or to a national or resident of) any embargoed or terrorist-supporting country; (ii) to anyone on the U.S. Commerce Department's Table of Denial Orders or U.S. Treasury Department's list of Specially Designated Nationals; (iii) to any country to which such export or re-export is restricted or prohibited, or as to which the U.S. government or any agency thereof requires an export license or other governmental approval at the time of export or re-export without first obtaining such license or approval; or (iv) otherwise in violation of any export or import restrictions, laws or regulations of any United States or foreign agency or authority. Customer represents and warrants that (a) Customer is not located in, under the control of, or a national or resident of any such prohibited country or on any such prohibited party list and (b) none of Customers data is controlled under the U.S. International Traffic in Arms Regulations. Customer acknowledges and agrees that the Products are restricted from being used for the design or development of nuclear, chemical, or biological weapons or missile technology without the prior permission of the U.S. Government.
#### 1.13.4 No Publicity without Permission.
GitHub may identify Customer as a customer to current and prospective customers. However, GitHub may not use Customers name or logo in any advertising or marketing materials without Customers permission.
#### 1.13.5 Assignment.
Neither Party may assign or otherwise transfer this Agreement, in whole or in part, without the other Party's prior written consent, such consent not to be unreasonably withheld, and any attempt to do so will be null and void, except that GitHub may assign this Agreement in its entirety, upon notice to the other party but without the other Party's consent, in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of the assigning party's business or assets.
#### 1.13.6 Notices.
Unless otherwise stated herein, any notice, request, demand or other communication under this Agreement must be in writing (e-mail is acceptable), must reference this Agreement, and will be deemed to be properly given: (i) upon receipt, if delivered personally; (ii) one (1) business day following confirmation of receipt by the intended recipient, if by e-mail; (iii) five (5) business days after it is sent by registered or certified mail, with written confirmation of receipt and email; or (iv) three (3) business days after deposit with an internationally recognized express courier and email, with written confirmation of receipt. Notices can be sent to the address(es) set forth in this Agreement, unless a Party notifies the other that those addresses have changed.
#### 1.13.7 Force Majeure.
GitHub will be excused from liability to the extent that it is unable to perform any obligation under this Agreement due to extraordinary causes beyond its reasonable control, including acts of God, natural disasters, strikes, lockouts, riots, acts of war, epidemics, or power, telecommunication or network failures.
#### 1.13.8 Independent Contractors.
Each Party is an independent contractor with respect to the subject matter of this Agreement. Nothing contained in this Agreement will be deemed or construed in any manner to create a legal association, partnership, joint venture, employment, agency, fiduciary, or other similar relationship between the Parties, and neither Party can bind the other contractually.
#### 1.13.9 Waiver.
A Party's obligations under this Agreement may only be waived in writing signed by an authorized representative of the other Party. No failure or delay by a Party to this Agreement in exercising any right hereunder will operate as a waiver thereof, nor will any single or partial exercise thereof preclude any other or further exercise thereof or the exercise of any right hereunder at law or equity.
#### 1.13.10 Entire Agreement.
This Agreement, together with the Exhibits and each Order Form and SOW, constitutes the entire agreement and understanding of the Parties with respect to its subject matter, and supersedes all prior or contemporaneous understandings and agreements, whether oral or written, between the Parties with respect to such subject matter. The terms of any Customer purchase order, written terms or conditions, or other document that Customer submits to GitHub that contains terms that are different from or in addition to the terms of this Agreement, any Order Form or SOW will be void and of no effect.
#### 1.13.11 Amendments; Order of Precedence.
GitHub reserves the right, at its sole discretion, to amend this Agreement at any time and will update this Agreement in the event of any such amendments. GitHub will notify Customer of material changes to this Agreement, such as price increases, at least 30 days prior to the change taking effect by posting a notice on the Service or sending email to the primary email address specified in your GitHub account. Customer's continued use of the Service after those 30 days constitutes agreement to those revisions of this Agreement. For any other modifications, Customer's continued use of the Service constitutes agreement to our revisions of this Agreement. Customer can view all changes to this Agreement in our [Site Policy](https://github.com/github/site-policy) repository. In the event of any conflict between the terms of this Agreement and any Order Form or SOW, the terms of the Order Form or SOW will control with respect to that Order Form or SOW only.
#### 1.13.12 Severability.
If any provision of this Agreement is deemed by a court of competent jurisdiction to be illegal, invalid, or unenforceable, the Parties will modify or reform this Agreement to give as much effect as possible to that provision. Any provision that cannot be modified or reformed in this way will be deemed deleted and the remaining provisions of this Agreement will continue in full force and effect.
## SECTION 2: GITHUB ENTERPRISE SERVER LICENSE TERMS
This Section 2 details terms applicable to Customers use of the Software.
### 2.1 License Grant.
GitHub grants to Customer a non-exclusive, non-transferable, worldwide, royalty-free, limited-term license to install and use the Software for Customers internal business purposes during the applicable Subscription Term, in accordance with the Documentation, and only for the number of Subscription Licenses stated in Customers Order Form. The Software includes components licensed to GitHub by third parties, including software whose licenses require GitHub to make the source code for those components available. The source code for such components will be provided upon request. Without limiting the foregoing, this license permits Customer to download and run Microsoft SQL Server Standard Edition container image for Linux files (“**SQL Server Images**”), which may be used only with the Software as documented. Customers right to use the SQL Server Images ends when Customer no longer has rights to use the Software, and Customer must uninstall the SQL Server Images when its right to use them ends. Microsoft Corporation may disable SQL Server Images at any time.
### 2.2 License Restrictions.
Except as expressly permitted by law or by applicable third-party license, Customer and its Affiliates must not and must not allow any third party to: (i) sublicense, sell, rent, lease, transfer, assign, or redistribute the Software; (ii) host the Software for the benefit of third parties; (iii) disclose or permit any third party to access the Software, except as expressly permitted in this Section 2; (iv) hack or modify the License Key, or avoid or change any license registration process; (v) except for Customer Modifications, modify or create derivative works of the Software, or merge the Software with other software; (vi) disassemble, decompile, bypass any code obfuscation, or otherwise reverse engineer the Software or attempt to derive any of its source code, in whole or in part; (vii) modify, obscure, or delete any proprietary rights notices included in or on the Software or Documentation; or (viii) otherwise use or copy the Software or Documentation in a manner not expressly permitted by this Agreement.
### 2.3 Delivery.
GitHub will make the License Key available for Customer to download on a secure, password-protected website. All deliveries under this Section 2 will be electronic. For the avoidance of doubt, Customer is responsible for installation of any Software and acknowledge that GitHub has no further delivery obligation with respect to the Software after delivery of the License Key. As Updates become available, GitHub will make those available for download on the same website. Customer must Update the Software on a commercially reasonable basis but no less than one (1) time per year. Customer is responsible for maintaining the confidentiality of Customers usernames and passwords.
### 2.4 Verification.
At GitHub's request, Customer will promptly provide GitHub with a Software-generated report verifying that Customer is using the Software in accordance with this Agreement. GitHub will invoice Customer for any additional use, effective from the date its use first exceeded the terms of the Agreement.
### 2.5 Updates; Releases.
#### 2.5.1 Generally.
GitHub will make Updates and Releases to the Software available to Customer on the same secure website where Customer downloaded the Software and the License Key.
