# AI Stack GRC Compliance Report — 2 platforms - Generated: 2026-06-14T10:33:42.976Z - Source: AIRIN verified findings (gate-verified, verbatim-cited, SHA-256-anchored) > Automated assessment against a published rubric — not legal advice. ## Stack summary | Platform | Headline risk | Verified findings | Dealbreakers | |---|---|---|---| | GitHub Copilot | HIGH | 671 | Third-party sublicensing | | Cursor | HIGH | 279 | Training without opt-out | --- # GRC Risk Assessment — GitHub Copilot - Platform: **GitHub Copilot** (github-copilot) - Headline risk rating: **HIGH** - Website: https://github.com/features/copilot - Generated: 2026-06-14T10:33:42.976Z - Findings (verified, published): **671** > Every assertion is anchored to a verbatim quote with a SHA-256 snapshot hash and a Wayback archive URL for independent verification. Informational only; not legal advice. ## Control crosswalk (NIST AI RMF 1.0 + ISO/IEC 42001) | Surface | Risk | Confidence | NIST AI RMF | ISO/IEC 42001 | |---|---|---|---|---| | training use | high | medium | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | high | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | high | medium | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | high | low | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | high | low | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | medium | medium | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | medium | medium | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | low | medium | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | low | medium | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | low | medium | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | medium | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | ambiguous | low | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | medium | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | prompt ownership | high | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | medium | medium | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | output ownership | medium | medium | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | medium | low | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | low | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | low | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | ambiguous | low | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | medium | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | medium | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | medium | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | commercial use | medium | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | ambiguous | low | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | medium | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | medium | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | medium | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | ambiguous | low | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | privacy data use | high | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | low | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | low | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | data retention | medium | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | medium | medium | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | medium | medium | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | medium | medium | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | medium | medium | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | low | medium | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | subprocessors data sharing | high | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | high | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | high | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | high | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | high | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | medium | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | medium | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | medium | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | medium | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | low | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | ambiguous | low | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | audit rights dpa residency | medium | low | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | medium | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | low | medium | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | low | medium | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | ambiguous | low | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | indemnity liability | high | medium | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | high | medium | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | high | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | high | medium | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | high | medium | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | high | medium | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | high | medium | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | high | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | medium | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | medium | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | confidentiality | medium | medium | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | medium | medium | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | medium | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | medium | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | ambiguous | low | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | governing law disputes | medium | low | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | medium | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | low | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | moderation enforcement | high | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | medium | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | low | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | low | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | low | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | tier differences | high | low | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | high | low | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | high | low | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | medium | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | medium | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | medium | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | medium | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | medium | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | medium | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | medium | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | medium | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | medium | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | low | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | low | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | low | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | low | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | low | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | low | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | low | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | low | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | low | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | low | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | ## Evidence (verbatim, with provenance) ### training use — risk high > In addition, for Individual subscribers only: GitHub may use Copilot interaction data — including prompts (inputs), s uggestions (outputs), and code snippets generated during Copilot sessions — to train and improve AI models. This training helps improve code suggestions for all Copilot users. Individual subscribers can opt out of having their data used for AI model training at any time through https://github.com/settings/copilot/features . Opting out does not affect your access to Copilot features. - Interpretation (disclaimed): Default opt-in to training use of all interaction data including inputs and outputs is a significant risk for Individual tier users. The opt-out mechanism mitigates risk only if exercised. Paid enterprise users are fully excluded. - Tier: Free - Location: “How does GitHub use the Copilot data from Individual (Free/Pro/Pro+) Subscribers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=In%20addition%2C%20for%20Individual,access%20to%20Copilot%20features. ### training use — risk high > The opt-out right described in this section applies solely to the use of your Inputs and Outputs as described in this section, and does not apply to the license granted in Sections D.4-D.8 or to any Content that does not constitute Input or Output (including Content stored in public repositories). - Interpretation (disclaimed): This clause severely limits the practical scope of the training opt-out. Any content outside the narrow Input/Output definition—including all public repository content—remains available to GitHub under other license grants, creating significant residual data-use risk. - Tier: All - Location: § 3 (Development and Improvement Using Your Input and Output) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=The%20opt-out%20right%20described,stored%20in%20public%20repositories). ### training use — risk high > Starting on April 24, GitHub may also use interactions from users with a Copilot Free, Copilot Pro, and Copilot Pro+ subscription - including inputs, outputs, code snippets, and associated context - to train and improve our AI models unless they have opted out. This allows us to build more intelligent, context-aware coding assistance for a more diverse set of coding tasks based on real-world development patterns. Users were notified 30 days before the change went into effect and can opt out from allowing their data to be used for training in their GitHub account settings at any time. - Interpretation (disclaimed): Opt-out-by-default training use of user content (including prompts/code) creates IP, confidentiality, and data-privacy risk for individual users who have not actively opted out. Sensitive proprietary code submitted to Copilot by Free/Pro/Pro+ users may be used to train shared models. The opt-out mechanism mitigates but does not eliminate risk if users are unaware. - Tier: Free - Location: “What data has GitHub Copilot been trained on?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=Starting%20on%20April%2024%2C,settings%20at%20any%20time. ### training use — risk high > Legitimate Interests: We process data for purposes that are in our legitimate interests, such as securing our Services, communicating with you, and developing and improving our Services, which include artificial intelligence and machine learning technologies. - Interpretation (disclaimed): This clause explicitly includes 'artificial intelligence and machine learning technologies' within the scope of 'developing and improving our Services,' meaning user data can be used for AI/ML training or improvement under the legitimate interests lawful basis. - Tier: All - Location: Privacy Policy › “Lawful Bases for Processing Personal Data (Applicable to EEA and UK End Users)” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Legitimate%20Interests%3A%20We%20process,and%20machine%20learning%20technologies. ### training use — risk high > Product Development and Improvement: We use Personal Data to develop and improve our products, services, and technologies, including artificial intelligence and machine learning technologies. This includes improving features, developing new offerings, enhancing safety and security capabilities, and training models. We apply appropriate technical safeguards, including aggregation and de-identification techniques where feasible, to protect your privacy while enabling these improvements. - Interpretation (disclaimed): This clause grants GitHub broad rights to use collected Personal Data — including code, prompts, and AI outputs — for model training. The 'where feasible' qualifier on technical safeguards weakens the privacy protection offered. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Product%20Development%20and%20Improvement%3A,while%20enabling%20these%20improvements. ### training use — risk medium > You also grant GitHub and its Affiliates a license to collect and use your Inputs and Outputs to develop, train and improve artificial intelligence and machine learning models and technologies including those that power AI Features, unless (a) you opt out through your account settings, or (b) your use of the Service is governed by a GitHub Customer Agreement or volume licensing agreement. If you opt out, GitHub will not collect or use your Inputs and Outputs for the purposes described in this paragraph from the effective date of your opt-out going forward. - Interpretation (disclaimed): Default opt-in to training use is a medium risk for individual users. The opt-out is prospective only (no retroactive deletion of already-used data). Enterprise and volume-license customers are exempt from this section entirely, highlighting a meaningful tier difference. - Tier: Free - Location: § 3 (Development and Improvement Using Your Input and Output) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=You%20also%20grant%20GitHub,your%20opt-out%20going%20forward. ### training use — risk medium > Unless you opt out, GitHub's Affiliates may use your Inputs and Outputs under this license in accordance with their applicable privacy and contractual obligations. This license does not, however, permit GitHub or its Affiliates to share your Inputs or Outputs with third-party AI model providers for their own independent model training purposes. The license in this Section J.3 is in addition to, and does not limit, the rights granted to GitHub and its Affiliates under Sections D.4 and D.8. This license does not extend to Your Content stored in repositories that are not provided as Input to an AI Feature. - Interpretation (disclaimed): The carve-out that the J.3 license is 'in addition to, and does not limit' rights under D.4 and D.8 means the opt-out provides only partial protection. Users may believe they have fully opted out of data use for AI purposes when in fact other license grants persist. - Tier: Free - Location: § 3 (Development and Improvement Using Your Input and Output) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=Unless%20you%20opt%20out%2C,to%20an%20AI%20Feature. ### training use — risk low > No. GitHub does not use either Copilot Business or Enterprise data to train its models. - Interpretation (disclaimed): Clear contractual/policy commitment that Business and Enterprise tier data is excluded from model training. Low risk for those tiers. - Tier: Enterprise - Location: “Does GitHub use Copilot Business or Enterprise data to train GitHub’s model?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=No.%20GitHub%20does%20not,to%20train%20its%20models. ### training use — risk low > Data excluded from training by default Free plan Included Pro plan Included Pro+ plan Included Max plan Included - Interpretation (disclaimed): The feature table indicates that user data is excluded from model training by default for all listed individual tiers. This mitigates training-use risk, but the operative scope and any exceptions would be governed by the full Terms of Service and Privacy Statement, which are not reproduced in this document. - Tier: All - Location: “Data excluded from training by default” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=Data%20excluded%20from%20training,Included%20Max%20plan%20Included ### training use — risk low > Does GitHub use Copilot Business or Enterprise data to train GitHub’s model? ### No. GitHub does not use either Copilot Business or Enterprise data to train its models. - Interpretation (disclaimed): GitHub explicitly commits not to use Business or Enterprise subscriber data for model training, which meaningfully lowers training-use risk for paid organizational tiers. - Tier: Paid - Location: “Does GitHub use Copilot Business or Enterprise data to train GitHub’s model?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=Does%20GitHub%20use%20Copilot,to%20train%20its%20models. ### training use — risk unknown > You grant GitHub and our Affiliates the right to store, host, archive, parse, display, and make copies of Your Content as necessary to provide, develop, and improve the Service, including by training AI Features, and for the purpose of training, developing, and improving artificial intelligence and machine learning models and technologies of our Affiliates. This license includes the right to do things like copy it to our database and make backups; show it to you and other Users; parse it into a search index or otherwise analyze it on our servers; share it with other Users; and perform it, in case Your Content is something like music or video. For the avoidance of doubt, use of Your Content to develop, train, and improve artificial intelligence and machine learning models and technologies of GitHub and our Affiliates is within the scope of this license and does not constitute a sale or other restricted transfer of Your Content. - Interpretation (disclaimed): Grants GitHub and its Affiliates an explicit right to use user content for training AI Features and developing machine learning models, including storing, hosting, parsing, and copying content to databases for these purposes. - Tier: All - Location: § 4 (License Grant to Us) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20grant%20GitHub,transfer%20of%20Your%20Content. ### training use — risk unknown > By using automated means to access, collect, or otherwise use (“Access”) any publicly accessible Content from the Service for the purpose of developing or training any commercially available artificial intelligence model, machine learning system, or similar technology (a "Commercial AI System"), you hereby waive any and all policies, terms, conditions, or contractual provisions governing products, services, websites or datasets you own or operate that would otherwise prohibit, restrict, or place conditions upon GitHub's Access to any publicly accessible data, information or content associated with your products or services, including for the purpose of developing or training any Commercial AI System. You further agree not to impose technical or other targeted measures to restrict or retaliate against such Access. - Interpretation (disclaimed): Imposes a reciprocity waiver obligation on entities that use automated means to access GitHub public content for training commercial AI systems, requiring them to waive any policies that would restrict GitHub's access to their own publicly accessible data. - Tier: All - Location: § 9 (Access Reciprocity) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20By%20using%20automated,retaliate%20against%20such%20Access. ### training use — risk unknown > This section applies to all AI Features unless a specific feature has additional terms that expressly modify them. The training and data-use provisions in Section J.3 apply only to individual licenses. If your use of the Service is governed by a GitHub Customer Agreement or volume licensing agreement, those agreements govern the use of your data in connection with AI Features and Section J.3 does not apply to you. - Interpretation (disclaimed): Defines the applicability scope of the AI Features section: Section J applies to all AI Features unless otherwise modified; the training and data-use provisions of J.3 apply only to individual licenses; users governed by a GitHub Customer Agreement or volume licensing agreement are excluded from J.3, and those agreements govern instead. - Tier: All - Location: § 1 (Applicability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20This%20section%20applies,not%20apply%20to%20you. ### training use — risk unknown > Unless you opt out, GitHub's Affiliates may use your Inputs and Outputs under this license in accordance with their applicable privacy and contractual obligations. This license does not, however, permit GitHub or its Affiliates to share your Inputs or Outputs with third-party AI model providers for their own independent model training purposes. - Interpretation (disclaimed): Permits GitHub's Affiliates to use Inputs and Outputs under the license in accordance with their privacy and contractual obligations, but expressly restricts GitHub and its Affiliates from sharing Inputs or Outputs with third-party AI model providers for those providers' independent model training purposes. - Tier: All - Location: § 3 (Development and Improvement Using Your Input and Output) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Unless%20you%20opt,independent%20model%20training%20purposes. ### training use — risk unknown > The opt-out right described in this section applies solely to the use of your Inputs and Outputs as described in this section, and does not apply to the license granted in Sections D.4-D.8 or to any Content that does not constitute Input or Output (including Content stored in public repositories). - Interpretation (disclaimed): Defines the scope of the opt-out right as limited solely to the data uses described in Section J.3, expressly excluding its application to the licenses in Sections D.4–D.8 and to Content not constituting Input or Output (including public repository content). - Tier: All - Location: § 3 (Development and Improvement Using Your Input and Output) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20The%20opt-out%20right,stored%20in%20public%20repositories). ### training use — risk unknown > By using automated means to access, collect, or otherwise use (“Access”) any publicly accessible Content from the Service for the purpose of developing or training any commercially available artificial intelligence model, machine learning system, or similar technology (a "Commercial AI System"), you hereby waive any and all policies, terms, conditions, or contractual provisions governing products, services, websites or datasets you own or operate that would otherwise prohibit, restrict, or place conditions upon GitHub's Access to any publicly accessible data, information or content associated with your products or services, including for the purpose of developing or training any Commercial AI System. You further agree not to impose technical or other targeted measures to restrict or retaliate against such Access. - Interpretation (disclaimed): Carves out exceptions to the access reciprocity waiver obligation for purely academic research purposes or for operators whose products have fewer than 700 million monthly active users, and provides an affiliate-inclusive definition of 'you' for purposes of this section. - Tier: All - Location: § 9 (Access Reciprocity) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20By%20using%20automated,retaliate%20against%20such%20Access. ### training use — risk unknown > You may choose to enable additional access to your private repositories. For example: - Interpretation (disclaimed): Establishes that when users provide private repository content as input to AI Features, GitHub may use that input to provide, develop, train, and improve the Service including AI Features, subject to the user's opt-out rights under Section J.3, and restricts GitHub from otherwise using private repository contents for service development or improvement. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20may%20choose,private%20repositories.%20For%20example%3A ### training use — risk unknown > We use your Inputs to generate Outputs and provide the AI Features. You also grant GitHub and its Affiliates a license to collect and use your Inputs and Outputs to develop, train and improve artificial intelligence and machine learning models and technologies including those that power AI Features, unless (a) you opt out through your account settings, or (b) your use of the Service is governed by a GitHub Customer Agreement or volume licensing agreement. If you opt out, GitHub will not collect or use your Inputs and Outputs for the purposes described in this paragraph from the effective date of your opt-out going forward. - Interpretation (disclaimed): Grants GitHub and its Affiliates a license to collect and use users' Inputs and Outputs to develop, train, and improve AI and machine learning models, subject to opt-out through account settings or enterprise agreement override; establishes the opt-out mechanism and its effective date. - Tier: All - Location: § 3 (Development and Improvement Using Your Input and Output) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%20use%20your,your%20opt-out%20going%20forward. ### training use — risk unknown > Unless you opt out, GitHub's Affiliates may use your Inputs and Outputs under this license in accordance with their applicable privacy and contractual obligations. This license does not, however, permit GitHub or its Affiliates to share your Inputs or Outputs with third-party AI model providers for their own independent model training purposes. - Interpretation (disclaimed): Permits GitHub's Affiliates to use Inputs and Outputs under the training license subject to their privacy and contractual obligations, but explicitly restricts GitHub and Affiliates from sharing Inputs or Outputs with third-party AI model providers for their own independent model training. - Tier: All - Location: § 3 (Development and Improvement Using Your Input and Output) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Unless%20you%20opt,independent%20model%20training%20purposes. ### training use — risk unknown > GitHub Copilot is trained on all languages that appear in public repositories. For each language, the quality of suggestions you receive may depend on the volume and diversity of training data for that language. For example, JavaScript is well-represented in public repositories and is one of GitHub Copilot’s best supported languages. Languages with less representation in public repositories may produce fewer or less robust suggestions. GitHub Copilot is available as an extension in Visual Studio Code, Visual Studio, Vim, Neovim, the JetBrains suite of IDEs, and Azure Data Studio. Although inline suggestion functionality is available across all these extensions, chat functionality is currently available only in Visual Studio Code, JetBrains, and Visual Studio. GitHub Copilot is also supported in terminals through GitHub CLI and as a chat integration in Windows Terminal Canary. With the GitHub Copilot Enterprise plan, GitHub Copilot is natively integrated into GitHub.com. All plans are supported in GitHub Copilot in GitHub Mobile. GitHub Mobile for Copilot Pro and Copilot Business have access to Bing and public repository code search. Copilot Enterprise in GitHub Mobile gives you additional access to your organization's knowledge. - Interpretation (disclaimed): Segment describes the training data sources for GitHub Copilot (public repositories and code), explains how suggestion quality varies by language representation, and identifies supported IDE integrations; the reference to training on public repository data is legally operative context for the training_use surface. - Tier: All - Location: “What languages, IDEs, and platforms does GitHub Copilot support?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20is,to%20your%20organization%26%23x27%3Bs%20knowledge. ### training use — risk unknown > GitHub Copilot is powered by generative AI models developed by GitHub, OpenAI, and Microsoft. It has been trained on natural language text and source code from publicly available sources, including code in public repositories on GitHub. Starting on April 24, GitHub may also use interactions from users with a Copilot Free, Copilot Pro, and Copilot Pro+ subscription - including inputs, outputs, code snippets, and associated context - to train and improve our AI models unless they have opted out. This allows us to build more intelligent, context-aware coding assistance for a more diverse set of coding tasks based on real-world development patterns. Users were notified 30 days before the change went into effect and can opt out from allowing their data to be used for training in their GitHub account settings at any time. - Interpretation (disclaimed): Segment discloses that GitHub Copilot has been trained on public repository data and specifies that starting April 24, GitHub may use interactions (inputs, outputs, code snippets, and context) from Free, Pro, and Pro+ subscribers to train and improve AI models unless users opt out, establishing a conditional data use obligation and an opt-out right that is operative for the training_use surface. - Tier: All - Location: “What data has GitHub Copilot been trained on?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20is,at%20any%20time.%20 ### training use — risk unknown > GitHub Copilot is trained on all languages that appear in public repositories. For each language, the quality of suggestions you receive may depend on the volume and diversity of training data for that language. For example, JavaScript is well-represented in public repositories and is one of GitHub Copilot’s best supported languages. Languages with less representation in public repositories may produce fewer or less robust suggestions. GitHub Copilot is available as an extension in Visual Studio Code, Visual Studio, Vim, Neovim, the JetBrains suite of IDEs, and Azure Data Studio. Although inline suggestion functionality is available across all these extensions, chat functionality is currently available only in Visual Studio Code, JetBrains, and Visual Studio. GitHub Copilot is also supported in terminals through GitHub CLI and as a chat integration in Windows Terminal Canary. With the GitHub Copilot Enterprise plan, GitHub Copilot is natively integrated into GitHub.com. All plans are supported in GitHub Copilot in GitHub Mobile. GitHub Mobile for Copilot Pro and Copilot Business have access to Bing and public repository code search. Copilot Enterprise in GitHub Mobile gives you additional access to your organization's knowledge. - Interpretation (disclaimed): Defines the training data composition of GitHub Copilot (public repositories across languages), which is directly relevant to understanding the scope of training-use practices and the basis for IP and output-quality representations. - Tier: All - Location: “What languages, IDEs, and platforms does GitHub Copilot support?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20is,to%20your%20organization%26%23x27%3Bs%20knowledge. ### training use — risk unknown > No. GitHub does not use either Copilot Business or Enterprise data to train its models. - Interpretation (disclaimed): Explicitly states that GitHub does not use Copilot Business or Enterprise data to train its models, establishing a binding restriction against training use for those tiers. - Tier: All - Location: “Does GitHub use Copilot Business or Enterprise data to train GitHub’s model?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20No.%20GitHub%20does,train%20its%20models.%20 ### training use — risk ambiguous > J. AI Features, Training, and Your Data These are the terms that apply to GitHub Copilot and other AI features, including how your data may be used for development and improvement of the artificial intelligence and machine learning models, and the controls available to you. - Interpretation (disclaimed): The summary table confirms training use of user data is addressed in Section J, which is missing from the provided excerpt. This is a material risk surface that users of Copilot and other AI features must review in Section J directly. - Tier: All - Location: Article I - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=J.%20AI%20Features%2C%20Training%2C,controls%20available%20to%20you. ### training use — risk unknown > The license in this Section J.3 is in addition to, and does not limit, the rights granted to GitHub and its Affiliates under Sections D.4 and D.8. This license does not extend to Your Content stored in repositories that are not provided as Input to an AI Feature. - Interpretation (disclaimed): States that the Section J.3 license is additive to rights granted under Sections D.4 and D.8 and does not extend to Content stored in repositories not provided as Input to an AI Feature, cross-referencing and incorporating other license provisions. - Tier: All - Location: § 3 (Development and Improvement Using Your Input and Output) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20The%20license%20in,to%20an%20AI%20Feature. ### training use — risk unknown > The opt-out right described in this section applies solely to the use of your Inputs and Outputs as described in this section, and does not apply to the license granted in Sections D.4-D.8 or to any Content that does not constitute Input or Output (including Content stored in public repositories). - Interpretation (disclaimed): Limits the scope of the opt-out right to uses described in Section J.3, clarifying it does not affect licenses granted under Sections D.4–D.8 or Content not constituting Input or Output such as content in public repositories. - Tier: All - Location: § 3 (Development and Improvement Using Your Input and Output) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20The%20opt-out%20right,stored%20in%20public%20repositories). ### training use — risk unknown > By choosing to contribute Content to a public repository, you are choosing to and directing us to make such Content accessible to everyone on the internet. Unless specifically set forth herein, these Terms do not restrict lawful access to or use of the contents of public repositories by third parties, or by GitHub or its Affiliates. - Interpretation (disclaimed): Section header for access reciprocity, serving as a structural incorporation reference for the conditional waiver terms applicable to entities using GitHub's public content for commercial AI training purposes. - Tier: All - Location: § 8 (Public Repositories and Lawful Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20By%20choosing%20to,GitHub%20or%20its%20Affiliates. ### training use — risk unknown > This section applies to all AI Features unless a specific feature has additional terms that expressly modify them. The training and data-use provisions in Section J.3 apply only to individual licenses. If your use of the Service is governed by a GitHub Customer Agreement or volume licensing agreement, those agreements govern the use of your data in connection with AI Features and Section J.3 does not apply to you. - Interpretation (disclaimed): Defines the applicability of Section J's AI training and data-use provisions, creating an exception for enterprise users governed by a GitHub Customer Agreement or volume licensing agreement, under which Section J.3 does not apply and those agreements control data use. - Tier: All - Location: § 1 (Applicability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20This%20section%20applies,not%20apply%20to%20you. ### training use — risk unknown > "AI Feature" means any feature of GitHub or our Affiliates that uses machine learning or artificial intelligence to generate Output, including GitHub Copilot, Copilot Autofix, and any other feature identified as using machine learning or artificial intelligence in our documentation. - Interpretation (disclaimed): Defines 'AI Feature' as any GitHub or Affiliate feature using machine learning or artificial intelligence to generate Output, including named products like GitHub Copilot; this definition scopes which features are subject to AI-specific training and data use terms. - Tier: All - Location: § A (Definitions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20%22AI%20Feature%22%20means,intelligence%20in%20our%20documentation. ### training use — risk unknown > J. AI Features, Training, and Your Data These are the terms that apply to GitHub Copilot and other AI features, including how your data may be used for development and improvement of the artificial intelligence and machine learning models, and the controls available to you. - Interpretation (disclaimed): Summary entry describing AI Features, Training, and Your Data section; explicitly incorporates by reference the terms governing GitHub Copilot and other AI features including how user data may be used for AI/ML model development and improvement, and user controls available. - Tier: All - Location: Article I - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20J.%20AI%20Features%2C,available%20to%20you.%20 ### training use — risk unknown > You grant GitHub and our Affiliates the right to store, host, archive, parse, display, and make copies of Your Content as necessary to provide, develop, and improve the Service, including by training AI Features, and for the purpose of training, developing, and improving artificial intelligence and machine learning models and technologies of our Affiliates. This license includes the right to do things like copy it to our database and make backups; show it to you and other Users; parse it into a search index or otherwise analyze it on our servers; share it with other Users; and perform it, in case Your Content is something like music or video. For the avoidance of doubt, use of Your Content to develop, train, and improve artificial intelligence and machine learning models and technologies of GitHub and our Affiliates is within the scope of this license and does not constitute a sale or other restricted transfer of Your Content. - Interpretation (disclaimed): Grants GitHub and its Affiliates an explicit license to store, host, archive, parse, display, copy, and use user content for providing and improving the Service, including specifically for training AI features and developing AI/ML models, constituting a broad permission for training use of user content. - Tier: All - Location: § 4 (License Grant to Us) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20grant%20GitHub,transfer%20of%20Your%20Content. ### training use — risk unknown > This Section D.9 does not apply to Access solely for the purpose of academic research or if, on the date you Access the Content, the number of monthly active users of the products or services made available by you is less than 700 million in the preceding calendar month. For the purposes of this Section, "you" shall refer to you and any entity that directly or indirectly controls, is controlled by, or is under common control with you (affiliates). - Interpretation (disclaimed): Carves out exceptions to the access reciprocity obligation for academic research and for operators whose products have fewer than 700 million monthly active users, and defines 'you' to include affiliates under common control. - Tier: All - Location: § 9 (Access Reciprocity) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20This%20Section%20D.9,control%20with%20you%20(affiliates). ### training use — risk unknown > J. AI Features, Training, and Your Data These are the terms that apply to GitHub Copilot and other AI features, including how your data may be used for development and improvement of the artificial intelligence and machine learning models, and the controls available to you. - Interpretation (disclaimed): Summary entry for Section J explicitly describes terms governing AI features and training use of user data, including how data may be used for development and improvement of AI/ML models and available controls; cross-reference incorporating training-use and privacy-data-use obligations. - Tier: All - Location: Article I - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20J.%20AI%20Features%2C,available%20to%20you.%20 ### training use — risk unknown > "AI Feature" means any feature of GitHub or our Affiliates that uses machine learning or artificial intelligence to generate Output, including GitHub Copilot, Copilot Autofix, and any other feature identified as using machine learning or artificial intelligence in our documentation. - Interpretation (disclaimed): Defines 'AI Feature' as any GitHub or Affiliate feature using machine learning or artificial intelligence to generate Output, including GitHub Copilot; this definition scopes which features are subject to AI-related data-use and training-use provisions throughout the agreement. - Tier: All - Location: § A (Definitions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20%22AI%20Feature%22%20means,intelligence%20in%20our%20documentation. ### training use — risk unknown > The license in this Section J.3 is in addition to, and does not limit, the rights granted to GitHub and its Affiliates under Sections D.4 and D.8. This license does not extend to Your Content stored in repositories that are not provided as Input to an AI Feature. - Interpretation (disclaimed): States that the Section J.3 license is in addition to rights in Sections D.4 and D.8 and does not limit them; also clarifies that the license does not extend to Content stored in repositories not provided as Input, thereby defining the boundaries of the training license. - Tier: All - Location: § 3 (Development and Improvement Using Your Input and Output) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20The%20license%20in,to%20an%20AI%20Feature. ### training use — risk unknown > If you provide your private repository content as Input to AI Features, we may use that Input to provide, develop, train, and improve the Service, including AI Features. Your ability to opt out under Section J.3 applies to this use of private repository content. We will not otherwise use your private repository contents to develop or improve the Service. - Interpretation (disclaimed): Permits GitHub to use private repository content submitted as input to AI Features for training and improving the Service and AI Features, subject to the user's opt-out right under Section J.3, and restricts other uses of private repository content for service improvement. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20you%20provide,or%20improve%20the%20Service. ### training use — risk unknown > We use your Inputs to generate Outputs and provide the AI Features. You also grant GitHub and its Affiliates a license to collect and use your Inputs and Outputs to develop, train and improve artificial intelligence and machine learning models and technologies including those that power AI Features, unless (a) you opt out through your account settings, or (b) your use of the Service is governed by a GitHub Customer Agreement or volume licensing agreement. If you opt out, GitHub will not collect or use your Inputs and Outputs for the purposes described in this paragraph from the effective date of your opt-out going forward. - Interpretation (disclaimed): Grants GitHub and its Affiliates a license to collect and use user Inputs and Outputs to develop, train, and improve AI and ML models, subject to opt-out through account settings or exclusion under a Customer Agreement or volume licensing agreement; specifies that the opt-out is effective from the date it is exercised. - Tier: All - Location: § 3 (Development and Improvement Using Your Input and Output) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%20use%20your,your%20opt-out%20going%20forward. ### training use — risk unknown > GitHub uses the Copilot data from Individual subscribers for all the operational purposes described above for Business/Enterprise subscribers. In addition, for Individual subscribers only: GitHub may use Copilot interaction data — including prompts (inputs), s uggestions (outputs), and code snippets generated during Copilot sessions — to train and improve AI models. This training helps improve code suggestions for all Copilot users. Individual subscribers can opt out of having their data used for AI model training at any time through https://github.com/settings/copilot/features . Opting out does not affect your access to Copilot features. For details on GitHub's data processing activities as a controller, particularly for Copilot Free, Copilot Pro, and Copilot Pro customers, refer to the GitHub Terms of Service and the GitHub Privacy Statement. - Interpretation (disclaimed): This segment grants GitHub permission to use Individual subscribers' Copilot interaction data—including prompts, suggestions, and code snippets—for AI model training, and specifies that Individual subscribers may opt out of this training use at any time, distinguishing Individual from Business/Enterprise treatment. - Tier: All - Location: “How does GitHub use the Copilot data from Individual (Free/Pro/Pro+) Subscribers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20uses%20the,GitHub%20Privacy%20Statement.%20 ### training use — risk unknown > Feedback Data: This comprises real-time user feedback, including reactions (e.g., thumbs up/down) and optional comments, along with feedback from support tickets. - Interpretation (disclaimed): Section header introducing the question of whether GitHub uses Copilot Business or Enterprise data to train its models, framing the restriction confirmed in the next segment. - Tier: All - Location: “What personal data does GitHub Copilot process?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Feedback%20Data%3A%20This,feedback%20from%20support%20tickets. ### training use — risk unknown > GitHub uses the Copilot data from Individual subscribers for all the operational purposes described above for Business/Enterprise subscribers. In addition, for Individual subscribers only: GitHub may use Copilot interaction data — including prompts (inputs), s uggestions (outputs), and code snippets generated during Copilot sessions — to train and improve AI models. This training helps improve code suggestions for all Copilot users. Individual subscribers can opt out of having their data used for AI model training at any time through https://github.com/settings/copilot/features . Opting out does not affect your access to Copilot features. For details on GitHub's data processing activities as a controller, particularly for Copilot Free, Copilot Pro, and Copilot Pro customers, refer to the GitHub Terms of Service and the GitHub Privacy Statement. - Interpretation (disclaimed): This segment grants GitHub permission to use Copilot interaction data — including prompts, suggestions, and code snippets — from Individual subscribers to train and improve AI models, while also establishing a right for users to opt out of such training use, and distinguishing this practice as exclusive to Individual subscribers versus Business/Enterprise tiers. - Tier: All - Location: “How does GitHub use the Copilot data from Individual (Free/Pro/Pro+) Subscribers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20uses%20the,GitHub%20Privacy%20Statement.%20 ### training use — risk unknown > GitHub Copilot is powered by generative AI models developed by GitHub, OpenAI, and Microsoft. It has been trained on natural language text and source code from publicly available sources, including code in public repositories on GitHub. Starting on April 24, GitHub may also use interactions from users with a Copilot Free, Copilot Pro, and Copilot Pro+ subscription - including inputs, outputs, code snippets, and associated context - to train and improve our AI models unless they have opted out. This allows us to build more intelligent, context-aware coding assistance for a more diverse set of coding tasks based on real-world development patterns. Users were notified 30 days before the change went into effect and can opt out from allowing their data to be used for training in their GitHub account settings at any time. - Interpretation (disclaimed): Discloses that GitHub may use interactions (inputs, outputs, code snippets, context) from Free, Pro, and Pro+ subscribers to train and improve AI models unless users opt out, establishing the opt-out mechanism and the scope of training-use data collection as a conditional obligation on GitHub. - Tier: All - Location: “What data has GitHub Copilot been trained on?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20is,at%20any%20time.%20 ### training use — risk unknown > Product Development and Improvement: We use Personal Data to develop and improve our products, services, and technologies, including artificial intelligence and machine learning technologies. This includes improving features, developing new offerings, enhancing safety and security capabilities, and training models. We apply appropriate technical safeguards, including aggregation and de-identification techniques where feasible, to protect your privacy while enabling these improvements. - Interpretation (disclaimed): This segment explicitly permits GitHub to use personal data for product development and improvement including training AI and machine learning models, with a noted procedural safeguard of aggregation and de-identification where feasible, making it an operative permission for AI training use of user data. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Product%20Development%20and,while%20enabling%20these%20improvements. ### prompt ownership — risk high > If you choose to give us any ideas, know-how, algorithms, code contributions, suggestions, enhancement requests, recommendations or any other feedback for our products or services (collectively, “Feedback”), you acknowledge and agree that GitHub will have a royalty-free, fully paid-up, worldwide, transferable, sub-licensable, irrevocable and perpetual license to implement, use, modify, commercially exploit and/or incorporate the Feedback into our products, services, and documentation. - Interpretation (disclaimed): The license grant for Feedback is among the broadest possible: irrevocable, perpetual, worldwide, transferable, sublicensable, and allows commercial exploitation. Users who share proprietary ideas or code as feedback permanently surrender meaningful control over that material. - Tier: All - Location: § 3 (Feedback) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=If%20you%20choose%20to,products%2C%20services%2C%20and%20documentation. ### prompt ownership — risk medium > D. User-Generated Content You own the content you post on GitHub. However, you have some responsibilities regarding it, and we ask you to grant us some rights so we can provide services to you. - Interpretation (disclaimed): The summary table is binding only in so far as it points to Section D. The acknowledgment that GitHub asks users to 'grant us some rights' signals a license-back on user-generated content. The full operative clause is in the truncated Section D body. - Tier: All - Location: Article D - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=D.%20User-Generated%20Content%20You,provide%20services%20to%20you. ### prompt ownership — risk unknown > “Input” means any content or context provided to an AI Feature, including prompts, attachments, code in your workspace, and conversation history. - Interpretation (disclaimed): Defines 'Input' as any content or context provided to an AI Feature, including prompts, attachments, code in workspace, and conversation history; this is an operative definition that scopes what user-provided material is subject to AI feature data-use, training-use, and ownership provisions. - Tier: All - Location: § A (Definitions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20%E2%80%9CInput%E2%80%9D%20means%20any,workspace%2C%20and%20conversation%20history. ### prompt ownership — risk unknown > Users. Subject to these Terms, you retain ultimate administrative control over your Personal Account and the Content within it. - Interpretation (disclaimed): Grants users ultimate administrative control over their Personal Account and the Content within it, subject to the Terms, establishing the user's retained control right over their content. - Tier: All - Location: § 1 (Account Controls) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Users.