#### 2.5.2 Supported Releases.
GitHub will only Support a given Release of the Software for one (1) year from the original Release date, or six (6) months from the last Update of the Release, whichever is longer. If Customer requires Support for earlier Releases of the Software, then Customer must pay for that Support in accordance with the terms of a mutually agreed upon Order Form or SOW.
### 2.6 Data Protection Considerations for Use of GitHub Insights and Learning Lab for Enterprise Server.
If Customers planned use of GitHub Insights or Learning Lab for Enterprise Server involves processing personal data, Customer is solely responsible for determining whether or not to complete a data protection impact assessment or otherwise secure formal legal analysis of Customers planned use. It is in Customers sole discretion whether to use GitHub Insights or Learning Lab for Enterprise Server to process Customers employees and/or users data, and if Customer does so, Customer is solely responsible for conducting such processing in compliance with applicable law.
### SECTION 3: GITHUB ENTERPRISE CLOUD TERMS OF SERVICE
Upon creation of a Corporate Account and/or an Organization on the Service by Customer or by GitHub on Customers behalf, this Section 3 details terms applicable to Customers use of the Service.
### 3.1 Account Terms.
#### 3.1.1 Account Controls.
**(i) Users.** Customer acknowledges that Users retain ultimate administrative control over their individual accounts and the Content within them. [GitHub's Standard Terms of Service](/github/site-policy/github-terms-of-service) govern Users' use of the Service, except with respect to Users' activities under this Section 3.
**(ii) Organizations.** Customer retains ultimate administrative control over any Organization created on Customers behalf and User-Generated Content posted to the repositories within its Organization(s), subject to this Section 3. This Section 3 will govern the use of Customers Organization(s).
#### 3.1.2 Account Requirements.
In order to create an account, Customer must adhere to the following:
**(i)** Customer must not create an account for use of any person under the age of 13. If GitHub learns of any User under the age of 13, it will terminate that User's account immediately. If Customer or its User(s) are located in a country outside the United States, that country's minimum age may be older; in such a case, Customer is responsible for complying with that country's laws.
**(ii)** A Users login may not be shared by multiple people.
**(iii)** Customer must not use the Service (a) in violation of export control or sanctions laws of the United States or any other applicable jurisdiction, (b) if it is located in or ordinarily resident in a country or territory subject to comprehensive sanctions administered by the U.S. Office of Foreign Assets Control (OFAC), or (c) if Customer is or is working on behalf of a [Specially Designated National (SDN)](https://www.treasury.gov/resource-center/sanctions/SDN-List/Pages/default.aspx) or a person subject to similar blocking or denied party prohibitions. For more information, please see [GitHubs Export Controls policy](/articles/github-and-export-controls).
#### 3.1.3 Account Security.
Customer is responsible for: (i) all Content posted and activity that occurs under its Corporate Account; (ii) maintaining the security of its account login credentials; and (iii) promptly [notifying GitHub](https://support.github.com/contact?tags=docs-policy) upon becoming aware of any unauthorized use of, or access to, the Service through its account. GitHub will not be liable for any loss or damage from Customers failure to comply with this Section 3.1.3.
#### 3.1.4 Additional Terms.
In some situations, third parties' terms may apply to Customers use of the Service. For example, Customer may be a member of an Organization with its own terms or license agreements; Customer may download an application that integrates with the Service; or Customer may use the Service to authenticate to another service. While this Agreement is GitHub's full agreement with Customer, other parties' terms govern their relationships with Customer.
#### 3.1.5 U.S. Federal Government Terms.
If Customer is a U.S. federal government agency or otherwise accessing or using any portion of the Service in a government capacity, the [U.S. Federal Government Amendment](/articles/amendment-to-github-terms-of-service-applicable-to-us-federal-government-users) applies, and Customer agrees to its provisions.
### 3.2 Compliance with Laws; Acceptable Use; Privacy.
#### 3.2.1 Compliance with Laws and Regulations.
Customers use of the Service must not violate any applicable laws, including copyright or trademark laws, export control laws, or regulations in its jurisdiction.
#### 3.2.2 Acceptable Use.
Customers use of the Service must comply with [GitHub's Acceptable Use Policies](/articles/github-acceptable-use-policies) and [GitHubs Community Guidelines](/articles/github-community-guidelines). Customer must not use the Service in any jurisdiction for unlawful, obscene, offensive or fraudulent Content or activity, such as advocating or causing harm, interfering with or violating the integrity or security of a network or system, evading filters, sending unsolicited, abusive, or deceptive messages, viruses or harmful code, or violating third party rights.
#### 3.2.3 Privacy.
[The GitHub Privacy Statement](/articles/github-privacy-statement) and the [GitHub Data Protection Addendum](/github/site-policy/github-data-protection-addendum) provide detailed notice of GitHub's privacy and data use practices as well as GitHub's processing and security obligations with respect to Customer Personal Data. Any person, entity, or service collecting data from the Service must comply with the [GitHub Privacy Statement](/articles/github-privacy-statement), particularly in regards to the collection of Users' Personal Information (as defined in the GitHub Privacy Statement). If Customer collects any User Personal Information from GitHub, Customer will only use it for the purpose for which the External User has authorized it. Customer will reasonably secure any such Personal Information, and Customer will respond promptly to complaints, removal requests, and "do not contact" requests from GitHub or External Users.
### 3.3 Content Responsibility; Ownership; License Rights.
#### 3.3.1 Responsibility for User-Generated Content.
Customer may create or upload User-Generated Content while using the Service. Customer is solely responsible for any User-Generated Content that it posts, uploads, links to or otherwise makes available via the Service, regardless of the form of that User-Generated Content. GitHub is not responsible for any public display or misuse of User-Generated Content.
#### 3.3.2 Ownership of Content, Right to Post, and License Grants.
**(i)** Customer retains ownership of Customer Content that Customer creates or owns. Customer acknowledges that it: (a) is responsible for Customer Content, (b) will only submit Customer Content that Customer has the right to post (including third party or User-Generated Content), and (c) Customer will fully comply with any third-party licenses relating to Customer Content that Customer posts.
**(ii)** Customer grants the rights set forth in Sections 3.3.3 through 3.3.6, free of charge and for the purposes identified in those sections until such time as Customer removes Customer Content from GitHub servers, except for Content Customer has posted publicly and that External Users have Forked, in which case the license is perpetual until such time as all Forks of Customer Content have been removed from GitHub servers. If Customer uploads Customer Content that already comes with a license granting GitHub the permissions it needs to run the Service, no additional license is required.
#### 3.3.3 License Grant to GitHub.
Customer grants to GitHub the right to store, parse, and display Customer Content, and make incidental copies, only as necessary to provide the Service. This includes the right to copy Customer Content to GitHub's database and make backups; display Customer Content to Customer and those to whom Customer chooses to show it; parse Customer Content into a search index or otherwise analyze it on GitHub's servers; share Customer Content with External Users with whom Customer chooses to share it; and perform Customer Content, in case it is something like music or video. These rights apply to both public and Private Repositories. This license does not grant GitHub the right to sell Customer Content or otherwise distribute or use it outside of the Service. Customer grants to GitHub the rights it needs to use Customer Content without attribution and to make reasonable adaptations of Customer Content as necessary to provide the Service.
#### 3.3.4 License Grant to External Users.
**(i)** Any Content that Customer posts publicly, including issues, comments, and contributions to External Users' repositories, may be viewed by others. By setting its repositories to be viewed publicly, Customer agree to allow External Users to view and Fork Customers repositories.