%20Subject%20to,the%20Content%20within%20it. ### prompt ownership — risk unknown > This Agreement is licensed under this Creative Commons Zero license . For details, see our site-policy repository . - Interpretation (disclaimed): Incorporates a Creative Commons Zero license as the governing license for the Agreement text itself, and cross-references the site-policy repository for further details, establishing the legal basis for reuse of policy content. - Tier: All - Location: § 3 (License to GitHub Policies) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20This%20Agreement%20is,our%20site-policy%20repository%20. ### prompt ownership — risk unknown > “Input” means any content or context provided to an AI Feature, including prompts, attachments, code in your workspace, and conversation history. - Interpretation (disclaimed): Defines 'Input' as any content or context provided to an AI Feature, including prompts, attachments, workspace code, and conversation history; this definition scopes what user-provided material is subject to AI-related data use and ownership provisions. - Tier: All - Location: § A (Definitions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20%E2%80%9CInput%E2%80%9D%20means%20any,workspace%2C%20and%20conversation%20history. ### prompt ownership — risk unknown > "Your Content" means User-Generated Content that you upload, submit, or create, including your modifications to Content you have forked or cloned. It does not include the underlying Content created by others. - Interpretation (disclaimed): Defines 'Your Content' as a subset of User-Generated Content created or modified by the specific user, excluding content created by others, directly scoping ownership and license obligations applied to the user's own contributions. - Tier: All - Location: § A (Definitions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20%22Your%20Content%22%20means,Content%20created%20by%20others. ### prompt ownership — risk unknown > You agree that you will not under any circumstances violate our Acceptable Use Policies or Community Guidelines . - Interpretation (disclaimed): Summary statement of the User-Generated Content section, previewing that users own their content but grant GitHub certain limited rights to display and share it, and that GitHub retains removal and account-closure rights — directly characterizing the ownership and license framework. - Tier: All - Location: Article C (Acceptable Use) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20agree%20that,or%20Community%20Guidelines%20. ### prompt ownership — risk unknown > We will terminate the Accounts of repeat infringers of this policy. - Interpretation (disclaimed): Short-version summary asserting GitHub's ownership of the Service and its content, granting users only limited, conditioned rights to use GitHub's content, and restricting use to permitted manners only, establishing the foundational IP ownership and use restriction framework. - Tier: All - Location: § F (Copyright Infringement and DMCA Policy) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%20will%20terminate,infringers%20of%20this%20policy. ### prompt ownership — risk unknown > We’re always trying to improve our products and services, and your feedback as a Beta Preview user will help us do that. If you choose to give us any ideas, know-how, algorithms, code contributions, suggestions, enhancement requests, recommendations or any other feedback for our products or services (collectively, “Feedback”), you acknowledge and agree that GitHub will have a royalty-free, fully paid-up, worldwide, transferable, sub-licensable, irrevocable and perpetual license to implement, use, modify, commercially exploit and/or incorporate the Feedback into our products, services, and documentation. - Interpretation (disclaimed): This clause grants GitHub a royalty-free, fully paid-up, worldwide, transferable, sub-licensable, irrevocable, and perpetual license to implement, use, modify, commercially exploit, and incorporate user-submitted Feedback into its products and services, effectively transferring broad IP rights over user-provided Feedback to GitHub. - Tier: All - Location: § 3 (Feedback) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%E2%80%99re%20always%20trying,products%2C%20services%2C%20and%20documentation. ### prompt ownership — risk unknown > "User-Generated Content" means Content that you or other users upload, submit, or create through the Service. - Interpretation (disclaimed): Defines 'User-Generated Content' as content uploaded, submitted, or created by users through the Service, which is foundational to subsequent ownership and license grant clauses. - Tier: All - Location: § A (Definitions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20%22User-Generated%20Content%22%20means,create%20through%20the%20Service. ### prompt ownership — risk unknown > If you believe that content on our website violates your copyright, please contact us in accordance with our Digital Millennium Copyright Act Policy . If you are a copyright owner and you believe that content on GitHub violates your rights, please contact us via our convenient DMCA form or by emailing copyright@github.com . There may be legal consequences for sending a false or frivolous takedown notice. Before sending a takedown request, you must consider legal uses such as fair use and licensed uses. - Interpretation (disclaimed): Section header for intellectual property notice, serving as a structural incorporation reference for the terms establishing GitHub's ownership of the Service and content and the limited rights granted to users for use of that content. - Tier: All - Location: § F (Copyright Infringement and DMCA Policy) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20you%20believe,use%20and%20licensed%20uses. ### output ownership — risk medium > GitHub does not claim ownership of your Input or Output. Output may contain material that resembles code or content in the model's training data or that is subject to third-party copyrights or open source license terms. You are responsible for determining whether your use of Output requires a third-party license and for complying with any such license. - Interpretation (disclaimed): While the ownership disclaimer is user-favorable, the downstream IP risk is shifted entirely to the user. Users must independently audit outputs for third-party copyright or open-source license encumbrances, creating material legal exposure especially for commercial or product use. - Tier: All - Location: § 2 (Ownership) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=GitHub%20does%20not%20claim,with%20any%20such%20license. ### output ownership — risk medium > What are the intellectual property considerations when using GitHub Copilot? ### The primary IP considerations for GitHub Copilot relate to copyright. The model that powers Copilot is trained on a broad collection of publicly accessible code, which may include copyrighted code, and Copilot’s suggestions (in rare instances) may resemble the code its model was trained on. - Interpretation (disclaimed): GitHub discloses that AI-generated suggestions may match copyrighted code, and frames the infringement risk as the user's responsibility to evaluate ('it is ultimately up to the user to determine whether to use the suggestion'). This effectively transfers IP risk to the user for any matching suggestions adopted. - Tier: All - Location: “What are the intellectual property considerations when using GitHub Copilot?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=What%20are%20the%20intellectual,model%20was%20trained%20on. ### output ownership — risk low > We don’t determine whether a suggestion is capable of being owned, but we are clear that GitHub does not claim ownership of a suggestion. Whether a suggestion generated by an AI model can be owned depends on many factors (e.g. the intellectual property law in the relevant country, the length of the suggestion, the extent that suggestion is considered ‘functional’ instead of expressive, etc). If a suggestion is capable of being owned, our terms are clear: GitHub does not claim ownership. GitHub does not claim ownership of any suggestion. - Interpretation (disclaimed): GitHub's disclaimer of ownership is user-favorable. However, the caveat that ownership 'depends on many factors' and the lack of an affirmative grant of ownership to the user leaves legal uncertainty about whether outputs are actually owned by anyone, creating downstream IP risk for users. - Tier: All - Location: “Who owns the suggestions provided by GitHub Copilot?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=We%20don%E2%80%99t%20determine%20whether,ownership%20of%20any%20suggestion. ### output ownership — risk low > GitHub does not claim ownership of a suggestion. Whether a suggestion generated by an AI model can be owned depends on many factors (e.g. the intellectual property law in the relevant country, the length of the suggestion, the extent that suggestion is considered ‘functional’ instead of expressive, etc). If a suggestion is capable of being owned, our terms are clear: GitHub does not claim ownership. GitHub does not claim ownership of any suggestion. - Interpretation (disclaimed): GitHub waives any ownership claim over generated outputs/suggestions. This is favorable to users, but the hedging language about whether suggestions are 'capable of being owned' under applicable IP law may leave users without clear IP protection in all jurisdictions. - Tier: All - Location: “Who owns the suggestions provided by GitHub Copilot?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=GitHub%20does%20not%20claim,ownership%20of%20any%20suggestion. ### output ownership — risk ambiguous > "Output" means responses and suggestions, including code or other material, generated by an AI Feature. - Interpretation (disclaimed): The definition of Output establishes scope but the actual ownership allocation and any license-back are in the missing Section J. Risk cannot be fully assessed from this excerpt alone. - Tier: All - Location: § A (Definitions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%22Output%22%20means%20responses%20and,by%20an%20AI%20Feature. ### output ownership — risk unknown > D. User-Generated Content You own the content you post on GitHub. However, you have some responsibilities regarding it, and we ask you to grant us some rights so we can provide services to you. - Interpretation (disclaimed): Summary entry for Section D describes that users own their posted content but must grant GitHub certain rights to provide services; this is a cross-reference that incorporates the ownership and license grant provisions applicable to user-generated content. - Tier: All - Location: Article D - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20D.%20User-Generated%20Content,services%20to%20you.%20 ### output ownership — risk unknown > "User-Generated Content" means Content that you or other users upload, submit, or create through the Service. - Interpretation (disclaimed): Defines 'User-Generated Content' as content uploaded, submitted, or created by users through the Service, establishing the scope of content subject to ownership and license provisions. - Tier: All - Location: § A (Definitions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20%22User-Generated%20Content%22%20means,create%20through%20the%20Service. ### output ownership — risk unknown > "Your Content" means User-Generated Content that you upload, submit, or create, including your modifications to Content you have forked or cloned. It does not include the underlying Content created by others. - Interpretation (disclaimed): Defines 'Your Content' as a subset of User-Generated Content created or modified by the user, explicitly excluding content created by others, thereby scoping the user's ownership and license obligations. - Tier: All - Location: § A (Definitions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20%22Your%20Content%22%20means,Content%20created%20by%20others. ### output ownership — risk unknown > You are responsible for Your Content and any harm resulting from it. This includes Content you post, upload, or make available through the Service. We are not responsible for any public display or misuse of Your Content. - Interpretation (disclaimed): Imposes responsibility on the user for their Content and any resulting harm, including content posted, uploaded, or made available through the Service, and disclaims GitHub's responsibility for public display or misuse of that Content. - Tier: All - Location: § 1 (Responsibility for User-Generated Content) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20are%20responsible,misuse%20of%20Your%20Content. ### output ownership — risk unknown > Isn't this just how it works already? Yep. This is widely accepted as the norm in the open-source community; it's commonly referred to by the shorthand "inbound=outbound". We're just making it explicit. - Interpretation (disclaimed): Explanatory note clarifying that the inbound-equals-outbound norm is standard in open-source communities, serving as an interpretive definition of the licensing mechanism described in the preceding segment. - Tier: All - Location: § 6 (Contributions Under Repository License) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Isn't%20this%20just,just%20making%20it%20explicit. ### output ownership — risk unknown > To the extent this agreement is not enforceable by applicable law, you grant GitHub the rights we need to use Your Content without attribution and to make reasonable adaptations of Your Content as necessary to render the Website and provide the Service. - Interpretation (disclaimed): Provides a fallback permission granting GitHub rights to use content without attribution and to make adaptations where the moral rights waiver is unenforceable under applicable law. - Tier: All - Location: § 7 (Moral Rights) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20To%20the%20extent,and%20provide%20the%20Service. ### output ownership — risk unknown > Short version: We own the service and all of our content. In order for you to use our content, we give you certain rights to it, but you may only use our content in the way we have allowed. - Interpretation (disclaimed): Short-version summary defining the ownership of the GitHub service and content as belonging to GitHub, and characterizing user content rights as limited permissions granted by GitHub, setting the interpretive framework for the section. - Tier: All - Location: § G (Intellectual Property Notice) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20We,we%20have%20allowed.%20 ### output ownership — risk unknown > Output may contain material that resembles code or content in the model's training data or that is subject to third-party copyrights or open source license terms. You are responsible for determining whether your use of Output requires a third-party license and for complying with any such license. - Interpretation (disclaimed): Places responsibility on the user to determine whether Output requires a third-party or open source license and to comply with any such license, given that Output may resemble training data or third-party copyrighted material. - Tier: All - Location: § 2 (Ownership) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Output%20may%20contain,with%20any%20such%20license. ### output ownership — risk unknown > You are responsible for reviewing, testing, and validating any Output before use. - Interpretation (disclaimed): Imposes an obligation on the user to review, test, and validate any Output before use, placing responsibility for quality assurance on the user rather than GitHub. - Tier: All - Location: § 4 (Disclaimers) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20are%20responsible,any%20Output%20before%20use. ### output ownership — risk unknown > We’re always trying to improve our products and services, and your feedback as a Beta Preview user will help us do that. If you choose to give us any ideas, know-how, algorithms, code contributions, suggestions, enhancement requests, recommendations or any other feedback for our products or services (collectively, “Feedback”), you acknowledge and agree that GitHub will have a royalty-free, fully paid-up, worldwide, transferable, sub-licensable, irrevocable and perpetual license to implement, use, modify, commercially exploit and/or incorporate the Feedback into our products, services, and documentation. - Interpretation (disclaimed): Grants GitHub a royalty-free, fully paid-up, worldwide, transferable, sub-licensable, irrevocable, and perpetual license to implement, use, modify, commercially exploit, and incorporate user-submitted Feedback into GitHub products and services, establishing the ownership and use rights over user contributions. - Tier: All - Location: § 3 (Feedback) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%E2%80%99re%20always%20trying,products%2C%20services%2C%20and%20documentation. ### output ownership — risk unknown > the use, disclosure, or display of your User-Generated Content; - Interpretation (disclaimed): Specifies that liability exclusion applies to damages arising from the use, disclosure, or display of User-Generated Content, limiting GitHub's liability in connection with user content. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20the%20use%2C%20disclosure%2C,of%20your%20User-Generated%20Content%3B ### output ownership — risk unknown > D. User-Generated Content You own the content you post on GitHub. However, you have some responsibilities regarding it, and we ask you to grant us some rights so we can provide services to you. - Interpretation (disclaimed): Summary entry describing User-Generated Content section; states that users own posted content but must grant GitHub certain rights to provide services, incorporating ownership and license obligations by reference. - Tier: All - Location: Article D - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20D.%20User-Generated%20Content,services%20to%20you.%20 ### output ownership — risk unknown > "Output" means responses and suggestions, including code or other material, generated by an AI Feature. - Interpretation (disclaimed): Defines 'Output' as responses and suggestions, including code or other material, generated by an AI Feature; this definition scopes what AI-generated material is subject to ownership and use rights under the agreement. - Tier: All - Location: § A (Definitions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20%22Output%22%20means%20responses,by%20an%20AI%20Feature. ### output ownership — risk unknown > You grant us and other Users the licenses in Sections D.4–D.8. These licenses apply to Your Content. If Your Content already includes a license granting us the permissions we need, no additional license is required. You will not receive payment for these rights. These licenses end when you remove Your Content, unless other Users have forked it. - Interpretation (disclaimed): Defines the scope of licenses granted by users to GitHub and other users, establishes that no payment is owed for these rights, and specifies that the licenses terminate upon content removal unless forked, creating binding obligations and conditions on content licensing. - Tier: All - Location: § 3 (Ownership and License Grants) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20grant%20us,Users%20have%20forked%20it. ### output ownership — risk unknown > Your Content that you post publicly, including issues, comments, and contributions to other Users' repositories, may be viewed by others. By setting your repositories to be viewed publicly, you agree to allow others to view and "fork" your repositories (this means that others may make their own copies within the Service in repositories they control). - Interpretation (disclaimed): Establishes that by setting repositories public, users agree to allow others to view and fork their content, creating a binding commitment to permit third-party access and reproduction through the Service's fork functionality. - Tier: All - Location: § 5 (License Grant to Other Users) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Your%20Content%20that,in%20repositories%20they%20control). ### output ownership — risk unknown > GitHub does not claim ownership of your Input or Output. - Interpretation (disclaimed): GitHub expressly disclaims any ownership claim over users' Input or Output generated through AI Features, preserving user ownership of both submitted content and generated results. - Tier: All - Location: § 2 (Ownership) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20does%20not,your%20Input%20or%20Output. ### output ownership — risk unknown > Isn't this just how it works already? Yep. This is widely accepted as the norm in the open-source community; it's commonly referred to by the shorthand "inbound=outbound". We're just making it explicit. - Interpretation (disclaimed): Explanatory note clarifying the inbound=outbound open-source licensing norm referenced in Section D.6, functioning as a definitional context for the legal obligation established in the preceding segment. - Tier: All - Location: § 6 (Contributions Under Repository License) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Isn't%20this%20just,just%20making%20it%20explicit. ### output ownership — risk unknown > You retain all moral rights to Your Content that you upload, publish, or submit to any part of the Service, including the rights of integrity and attribution. However, you waive these rights and agree not to assert them against us or our Affiliates, to enable GitHub and our Affiliates to reasonably exercise the rights granted in Section D.4, but not otherwise. - Interpretation (disclaimed): Provides a fallback permission grant to GitHub to use content without attribution and to make reasonable adaptations where the moral rights waiver in Section D.7 is unenforceable under applicable law, ensuring the license remains operative regardless of jurisdiction. - Tier: All - Location: § 7 (Moral Rights) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20retain%20all,D.4%2C%20but%20not%20otherwise. ### output ownership — risk unknown > GitHub and our licensors, vendors, agents, and/or our content providers retain ownership of all intellectual property rights of any kind related to the Website and Service. We reserve all rights that are not expressly granted to you under this Agreement or by law. The look and feel of the Website and Service is copyright © GitHub, Inc. All rights reserved. You may not duplicate, copy, or reuse any portion of the HTML/CSS, JavaScript, or visual design elements or concepts without express written permission from GitHub. - Interpretation (disclaimed): Affirms GitHub and licensors retain all IP rights in the Website and Service, reserves all rights not expressly granted, and restricts users from duplicating or reusing HTML/CSS, JavaScript, or visual design elements without express written permission. - Tier: All - Location: § 1 (GitHub's Rights to Content) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20and%20our,written%20permission%20from%20GitHub. ### output ownership — risk unknown > Prompts: These are inputs for chat or code, along with context, sent to Copilot's AI to generate suggestions. - Interpretation (disclaimed): Defines suggestions as AI-generated code lines or chat responses provided to users based on their prompts, establishing the nature of Copilot outputs which is directly relevant to output ownership and licensing analysis. - Tier: All - Location: “What personal data does GitHub Copilot process?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Prompts%3A%20These%20are,to%20generate%20suggestions.%20 ### output ownership — risk unknown > GitHub does not claim ownership of any suggestion. In certain cases, it is possible for Copilot to produce similar suggestions to different users. For example, two unrelated users both starting new files to code the quicksort algorithm in Java will likely get the same suggestion. The possibility of providing similar suggestions to multiple users is a common part of generative AI systems. - Interpretation (disclaimed): This segment reaffirms that GitHub does not claim ownership of any suggestion, and discloses that multiple users may receive identical suggestions as a normal characteristic of generative AI systems, limiting any exclusivity expectations users might have regarding output ownership. - Tier: All - Location: “Who owns the suggestions provided by GitHub Copilot?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20does%20not,of%20generative%20AI%20systems. ### output ownership — risk unknown > No, GitHub Copilot generates suggestions using probabilistic determination. When thinking about intellectual property and open source issues, it is critical to understand how GitHub Copilot really works. The AI models that create GitHub Copilot’s suggestions may be trained on public code, but do not contain any code. When they generate a suggestion, they are not “copying and pasting” from any codebase. - Interpretation (disclaimed): Disclaims that Copilot outputs are probabilistically generated and not copied from any codebase, which is material to IP ownership and indemnity analysis by asserting no direct reproduction of source code occurs. - Tier: All - Location: “Does GitHub Copilot “copy/paste”?