**(ii)** If Customer sets its pages and repositories to be viewed publicly, Customer grants to External Users a nonexclusive, worldwide license to use, display, and perform Customer Content through the Service and to reproduce Customer Content solely on the Service as permitted through functionality provided by GitHub (for example, through Forking). Customer may grant further rights to Customer Content if Customer [adopts a license](/articles/adding-a-license-to-a-repository/#including-an-open-source-license-in-your-repository). If Customer is uploading Customer Content that it did not create or own, Customer is responsible for ensuring that the Customer Content it uploads is licensed under terms that grant these permissions to External Users.
#### 3.3.5 Contributions Under Repository License.
Whenever Customer makes a contribution to a repository containing notice of a license, Customer licenses such contribution under the same terms and agrees that it has the right to license such contribution under those terms. If Customer has a separate agreement to license its contributions under different terms, such as a contributor license agreement, that agreement will supersede.
#### 3.3.6 Moral Rights.
Customer retains all moral rights to Customer Content that it uploads, publishes, or submits to any part of the Service, including the rights of integrity and attribution. However, Customer waives these rights and agrees not to assert them against GitHub, solely to enable GitHub to reasonably exercise the rights granted in Section 3.3, but not otherwise.
### 3.4. Private Repositories.
#### 3.4.1 Control.
Customer is responsible for managing access to its Private Repositories, including invitations, administrative control of Organizations and teams, and termination of access.
#### 3.4.2 Confidentiality.
GitHub considers Customer Content in Customers Private Repositories to be Customers Confidential Information. GitHub will protect and keep strictly confidential the Customer Content of Private Repositories in accordance with Section 1.4.
#### 3.4.3 Access.
GitHub personnel may only access Customers Private Repositories in the situations described in our [Privacy Statement](/github/site-policy/github-privacy-statement#repository-contents).
Customer may choose to enable additional access to its Private Repositories. For example, Customer may enable various GitHub services or features that require additional rights to Customer Content in Private Repositories. These rights may vary depending on the service or feature, but GitHub will continue to treat Customer Content in Customers Private Repositories as Customers Confidential Information. If those services or features require rights in addition to those it needs to provide the Service, GitHub will provide an explanation of those rights.
Additionally, we may be [compelled by law](/github/site-policy/github-privacy-statement#for-legal-disclosure) to disclose the contents of your private repositories.
GitHub will provide notice regarding our access to private repository content, unless [for legal disclosure](/github/site-policy/github-privacy-statement#for-legal-disclosure), to comply with our legal obligations, or where otherwise bound by requirements under law, for automated scanning, or if in response to a security threat or other risk to security.
### 3.5. Intellectual Property Notices.
#### 3.5.1 GitHub's Rights to Content.
The look and feel of the Service is copyright © GitHub, Inc. All rights reserved. Customer may not duplicate, copy, or reuse any portion of the HTML/CSS, Javascript, or visual design elements or concepts without express written permission from GitHub.
#### 3.5.2 Copyright Infringement and DMCA Policy.
If Customer is a copyright owner and believes that Content on the Service violates Customers copyright, Customer may contact GitHub in accordance with GitHub's [Digital Millennium Copyright Act Policy](https://github.com/contact/dmca) by notifying GitHub via its [DMCA Form](https://github.com/contact/dmca-notice) or by emailing copyright@github.com.
#### 3.5.3 GitHub Trademarks and Logos.
If Customer would like to use GitHub's trademarks, Customer must follow all of GitHub's trademark guidelines, including those on the [GitHub Logos and Usage page](https://github.com/logos).
### 3.6 Suspension.
GitHub has the right to suspend access to all or any part of the Service, including removing Content, at any time for violation of this Agreement or to protect the integrity, operability, and security of the Service, effective immediately, with notice, unless such notice is prohibited by law or legal process or impedes the prevention of imminent harm to the Service or any third party. GitHub typically provides notice in the form of a banner or email on or before such suspension. GitHub will, in its discretion and using good faith, tailor any suspension as needed to preserve the integrity, operability, and security of the Service.
### 3.7 Service Level Agreement.
GitHubs quarterly uptime commitment for the Service is provided in the [Enterprise Service Level Agreement](/github/site-policy/github-enterprise-service-level-agreement). Customer will be entitled to a service credit if GitHub does not meet its service level.
### 3.8 Service Changes.
GitHub changes the Service via Updates and addition of new features. Subject to Section 3.7, GitHub reserves the right at any time to modify or discontinue, temporarily or permanently, the Service (or any part of it) with or without notice.
### 3.9 Additional Service Features.
Some Service features may be subject to additional terms as set forth in the [GitHub Additional Product Terms](/github/site-policy/github-additional-product-terms). By accessing or using these features, Customer agrees to the GitHub Additional Product Terms.
## EXHIBIT A: DEFINITIONS
**"Active User"** means a User trying to access the Service at the time of an Outage.
**”Add-On Software”** means Advanced Security, Insights, Learning Lab for Enterprise Server, and other additional Software add-on products that GitHub may offer from time to time.
**“Advanced Security”** means the Software feature which enables Customer to identify security vulnerabilities through customizable and automated semantic code analysis.
**"Affiliate"** means any entity that directly or indirectly controls, is controlled by, or is under common control with a party where "control" means having more than fifty percent (50%) ownership or the right to direct the management of the entity.
**“All Users”** means, collectively, Customers Users and External Users who use the Service.
**“Americas”** means the United States, Canada, Mexico, or a country in Central or South America or the Caribbean.
**"Beta Previews"** mean software, services, or features identified as alpha, beta, preview, early access, or evaluation, or words or phrases with similar meanings.
**"Confidential Information"** means all non-public information disclosed by either Party to the others, whether in writing, orally or by other means, designated as confidential or that the receiving Party knows or reasonably should know, under the circumstances surrounding the disclosure and the nature of the information, is confidential to the disclosing Party. For the avoidance of doubt, no Content posted on the Service will be considered Confidential Information except for Customer Content stored solely in Customers Private Repositories. Confidential Information does not include any information that (i) was or becomes publicly known through no fault of the receiving party; (ii) was rightfully known or becomes rightfully known to the receiving Party without confidential or proprietary restriction from a source other than the disclosing party who has a right to disclose it; (iii) is approved by the disclosing Party for disclosure without restriction in a written document which is signed by a duly authorized officer of such disclosing Party; (iv) the receiving Party independently develops without access to or use of the other Party's Confidential Information; or (v) is or has been stored or posted on the Service and outside of Customers Private Repositories.
**“Connect”** or **“GitHub Connect”** means a feature included in the Software that enables Customer to connect the Software with the Service. Use of GitHub Connect is subject to the GitHub Connect terms set forth in the [GitHub Additional Product Terms](/github/site-policy/github-additional-product-terms).
**"Content"** means, without limitation, text, data, articles, images, photographs, graphics, software, applications, designs, features, and other materials that are featured, displayed, or otherwise made available through the Service.
**"Corporate Account"** means an account created by a User on behalf of an entity.
**"Customer"** means, collectively, the company or organization that has entered into this Agreement with GitHub by clicking on the "I AGREE" or similar button or by accessing the Products, its Affiliates and Representatives.
**"Customer Content"** means Content that Customer creates, owns, or to which Customer holds the rights.
**“Customer Modifications”** means Software modifications Customer may make solely for the purpose of developing bug fixes, customizations, or additional features to any libraries licensed under open source licenses that may be included with or linked to by the Software.
**"Documentation"** means any manuals, documentation and other supporting materials relating to the Software or Service that GitHub provides or makes available to Customer.
**"Effective Date"** is the earlier of the date on which Customer (i) agrees to the terms and conditions of this Agreement as described above, or (ii) first places an order for the Products.
**"Essential Services"** means the services essential to GitHub's core version control functionality, including creating, Forking, and cloning repositories; creating, committing, and merging branches; creating, reviewing, and merging pull requests; and, web, API, and Git client interfaces to the core Git workflows. The following are examples of peripheral features and services not included: webhooks, Gists, Pages, and email notifications.
**"External User"** means an individual, not including Customers Users, who visit or use the Service.
"Fees" means the fees Customer is required to pay GitHub to (i) use the Products during the applicable Subscription Term or (ii) receive Professional Services, as such fees are reflected on an Order Form or SOW.
**"Feedback"** means any ideas, know-how, algorithms, code contributions, suggestions, enhancement requests, recommendations or any other feedback on GitHub products or services.
**“Fees”** means the fees Customer is required to pay GitHub to (i) use the Products during the applicable Subscription Term or (ii) receive Professional Services, as such fees are reflected on an Order Form or SOW.
**“Fork”** means to copy the Content of one repository into another repository.
**"GitHub"** means, collectively, GitHub, Inc., its Affiliates and Representatives.
**"GitHub Content"** means Content that GitHub creates, owns, or to which it holds the rights.
**"GitHub Insights"** or **“Insights”** means the Software feature which provides Customer with metrics, analytics, and recommendations relating to their use of the Software. GitHub Insights does not include legacy features of GitHub including Organization insights and repository insights.
**"Learning Lab for Enterprise Server"** means the Software feature that enables Users to learn about GitHub functionality, including associated Documentation.
**"License Key"** means the data file used by the Software's access control mechanism that allows Customer to install, operate, and use the Software.
**“Machine Account”** means an account registered by an individual human who accepts the applicable terms of service on behalf of the Machine Account, provides a valid email address, and is responsible for its actions. A Machine Account is used exclusively for performing automated tasks. Multiple Users may direct the actions of a Machine Account, but the owner of the account is ultimately responsible for the machine's actions.
**"Order Form"** means written or electronic documentation (including a quote) that the Parties use to order the Products.
**“Organization”** means a shared workspace that may be associated with a single entity or with one or more Users where multiple Users can collaborate across many projects at once. A User can be a member of more than one Organization.
**"Outage"** means the interruption of an Essential Service that affects more than 50% of Active Users.
**“Private Repository”** means a repository which allows a User to control access to Content.
**"Professional Services"** means training, consulting, or implementation services that GitHub provides pursuant to a mutually executed SOW. Professional Services do not include Support.
**“Public Repository”** means a repository whose Content is visible to All Users.
**"Release"** means a Software release that GitHub makes generally available to its customers, along with any corresponding changes to Documentation, that contains enhancements, new features, or new functionality, generally indicated by a change in the digit to the right of the first decimal point (e.g., x.x.x to x.y.x) or to the left of the first decimal point (e.g., x.x.x to y.x.x).
**"Representatives"** means a Partys employees, agents, independent contractors, consultants, and legal and financial advisors.
**“Scraping”** means extracting data from the Service via an automated process, such as a bot or webcrawler, and does not include the collection of information through GitHub's API.
**"Service"** means the hosted GitHub Enterprise Cloud service. The Service includes: Organization account(s), SAML single sign-on, access provisioning, and any applicable Documentation. This list of features and services is non-exhaustive and may be updated from time to time.
**"Service Credit"** means a dollar credit, calculated as set forth below, that GitHub may credit back to an eligible account.
**"Software"** means GitHub Enterprise Server on-premises software. Software includes the GitHub Connect feature, any applicable Documentation, any Updates to the Software that GitHub provides to Customer or that it can access under this Agreement, and, if included in Customers subscription, Add-On Software.
**"SOW"** means a mutually executed statement of work detailing the Professional Services GitHub will perform, any related Fees, and each Party's related obligations.
**“Subscription License”** means the license assigned to each User to install, operate, access, and use the Products on Customers behalf. Customer may only assign one Subscription License per User across its GitHub Enterprise Server instances and GitHub Enterprise Cloud Organizations. Each User will have access to as many of Customers Enterprise Server instances or Enterprise Cloud Organizations, as Customer permits. For clarity, however, once Customer assigns a Subscription License to a User, Customer will not be authorized to bifurcate the Subscription License so that one User can use a Subscription License on Enterprise Server while another User uses the same Subscription License on another instance of GitHub Enterprise Server or on an Organization on GitHub Enterprise Cloud.
**“Subscription Term”** means one (1) year from the applicable effective date of an order or as otherwise stated in the Order Form.
**“Support”** means technical support for the Software or Service that GitHub may provide.
**“Update”** means a Software release that GitHub makes generally available to its customers, along with any corresponding changes to Documentation, that contains error corrections or bug fixes, generally indicated by a change in the digit to the right of the second decimal point (e.g., x.x.x to x.x.y).
**“Uptime”** means the percentage of time in a given quarter where GitHub's Essential Services will not be interrupted by an Outage affecting more than 50% of Active Users.
**“User”** means (i) with respect to the Software, a single person or Machine Account that initiates the execution of the Software or interacts with or directs the Software in the performance of its functions; and (ii) with respect to the Service, an individual or Machine Account who (a) accesses or uses the Service, (b) accesses or uses any part of Customers account, or (c) directs the use of Customers account in the performance of functions, in each case on Customers behalf. The number of Users should not exceed the number of Subscription Licenses that Customer has purchased.
**“User-Generated Content”** means Content created or owned by a third party or External User.

321
content/github/site-policy-deprecated/github-supplemental-terms-for-microsoft-volume-licensing.md
View File

@@ -1,321 +0,0 @@
---
title: GitHub Supplemental Terms for Microsoft Volume Licensing
hidden: true
redirect_from:
- /articles/GitHub-Supplemental-Terms-for-Microsoft-Volume-Licensing
- /articles/github-supplemental-terms-for-microsoft-volume-licensing
- /github/site-policy/github-supplemental-terms-for-microsoft-volume-licensing
versions:
fpt: '*'
---
_These terms apply to Customers who licensed the Products prior to January 4, 2021. Customers who purchase GitHub Products after that date are directed to https://www.github.com/enterprise-legal for current terms._
The following GitHub Supplemental Terms (including any applicable Order Forms) supplement Customer's Microsoft volume licensing agreement ("**Microsoft Customer Agreement**") and, together with the Microsoft Customer Agreement, govern Customer's use of the Products (as defined below). The Microsoft Customer Agreement is incorporated herein by this reference. Capitalized terms used but not defined in these supplemental terms have the meanings assigned to them in the Microsoft Customer Agreement.
These Supplemental Terms apply to the following GitHub Offerings, as further defined below (collectively, the "**Products**"):
- GitHub Enterprise (comprised of GitHub Enterprise Server, which may include Add-on Software, and GitHub Enterprise Cloud);
- Any related Support; and
- Any related Professional Services.
These GitHub Supplemental Terms include the following Sections and Exhibits, each of which is incorporated by reference herein:
* SECTION 1: GitHub Enterprise Server License Terms;
* SECTION 2: GitHub Enterprise Cloud Terms of Service;
* SECTION 3: General Provisions; and
* EXHIBIT A: Definitions.