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20No%2C%20GitHub%20Copilot,pasting%E2%80%9D%20from%20any%20codebase. ### output ownership — risk unknown > The primary IP considerations for GitHub Copilot relate to copyright. The model that powers Copilot is trained on a broad collection of publicly accessible code, which may include copyrighted code, and Copilot’s suggestions (in rare instances) may resemble the code its model was trained on. Here’s some basic information you should know about these considerations: Copyright law permits the use of copyrighted works to train AI models:  Countries around the world have provisions in their copyright laws that enable machines to learn, understand, extract patterns, and facts from copyrighted materials, including software code. For example, the European Union, Japan, and Singapore, have express provisions permitting machine learning to develop AI models. Other countries including Canada, India, and the United States also permit such training under their fair use/fair dealing provisions. GitHub Copilot’s AI model was trained with the use of code from GitHub’s public repositories—which are publicly accessible and within the scope of permissible copyright use. What about copyright risk in suggestions? In rare instances (less than 1% based on GitHub’s research), suggestions from GitHub may match examples of code used to train GitHub’s AI model. Again, Copilot does not “look up” or “copy and paste” code, but is instead using context from a user’s workspace to synthesize and generate a suggestion. Our experience shows that matching suggestions are most likely to occur in two situations: (i) when there is little or no context in the code editor for Copilot’s model to synthesize, or (ii) when a matching suggestion represents a common approach or method. - Interpretation (disclaimed): This segment explains that Copilot's underlying model was trained on publicly accessible code potentially including copyrighted works, and that copyright law in various jurisdictions permits such training use, contextualizing the IP risk framework applicable to Copilot outputs. - Tier: All - Location: “What are the intellectual property considerations when using GitHub Copilot?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20The%20primary%20IP,approach%20or%20method.%20 ### output ownership — risk unknown > If a code suggestion matches existing code, there is risk that using that suggestion could trigger claims of copyright infringement, which would depend on the amount and nature of code used, and the context of how the code is used. In many ways, this is the same risk that arises when using any code that a developer does not originate, such as copying code from an online source, or reusing code from a library. That is why responsible organizations and developers recommend that users employ code scanning policies to identify and evaluate potential matching code. In Copilot, you can opt whether to allow Copilot to suggest code completions that match publicly available code on GitHub.com. For more information, see " Configuring GitHub Copilot settings on GitHub.com ". If you have allowed suggestions that match public code, GitHub Copilot can provide you with details about the matching code when you accept such suggestions. Matching code does not necessarily mean copyright infringement, so it is ultimately up to the user to determine whether to use the suggestion, and what and who to attribute (along with other license compliance) in appropriate circumstances. - Interpretation (disclaimed): This segment warns that code suggestions matching existing code carry copyright infringement risk analogous to reusing third-party code, and recommends users employ code scanning policies to evaluate matching suggestions, thereby limiting GitHub's liability for such outcomes. - Tier: All - Location: “What are the intellectual property considerations when using GitHub Copilot?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=If%20a%20code%20suggestion,compliance)%20in%20appropriate%20circumstances. ### output ownership — risk unknown > Yes, GitHub Copilot is previewing a code referencing feature as an additional tool to assist users to find and review potentially relevant open source licenses. Code referencing is currently available in Visual Studio Code. This feature searches across public GitHub repositories for code that matches a Copilot suggestion. If there’s a match, users will find its information displayed in the Copilot console log, including where the match occurred, any applicable licenses, and a deep link to learn more. The deep link will take users to a navigable page on GitHub.com to browse examples of the code match and their repository licenses, and see how many repositories—including ones without licenses—that code appears in, as well as links to those repositories. Copilot users can review this information to determine whether the applicable suggestions are suitable for use, and whether additional measures may be necessary to use them. - Interpretation (disclaimed): This segment describes the code referencing feature in preview that helps users find and review potentially relevant open source licenses for Copilot suggestions, specifying what license information is surfaced to the user and how, providing a permission-based tool to manage IP compliance. - Tier: All - Location: “Does GitHub Copilot include features to make it easier for users to identify potentially relevant open source licenses for matching suggestions?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Yes%2C%20GitHub%20Copilot,necessary%20to%20use%20them. ### output ownership — risk unknown > To the extent this agreement is not enforceable by applicable law, you grant GitHub the rights we need to use Your Content without attribution and to make reasonable adaptations of Your Content as necessary to render the Website and provide the Service. - Interpretation (disclaimed): Section header for public repositories and lawful access, serving as a structural incorporation reference for the terms governing third-party and GitHub access to public repository contents. - Tier: All - Location: § 7 (Moral Rights) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20To%20the%20extent,and%20provide%20the%20Service. ### output ownership — risk unknown > Users. Subject to these Terms, you retain ultimate administrative control over your Personal Account and the Content within it. - Interpretation (disclaimed): Grants users ultimate administrative control over their Personal Account and the Content within it, subject to the Terms, affirming a user right of control over their account-hosted content. - Tier: All - Location: § 1 (Account Controls) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Users.%20Subject%20to,the%20Content%20within%20it. ### output ownership — risk unknown > By making a repository public, you grant other Users a nonexclusive, worldwide license to use, display, perform and reproduce (by forking) Your Content through the Service as permitted by GitHub's functionality. You may grant additional rights by adopting a license . If you post Content you did not create or own, you are responsible for ensuring it is licensed under terms that permit these uses. - Interpretation (disclaimed): Grants other users a nonexclusive, worldwide license to use, display, perform, and reproduce publicly posted content through the Service, and places responsibility on the posting user to ensure third-party content is appropriately licensed for such uses. - Tier: All - Location: § 5 (License Grant to Other Users) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20By%20making%20a,that%20permit%20these%20uses. ### output ownership — risk unknown > the use, disclosure, or display of your User-Generated Content; - Interpretation (disclaimed): Excludes liability for damages arising from the use, disclosure, or display of user-generated content, limiting GitHub's responsibility for harms connected to UGC. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20the%20use%2C%20disclosure%2C,of%20your%20User-Generated%20Content%3B ### output ownership — risk unknown > Whenever you add Content to a repository containing notice of a license, you license that Content under the same terms, and you agree that you have the right to license that Content under those terms. If you have a separate agreement to license that Content under different terms, such as a contributor license agreement, that agreement will supersede. - Interpretation (disclaimed): Establishes that content added to a licensed repository is automatically licensed under the same repository license terms, obligating contributors to license their contributions accordingly, with a specified exception where a separate contributor license agreement supersedes. - Tier: All - Location: § 6 (Contributions Under Repository License) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Whenever%20you%20add,that%20agreement%20will%20supersede. ### output ownership — risk unknown > Output may contain material that resembles code or content in the model's training data or that is subject to third-party copyrights or open source license terms. You are responsible for determining whether your use of Output requires a third-party license and for complying with any such license. - Interpretation (disclaimed): Places responsibility on users to determine whether Output requires a third-party license (due to resemblance to training data or third-party copyrighted material) and to comply with any such license, creating a compliance obligation. - Tier: All - Location: § 2 (Ownership) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Output%20may%20contain,with%20any%20such%20license. ### output ownership — risk unknown > Short version: You own content you create, but you allow us certain rights to it, so that we can display and share the content you post. You still have control over your content, and responsibility for it, and the rights you grant us are limited to those we need to provide the service. We have the right to remove content or close Accounts if we need to. - Interpretation (disclaimed): Short-version summary clarifying that users own content they create but grant GitHub limited rights to display and share it, and that GitHub may remove content or close Accounts, previewing the operative ownership and license provisions. - Tier: All - Location: Article D (User-Generated Content) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20You,we%20need%20to.%20 ### output ownership — risk unknown > GitHub and our licensors, vendors, agents, and/or our content providers retain ownership of all intellectual property rights of any kind related to the Website and Service. We reserve all rights that are not expressly granted to you under this Agreement or by law. The look and feel of the Website and Service is copyright © GitHub, Inc. All rights reserved. You may not duplicate, copy, or reuse any portion of the HTML/CSS, JavaScript, or visual design elements or concepts without express written permission from GitHub. - Interpretation (disclaimed): Affirms that GitHub and its licensors retain all intellectual property rights in the Website and Service, reserves all rights not expressly granted, and restricts users from duplicating HTML/CSS, JavaScript, or visual design elements without express written permission. - Tier: All - Location: § 1 (GitHub's Rights to Content) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20and%20our,written%20permission%20from%20GitHub. ### output ownership — risk unknown > GitHub does not claim ownership of your Input or Output. - Interpretation (disclaimed): Expressly disclaims any ownership claim by GitHub over users' Input or Output, establishing that title to such content remains with the user. - Tier: All - Location: § 2 (Ownership) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20does%20not,your%20Input%20or%20Output. ### output ownership — risk unknown > You grant us and other Users the licenses in Sections D.4–D.8. These licenses apply to Your Content. If Your Content already includes a license granting us the permissions we need, no additional license is required. You will not receive payment for these rights. These licenses end when you remove Your Content, unless other Users have forked it. - Interpretation (disclaimed): Defines the scope and duration of licenses granted by users to GitHub and other users for their content, establishing that licenses end upon content removal unless forked, and that no payment is owed for these rights. - Tier: All - Location: § 3 (Ownership and License Grants) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20grant%20us,Users%20have%20forked%20it. ### output ownership — risk unknown > You retain all moral rights to Your Content that you upload, publish, or submit to any part of the Service, including the rights of integrity and attribution. However, you waive these rights and agree not to assert them against us or our Affiliates, to enable GitHub and our Affiliates to reasonably exercise the rights granted in Section D.4, but not otherwise. - Interpretation (disclaimed): Users retain moral rights but waive and agree not to assert them against GitHub or its Affiliates to the extent necessary for GitHub to exercise the license granted in Section D.4, limiting user recourse regarding attribution and integrity claims. - Tier: All - Location: § 7 (Moral Rights) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20retain%20all,D.4%2C%20but%20not%20otherwise. ### output ownership — risk unknown > Your Content that you post publicly, including issues, comments, and contributions to other Users' repositories, may be viewed by others. By setting your repositories to be viewed publicly, you agree to allow others to view and "fork" your repositories (this means that others may make their own copies within the Service in repositories they control). - Interpretation (disclaimed): Establishes that publicly posted content may be viewed and forked by others, and that setting a repository to public constitutes agreement to allow such access and reproduction. - Tier: All - Location: § 5 (License Grant to Other Users) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Your%20Content%20that,in%20repositories%20they%20control). ### output ownership — risk unknown > Output is provided "as-is" and subject to the disclaimers in Section O. Without limiting Section O: Output may be inaccurate, incomplete, or non-functional. Output may resemble third-party code, including code under open source licenses. We do not guarantee that Output is free of errors, vulnerabilities, or intellectual property claims. - Interpretation (disclaimed): Disclaims warranties for AI Output by providing it 'as-is,' warning that it may be inaccurate, incomplete, non-functional, or resemble third-party or open-source code, and stating GitHub does not guarantee Output is free of errors, vulnerabilities, or IP claims. - Tier: All - Location: § 4 (Disclaimers) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Output%20is%20provided,or%20intellectual%20property%20claims. ### output ownership — risk unknown > By making a repository public, you grant other Users a nonexclusive, worldwide license to use, display, perform and reproduce (by forking) Your Content through the Service as permitted by GitHub's functionality. You may grant additional rights by adopting a license . If you post Content you did not create or own, you are responsible for ensuring it is licensed under terms that permit these uses. - Interpretation (disclaimed): Grants other users a nonexclusive worldwide license to use, display, perform, and reproduce public content through the Service, and places responsibility on the poster to ensure third-party content is properly licensed. - Tier: All - Location: § 5 (License Grant to Other Users) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20By%20making%20a,that%20permit%20these%20uses. ### output ownership — risk unknown > "Output" means responses and suggestions, including code or other material, generated by an AI Feature. - Interpretation (disclaimed): Defines 'Output' as responses and suggestions, including code or other material, generated by an AI Feature; operative definition scoping what AI-generated material is subject to ownership, license, and use provisions throughout the agreement. - Tier: All - Location: § A (Definitions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20%22Output%22%20means%20responses,by%20an%20AI%20Feature. ### output ownership — risk unknown > Whenever you add Content to a repository containing notice of a license, you license that Content under the same terms, and you agree that you have the right to license that Content under those terms. If you have a separate agreement to license that Content under different terms, such as a contributor license agreement, that agreement will supersede. - Interpretation (disclaimed): Establishes that content added to a licensed repository is automatically licensed under the same terms, and that a pre-existing contributor license agreement will supersede these terms if applicable. - Tier: All - Location: § 6 (Contributions Under Repository License) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Whenever%20you%20add,that%20agreement%20will%20supersede. ### output ownership — risk unknown > The primary IP considerations for GitHub Copilot relate to copyright. The model that powers Copilot is trained on a broad collection of publicly accessible code, which may include copyrighted code, and Copilot’s suggestions (in rare instances) may resemble the code its model was trained on. Here’s some basic information you should know about these considerations: Copyright law permits the use of copyrighted works to train AI models:  Countries around the world have provisions in their copyright laws that enable machines to learn, understand, extract patterns, and facts from copyrighted materials, including software code. For example, the European Union, Japan, and Singapore, have express provisions permitting machine learning to develop AI models. Other countries including Canada, India, and the United States also permit such training under their fair use/fair dealing provisions. GitHub Copilot’s AI model was trained with the use of code from GitHub’s public repositories—which are publicly accessible and within the scope of permissible copyright use. What about copyright risk in suggestions? In rare instances (less than 1% based on GitHub’s research), suggestions from GitHub may match examples of code used to train GitHub’s AI model. Again, Copilot does not “look up” or “copy and paste” code, but is instead using context from a user’s workspace to synthesize and generate a suggestion. Our experience shows that matching suggestions are most likely to occur in two situations: (i) when there is little or no context in the code editor for Copilot’s model to synthesize, or (ii) when a matching suggestion represents a common approach or method. - Interpretation (disclaimed): This segment disclaims liability by noting that copyright law in many jurisdictions permits use of copyrighted works to train AI models, and acknowledges that Copilot suggestions may resemble copyrighted training code, thereby framing the legal risk landscape and limiting GitHub's representation of copyright clearance. - Tier: All - Location: “What are the intellectual property considerations when using GitHub Copilot?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20The%20primary%20IP,approach%20or%20method.%20 ### output ownership — risk unknown > GitHub does not claim ownership of any suggestion. In certain cases, it is possible for Copilot to produce similar suggestions to different users. For example, two unrelated users both starting new files to code the quicksort algorithm in Java will likely get the same suggestion. The possibility of providing similar suggestions to multiple users is a common part of generative AI systems. - Interpretation (disclaimed): This segment reaffirms that GitHub does not claim ownership of any suggestion and explains that similar suggestions may be provided to different users, noting this is a common characteristic of generative AI systems, further reinforcing the no-ownership disclaimer. - Tier: All - Location: “Who owns the suggestions provided by GitHub Copilot?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20does%20not,of%20generative%20AI%20systems. ### output ownership — risk unknown > We don’t determine whether a suggestion is capable of being owned, but we are clear that GitHub does not claim ownership of a suggestion. Whether a suggestion generated by an AI model can be owned depends on many factors (e.g. the intellectual property law in the relevant country, the length of the suggestion, the extent that suggestion is considered ‘functional’ instead of expressive, etc). If a suggestion is capable of being owned, our terms are clear: GitHub does not claim ownership. - Interpretation (disclaimed): This segment explicitly disclaims GitHub's ownership of any Copilot suggestion and acknowledges that ownership depends on jurisdiction-specific IP law and other factors, clarifying GitHub's legal position that it asserts no proprietary claim over generated outputs. - Tier: All - Location: “Who owns the suggestions provided by GitHub Copilot?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20We%20don%E2%80%99t%20determine,does%20not%20claim%20ownership. ### output ownership — risk unknown > No, GitHub Copilot generates suggestions using probabilistic determination. When thinking about intellectual property and open source issues, it is critical to understand how GitHub Copilot really works. The AI models that create GitHub Copilot’s suggestions may be trained on public code, but do not contain any code. When they generate a suggestion, they are not “copying and pasting” from any codebase. - Interpretation (disclaimed): Segment disclaims that GitHub Copilot does not copy-paste from any codebase and that AI models do not contain any code, which functions as a disclaimer regarding intellectual property and open source concerns related to generated outputs, relevant to output ownership and IP indemnity considerations. - Tier: All - Location: “Does GitHub Copilot “copy/paste”?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20No%2C%20GitHub%20Copilot,pasting%E2%80%9D%20from%20any%20codebase. ### output ownership — risk unknown > We don’t determine whether a suggestion is capable of being owned, but we are clear that GitHub does not claim ownership of a suggestion. Whether a suggestion generated by an AI model can be owned depends on many factors (e.g. the intellectual property law in the relevant country, the length of the suggestion, the extent that suggestion is considered ‘functional’ instead of expressive, etc). If a suggestion is capable of being owned, our terms are clear: GitHub does not claim ownership. - Interpretation (disclaimed): This segment disclaims any ownership claim by GitHub over Copilot suggestions, explains that ownership depends on applicable IP law and suggestion characteristics, and makes clear that if a suggestion can be owned, GitHub does not assert that ownership, thereby defining the scope of GitHub's IP rights in outputs. - Tier: All - Location: “Who owns the suggestions provided by GitHub Copilot?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20We%20don%E2%80%99t%20determine,does%20not%20claim%20ownership. ### commercial use — risk medium > Matching code does not necessarily mean copyright infringement, so it is ultimately up to the user to determine whether to use the suggestion, and what and who to attribute (along with other license compliance) in appropriate circumstances. - Interpretation (disclaimed): By stating that license compliance and attribution are the user's responsibility, GitHub disclaims accountability for downstream commercial use of outputs that may match open-source-licensed code. Commercial users must implement their own scanning and attribution workflows. - Tier: All - Location: “What are the intellectual property considerations when using GitHub Copilot?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=Matching%20code%20does%20not,compliance)%20in%20appropriate%20circumstances. ### commercial use — risk ambiguous > It is your responsibility to assess what is appropriate for the situation and implement appropriate safeguards. - Interpretation (disclaimed): The document does not contain an explicit commercial use clause. The general language placing responsibility on users to assess suitability is the closest relevant statement. Absence of explicit permission or restriction creates ambiguity for commercial deployments. - Tier: All - Location: “Can GitHub Copilot users simply use suggestions without concern?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=It%20is%20your%20responsibility,and%20implement%20appropriate%20safeguards. ### commercial use — risk unknown > All use of the GitHub API is subject to these Terms of Service and the GitHub Privacy Statement . - Interpretation (disclaimed): Subjects all GitHub API use to the Terms of Service and the GitHub Privacy Statement, incorporating both instruments as governing terms for API activity. - Tier: All - Location: § H (API Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20All%20use%20of,GitHub%20Privacy%20Statement%20. ### commercial use — risk unknown > Short version: You agree to these Terms of Service, plus this Section H, when using any of GitHub's APIs (Application Programming Interface), including use of the API through a third party product that accesses GitHub. - Interpretation (disclaimed): Incorporates the Terms of Service into API usage and extends them to third-party products accessing GitHub via API, establishing the contractual scope for all API use. - Tier: All - Location: § H (API Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20You,that%20accesses%20GitHub.