## SECTION 1: GITHUB ENTERPRISE SERVER LICENSE TERMS
This Section 1 details terms applicable to Customers use of the Software.
### 1.1 License Grant.
GitHub grants to Customer a non-exclusive, non-transferable, worldwide, royalty-free, limited-term license to install and use the Software for Customers internal business purposes during the applicable Subscription Term, in accordance with the Documentation, and only for the number of Subscription Licenses stated in Customers Order Form. The Software includes components licensed to GitHub by third parties, including software whose licenses require GitHub to make the source code for those components available. The source code for such components will be provided upon request. Without limiting the foregoing, this license permits Customer to download and run Microsoft SQL Server Standard Edition container image for Linux files (“**SQL Server Images**”), which may be used only with the Software as documented. Customers right to use the SQL Server Images ends when Customer no longer has rights to use the Software, and Customer must uninstall the SQL Server Images when its right to use them ends. Microsoft Corporation may disable SQL Server Images at any time.
### 1.2 Restrictions.
Except as expressly permitted by law or by applicable third-party license, Customer and its Affiliates must not and must not allow any third party to: (i) sublicense, sell, rent, lease, transfer, assign, or redistribute the Software; (ii) host the Software for the benefit of third parties; (iii) disclose or permit any third party to access the Software, except as expressly permitted in this Section 1; (iv) hack or modify the License Key, or avoid or change any license registration process; (v) except for Customer Modifications, modify or create derivative works of the Software, or merge the Software with other software; (vi) disassemble, decompile, bypass any code obfuscation, or otherwise reverse engineer the Software or attempt to derive any of its source code, in whole or in part; (vii) modify, obscure, or delete any proprietary rights notices included in or on the Software or Documentation; or (viii) otherwise use or copy the Software or Documentation in a manner not expressly permitted by these GitHub Supplemental Terms.
### 1.3 Delivery.
GitHub will make the License Key available for Customer to download on a secure, password-protected website. All deliveries under this Section 1 will be electronic. For the avoidance of doubt, Customer is responsible for installation of any Software and acknowledge that GitHub has no further delivery obligation with respect to the Software after delivery of the License Key. As Updates become available, GitHub will make those available for download on the same website. Customer must Update the Software on a commercially reasonable basis but no less than one (1) time per year. Customer is responsible for maintaining the confidentiality of Customers usernames and passwords.
### 1.4 Verification.
At GitHub's request, Customer will promptly provide GitHub with a Software-generated report verifying that Customer is using the Software in accordance with these GitHub Supplemental Terms. GitHub will invoice Customer for any additional use, effective from the date its use first exceeded the terms of these GitHub Supplemental Terms.
### 1.5 Support
GitHub will provide technical support for the Software as further described in the Microsoft Customer Agreement. GitHub may provide enhanced Support offerings for the Software and Service (including the Premium, Premium Plus, and Engineering Direct Support offerings) in accordance with the [Support terms](/enterprise/admin/enterprise-support/about-github-premium-support-for-github-enterprise), and at the Support level, Fees, and Subscription Term specified in an Order Form or SOW. Notwithstanding anything to the contrary in the Microsoft Customer Agreement, (i) GitHub will use reasonable efforts to correct any material, reproducible errors in the Software upon Customer's notification of an error but will not be responsible for providing Support where (a) someone (other than GitHub) modifies the Software; (b) Customer changes its operating system or environment in a way that adversely affects the Software or its performance; (c) Customer uses the Software in a manner other than as authorized under the Microsoft Customer Agreement, this Section 1 or the Documentation; or (d) there is a Customer accident or negligence, or misuse of the Software; and (ii) GitHub will only Support a given Release for one (1) year from the original Release date, or six (6) months from the last Update of the Release, whichever is longer.
### 1.6 Updates; Releases.
#### 1.6.1 Generally.
GitHub will make Updates and Releases to the Software available to Customer on the same secure website where Customer downloaded the Software and the License Key.
#### 1.6.2 Supported Releases.
GitHub will only Support a given Release of the Software for one (1) year from the original Release date, or six (6) months from the last Update of the Release, whichever is longer. If Customer requires Support for earlier Releases of the Software, then Customer must pay for that Support in accordance with the terms of a mutually agreed upon Order Form or SOW.
### 1.7 Add-On Software.
Add-On Software is licensed on a per User basis. For the avoidance of doubt, and unless otherwise set forth in an Order Form, the number of Subscription Licenses Customer has at any given time for Add-On Software must equal the number of Subscription Licenses Customer has for the Products under this Agreement. For example, if Customer wishes to purchase a subscription to Insights and already holds Subscription Licenses for 100 Users for the Products, it must purchase Subscription Licenses for 100 Users for Insights.
### 1.8 Data Protection Considerations for Use of GitHub Insights and Learning Lab for Enterprise Server.
If Customers planned use of GitHub Insights or Learning Lab for Enterprise Server involves processing personal data, Customer is solely responsible for determining whether or not to complete a data protection impact assessment or otherwise secure formal legal analysis of Customers planned use. It is in Customers sole discretion whether to use GitHub Insights or Learning Lab for Enterprise Server to process Customers employees and/or users data, and if Customer does so, Customer is solely responsible for conducting such processing in compliance with applicable law.
### 1.9 Limited Software Warranty.
GitHub warrants that, for ninety (90) days from the date it is made available for initial download, the unmodified Software will substantially conform to its Documentation. GitHub does not warrant that Customer's use of the Software will be uninterrupted, or that the operation of the Software will be error-free. This warranty will not apply if Customer modifies or uses the Software in any way that is not expressly permitted by this Section 1 and the Documentation. GitHub's only obligation, and Customer's only remedy, for any breach of this limited warranty will be as set forth in the Microsoft Customer Agreement.
## SECTION 2: GITHUB ENTERPRISE CLOUD TERMS OF SERVICE
Upon creation of a Corporate Account and/or an Organization on the Service by Customer or by GitHub on Customers behalf, this Section 2 details terms applicable to Customers use of the Service.
### 2.1 Account Terms.
#### 2.1.1 Account Controls.
**(i) Users.** Customer acknowledges that Users retain ultimate administrative control over their individual accounts and the Content within them. [GitHub's Standard Terms of Service](/github/site-policy/github-terms-of-service) govern Users' use of the Service, except with respect to Users' activities under this Section 2.
**(ii) Organizations.** Customer retains ultimate administrative control over any Organization created on Customers behalf and User-Generated Content posted to the repositories within its Organization(s), subject to this Section 2. This Section 2 will govern the use of Customers Organization(s).
#### 2.1.2 Account Requirements.
In order to create an account, Customer must adhere to the following:
**(i)** Customer must not create an account for use of any person under the age of 13. If GitHub learns of any User under the age of 13, it will terminate that User's account immediately. If Customer or its User(s) are located in a country outside the United States, that country's minimum age may be older; in such a case, Customer is responsible for complying with that country's laws.
**(ii)** A Users login may not be shared by multiple people.
**(iii)** Customer must not use the Service (a) in violation of export control or sanctions laws of the United States or any other applicable jurisdiction, (b) if it is located in or ordinarily resident in a country or territory subject to comprehensive sanctions administered by the U.S. Office of Foreign Assets Control (OFAC), or (c) if Customer is or is working on behalf of a [Specially Designated National (SDN)](https://www.treasury.gov/resource-center/sanctions/SDN-List/Pages/default.aspx) or a person subject to similar blocking or denied party prohibitions. For more information, please see [GitHubs Trade Controls policy](/github/site-policy/github-and-trade-controls).
#### 2.1.3 Account Security.
Customer is responsible for: (i) all Content posted and activity that occurs under its Corporate Account; (ii) maintaining the security of its account login credentials; and (iii) promptly [notifying GitHub](https://support.github.com/contact?tags=docs-policy) upon becoming aware of any unauthorized use of, or access to, the Service through its account. GitHub will not be liable for any loss or damage from Customers failure to comply with this Section 2.1.3.
#### 2.1.4 Additional Terms.
In some situations, third parties' terms may apply to Customers use of the Service. For example, Customer may be a member of an Organization with its own terms or license agreements; Customer may download an application that integrates with the Service; or Customer may use the Service to authenticate to another service. While the Microsoft Customer Agreement, including these GitHub Supplemental Terms, are GitHub's full agreement with Customer, other parties' terms govern their relationships with Customer.
#### 2.1.5 U.S. Federal Government Terms.
If Customer is a U.S. federal government agency or otherwise accessing or using any portion of the Service in a government capacity, the [U.S. Federal Government Amendment](/github/site-policy/amendment-to-github-terms-of-service-applicable-to-us-federal-government-users) applies, and Customer agrees to its provisions.
### 2.2 Compliance with Laws; Acceptable Use; Privacy.
#### 2.2.1 Compliance with Laws and Regulations.
Customers use of the Service must not violate any applicable laws, including copyright or trademark laws, export control laws, or regulations in its jurisdiction.
#### 2.2.2 Acceptable Use.
Customers use of the Service must comply with [GitHub's Acceptable Use Policies](/github/site-policy/github-acceptable-use-policies) and [GitHubs Community Guidelines](/github/site-policy/github-community-guidelines). Customer must not use the Service in any jurisdiction for unlawful, obscene, offensive or fraudulent Content or activity, such as advocating or causing harm, interfering with or violating the integrity or security of a network or system, evading filters, sending unsolicited, abusive, or deceptive messages, viruses or harmful code, or violating third party rights.
#### 2.2.3 Privacy.
[The GitHub Privacy Statement](/github/site-policy/github-privacy-statement) and the [GitHub Data Protection Addendum](/github/site-policy/github-data-protection-addendum) provide detailed notice of GitHub's privacy and data use practices as well as GitHub's processing and security obligations with respect to Customer Personal Data. Any person, entity, or service collecting data from the Service must comply with the [GitHub Privacy Statement](/github/site-policy/github-privacy-statement), particularly in regards to the collection of Users' Personal Information (as defined in the GitHub Privacy Statement). If Customer collects any User Personal Information from GitHub, Customer will only use it for the purpose for which the External User has authorized it. Customer will reasonably secure any such Personal Information, and Customer will respond promptly to complaints, removal requests, and "do not contact" requests from GitHub or External Users.
### 2.3 Content Responsibility; Ownership; License Rights.
#### 2.3.1 Responsibility for User-Generated Content.
Customer may create or upload User-Generated Content while using the Service. Customer is solely responsible for any User-Generated Content that it posts, uploads, links to or otherwise makes available via the Service, regardless of the form of that User-Generated Content. GitHub is not responsible for any public display or misuse of User-Generated Content.
#### 2.3.2 Ownership of Content, Right to Post, and License Grants.
**(i)** Customer retains ownership of Customer Content that Customer creates or owns. Customer acknowledges that it: (a) is responsible for Customer Content, (b) will only submit Customer Content that Customer has the right to post (including third party or User-Generated Content), and (c) Customer will fully comply with any third-party licenses relating to Customer Content that Customer posts.
**(ii)** Customer grants the rights set forth in Sections 2.3.3 through 2.3.6, free of charge and for the purposes identified in those sections until such time as Customer removes Customer Content from GitHub servers, except for Content Customer has posted publicly and that External Users have Forked, in which case the license is perpetual until such time as all Forks of Customer Content have been removed from GitHub servers. If Customer uploads Customer Content that already comes with a license granting GitHub the permissions it needs to run the Service, no additional license is required.
#### 2.3.3 License Grant to GitHub.
Customer grants to GitHub the right to store, parse, and display Customer Content, and make incidental copies only as necessary to provide the Service. This includes the right to copy Customer Content to GitHub's database and make backups; display Customer Content to Customer and those to whom Customer chooses to show it; parse Customer Content into a search index or otherwise analyze it on GitHub's servers; share Customer Content with External Users with whom Customer chooses to share it; and perform Customer Content, in case it is something like music or video. These rights apply to both public and Private Repositories. This license does not grant GitHub the right to sell Customer Content or otherwise distribute or use it outside of the Service. Customer grants to GitHub the rights it needs to use Customer Content without attribution and to make reasonable adaptations of Customer Content as necessary to provide the Service.
#### 2.3.4 License Grant to External Users.
**(i)** Any Content that Customer posts publicly, including issues, comments, and contributions to External Users' repositories, may be viewed by others. By setting its repositories to be viewed publicly, Customer agree to allow External Users to view and Fork Customers repositories.
**(ii)** If Customer sets its pages and repositories to be viewed publicly, Customer grants to External Users a nonexclusive, worldwide license to use, display, and perform Customer Content through the Service and to reproduce Customer Content solely on the Service as permitted through functionality provided by GitHub (for example, through Forking). Customer may grant further rights to Customer Content if Customer [adopts a license](/github/building-a-strong-community/adding-a-license-to-a-repository#including-an-open-source-license-in-your-repository). If Customer is uploading Customer Content that it did not create or own, Customer is responsible for ensuring that the Customer Content it uploads is licensed under terms that grant these permissions to External Users.
#### 2.3.5 Contributions Under Repository License.
Whenever Customer makes a contribution to a repository containing notice of a license, Customer licenses such contribution under the same terms and agrees that it has the right to license such contribution under those terms. If Customer has a separate agreement to license its contributions under different terms, such as a contributor license agreement, that agreement will supersede.
#### 2.3.6 Moral Rights.
Customer retains all moral rights to Customer Content that it uploads, publishes, or submits to any part of the Service, including the rights of integrity and attribution. However, Customer waives these rights and agrees not to assert them against GitHub, solely to enable GitHub to reasonably exercise the rights granted in Section 2.3, but not otherwise.
### 2.4 Private Repositories.
#### 2.4.1 Control.
Customer is responsible for managing access to its Private Repositories, including invitations, administrative control of Organizations and teams, and termination of access.
#### 2.4.2 Confidentiality.
GitHub considers Customer Content in Customers Private Repositories to be Customers Confidential Information. GitHub will protect and keep strictly confidential the Customer Content of Private Repositories in accordance with the applicable confidentiality provision in the Microsoft Customer Agreement.
#### 2.4.3 Access.
GitHub may only access Customers Private Repositories (i) with Customers consent and knowledge, for support reasons, or (ii) when access is required for security reasons. Customer may choose to enable additional access to its Private Repositories. For example, Customer may enable various GitHub services or features that require additional rights to Customer Content in Private Repositories. These rights may vary depending on the service or feature, but GitHub will continue to treat Customer Content in Customers Private Repositories as Customers Confidential Information. If those services or features require rights in addition to those it needs to provide the Service, GitHub will provide an explanation of those rights.