%20 ### commercial use — risk unknown > Some Service features may be subject to additional terms specific to that feature or product as set forth in the GitHub Additional Product Terms. By accessing or using the Services, you also agree to the GitHub Additional Product Terms . - Interpretation (disclaimed): Specifies that accessing or using Services constitutes agreement to the GitHub Additional Product Terms, making those terms operative through continued use and cross-referencing them as binding. - Tier: All - Location: Article I (GitHub Additional Product Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Some%20Service%20features,Additional%20Product%20Terms%20. ### commercial use — risk unknown > We will immediately bill you when you upgrade from the free plan to any paying plan. - Interpretation (disclaimed): Imposes an immediate billing obligation on GitHub when a user upgrades from a free plan to a paid plan, defining the timing of the payment obligation. - Tier: All - Location: § 2 (Upgrades, Downgrades, and Changes) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%20will%20immediately,to%20any%20paying%20plan. ### commercial use — risk unknown > If you change from a monthly billing plan to a yearly billing plan, GitHub will bill you for a full year at the next monthly billing date. - Interpretation (disclaimed): Specifies that switching from a monthly to a yearly billing plan triggers billing for a full year at the next monthly billing date, defining the financial consequence of that plan change. - Tier: All - Location: § 2 (Upgrades, Downgrades, and Changes) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20you%20change,next%20monthly%20billing%20date. ### commercial use — risk unknown > By agreeing to these Terms, you are giving us permission to charge your on-file credit card, PayPal account, or other approved methods of payment for fees that you authorize for GitHub. - Interpretation (disclaimed): Grants GitHub explicit permission to charge the user's payment method on file for authorized fees, establishing the authorization basis for billing. - Tier: All - Location: § 4 (Authorization) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20By%20agreeing%20to,you%20authorize%20for%20GitHub. ### commercial use — risk unknown > You are responsible for all fees, including taxes, associated with your use of the Service. By using the Service, you agree to pay GitHub any charge incurred in connection with your use of the Service. If you dispute the matter, contact us through the GitHub Support portal . You are responsible for providing us with a valid means of payment for paid Accounts. Free Accounts are not required to provide payment information. - Interpretation (disclaimed): Establishes that the user is responsible for all fees and taxes, agrees to pay all charges incurred, and must maintain a valid payment method for paid accounts, imposing payment obligations on the user. - Tier: All - Location: § 5 (Responsibility for Payment) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20are%20responsible,to%20provide%20payment%20information. ### commercial use — risk unknown > A new Copilot code review policy ( ‘Allow members without a Copilot license to use Copilot code review in github.com’ ) must also be enabled. - Interpretation (disclaimed): Encourages admins to configure spending budgets to control costs on metered products and directs them to the billing dashboard to monitor premium request usage, describing a recommended cost-control procedure with tracking obligations. - Tier: All - Location: “Is Copilot code review usage from users without a Copilot license enabled by default? How do I control the cost?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20A%20new%20Copilot,must%20also%20be%20enabled. ### commercial use — risk unknown > When you've used your monthly allowance, you have a few options: Wait for your next cycle. Your included allowance resets every month. - Interpretation (disclaimed): Grants users the permission to set a dollar budget for additional paid usage beyond the monthly allowance, enabling continued Copilot service at $0.01 per credit without interruption. - Tier: All - Location: “What happens when I hit my usage limit?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20When%20you%26%23x27%3Bve%20used,resets%20every%20month.%20 ### commercial use — risk unknown > Yes, GitHub Copilot is previewing a code referencing feature as an additional tool to assist users to find and review potentially relevant open source licenses. Code referencing is currently available in Visual Studio Code. This feature searches across public GitHub repositories for code that matches a Copilot suggestion. If there’s a match, users will find its information displayed in the Copilot console log, including where the match occurred, any applicable licenses, and a deep link to learn more. The deep link will take users to a navigable page on GitHub.com to browse examples of the code match and their repository licenses, and see how many repositories—including ones without licenses—that code appears in, as well as links to those repositories. Copilot users can review this information to determine whether the applicable suggestions are suitable for use, and whether additional measures may be necessary to use them. - Interpretation (disclaimed): This segment describes the code referencing feature that helps users identify potentially applicable open source licenses for matching suggestions, granting users a tool to manage license compliance obligations arising from use of Copilot suggestions in commercial or open source contexts. - Tier: All - Location: “Does GitHub Copilot include features to make it easier for users to identify potentially relevant open source licenses for matching suggestions?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Yes%2C%20GitHub%20Copilot,necessary%20to%20use%20them. ### commercial use — risk unknown > The business or commercial purpose of sharing personal information is to assist us with marketing, advertising, and audience measurement. - Interpretation (disclaimed): Discloses that the purpose of sharing personal information with third parties is to assist with marketing, advertising, and audience measurement, meeting California's requirement to state the business purpose of sharing. - Tier: All - Location: Privacy Policy › “Mandatory Disclosures” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20The%20business%20or,advertising%2C%20and%20audience%20measurement. ### commercial use — risk unknown > Some Service features may be subject to additional terms specific to that feature or product as set forth in the GitHub Additional Product Terms. By accessing or using the Services, you also agree to the GitHub Additional Product Terms . - Interpretation (disclaimed): Binds users to GitHub Additional Product Terms upon accessing or using the Services, incorporating feature-specific supplemental conditions into the contractual relationship. - Tier: All - Location: Article I (GitHub Additional Product Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Some%20Service%20features,Additional%20Product%20Terms%20. ### commercial use — risk unknown > Short version: You agree to these Terms of Service, plus this Section H, when using any of GitHub's APIs (Application Programming Interface), including use of the API through a third party product that accesses GitHub. - Interpretation (disclaimed): States that use of GitHub APIs through any means, including third-party products, subjects the user to these Terms of Service plus Section H, incorporating the API terms into the broader agreement. - Tier: All - Location: § H (API Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20You,that%20accesses%20GitHub.%20 ### commercial use — risk unknown > H. API Terms These are the rules for using GitHub's APIs, whether you are using the API for development or data collection. - Interpretation (disclaimed): Summary entry for Section H describing rules for using GitHub's APIs for development or data collection; cross-reference incorporating API use restrictions and permissions. - Tier: All - Location: Article D - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20H.%20API%20Terms,or%20data%20collection.%20 ### commercial use — risk unknown > Payment Based on Usage Some Service features are billed based on your usage. A limited quantity of these Service features may be included in your plan for a limited term without additional charge. If you choose to use paid Service features beyond the quantity included in your plan, you pay for those Service features based on your actual usage in the preceding month. Monthly payment for these purchases will be charged on a periodic basis in arrears. See GitHub Additional Product Terms for Details . - Interpretation (disclaimed): Describes the billing procedure for usage-based service features, including the included free quantity, the obligation to pay for excess usage based on actual preceding-month usage, and the periodic arrears billing cycle. - Tier: All - Location: § 3 (Billing Schedule; No Refunds) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Payment%20Based%20on,Terms%20for%20Details%20. ### commercial use — risk unknown > If you upgrade to a higher level of service, we will bill you for the upgraded plan immediately. - Interpretation (disclaimed): States that upgrading to a higher service level results in immediate billing for the upgraded plan, establishing the timing of the payment obligation upon upgrade. - Tier: All - Location: § 2 (Upgrades, Downgrades, and Changes) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20you%20upgrade,the%20upgraded%20plan%20immediately. ### commercial use — risk unknown > Our pricing and payment terms are available at github.com/pricing . If you agree to a subscription price, that will remain your price for the duration of the payment term; however, prices are subject to change at the end of a payment term. - Interpretation (disclaimed): Specifies the procedure and conditions under which subscription pricing is locked for a payment term and subject to change at term end, governing the commercial relationship between the user and GitHub. - Tier: All - Location: § 1 (Pricing) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Our%20pricing%20and,of%20a%20payment%20term. ### commercial use — risk unknown > Short version: You need to follow certain specific terms and conditions for GitHub's various features and products, and you agree to the Supplemental Terms and Conditions when you agree to this Agreement. - Interpretation (disclaimed): Incorporates the GitHub Additional Product Terms as binding supplemental conditions upon agreement to the main Agreement, obligating users to comply with feature- or product-specific terms. - Tier: All - Location: Article I (GitHub Additional Product Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20You,to%20this%20Agreement.%20 ### commercial use — risk unknown > Invoicing For invoiced Users, User agrees to pay the fees in full, up front without deduction or setoff of any kind, in U.S. Dollars. User must pay the fees within thirty (30) days of the GitHub invoice date. Amounts payable under this Agreement are non-refundable, except as otherwise provided in this Agreement. If User fails to pay any fees on time, GitHub reserves the right, in addition to taking any other action at law or equity, to (i) charge interest on past due amounts at 1.0% per month or the highest interest rate allowed by law, whichever is less, and to charge all expenses of recovery, and (ii) terminate the applicable order form. User is solely responsible for all taxes, fees, duties and governmental assessments (except for taxes based on GitHub's net income) that are imposed or become due in connection with this Agreement. - Interpretation (disclaimed): Imposes obligations on invoiced users to pay fees in full within 30 days without deduction, establishes non-refundability, and grants GitHub the right to charge interest on past-due amounts and recover costs, including potential suspension for non-payment. - Tier: All - Location: § 3 (Billing Schedule; No Refunds) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Invoicing%20For%20invoiced,connection%20with%20this%20Agreement. ### commercial use — risk unknown > Payment Based on Plan For monthly or yearly payment plans, the Service is billed in advance on a monthly or yearly basis respectively and is non-refundable. There will be no refunds or credits for partial months of service, downgrade refunds, or refunds for months unused with an open Account; however, the service will remain active for the length of the paid billing period. In order to treat everyone equally, no exceptions will be made. - Interpretation (disclaimed): Establishes that subscription payments are non-refundable, with no credits or refunds for partial months, downgrade refunds, or unused months, and states no exceptions will be made, restricting users' ability to obtain refunds. - Tier: All - Location: § 3 (Billing Schedule; No Refunds) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Payment%20Based%20on,exceptions%20will%20be%20made. ### commercial use — risk unknown > Keep working with paid usage. Set a dollar budget for additional usage and Copilot continues without interruption. Credits draw down at $0.01 each, so a $10 budget covers 1,000 credits. - Interpretation (disclaimed): Grants users the option to switch to a less expensive model to reduce credit consumption and extend their remaining allowance, providing a permissible cost-reduction strategy within the metered usage framework. - Tier: All - Location: “What happens when I hit my usage limit?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Keep%20working%20with,covers%201%2C000%20credits.%20 ### commercial use — risk unknown > No. This capability is off by default and gives the enterprise admin control to enable or disable. An admin must explicitly enable two separate policies to activate: - Interpretation (disclaimed): Requires that the 'GitHub AI Credits paid usage' policy be enabled before enterprises can be charged for GitHub AI Credits exceeding their included allowance, establishing a prerequisite obligation for incurring additional costs. - Tier: All - Location: “Is Copilot code review usage from users without a Copilot license enabled by default? How do I control the cost?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20No.%20This%20capability,policies%20to%20activate%3A%20 ### commercial use — risk ambiguous > GitHub Copilot users should align their use of Copilot with their respective risk tolerances. As noted above, GitHub Copilot is not intended to replace developers, or their individual skill and judgment, and is not intended to fully automate the process of code development. The same risks that apply to the use of any third-party code apply to the use of Copilot’s suggestions. Depending on your particular use case, you should consider implementing the protections discussed above. It is your responsibility to assess what is appropriate for the situation and implement appropriate safeguards. - Interpretation (disclaimed): While GitHub does not expressly restrict commercial use of suggestions, the document shifts risk-assessment and safeguard obligations entirely onto users. This creates ambiguity about GitHub's liability posture when suggestions are used in commercial products, particularly since the indemnity clause is conditioned on specific behaviors. - Tier: All - Location: “Can GitHub Copilot users simply use suggestions without concern?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=GitHub%20Copilot%20users%20should,and%20implement%20appropriate%20safeguards. ### privacy data use — risk high > GitHub and third parties use social media cookies to show you ads and content based on your social media profiles and activity on GitHub’s websites. This ensures that the ads and content you see on our websites and on social media will better reflect your interests. This also enables third parties to develop and improve their products, which they may use on websites that are not owned or operated by GitHub. - Interpretation (disclaimed): Permitting third parties to leverage GitHub user behavioral data for their own product development on third-party websites significantly expands the scope of data use beyond what users would reasonably expect, potentially violating purpose limitation principles under GDPR Art. 5(1)(b). - Tier: All - Location: Privacy Policy › “Purpose Description” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=GitHub%20and%20third%20parties,or%20operated%20by%20GitHub. ### privacy data use — risk medium > Personalization: We use Personal Data to customize the Service to your preferences, to evaluate the effectiveness of enterprise business ads and promotional communications, and to ensure a seamless and consistent user experience. - Interpretation (disclaimed): Using Personal Data to evaluate advertising effectiveness goes beyond core service delivery and may implicate additional data processing activities including profiling. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Personalization%3A%20We%20use%20Personal,and%20consistent%20user%20experience. ### privacy data use — risk medium > Inference: We generate new information from other data we collect to derive likely preferences or other characteristics. For instance, we infer your general geographic location based on your IP address. - Interpretation (disclaimed): Derived/inferred data can constitute Personal Data under GDPR and similar frameworks. The broad framing ('likely preferences or other characteristics') allows significant profiling beyond the illustrative geographic example. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Inference%3A%20We%20generate%20new,on%20your%20IP%20address. ### privacy data use — risk medium > We use cookies and similar technologies, such as web beacons, local storage, and mobile analytics, to operate and provide our Services. When visiting Enterprise Marketing Pages, like resources.github.com, these and additional cookies, like advertising IDs, may be used for sales and marketing purposes. - Interpretation (disclaimed): The use of advertising IDs for sales and marketing purposes on enterprise marketing pages goes beyond core service delivery and raises questions about data minimization obligations under GDPR and similar frameworks. - Tier: Enterprise - Location: Privacy Policy › “What are cookies and similar technologies?” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=We%20use%20cookies%20and,sales%20and%20marketing%20purposes. ### privacy data use — risk medium > We collect this information for various purposes. This includes identifying accessibility gaps and offering targeted support, fostering diversity and representation, providing services, troubleshooting, conducting business operations such as billing and security, improving products and supporting research, communicating important information, ensuring personalized experiences, and promoting safety and security. - Interpretation (disclaimed): Enumeration of purposes including 'improving products' and 'supporting research' as standalone categories creates broad scope for secondary processing. Under GDPR, each purpose must have a lawful basis; under CCPA, secondary purposes must be reasonably expected by users. - Tier: All - Location: Privacy Policy › “Notice of Collection of Personal Information” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=We%20collect%20this%20information,promoting%20safety%20and%20security. ### privacy data use — risk medium > GitHub Copilot processes personal data based on how Copilot is accessed and used: whether via GitHub.com, mobile app, extensions, or one of various IDE extensions, or through features like suggestions for the command line interface (CLI), IDE code completions, or personalized chat on GitHub.com. The types of personal data processed may include: User Engagement Data: This includes pseudonymous identifiers captured on user interactions with Copilot, such as accepted or dismissed completions, error messages, system logs, and product usage metrics.  Prompts: These are inputs for chat or code, along with context, sent to Copilot's AI to generate suggestions.  Suggestions: These are the AI-generated code lines or chat responses provided to users based on their prompts.  Feedback Data: This comprises real-time user feedback, including reactions (e.g., thumbs up/down) and optional comments, along with feedback from support tickets. - Interpretation (disclaimed): The enumerated personal data categories include prompts (user inputs) and suggestions (outputs), both of which may contain sensitive or proprietary information. Collection of pseudonymous identifiers and system logs is standard, but the breadth of data types creates privacy and confidentiality exposure, particularly where users submit proprietary code. - Tier: All - Location: “What personal data does GitHub Copilot process?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=GitHub%20Copilot%20processes%20personal,from%20support%20tickets.%20 ### privacy data use — risk medium > GitHub generally uses personal data to: Deliver, maintain, and update the services as per the customer's configuration and usage, to ensure personalized experiences and recommendations Troubleshoot, which involves preventing, detecting, resolving, and mitigating issues, including security incidents and product-related problems, by fixing software bugs and maintaining the online services' functionality and up-to-dateness Enhance user productivity, reliability, effectiveness, quality, privacy, accessibility, and security by keeping the service current and operational - Interpretation (disclaimed): The enumerated purposes are broadly worded, particularly 'personalized experiences and recommendations' and 'enhance user productivity,' which could justify wide data processing activities beyond strict service delivery. - Tier: All - Location: “How does GitHub use the Copilot data from Business and Enterprise Subscribers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=GitHub%20generally%20uses%20personal,service%20current%20and%20operational ### privacy data use — risk medium > To generate a suggestion for chat on GitHub.com, such as providing an answer to a question from your chat prompt, GitHub Copilot creates a contextual prompt by combining your prompt with additional context including previous prompts, the open pages on GitHub.com as well as retrieved context from your codebase or Bing search. That information is sent to GitHub Copilot’s model, to make a probabilistic determination of what is likely to come next and generate suggestions. - Interpretation (disclaimed): The clause describes broad collection and transmission of user data including prompts, prior prompts, codebase content, and browsing context on GitHub.com. This creates privacy and confidentiality risks for users working with sensitive or proprietary code, as all of this context is sent to GitHub's (and potentially third-party) AI model infrastructure. - Tier: All - Location: “Does GitHub Copilot “copy/paste”?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=To%20generate%20a%20suggestion,next%20and%20generate%20suggestions. ### privacy data use — risk medium > GitHub also uses certain personal data with customer authorization under the DPA, for the following purposes: Billing and account management To comply with and resolve legal obligations For abuse detection, prevention, and protection, virus scanning, and scanning to detect violations of terms of service To generate summary reports for calculating employee commissions and partner incentives To produce aggregated reports for internal use and strategic planning, covering areas like forecasting, revenue analysis, capacity planning, and product strategy. - Interpretation (disclaimed): Use of customer data (even aggregated) for GitHub's own internal strategic and business planning purposes may conflict with enterprise data minimization expectations. Requires DPA authorization. - Tier: Enterprise - Location: “How does GitHub use the Copilot data from Business and Enterprise Subscribers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=GitHub%20also%20uses%20certain,planning%2C%20and%20product%20strategy. ### privacy data use — risk medium > User Content and Files: When you use our Services, we collect Personal Data included as part of the information you provide such as code, inputs, AI outputs, text, documents, images, or feedback. - Interpretation (disclaimed): By categorizing 'inputs' and 'AI outputs' as collected Personal Data, GitHub reserves the right to process this content for all stated purposes including product improvement, personalization, and sharing with affiliates. - Tier: All - Location: Privacy Policy › “From You” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=User%20Content%20and%20Files%3A,documents%2C%20images%2C%20or%20feedback. ### privacy data use — risk medium > Vendors, Partners, and Affiliates: We may receive information about you from third parties, like vendors, resellers, partners, or affiliates for the purposes outlined in this statement. - Interpretation (disclaimed): Inbound data flows from third parties can significantly expand GitHub's personal data profile of users without direct user knowledge or consent, raising transparency concerns under GDPR and similar frameworks. - Tier: All - Location: Privacy Policy › “From Third Parties” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Vendors%2C%20Partners%2C%20and%20Affiliates%3A,outlined%20in%20this%20statement. ### privacy data use — risk medium > Non-essential Cookies: Depending on your jurisdiction, we may use online analytics products that use cookies to help us analyze how de-identified users use our Services and to enhance your experience when you use the Services. We may also employ third-party Cookies to gather data for interest-based advertising. In some jurisdictions, we only use non-essential cookies after obtaining your consent. See this section for more details and control options. - Interpretation (disclaimed): Interest-based advertising cookies involve third-party data sharing and profiling. The jurisdiction-dependent consent model means GDPR/ePrivacy protections apply in the EU but users elsewhere may have weaker protections. - Tier: All - Location: Privacy Policy › “Automatically” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Non-essential%20Cookies%3A%20Depending%20on,details%20and%20control%20options. ### privacy data use — risk medium > We may collect various categories of personal information about our website visitors and users of "Services" which includes GitHub applications, software, products, or services. That information includes identifiers/contact information, demographic information, payment information, commercial information, internet or electronic network activity information, geolocation data, audio, electronic, visual, or similar information, and inferences drawn from such information. - Interpretation (disclaimed): Collection of audio, visual, geolocation, and inferred data is extensive and triggers heightened obligations under CCPA (sensitive personal information category), GDPR, and various US state biometric/privacy laws depending on context. - Tier: All - Location: Privacy Policy › “Notice of Collection of Personal Information” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=We%20may%20collect%20various,drawn%20from%20such%20information. ### privacy data use — risk medium > Depending on your account settings, we may share Personal Data with other users of the Services and the public. You control what information is made public. To adjust your settings, visit User Settings in your profile. Please be aware that any information you share in a collaborative context may become publicly accessible. - Interpretation (disclaimed): GitHub reserves the right to share personal data with other users and the public depending on account settings, placing the burden on users to proactively restrict sharing. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Depending%20on%20your%20account,may%20become%20publicly%20accessible. ### privacy data use — risk medium > For Enterprise Marketing Pages, we may also use non-essential cookies to (i) gather information about enterprise users’ interests and online activities to personalize their experiences, including by making the ads, content, recommendations, and marketing seen or received more relevant and (ii) serve and measure the effectiveness of targeted advertising and other marketing efforts. - Interpretation (disclaimed): Non-essential cookies used for targeted advertising and behavioral profiling on enterprise marketing pages go beyond core service delivery. Under GDPR, this would typically require explicit consent, and the disclosure here may not satisfy that requirement. - Tier: Enterprise - Location: Privacy Policy › “Cookies and tracking technologies” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=For%20Enterprise%20Marketing%20Pages%2C,and%20other%20marketing%20efforts. ### privacy data use — risk medium > In addition, GitHub and third parties use advertising cookies to show you new ads based on ads you've already seen. Cookies also track which ads you click or purchases you make after clicking an ad. This is done both for payment purposes and to show you ads that are more relevant to you. For example, cookies are used to detect when you click an ad and to show you ads based on your social media interests and website browsing history. - Interpretation (disclaimed): Tracking ad clicks and purchases creates a behavioral and commercial profile of users. Under GDPR this requires valid consent; under CCPA this may constitute 'sharing' for cross-context behavioral advertising purposes. - Tier: All - Location: Privacy Policy › “Purpose Description” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=In%20addition%2C%20GitHub%20and,and%20website%20browsing%20history. ### privacy data use — risk medium > Legitimate Interests: We process data for purposes that are in our legitimate interests, such as securing our Services, communicating with you, and developing and improving our Services, which include artificial intelligence and machine learning technologies. This is done only when these interests are not overridden by your data protection rights or your fundamental rights and freedoms. - Interpretation (disclaimed): Relying on 'legitimate interests' for AI/ML development is a broad legal basis that does not require user consent. Users may not be aware their data contributes to model improvement, and the balancing test outcome is determined unilaterally by GitHub. - Tier: All - Location: Privacy Policy › “Lawful Bases for Processing Personal Data (Applicable to EEA and UK End Users)” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Legitimate%20Interests%3A%20We%20process,fundamental%20rights%20and%20freedoms. ### privacy data use — risk medium > Safety and Security: To promote safety, integrity, and security across our Services, we process Personal Data, using both automated and, at times, manual techniques for abuse detection, prevention, and violations of terms of service. - Interpretation (disclaimed): The explicit mention of 'manual techniques' for ToS violation detection means GitHub staff may review user content. This is relevant to confidentiality expectations around code, prompts, and AI outputs. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Safety%20and%20Security%3A%20To,of%20terms%20of%20service. ### privacy data use — risk low > GitHub uses cookies to provide, secure and improve our Service or to develop new features and functionality of our Service. For example, we use them to (i) keep you logged in, (ii) remember your preferences, (iii) identify your device for security and fraud purposes, including as needed to maintain the integrity of our Service, (iv) compile statistical reports, and (v) provide information and insight for future development of GitHub. - Interpretation (disclaimed): GitHub uses cookies beyond strictly necessary functionality, including for statistical analysis and development insights. While disclosed, users may not appreciate the extent of behavioral tracking involved. - Tier: All - Location: Privacy Policy › “Cookies and tracking technologies” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=GitHub%20uses%20cookies%20to,future%20development%20of%20GitHub. ### privacy data use — risk low > Our emails to users may contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email communications more effective and to make sure we are not sending you unwanted email. - Interpretation (disclaimed): Email pixel tracking collects behavioral data (open rates) and IP addresses passively. While disclosed, no opt-out is mentioned here, which may raise concerns under privacy regulations requiring transparency and control over such tracking. - Tier: All - Location: Privacy Policy › “Cookies and tracking technologies” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Our%20emails%20to%20users,sending%20you%20unwanted%20email. ### privacy data use — risk unknown > E. Private Repositories This section talks about how GitHub will treat content you post in private repositories. - Interpretation (disclaimed): Summary entry for Section E describes how GitHub treats content in private repositories; cross-reference incorporating privacy and data-handling obligations for private repository content. - Tier: All - Location: Article D - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20E.%20Private%20Repositories,in%20private%20repositories.%20 ### privacy data use — risk unknown > E. Private Repositories This section talks about how GitHub will treat content you post in private repositories. - Interpretation (disclaimed): Summary entry describing the Private Repositories section; incorporates by reference how GitHub treats content posted in private repositories, implicating privacy and confidentiality obligations. - Tier: All - Location: Article D - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20E.%20Private%20Repositories,in%20private%20repositories.%20 ### privacy data use — risk unknown > You may not use the API to download data or Content from GitHub for spamming purposes, including for the purposes of selling GitHub users' personal information, such as to recruiters, headhunters, and job boards. - Interpretation (disclaimed): Restricts use of the API to download GitHub data or Content for spamming purposes, explicitly prohibiting sale of GitHub users' personal information to recruiters, headhunters, or job boards. - Tier: All - Location: § H (API Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20may%20not,headhunters%2C%20and%20job%20boards. ### privacy data use — risk unknown > On GitHub Copilot Business and GitHub Copilot Enterprise, admins set usage limits and decide whether additional paid usage is allowed. If it isn't, Copilot pauses until the next cycle. You can track your usage and reset date in your Copilot settings, with alerts at 75%, 90%, and 100% of any configured budget. - Interpretation (disclaimed): Section header introducing the privacy topic for GitHub Copilot data processing, framing the definitions and disclosures about personal data that follow. - Tier: All - Location: “What happens when I hit my usage limit?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20On%20GitHub%20Copilot,any%20configured%20budget.%20 ### privacy data use — risk unknown > Suggestions: These are the AI-generated code lines or chat responses provided to users based on their prompts. - Interpretation (disclaimed): Defines Feedback Data as real-time user reactions, optional comments, and support ticket feedback, completing the enumeration of personal data categories processed by Copilot and relevant to privacy data-use analysis. - Tier: All - Location: “What personal data does GitHub Copilot process?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Suggestions%3A%20These%20are,on%20their%20prompts.%20 ### privacy data use — risk unknown > No. GitHub does not use either Copilot Business or Enterprise data to train its models. - Interpretation (disclaimed): Section header introducing how GitHub uses Copilot data from Business and Enterprise subscribers, framing the permitted uses and purposes described in the following segments. - Tier: All - Location: “Does GitHub use Copilot Business or Enterprise data to train GitHub’s model?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20No.%20GitHub%20does,train%20its%20models.%20 ### privacy data use — risk unknown > Troubleshoot, which involves preventing, detecting, resolving, and mitigating issues, including security incidents and product-related problems, by fixing software bugs and maintaining the online services' functionality and up-to-dateness - Interpretation (disclaimed): Permits GitHub to use personal data to enhance user productivity, reliability, effectiveness, quality, privacy, accessibility, and security by keeping the service current and operational, establishing a third permitted purpose for processing subscriber data. - Tier: All - Location: “How does GitHub use the Copilot data from Business and Enterprise Subscribers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Troubleshoot%2C%20which%20involves,functionality%20and%20up-to-dateness%20 ### privacy data use — risk unknown > To generate summary reports for calculating employee commissions and partner incentives - Interpretation (disclaimed): This segment identifies generation of summary reports for calculating employee commissions and partner incentives as a permitted internal use of personal data under the DPA authorization. - Tier: All - Location: “To comply with and resolve legal obligations” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20To%20generate%20summary,and%20partner%20incentives%20 ### privacy data use — risk unknown > To produce aggregated reports for internal use and strategic planning, covering areas like forecasting, revenue analysis, capacity planning, and product strategy. - Interpretation (disclaimed): This segment permits GitHub to use personal data to produce aggregated internal reports for forecasting, revenue analysis, capacity planning, and product strategy, establishing an authorized internal analytics purpose under the DPA. - Tier: All - Location: “To comply with and resolve legal obligations” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20To%20produce%20aggregated,planning%2C%20and%20product%20strategy. ### privacy data use — risk unknown > While we've designed GitHub Copilot with privacy in mind, the expansive definition of personal data under legislation like the EU’s General Data Protection Regulation (GDPR) means we can't guarantee it will never output such data. The Large Language Model (LLM) powering GitHub Copilot was trained on public code and there were instances in our tests where the tool made suggestions resembling personal data. These suggestions were typically synthesized and not tied to real individuals. - Interpretation (disclaimed): This segment disclaims any guarantee that Copilot outputs will never contain personal data, noting that the LLM was trained on public code and may produce suggestions resembling personal data, thereby limiting GitHub's liability and responsibility for inadvertent personal data outputs. - Tier: All - Location: “Does GitHub Copilot ever output personal data?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20While%20we%26%23x27%3Bve%20designed,to%20real%20individuals.%20 ### privacy data use — risk unknown > Suggestions: These are the AI-generated code lines or chat responses provided to users based on their prompts. - Interpretation (disclaimed): Defines 'Suggestions' as a category of personal data — AI-generated code or chat responses provided to users — establishing this as a data type subject to processing disclosures. - Tier: All - Location: “What personal data does GitHub Copilot process?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Suggestions%3A%20These%20are,on%20their%20prompts.%20 ### privacy data use — risk unknown > Feedback Data: This comprises real-time user feedback, including reactions (e.g., thumbs up/down) and optional comments, along with feedback from support tickets. - Interpretation (disclaimed): Defines 'Feedback Data' as a category of personal data comprising real-time user reactions and support ticket feedback, establishing its scope within Copilot data processing. - Tier: All - Location: “What personal data does GitHub Copilot process?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Feedback%20Data%3A%20This,feedback%20from%20support%20tickets. ### privacy data use — risk unknown > Enhance user productivity, reliability, effectiveness, quality, privacy, accessibility, and security by keeping the service current and operational - Interpretation (disclaimed): Permits GitHub to use personal data to enhance user productivity, reliability, quality, privacy, accessibility, and security, establishing these as authorized data processing purposes. - Tier: All - Location: “How does GitHub use the Copilot data from Business and Enterprise Subscribers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Enhance%20user%20productivity%2C,current%20and%20operational%20 ### privacy data use — risk unknown > To generate summary reports for calculating employee commissions and partner incentives - Interpretation (disclaimed): Authorizes GitHub to use personal data to generate summary reports for calculating employee commissions and partner incentives, establishing this as a permitted internal processing purpose under the DPA. - Tier: All - Location: “To comply with and resolve legal obligations” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20To%20generate%20summary,and%20partner%20incentives%20 ### privacy data use — risk unknown > To produce aggregated reports for internal use and strategic planning, covering areas like forecasting, revenue analysis, capacity planning, and product strategy. - Interpretation (disclaimed): Authorizes GitHub to produce aggregated internal reports for forecasting, revenue analysis, capacity planning, and product strategy, establishing these as permitted data processing purposes under the DPA. - Tier: All - Location: “To comply with and resolve legal obligations” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20To%20produce%20aggregated,planning%2C%20and%20product%20strategy. ### privacy data use — risk unknown > While we've designed GitHub Copilot with privacy in mind, the expansive definition of personal data under legislation like the EU’s General Data Protection Regulation (GDPR) means we can't guarantee it will never output such data. The Large Language Model (LLM) powering GitHub Copilot was trained on public code and there were instances in our tests where the tool made suggestions resembling personal data. These suggestions were typically synthesized and not tied to real individuals. - Interpretation (disclaimed): This segment disclaims any guarantee that Copilot will never output personal data, explaining that the broad GDPR definition of personal data and the LLM's training on public code mean suggestions may occasionally resemble personal data, though typically synthesized rather than tied to real individuals. - Tier: All - Location: “Does GitHub Copilot ever output personal data?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20While%20we%26%23x27%3Bve%20designed,to%20real%20individuals.%20 ### privacy data use — risk unknown > Welcome to the GitHub Privacy Statement. This is where we describe how we handle your “Personal Data”, which is information that is directly linked or can be linked to you. It applies to the Personal Data that GitHub, Inc. or GitHub B.V., processes as the “Data Controller” when you interact with websites, applications, and services that display this Statement (collectively, “Services”). This Statement does not apply to services or products that do not display this Statement, such as Previews, where relevant. - Interpretation (disclaimed): This segment defines key terms including 'Personal Data,' 'Data Controller,' and 'Services,' and delineates the scope of the privacy statement by identifying which entities (GitHub, Inc. and GitHub B.V.) process data and under what circumstances the statement applies or does not apply (e.g., excluding Previews). - Tier: All - Location: Privacy Policy › “Effective date: April 27, 2026” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Welcome%20to%20the,as%20Previews%2C%20where%20relevant. ### privacy data use — risk unknown > Access and utilize your Personal Data, which includes details on how you use the Services, as well as your content and files. - Interpretation (disclaimed): This segment grants the organization-as-Data-Controller the permission to access and utilize the user's Personal Data, including service usage details and content/files, flowing from their controller role. - Tier: All - Location: Privacy Policy › “End User Notice: Organization-Provided GitHub Accounts” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Access%20and%20utilize,your%20content%20and%20files. ### privacy data use — risk unknown > Account Data: We collect certain information when you open an account such as your GitHub handle, name, email address, password, payment information and transaction information. - Interpretation (disclaimed): This segment defines 'User Content and Files' as a category of Personal Data that includes code, AI inputs and outputs, text, documents, images, and feedback submitted through the Services, which is directly relevant to training use and output ownership considerations. - Tier: All - Location: Privacy Policy › “From You” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Account%20Data%3A%20We,information%20and%20transaction%20information. ### privacy data use — risk unknown > User Content and Files: When you use our Services, we collect Personal Data included as part of the information you provide such as code, inputs, AI outputs, text, documents, images, or feedback. - Interpretation (disclaimed): This segment defines demographic information (ethnicity, gender, similar details) as a category of Personal Data that users may voluntarily provide, establishing the scope of sensitive data GitHub may process. - Tier: All - Location: Privacy Policy › “From You” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20User%20Content%20and,documents%2C%20images%2C%20or%20feedback. ### privacy data use — risk unknown > Payment Information: For paid subscriptions, we collect details like name, billing address, and payment specifics. - Interpretation (disclaimed): This segment defines 'Profile Information' as a category of Personal Data collected to create a user profile, enumerating possible elements such as photo, email addresses, job title, and biography. - Tier: All - Location: Privacy Policy › “From You” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Payment%20Information%3A%20For,address%2C%20and%20payment%20specifics. ### privacy data use — risk unknown > Profile Information: We collect information to create a user profile, which may include a photo, additional email addresses, job title, or biography. - Interpretation (disclaimed): This segment defines 'Sales and Marketing Data' as a category of Personal Data including name, email, and company name collected for promotional communications, establishing the scope of data used for commercial marketing purposes. - Tier: All - Location: Privacy Policy › “From You” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Profile%20Information%3A%20We,job%20title%2C%20or%20biography. ### privacy data use — risk unknown > Sales and Marketing Data: This includes information provided for promotional communications, such as name, email address, and company name. - Interpretation (disclaimed): This segment defines 'Support Data' as a category of Personal Data including code, text, and multimedia files collected when users seek customer support, establishing the scope of data processed in that context. - Tier: All - Location: Privacy Policy › “From You” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Sales%20and%20Marketing,address%2C%20and%20company%20name. ### privacy data use — risk unknown > Essential Cookies and Similar Tracking Technologies: We use cookies and similar technologies to provide essential functionality like storing settings and recognizing you while using our Services. - Interpretation (disclaimed): This segment defines GitHub's use of non-essential cookies, including analytics and interest-based advertising cookies, conditioned on user consent in applicable jurisdictions, establishing the scope and conditions of this data collection practice. - Tier: All - Location: Privacy Policy › “Automatically” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Essential%20Cookies%20and,while%20using%20our%20Services. ### privacy data use — risk unknown > Non-essential Cookies: Depending on your jurisdiction, we may use online analytics products that use cookies to help us analyze how de-identified users use our Services and to enhance your experience when you use the Services. We may also employ third-party Cookies to gather data for interest-based advertising. In some jurisdictions, we only use non-essential cookies after obtaining your consent. See this section for more details and control options. - Interpretation (disclaimed): This segment defines 'Email Marketing Interactions' as a category of automatically collected data via web beacons embedded in emails, specifying what information is gathered (device type, email client, opens, link clicks). - Tier: All - Location: Privacy Policy › “Automatically” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Non-essential%20Cookies%3A%20Depending,details%20and%20control%20options. ### privacy data use — risk unknown > Email Marketing Interactions: Our emails may have web beacons that offer information on your device type, email client, email reception, opens, and link clicks. - Interpretation (disclaimed): This segment defines the collection of regional geolocation data as dependent on service functionality, establishing this as a category of automatically collected Personal Data. - Tier: All - Location: Privacy Policy › “Automatically” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Email%20Marketing%20Interactions%3A,opens%2C%20and%20link%20clicks. ### privacy data use — risk unknown > Service Usage Information: We collect data about your interactions with the Services, such as IP address, device information, session details, date and time of requests, device type and ID, operating system and application version, information related to your contributions to repositories, and performance of specific features or Services. - Interpretation (disclaimed): This segment defines 'Website Usage Data' as a category of automatically logged Personal Data including referring site, visit timestamps, pages viewed, and links clicked, establishing the scope of passive website interaction tracking. - Tier: All - Location: Privacy Policy › “Automatically” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Service%20Usage%20Information%3A,specific%20features%20or%20Services. ### privacy data use — risk unknown > Vendors, Partners, and Affiliates: We may receive information about you from third parties, like vendors, resellers, partners, or affiliates for the purposes outlined in this statement. - Interpretation (disclaimed): This segment is the section heading 'Processing Purposes: How We Use Your Personal Data,' introducing the disclosure of GitHub's legal bases and purposes for processing personal data, which is a foundational definitional and structural element of the privacy statement. - Tier: All - Location: Privacy Policy › “From Third Parties” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Vendors%2C%20Partners%2C%20and,outlined%20in%20this%20statement. ### privacy data use — risk unknown > The Personal Data we process depends on your interaction and access methods with our Services, including the interfaces (web, desktop, mobile apps), features used (pull requests, Codespaces, GitHub Copilot), and your preferred access tools (like your IDE). This section details all the potential ways GitHub may process your Personal Data: - Interpretation (disclaimed): This segment defines the scope of personal data processing by enumerating interaction methods, interfaces, features, and access tools that determine what personal data GitHub may process, establishing the definitional framework for subsequent processing disclosures. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20The%20Personal%20Data,process%20your%20Personal%20Data%3A ### privacy data use — risk unknown > Business Operations: We use Personal Data for activities like billing, accounting, and compensation. This includes creating aggregated statistical data for internal reporting, financial reporting, revenue planning, capacity planning, and forecast modeling (including product strategy). - Interpretation (disclaimed): This segment describes GitHub's use of personal data for business operations including billing, accounting, compensation, and internal reporting, establishing an operative permission and obligation for these specific processing activities. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Business%20Operations%3A%20We,modeling%20(including%20product%20strategy). ### privacy data use — risk unknown > Personalization: We use Personal Data to customize the Service to your preferences, to evaluate the effectiveness of enterprise business ads and promotional communications, and to ensure a seamless and consistent user experience. - Interpretation (disclaimed): This segment permits GitHub to use personal data for personalization of services, evaluation of advertising effectiveness, and ensuring a consistent user experience, defining the scope of that processing right. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Personalization%3A%20We%20use,and%20consistent%20user%20experience. ### privacy data use — risk unknown > Ongoing Service Performance: Personal Data helps us keep the Services up to date and performant, and meet user productivity, reliability, efficacy, quality, privacy, accessibility and security needs. - Interpretation (disclaimed): This segment permits GitHub to use personal data to maintain service performance, reliability, quality, privacy, and security, establishing ongoing performance optimization as a permissible data processing purpose. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Ongoing%20Service%20Performance%3A,accessibility%20and%20security%20needs. ### privacy data use — risk unknown > Complying with and resolving legal obligations: including responding to Data Subject Requests for Personal Data processed by GitHub as Controller (for example website data), tax requirements, agreements and disputes. - Interpretation (disclaimed): This segment establishes GitHub's obligation to process personal data to comply with and resolve legal obligations including responding to data subject requests, tax requirements, agreements, and disputes. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Complying%20with%20and,requirements%2C%20agreements%20and%20disputes. ### privacy data use — risk unknown > When carrying out these activities, GitHub practices data minimization and uses the minimum amount of Personal Information required. - Interpretation (disclaimed): This segment imposes an obligation on GitHub to practice data minimization and use the minimum amount of personal information required when carrying out the enumerated processing activities, creating a binding data minimization duty. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20When%20carrying%20out,of%20Personal%20Information%20required. ### privacy data use — risk unknown > Visual Studio Code (GitHub Codespaces): GitHub Codespaces and github.dev offer Visual Studio Code in a web browser, where some telemetry is collected by default. Details on telemetry collection are on the VS Code website . To opt out, go to File > Preferences > Settings in the top left menu of VS Code. Opting out will sync this preference across all future web sessions in GitHub Codespaces and github.dev. - Interpretation (disclaimed): This segment describes telemetry data collection by Visual Studio Code within GitHub Codespaces and github.dev by default, and provides a procedure for users to opt out of such telemetry collection via application settings, affecting how personal data is gathered in those environments. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Visual%20Studio%20Code,GitHub%20Codespaces%20and%20github.dev. ### privacy data use — risk unknown > Contractual Necessity: Processing is required to fulfill our contractual duties to you, in accordance with the GitHub Terms of Service. - Interpretation (disclaimed): This segment defines contractual necessity as a lawful basis for processing personal data required to fulfill GitHub's obligations under the Terms of Service, establishing the legal foundation for contract-based processing. - Tier: All - Location: Privacy Policy › “Lawful Bases for Processing Personal Data (Applicable to EEA and UK End Users)” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Contractual%20Necessity%3A%20Processing,GitHub%20Terms%20of%20Service. ### privacy data use — risk unknown > Legitimate Interests: We process data for purposes that are in our legitimate interests, such as securing our Services, communicating with you, and developing and improving our Services, which include artificial intelligence and machine learning technologies. This is done only when these interests are not overridden by your data protection rights or your fundamental rights and freedoms. - Interpretation (disclaimed): This segment defines legitimate interests as a lawful basis for processing personal data for security, communication, and service improvement including AI/ML development, conditioned on those interests not being overridden by user data protection rights. - Tier: All - Location: Privacy Policy › “Lawful Bases for Processing Personal Data (Applicable to EEA and UK End Users)” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Legitimate%20Interests%3A%20We,fundamental%20rights%20and%20freedoms. ### privacy data use — risk unknown > Consent: We process data when you have explicitly consented to such processing. When we rely on consent as the legal basis, you have the right to withdraw your consent for data processing at any time. The procedures for withdrawal are detailed in this Statement and available on our website. - Interpretation (disclaimed): This segment defines consent as a lawful processing basis and establishes the user's right to withdraw consent at any time, with a reference to available withdrawal procedures, creating an operative individual right with procedural backing. - Tier: All - Location: Privacy Policy › “Lawful Bases for Processing Personal Data (Applicable to EEA and UK End Users)” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Consent%3A%20We%20process,available%20on%20our%20website. ### privacy data use — risk unknown > The right to object to the processing of your Personal Data, as allowed by applicable law - Interpretation (disclaimed): Grants data subjects the right to object to processing of their Personal Data where permitted by applicable law, creating an enforceable individual right against the platform. - Tier: All - Location: Privacy Policy › “The right to access the data collected about you” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20The%20right%20to,allowed%20by%20applicable%20law ### privacy data use — risk unknown > The right to withdraw consent, where processing is based on your consent - Interpretation (disclaimed): Grants data subjects the right to withdraw consent at any time where processing is consent-based, establishing a procedural right that limits the platform's ability to continue processing. - Tier: All - Location: Privacy Policy › “The right to access the data collected about you” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20The%20right%20to,based%20on%20your%20consent ### privacy data use — risk unknown > The right to receive your collected Personal Data in a structured, commonly used, and machine-readable format to facilitate its transfer to another company, where technically feasible - Interpretation (disclaimed): Grants data subjects the right to data portability — to receive their collected Personal Data in a structured, machine-readable format for transfer to another controller, subject to technical feasibility. - Tier: All - Location: Privacy Policy › “The right to access the data collected about you” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20The%20right%20to,company%2C%20where%20technically%20feasible ### privacy data use — risk unknown > GitHub uses administrative, technical, and physical security controls where appropriate to protect your Personal Data. - Interpretation (disclaimed): Commits GitHub to implementing administrative, technical, and physical security controls where appropriate to protect Personal Data, creating a baseline security obligation. - Tier: All - Location: Privacy Policy › “Security” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20GitHub%20uses%20administrative%2C,protect%20your%20Personal%20Data. ### privacy data use — risk unknown > Some users will also be able to manage non-essential cookies via a cookie consent banner, including the options to accept, manage, and reject all non-essential cookies. - Interpretation (disclaimed): This segment describes the procedure whereby some users can manage non-essential cookies through a consent banner with options to accept, manage, or reject all non-essential cookies. - Tier: All - Location: Privacy Policy › “Specifically on GitHub Enterprise Marketing Pages” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Some%20users%20will,reject%20all%20non-essential%20cookies. ### privacy data use — risk unknown > We use cookies and similar technologies, such as web beacons, local storage, and mobile analytics, to operate and provide our Services. When visiting Enterprise Marketing Pages, like resources.github.com, these and additional cookies, like advertising IDs, may be used for sales and marketing purposes. - Interpretation (disclaimed): This segment grants GitHub and partners permission to use cookies, web beacons, local storage, mobile analytics, and advertising IDs across its Services and Enterprise Marketing Pages for operational and marketing purposes. - Tier: All - Location: Privacy Policy › “What are cookies and similar technologies?” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20We%20use%20cookies,sales%20and%20marketing%20purposes. ### privacy data use — risk unknown > We may also use so-called “flash cookies” (also known as “Local Shared Objects” or “LSOs”) to collect and store information about your use of our Services. Flash cookies are commonly used for advertisements and videos. - Interpretation (disclaimed): This segment grants GitHub permission to use Flash cookies (Local Shared Objects) to collect and store information about users' use of GitHub Services, particularly for advertisements and videos. - Tier: All - Location: Privacy Policy › “What are cookies and similar technologies?” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20We%20may%20also,for%20advertisements%20and%20videos. ### privacy data use — risk unknown > You have several options to disable non-essential cookies: - Interpretation (disclaimed): This segment establishes users' right to disable non-essential cookies by presenting several available options, granting users control over non-essential cookie deployment. - Tier: All - Location: Privacy Policy › “What are your cookie choices and controls?” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20You%20have%20several,to%20disable%20non-essential%20cookies%3A ### privacy data use — risk unknown > If your browser sends a Do Not Track (DNT) signal, GitHub will not set non-essential cookies and will not load third party resources which set non-essential cookies. - Interpretation (disclaimed): This segment creates an obligation on GitHub to refrain from setting non-essential cookies and loading third-party non-essential cookie resources when a Do Not Track signal is detected from a user's browser. - Tier: All - Location: Privacy Policy › “Generally for all websites” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20If%20your%20browser,which%20set%20non-essential%20cookies. ### privacy data use — risk unknown > If you enable a browser extension designed to block tracking, such as Privacy Badger , non-essential cookies set by a website or third parties may be disabled. - Interpretation (disclaimed): This segment informs users of their right to use browser extensions such as Privacy Badger to disable non-essential cookies set by websites or third parties. - Tier: All - Location: Privacy Policy › “Generally for all websites” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20If%20you%20enable,parties%20may%20be%20disabled. ### privacy data use — risk unknown > You may use the Global Privacy Control (GPC) to communicate your privacy preferences. If GitHub detects the GPC signal from your device, GitHub will not share your data (we do not sell your data). To learn more, visit Global Privacy Control — Take Control Of Your Privacy - Interpretation (disclaimed): This segment creates an obligation on GitHub to refrain from sharing user data when a Global Privacy Control signal is detected, and clarifies that GitHub does not sell user data, combining a restriction with a user right to communicate privacy preferences. - Tier: All - Location: Privacy Policy › “Generally for all websites” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20You%20may%20use,Of%20Your%20Privacy%20 ### privacy data use — risk unknown > These choices are specific to the browser you are using. If you access our Services from other devices or browsers, take these actions from those systems to ensure your choices apply to the data collected when you use those systems. - Interpretation (disclaimed): This segment creates an obligation on users to apply cookie and advertising choices separately per browser and device, clarifying the scope and limitation of any opt-out exercise to specific systems used. - Tier: All - Location: Privacy Policy › “Europe: European Digital Advertising Alliance” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20These%20choices%20are,you%20use%20those%20systems. ### privacy data use — risk unknown > This section provides extra information specifically for residents of certain US states that have distinct data privacy laws and regulations. These laws may grant specific rights to residents of these states when the laws come into effect. This section uses the term “personal information” as an equivalent to the term “Personal Data.” - Interpretation (disclaimed): This segment defines the scope and purpose of the US State Specific Information section, specifying that it addresses state privacy laws, grants rights upon their effective dates, and equates 'personal information' with 'Personal Data' as used elsewhere in the document. - Tier: All - Location: Privacy Policy › “US State Specific Information” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20This%20section%20provides,the%20term%20%E2%80%9CPersonal%20Data.%E2%80%9D ### privacy data use — risk unknown > These rights are common to the US State privacy laws: - Interpretation (disclaimed): This segment introduces the list of rights common across US state privacy laws, framing the legal basis and commonality of the rights described in subsequent segments. - Tier: All - Location: Privacy Policy › “Privacy Rights” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20These%20rights%20are,US%20State%20privacy%20laws%3A ### privacy data use — risk unknown > We may collect various categories of personal information about our website visitors and users of "Services" which includes GitHub applications, software, products, or services. That information includes identifiers/contact information, demographic information, payment information, commercial information, internet or electronic network activity information, geolocation data, audio, electronic, visual, or similar information, and inferences drawn from such information. - Interpretation (disclaimed): Defines the categories of personal information collected from website visitors and users of Services, enumerating identifiers, demographic, payment, commercial, activity, geolocation, and inferred data. - Tier: All - Location: Privacy Policy › “Notice of Collection of Personal Information” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20We%20may%20collect,drawn%20from%20such%20information. ### privacy data use — risk unknown > We collect this information for various purposes. This includes identifying accessibility gaps and offering targeted support, fostering diversity and representation, providing services, troubleshooting, conducting business operations such as billing and security, improving products and supporting research, communicating important information, ensuring personalized experiences, and promoting safety and security. - Interpretation (disclaimed): Discloses and describes the business and commercial purposes for which personal information is collected, creating a notice obligation consistent with applicable privacy law requirements. - Tier: All - Location: Privacy Policy › “Notice of Collection of Personal Information” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20We%20collect%20this,promoting%20safety%20and%20security. ### privacy data use — risk unknown > We collected the following categories of personal information in the last 12 months: identifiers/contact information, demographic information (such as gender), payment card information associated with you, commercial information, Internet or other electronic network activity information, geolocation data, audio, electronic, visual or similar information, and inferences drawn from the above. - Interpretation (disclaimed): Discloses the categories of personal information collected in the last 12 months as required by California privacy law, including identifiers, demographic, payment, commercial, activity, geolocation, and inferred data. - Tier: All - Location: Privacy Policy › “Mandatory Disclosures” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20We%20collected%20the,drawn%20from%20the%20above. ### privacy data use — risk unknown > The business or commercial purposes of collecting personal information are as summarized above and in our Privacy Statement under Processing Purposes. - Interpretation (disclaimed): Incorporates by reference the business and commercial purposes of collecting personal information as summarized in the Privacy Statement's Processing Purposes section, satisfying California disclosure requirements. - Tier: All - Location: Privacy Policy › “Mandatory Disclosures” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20The%20business%20or,Statement%20under%20Processing%20Purposes. ### privacy data use — risk unknown > We value the trust you place in us and are committed to handling your personal information with care and respect. If you have any questions or concerns about our privacy practices, please email our Data Protection Officer at dpo[at]github[dot]com. - Interpretation (disclaimed): Identifies the Data Protection Officer contact and affirms the platform's commitment to handling personal information with care, providing a point of contact for privacy questions as required under applicable data protection frameworks. - Tier: All - Location: Privacy Policy › “Removal of Content” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20We%20value%20the,Protection%20Officer%20at%20dpo%5Bat%5Dgithub%5Bdot%5Dcom. ### privacy data use — risk unknown > If we deny your rights request, you have the right to appeal that decision. We will provide you with the necessary information to submit an appeal at that time. - Interpretation (disclaimed): Grants Colorado, Connecticut, and Virginia residents the right to appeal a denial of a privacy rights request, and obligates the platform to provide information necessary to submit such an appeal. - Tier: All - Location: Privacy Policy › “Colorado/Connecticut/Virginia” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20If%20we%20deny,appeal%20at%20that%20time. ### privacy data use — risk unknown > unauthorized access to or alterations of your transmissions or data; - Interpretation (disclaimed): Excludes liability for damages arising from unauthorized access to or alteration of user transmissions or data, limiting GitHub's responsibility for third-party security breaches affecting user data. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20unauthorized%20access%20to,your%20transmissions%20or%20data%3B ### privacy data use — risk unknown > You may not use the API to download data or Content from GitHub for spamming purposes, including for the purposes of selling GitHub users' personal information, such as to recruiters, headhunters, and job boards. - Interpretation (disclaimed): Prohibits use of the GitHub API to download data or Content for spamming purposes, specifically including the sale of GitHub users' personal information to recruiters, headhunters, and job boards. - Tier: All - Location: § H (API Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20may%20not,headhunters%2C%20and%20job%20boards. ### privacy data use — risk unknown > To generate a suggestion for chat in the code editor, the GitHub Copilot extension creates a contextual prompt by combining your prompt with additional context including the code file open in your active document, your code selection, and general workspace information, such as frameworks, languages, and dependencies. That information is sent to GitHub Copilot’s model, to make a probabilistic determination of what is likely to come next and generate suggestions. - Interpretation (disclaimed): Describes the procedure for constructing chat prompts in the IDE by combining user input with contextual data (open file, code selection, workspace information) and transmitting it to the model, establishing how user data is processed for chat suggestions. - Tier: All - Location: “Does GitHub Copilot “copy/paste”?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20To%20generate%20a,next%20and%20generate%20suggestions. ### privacy data use — risk unknown > To generate a suggestion for chat in the code editor, the GitHub Copilot extension creates a contextual prompt by combining your prompt with additional context including the code file open in your active document, your code selection, and general workspace information, such as frameworks, languages, and dependencies. That information is sent to GitHub Copilot’s model, to make a probabilistic determination of what is likely to come next and generate suggestions. - Interpretation (disclaimed): Segment describes the procedure by which GitHub Copilot collects prompt data, open code files, code selections, and workspace information to construct a contextual prompt for chat in the IDE and transmits it to the model, establishing how user data is processed for chat features. - Tier: All - Location: “Does GitHub Copilot “copy/paste”?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20To%20generate%20a,next%20and%20generate%20suggestions. ### privacy data use — risk unknown > To generate a code suggestion, the GitHub Copilot extension begins by examining the code in your editor—focusing on the lines just before and after your cursor, but also information including other files open in your editor and the URLs of repositories or file paths to identify relevant context. That information is sent to GitHub Copilot’s model, to make a probabilistic determination of what is likely to come next and generate suggestions. - Interpretation (disclaimed): Segment describes the technical procedure by which GitHub Copilot collects and processes user code and contextual information (files open in editor, repository URLs, file paths) and transmits that data to the model to generate suggestions, establishing how user data is used in the product pipeline. - Tier: All - Location: “Does GitHub Copilot “copy/paste”?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20To%20generate%20a,next%20and%20generate%20suggestions. ### privacy data use — risk unknown > How GitHub uses Copilot data depends on how the user accesses Copilot and for what purpose. Users can access GitHub Copilot through the web, extensions, mobile apps, computer terminal, and various IDEs (Integrated Development Environments). GitHub generally uses personal data to: Deliver, maintain, and update the services as per the customer's configuration and usage, to ensure personalized experiences and recommendations - Interpretation (disclaimed): Permits GitHub to use personal data for troubleshooting purposes including preventing, detecting, resolving, and mitigating security incidents and product issues, fixing bugs, and maintaining service functionality, establishing a permitted secondary purpose for data processing. - Tier: All - Location: “How does GitHub use the Copilot data from Business and Enterprise Subscribers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20How%20GitHub%20uses,experiences%20and%20recommendations%20 ### privacy data use — risk unknown > To generate a suggestion for chat on GitHub.com, such as providing an answer to a question from your chat prompt, GitHub Copilot creates a contextual prompt by combining your prompt with additional context including previous prompts, the open pages on GitHub.com as well as retrieved context from your codebase or Bing search. That information is sent to GitHub Copilot’s model, to make a probabilistic determination of what is likely to come next and generate suggestions. - Interpretation (disclaimed): Describes the procedure for generating GitHub.com chat suggestions by combining user prompts with prior prompts, open pages, codebase context, and Bing search results, establishing the data inputs and transmission process relevant to privacy and subprocessor considerations. - Tier: All - Location: “Does GitHub Copilot “copy/paste”?