#### 2.4.4 Exclusions.
If GitHub has reason to believe the Content of a Private Repository is in violation of the law or of these GitHub Supplemental Terms, GitHub has the right to access, review, and remove that Content. Additionally, GitHub may be compelled by law to disclose the Content of Customers Private Repositories. Unless otherwise bound by requirements under law or if in response to a security threat or other risk to security, GitHub will provide notice of such actions.
### 2.5. Intellectual Property Notices.
#### 2.5.1 GitHub's Rights to Content.
The look and feel of the Service is copyright © GitHub, Inc. All rights reserved. Customer may not duplicate, copy, or reuse any portion of the HTML/CSS, Javascript, or visual design elements or concepts without express written permission from GitHub.
#### 2.5.2 Copyright Infringement and DMCA Policy.
If Customer is a copyright owner and believes that Content on the Service violates Customers copyright, Customer may contact GitHub in accordance with GitHub's [Digital Millennium Copyright Act Policy](https://github.com/contact/dmca) by notifying GitHub via its [DMCA Form](https://github.com/contact/dmca-notice) or by emailing copyright@github.com.
#### 2.5.3 GitHub Trademarks and Logos.
If Customer would like to use GitHub's trademarks, Customer must follow all of GitHub's trademark guidelines, including those on the [GitHub Logos and Usage page](https://github.com/logos).
### 2.6 Suspension.
GitHub has the right to suspend access to all or any part of the Service, including removing Content, at any time for violation of the Microsoft Customer Agreement, including these GitHub Supplemental Terms, or to protect the integrity, operability, and security of the Service, effective immediately, with or without notice. Unless prohibited by law or legal process or to prevent imminent harm to the Service or any third party, GitHub typically provides notice in the form of a banner or email on or before such suspension. GitHub will, in its discretion and using good faith, tailor any suspension as needed to preserve the integrity, operability, and security of the Service.
### 2.7 Communications with GitHub.
For contractual purposes, Customer (1) consents to receive communications in an electronic form via the email address it submitted or via the Service; and (2) agrees that all Terms of Service, agreements, notices, disclosures, and other communications that GitHub provides electronically satisfies any legal requirement that those communications would satisfy if they were on paper. This section does not affect Customer's non-waivable rights.
### 2.8 Service Level Agreement.
GitHubs quarterly uptime commitment for the Service is provided in the [Enterprise Service Level Agreement](/github/site-policy/github-enterprise-service-level-agreement). Customer will be entitled to a service credit if GitHub does not meet its service level.
### 2.9 Service Changes.
GitHub changes the Service via Updates and addition of new features. Subject to Section 2.8, GitHub reserves the right at any time to modify or discontinue, temporarily or permanently, the Service (or any part of it) with or without notice.
### 2.10 Additional Service Features.
Some Service features may be subject to additional terms as set forth in the [GitHub Additional Product Terms](/github/site-policy/github-additional-product-terms). By accessing or using these features, Customer agrees to the GitHub Additional Product Terms.
## SECTION 3: GENERAL PROVISIONS.
This Section 3 sets forth the terms and conditions applicable to Customers purchase and use of any of the Products.
### 3.1 Term; Termination; Effect of Termination.
#### 3.1.1 Term.
These GitHub Supplemental Terms will continue in effect until terminated by a Party in accordance with this Section 3.1.
#### 3.1.2 Termination for Convenience; Account Cancellation.
Either Party may terminate an Order Form or these GitHub Supplemental Terms, without cause, upon at least thirty (30) days' prior written notice before the end of the then-current Subscription Term. If Customer elects to terminate an Order Form or these GitHub Supplemental Terms, it is Customer's responsibility to properly cancel its account with GitHub by going into Settings in the global navigation bar at the top of the screen. GitHub cannot cancel accounts in response to an email or phone request.
#### 3.1.3 Termination for Material Breach.
Either Party may terminate these GitHub Supplemental Terms immediately upon notice if the other Party breaches a material obligation under these GitHub Supplemental Terms and fails to cure the breach within thirty (30) days from the date it receives notification. GitHub may terminate these GitHub Supplemental Terms if Customer's Account has been suspended for more than 90 days.
#### 3.1.4 Effect of Termination.
Upon termination of these GitHub Supplemental Terms, Customer may not execute additional Order Forms; however, these GitHub Supplemental Terms will remain in effect for the remainder of any active Order Forms. When an Order Form terminates or expires, as to that Order Form: (i) the Subscription Term will immediately end; (ii) any Subscription Licenses in the Order Form will automatically terminate, and Customer will no longer have the right to use the Products; (iii) if any Fees were owed prior to termination, Customer must pay those Fees immediately; (iv) Customer must destroy all copies of the Software in Customers possession or control, and certify in writing to GitHub that Customer has done so; (v) each Party will promptly return (or, if the other party requests it, destroy) all Confidential Information belonging to the other to the extent permitted by the Service. Notwithstanding the foregoing, Customer may continue to access the Software to migrate Customers data and may request migration of the data in its repositories for up to ninety (90) days after termination or expiration of this Agreement or an Order Form; however, Customer may not use the Software or Service on a production basis during that time. Any provisions which by their nature should reasonably survive will survive the termination or expiration of this Agreement or an Order Form.
### 3.2 Feedback.
Customer may provide Feedback to GitHub regarding the Products. Feedback is voluntary and is not Customer Confidential Information, even if designated as such. GitHub may fully exercise and exploit such Feedback for the purpose of (i) improving the operation, functionality and use of GitHubs existing and future product offerings and commercializing such offerings; and (ii) publishing aggregated statistics about the quality of the Products, provided that no data in any such publication will be used to specifically identify Customer, its employees or Customers proprietary software code.
### 3.3 Compliance with Laws and Regulations.
Customer will comply with all applicable laws and regulations, including, but not limited to, data protection and employment laws and regulations, in its use of the Products.
### 3.4 Order of Precedence
In the event of a conflict between the Supplemental Terms, on one hand, and an Order Form, on the other, the Order Form will govern with respect to that order only. In the event of a conflict between the Supplemental Terms (including any Order Form) and the Microsoft Customer Agreement, the Supplemental Terms will govern with respect to the subject matter only.
## EXHIBIT A: DEFINITIONS
**"Active User"** means a User trying to access the Service at the time of an Outage.
**”Add-On Software”** means Advanced Security, Insights, Learning Lab for Enterprise Server, and other additional Software add-on products that GitHub may offer from time to time.
**“Advanced Security”** means the Software feature which enables Customer to identify security vulnerabilities through customizable and automated semantic code analysis.
**"Affiliate"** means any entity that directly or indirectly controls, is controlled by, or is under common control with a party where "control" means having more than fifty percent (50%) ownership or the right to direct the management of the entity.
**“All Users”** means, collectively, Customers Users and External Users who use the Service.
**“Connect”** or **“GitHub Connect”** means a feature included in the Software that enables Customer to connect the Software with the Service. Use of GitHub Connect is subject to the GitHub Connect terms set forth in the [GitHub Additional Product Terms](/github/site-policy/github-additional-product-terms).
**"Content"** means, without limitation, text, data, articles, images, photographs, graphics, software, applications, designs, features, and other materials that are featured, displayed, or otherwise made available through the Service.
**"Corporate Account"** means an account created by a User on behalf of an entity.
**"Customer"** means, collectively, the company or organization that has entered into these GitHub Supplemental Terms with GitHub by clicking on the "I AGREE" or similar button or by accessing the Products, and Customer's Affiliates and Representatives.
**"Customer Content"** means Content that Customer creates, owns, or to which Customer holds the rights.
**“Customer Modifications”** means Software modifications Customer may make solely for the purpose of developing bug fixes, customizations, or additional features to any libraries licensed under open source licenses that may be included with or linked to by the Software.
**"Documentation"** means any manuals, documentation and other supporting materials relating to the Software or Service that GitHub provides or makes available to Customer.
**"Effective Date"** is the earlier of the date on which Customer (i) agrees to the terms and conditions of these GitHub Supplemental Terms as described above, or (ii) first places an order for the Products.
**"Essential Services"** means the services essential to GitHub's core version control functionality, including creating, Forking, and cloning repositories; creating, committing, and merging branches; creating, reviewing, and merging pull requests; and, web, API, and Git client interfaces to the core Git workflows. The following are examples of peripheral features and services not included: webhooks, Gists, Pages, and email notifications.
**"External User"** means an individual, not including Customers Users, who visit or use the Service.
**"Fees"** means the fees Customer is required to pay GitHub to (i) use the Products during the applicable Subscription Term or (ii) receive Professional Services, as such fees are reflected on an Order Form or SOW.
**“Feedback”** means any ideas, know-how, algorithms, code contributions, suggestions, enhancement requests, recommendations or any other feedback on GitHub products or services.
**“Fork”** means to copy the Content of one repository into another repository.
**"GitHub"** means, collectively, GitHub, Inc., its Affiliates and Representatives.
**"GitHub Content"** means Content that GitHub creates, owns, or to which it holds the rights.
**"GitHub Insights"** or **“Insights”** means the Software feature which provides Customer with metrics, analytics, and recommendations relating to their use of the Software. GitHub Insights does not include legacy features of GitHub including organization insights and repository insights.
**"Learning Lab for Enterprise Server"** means the Software feature that enables Users to learn about GitHub functionality, including associated Documentation.
**"License Key"** means the data file used by the Software's access control mechanism that allows Customer to install, operate, and use the Software.
**“Machine Account”** means an account registered by an individual human who accepts the applicable terms of service on behalf of the Machine Account, provides a valid email address, and is responsible for its actions. A Machine Account is used exclusively for performing automated tasks. Multiple Users may direct the actions of a Machine Account, but the owner of the account is ultimately responsible for the machine's actions.
**"Order Form"** means written or electronic documentation (including a quote) that the Parties use to order the Products.
**“Organization”** means a shared workspace that may be associated with a single entity or with one or more Users where multiple Users can collaborate across many projects at once. A User can be a member of more than one Organization.
**"Outage"** means the interruption of an Essential Service that affects more than 50% of Active Users.
**“Private Repository”** means a repository which allows a User to control access to Content.
**"Professional Services"** means training, consulting, or implementation services that GitHub provides pursuant to a mutually executed SOW. Professional Services do not include Support.
**“Public Repository”** means a repository whose Content is visible to All Users.
**"Release"** means a Software release that GitHub makes generally available to its customers, along with any corresponding changes to Documentation, that contains enhancements, new features, or new functionality, generally indicated by a change in the digit to the right of the first decimal point (e.g., x.x.x to x.y.x) or to the left of the first decimal point (e.g., x.x.x to y.x.x).
**"Representatives"** means a Partys employees, agents, independent contractors, consultants, and legal and financial advisors.
**“Scraping”** means extracting data from the Service via an automated process, such as a bot or webcrawler, and does not include the collection of information through GitHub's API.
**"Service"** means the hosted GitHub Enterprise Cloud service. The Service includes: Organization account(s), SAML single sign-on, access provisioning, and any applicable Documentation. This list of features and services is non-exhaustive and may be updated from time to time.
**"Service Credit"** means a dollar credit, calculated as set forth below, that GitHub may credit back to an eligible account.
**"Software"** means GitHub Enterprise Server on-premises software. Software includes the GitHub Connect feature, any applicable Documentation, any Updates to the Software that GitHub provides to Customer or that it can access under these GitHub Supplemental Terms, and, if included in Customers subscription, Add-On Software.
**"SOW"** means a mutually executed statement of work detailing the Professional Services GitHub will perform, any related Fees, and each Party's related obligations.
**“Subscription License”** means the license assigned to each User to install, operate, access, and use the Products on Customers behalf. Customer may only assign one Subscription License per User across its GitHub Enterprise Server instances and GitHub Enterprise Cloud Organizations. Each User will have access to as many of Customers Enterprise Server instances or Enterprise Cloud Organizations, as Customer permits. For clarity, however, once Customer assigns a Subscription License to a User, Customer will not be authorized to bifurcate the Subscription License so that one User can use a Subscription License on Enterprise Server while another User uses the same Subscription License on another instance of GitHub Enterprise Server or on an Organization on GitHub Enterprise Cloud. Subscription Licenses are granted on a per User basis and multiple Users may not use the same Subscription License. Customer may reassign a Subscription License to a new User only after ninety (90) days from the last reassignment of that same Subscription License, unless the reassignment is due to (i) permanent hardware failure or loss, (ii) termination of the Users employment or contract, or (iii) temporary reallocation of Subscription Licenses to cover a Users absence. When Customer reassigns a Subscription License from one User to another, Customer must block the former Users access to the Subscription License and Customers Organizations.
**“Subscription Term”** means one (1) year from the applicable effective date of an order or as otherwise stated in the Order Form.
**“Support”** means technical support for the Software or Service that GitHub may provide.
**“Update”** means a Software release that GitHub makes generally available to its customers, along with any corresponding changes to Documentation, that contains error corrections or bug fixes, generally indicated by a change in the digit to the right of the second decimal point (e.g., x.x.x to x.x.y).
**“Uptime”** means the percentage of time in a given quarter where GitHub's Essential Services will not be interrupted by an Outage affecting more than 50% of Active Users
**“User”** means (i) with respect to the Software, a single person or Machine Account that initiates the execution of the Software or interacts with or directs the Software in the performance of its functions; and (ii) with respect to the Service, an individual or Machine Account who (a) accesses or uses the Service, (b) accesses or uses any part of Customers account, or (c) directs the use of Customers account in the performance of functions, in each case on Customers behalf. The number of Users should not exceed the number of Subscription Licenses that Customer has purchased.
**“User-Generated Content”** means Content created or owned by a third party or External User.

17
content/github/site-policy-deprecated/index.md
View File

@@ -1,17 +0,0 @@
---
title: Deprecated site policy articles
allowTitleToDifferFromFilename: true
hidden: true
versions:
fpt: '*'
children:
- /amendment-to-github-terms-of-service-applicable-to-us-federal-government-users
- /github-ae-data-protection-agreement
- /github-ae-product-specific-terms
- /github-enterprise-cloud-evaluation-agreement
- /github-enterprise-server-license-agreement
- /github-enterprise-service-level-agreement
- /github-enterprise-subscription-agreement
- /github-supplemental-terms-for-microsoft-volume-licensing
---

2
content/index.md
View File

@@ -18,7 +18,6 @@ children:
- account-and-profile
- authentication
- repositories
- github
- admin
- billing
- site-policy
@@ -27,6 +26,7 @@ children:
- pull-requests
- issues
- actions
- copilot
- codespaces
- packages
- search-github