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20To%20generate%20a,and%20generate%20suggestions.%20 ### privacy data use — risk unknown > GitHub Copilot processes personal data based on how Copilot is accessed and used: whether via GitHub.com, mobile app, extensions, or one of various IDE extensions, or through features like suggestions for the command line interface (CLI), IDE code completions, or personalized chat on GitHub.com. The types of personal data processed may include: User Engagement Data: This includes pseudonymous identifiers captured on user interactions with Copilot, such as accepted or dismissed completions, error messages, system logs, and product usage metrics. - Interpretation (disclaimed): Defines the categories of personal data processed by GitHub Copilot — including User Engagement Data with pseudonymous identifiers — across various access modes, establishing what constitutes personal data in the context of the service. - Tier: All - Location: “What personal data does GitHub Copilot process?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20processes,product%20usage%20metrics.%20 ### privacy data use — risk unknown > How GitHub uses Copilot data depends on how the user accesses Copilot and for what purpose. Users can access GitHub Copilot through the web, extensions, mobile apps, computer terminal, and various IDEs (Integrated Development Environments). GitHub generally uses personal data to: Deliver, maintain, and update the services as per the customer's configuration and usage, to ensure personalized experiences and recommendations - Interpretation (disclaimed): Enumerates the general purposes for which GitHub uses personal data from Business and Enterprise subscribers — delivering, maintaining, and updating services per customer configuration — establishing the legal basis and scope of permitted data use. - Tier: All - Location: “How does GitHub use the Copilot data from Business and Enterprise Subscribers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20How%20GitHub%20uses,experiences%20and%20recommendations%20 ### privacy data use — risk unknown > To generate a suggestion for chat on GitHub.com, such as providing an answer to a question from your chat prompt, GitHub Copilot creates a contextual prompt by combining your prompt with additional context including previous prompts, the open pages on GitHub.com as well as retrieved context from your codebase or Bing search. That information is sent to GitHub Copilot’s model, to make a probabilistic determination of what is likely to come next and generate suggestions. - Interpretation (disclaimed): Segment describes the procedure by which GitHub Copilot on GitHub.com collects prompt data, previous prompts, open page context, codebase context, and Bing search results to generate chat suggestions, establishing how user data and third-party data are combined and processed. - Tier: All - Location: “Does GitHub Copilot “copy/paste”?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20To%20generate%20a,and%20generate%20suggestions.%20 ### privacy data use — risk unknown > GitHub Copilot processes personal data based on how Copilot is accessed and used: whether via GitHub.com, mobile app, extensions, or one of various IDE extensions, or through features like suggestions for the command line interface (CLI), IDE code completions, or personalized chat on GitHub.com. The types of personal data processed may include: User Engagement Data: This includes pseudonymous identifiers captured on user interactions with Copilot, such as accepted or dismissed completions, error messages, system logs, and product usage metrics. - Interpretation (disclaimed): Defines prompts as inputs for chat or code along with context sent to Copilot's AI to generate suggestions, establishing the scope of what constitutes prompt data for privacy and data-use purposes. - Tier: All - Location: “What personal data does GitHub Copilot process?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20processes,product%20usage%20metrics.%20 ### privacy data use — risk unknown > To generate a code suggestion, the GitHub Copilot extension begins by examining the code in your editor—focusing on the lines just before and after your cursor, but also information including other files open in your editor and the URLs of repositories or file paths to identify relevant context. That information is sent to GitHub Copilot’s model, to make a probabilistic determination of what is likely to come next and generate suggestions. - Interpretation (disclaimed): Describes the technical procedure by which user code context (editor content, open files, repository URLs) is collected and transmitted to GitHub Copilot's model to generate inline suggestions, establishing the data flow relevant to privacy and data-use obligations. - Tier: All - Location: “Does GitHub Copilot “copy/paste”?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20To%20generate%20a,next%20and%20generate%20suggestions. ### privacy data use — risk unknown > These actions are available to Copilot users as described in the GitHub Privacy Statement . - Interpretation (disclaimed): This segment incorporates by reference the GitHub Privacy Statement as the governing document describing the procedures by which Copilot users may exercise their data subject rights (access, alteration, deletion). - Tier: All - Location: “How does Copilot allow users to access, alter or delete personal data?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20These%20actions%20are,GitHub%20Privacy%20Statement%20. ### privacy data use — risk unknown > These actions are available to Copilot users as described in the GitHub Privacy Statement . - Interpretation (disclaimed): This segment incorporates by reference the GitHub Privacy Statement as the instrument governing user rights to access, alter, or delete personal data, making those provisions operative through cross-reference. - Tier: All - Location: “How does Copilot allow users to access, alter or delete personal data?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20These%20actions%20are,GitHub%20Privacy%20Statement%20. ### privacy data use — risk unknown > For abuse detection, prevention, and protection, virus scanning, and scanning to detect violations of terms of service - Interpretation (disclaimed): Authorizes GitHub to use personal data for abuse detection, prevention, virus scanning, and terms of service violation detection, establishing these as permitted processing purposes under the DPA. - Tier: All - Location: “To comply with and resolve legal obligations” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20For%20abuse%20detection%2C,terms%20of%20service%20 ### privacy data use — risk unknown > Prompts: These are inputs for chat or code, along with context, sent to Copilot's AI to generate suggestions. - Interpretation (disclaimed): Defines 'Prompts' as a category of personal data processed by Copilot, specifically inputs for chat or code sent to generate suggestions, establishing its role in data processing. - Tier: All - Location: “What personal data does GitHub Copilot process?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Prompts%3A%20These%20are,to%20generate%20suggestions.%20 ### privacy data use — risk unknown > Troubleshoot, which involves preventing, detecting, resolving, and mitigating issues, including security incidents and product-related problems, by fixing software bugs and maintaining the online services' functionality and up-to-dateness - Interpretation (disclaimed): Permits GitHub to use personal data for troubleshooting purposes including detecting, preventing, and resolving security incidents and product issues, defining this as an authorized data processing activity. - Tier: All - Location: “How does GitHub use the Copilot data from Business and Enterprise Subscribers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Troubleshoot%2C%20which%20involves,functionality%20and%20up-to-dateness%20 ### privacy data use — risk unknown > Other Users and the Public: Depending on your account settings, we may share Personal Data with other users of the Services and the public. You control what information is made public. To adjust your settings, visit User Settings in your profile. Please be aware that any information you share in a collaborative context may become publicly accessible. - Interpretation (disclaimed): This segment permits sharing of personal data with other users and the public depending on account settings, grants users control over public information through profile settings, and warns that collaboratively shared information may become publicly accessible. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Other%20Users%20and,may%20become%20publicly%20accessible. ### privacy data use — risk unknown > You can control the cookies you encounter on the web using a variety of widely-available tools. For example: - Interpretation (disclaimed): This segment establishes users' right to control cookies across the web using various tools, introducing the enumerated methods that follow. - Tier: All - Location: Privacy Policy › “Generally for all websites” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=You%20can%20control%20the,widely-available%20tools.%20For%20example%3A ### privacy data use — risk unknown > Personal Data is collected from you directly, automatically from your device, and also from third parties. The Personal Data GitHub processes when you use the Services depends on variables like how you interact with our Services (such as through web interfaces, desktop or mobile applications), the features you use (such as pull requests, Codespaces, or GitHub Copilot) and your method of accessing the Services (your preferred IDE). Below, we detail the information we collect through each of these channels: - Interpretation (disclaimed): This segment is the subsection heading 'From You,' introducing the category of Personal Data collected directly from users, which serves as a structural and definitional label for the enumerated data types that follow. - Tier: All - Location: Privacy Policy › “Personal Data We Collect” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Personal%20Data%20is,each%20of%20these%20channels%3A ### privacy data use — risk unknown > Advertising controls. Our advertising partners may participate in associations that provide simple ways to opt out of ad targeting, which you can access at: - Interpretation (disclaimed): This segment informs users of their right to opt out of targeted advertising through industry association tools provided by GitHub's advertising partners, directing users to external opt-out mechanisms. - Tier: All - Location: Privacy Policy › “Generally for all websites” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Advertising%20controls.%20Our,you%20can%20access%20at%3A ### privacy data use — risk unknown > Support Data: When you seek customer support, we collect details like code, text, or multimedia files. - Interpretation (disclaimed): This segment is the subsection heading 'Automatically,' introducing the category of Personal Data collected automatically from user devices, serving as a structural and definitional label for the enumerated automatic collection methods that follow. - Tier: All - Location: Privacy Policy › “From You” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Support%20Data%3A%20When,text%2C%20or%20multimedia%20files. ### privacy data use — risk unknown > Right to Knowledge and Correction: You have the right to request details on the specific personal information we’ve collected about you and the right to correct inaccurate information. You can exercise this right by contacting us. You can also access and edit basic account information in your settings. - Interpretation (disclaimed): This segment grants users the right to request details on collected personal information and to correct inaccurate information, and specifies the procedure for exercising these rights via contact or account settings. - Tier: All - Location: Privacy Policy › “Privacy Rights” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Right%20to%20Knowledge,information%20in%20your%20settings. ### privacy data use — risk unknown > Cookies are small text files stored by your browser on your device. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server. - Interpretation (disclaimed): This segment defines cookies as small text files stored by browsers that allow web servers to recognize browsers over time, providing the technical definition necessary to understand the scope of cookie-related obligations and permissions. - Tier: All - Location: Privacy Policy › “What are cookies and similar technologies?” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Cookies%20are%20small,to%20that%20web%20server. ### privacy data use — risk unknown > Any GitHub page that serves non-essential cookies will have a link in the page’s footer to cookie settings. You can express your preferences at any time by clicking on that link and updating your settings. - Interpretation (disclaimed): This segment describes the procedure by which users can exercise their cookie preference rights on GitHub Enterprise Marketing Pages by accessing cookie settings via a footer link. - Tier: All - Location: Privacy Policy › “Specifically on GitHub Enterprise Marketing Pages” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Any%20GitHub%20page,and%20updating%20your%20settings. ### privacy data use — risk unknown > We do not “sell” or “share” the personal information of known minors under 16 years of age. - Interpretation (disclaimed): Restricts the platform from selling or sharing personal information of known minors under 16 years of age, creating a categorical prohibition aligned with California privacy law. - Tier: All - Location: Privacy Policy › “Mandatory Disclosures” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20We%20do%20not,16%20years%20of%20age. ### privacy data use — risk unknown > Website Usage Data: We automatically log data about your Website interactions, including the referring site, date and time of visit, pages viewed, and links clicked. - Interpretation (disclaimed): This segment is the subsection heading 'From Third Parties,' introducing the category of Personal Data GitHub receives from external sources, serving as a structural and definitional label for the enumerated third-party collection methods that follow. - Tier: All - Location: Privacy Policy › “Automatically” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Website%20Usage%20Data%3A,viewed%2C%20and%20links%20clicked. ### privacy data use — risk unknown > Legal Obligation: We process data when it's necessary to comply with applicable laws or to protect the rights, safety, and property of GitHub, our affiliates, users, or third parties. - Interpretation (disclaimed): This segment defines legal obligation as a lawful basis for processing personal data when required by applicable law or to protect the rights, safety, and property of GitHub, affiliates, users, or third parties. - Tier: All - Location: Privacy Policy › “Lawful Bases for Processing Personal Data (Applicable to EEA and UK End Users)” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Legal%20Obligation%3A%20We,users%2C%20or%20third%20parties. ### privacy data use — risk unknown > For Enterprise Marketing Pages, we may also use non-essential cookies to (i) gather information about enterprise users’ interests and online activities to personalize their experiences, including by making the ads, content, recommendations, and marketing seen or received more relevant and (ii) serve and measure the effectiveness of targeted advertising and other marketing efforts. If you disable the non-essential cookies on the Enterprise Marketing Pages, the ads, content, and marketing you see may be less relevant. - Interpretation (disclaimed): This segment grants GitHub permission to use non-essential cookies on Enterprise Marketing Pages for interest-based personalization and targeted advertising measurement, and discloses the effect of disabling those cookies on user experience. - Tier: All - Location: Privacy Policy › “Cookies and tracking technologies” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20For%20Enterprise%20Marketing,may%20be%20less%20relevant. ### privacy data use — risk unknown > Inference: We generate new information from other data we collect to derive likely preferences or other characteristics. For instance, we infer your general geographic location based on your IP address. - Interpretation (disclaimed): This segment permits GitHub to generate inferred information (such as geographic location from IP address) from collected data to derive user preferences or characteristics, establishing a permissible processing activity. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Inference%3A%20We%20generate,on%20your%20IP%20address. ### privacy data use — risk unknown > If you enable a browser extension designed to block unwanted content, such as uBlock Origin , non-essential cookies will be disabled to the extent that content that sets non-essential cookies will be blocked. - Interpretation (disclaimed): This segment informs users of their right to use content-blocking browser extensions such as uBlock Origin to disable non-essential cookies by blocking cookie-setting content. - Tier: All - Location: Privacy Policy › “Generally for all websites” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20If%20you%20enable,cookies%20will%20be%20blocked. ### privacy data use — risk unknown > Troubleshooting: We use Personal Data to identify and resolve technical issues. - Interpretation (disclaimed): This segment permits GitHub to use personal data to identify and resolve technical issues, establishing troubleshooting as a permissible processing purpose. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Troubleshooting%3A%20We%20use,and%20resolve%20technical%20issues. ### privacy data use — risk unknown > Buttons, Tools, and Content from Other Companies: Our Services may contain links or buttons that lead to third-party services like Twitter or LinkedIn. Use of these features may result in data collection. Engaging with these buttons, tools, or content may automatically send certain browser information to these companies. Please review the privacy statements of these companies for more information. - Interpretation (disclaimed): This segment defines GitHub's use of essential cookies and similar tracking technologies to provide core service functionality (storing settings, user recognition), establishing the lawful basis and purpose for this category of automatic data collection. - Tier: All - Location: Privacy Policy › “Automatically” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Buttons%2C%20Tools%2C%20and,companies%20for%20more%20information. ### privacy data use — risk unknown > GitHub may periodically revise this Privacy Statement. If there are material changes to the statement, we will provide at least 30 days prior notice by updating our website or sending an email to your primary email address associated with your GitHub account. - Interpretation (disclaimed): Commits GitHub to providing at least 30 days prior notice of material changes to the Privacy Statement via website update or email, establishing a procedural notification obligation upon amendment. - Tier: All - Location: Privacy Policy › “Changes to Our Privacy Statement” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20GitHub%20may%20periodically,with%20your%20GitHub%20account. ### privacy data use — risk unknown > Depending on your residence location, you may have specific legal rights regarding your Personal Data: - Interpretation (disclaimed): This segment introduces the conditional applicability of specific legal privacy rights based on the user's residence location, providing a definitional framing for the jurisdiction-dependent rights that follow. - Tier: All - Location: Privacy Policy › “Your Privacy Rights” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Depending%20on%20your,regarding%20your%20Personal%20Data%3A ### privacy data use — risk unknown > Required Cookies GitHub uses required cookies to perform essential website functions and to provide the services. For example, cookies are used to log you in, save your language preferences, provide a shopping cart experience, improve performance, route traffic between web servers, detect the size of your screen, determine page load times, improve user experience, and for audience measurement. These cookies are necessary for our websites to work. Analytics We allow third parties to use analytics cookies to understand how you use our websites so we can make them better. For example, cookies are used to gather information about the pages you visit and how many clicks you need to accomplish a task. We also use some analytics cookies to provide personalized advertising. Social Media GitHub and third parties use social media cookies to show you ads and content based on your social media profiles and activity on GitHub’s websites. This ensures that the ads and content you see on our websites and on social media will better reflect your interests. This also enables third parties to develop and improve their products, which they may use on websites that are not owned or operated by GitHub. Advertising In addition, GitHub and third parties use advertising cookies to show you new ads based on ads you've already seen. Cookies also track which ads you click or purchases you make after clicking an ad. This is done both for payment purposes and to show you ads that are more relevant to you. For example, cookies are used to detect when you click an ad and to show you ads based on your social media interests and website browsing history. - Interpretation (disclaimed): This segment grants GitHub permission to use required cookies for essential website functions such as login, language preferences, shopping cart, performance routing, and audience measurement, and permits third-party analytics cookies to be used on GitHub websites. - Tier: All - Location: Privacy Policy › “Purpose Description” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Required%20Cookies%20GitHub,website%20browsing%20history.%20 ### privacy data use — risk unknown > Communication: We use Personal Data to inform you about new Services, features, offers, promotions, and other pertinent information. This also includes sending confirmations, invoices, technical notices, updates, security alerts, and administrative messages. - Interpretation (disclaimed): This segment grants GitHub permission to use personal data for communications including new service announcements, confirmations, invoices, security alerts, and administrative messages, defining the lawful scope of such use. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Communication%3A%20We%20use,alerts%2C%20and%20administrative%20messages. ### privacy data use — risk unknown > Our emails to users may contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email communications more effective and to make sure we are not sending you unwanted email. - Interpretation (disclaimed): This segment grants GitHub permission to use pixel tags in emails to track open rates and IP addresses for the purpose of improving email communication effectiveness and managing unwanted email. - Tier: All - Location: Privacy Policy › “Cookies and tracking technologies” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Our%20emails%20to,sending%20you%20unwanted%20email. ### privacy data use — risk unknown > Should you access a GitHub Service through an account provided by an organization, such as your employer or school, the organization becomes the Data Controller, and this Privacy Statement's direct applicability to you changes. Even so, GitHub remains dedicated to preserving your privacy rights. In such circumstances, GitHub functions as a Data Processor, adhering to the Data Controller's instructions regarding your Personal Data's processing. A Data Protection Agreement governs the relationship between GitHub and the Data Controller. For further details regarding their privacy practices, please refer to the privacy statement of the organization providing your account. - Interpretation (disclaimed): This segment defines the shift in Data Controller identity to the organization when a user accesses GitHub through an employer- or school-provided account, clarifies that GitHub becomes a Data Processor in that context, establishes that a Data Protection Agreement governs the GitHub–controller relationship, and directs users to the organization for privacy practice details. - Tier: All - Location: Privacy Policy › “End User Notice: Organization-Provided GitHub Accounts” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Should%20you%20access,organization%20providing%20your%20account. ### privacy data use — risk unknown > Contact us via our contact form or by emailing our Data Protection Officer at dpo[at]github[dot]com. Our addresses are: - Interpretation (disclaimed): Provides contact channels (form and DPO email) for users to reach GitHub regarding privacy matters, supporting procedural exercise of data subject rights. - Tier: All - Location: Privacy Policy › “Contact Us” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Contact%20us%20via,dpo%5Bat%5Dgithub%5Bdot%5Dcom.%20Our%20addresses%20are%3A ### privacy data use — risk unknown > Demographic information: In some cases, you provide us with ethnicity, gender, or similar demographic details. - Interpretation (disclaimed): This segment defines 'Feedback Data' as a category of Personal Data consisting of information submitted through surveys, reviews, or interactive features, establishing what GitHub collects under this category. - Tier: All - Location: Privacy Policy › “From You” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Demographic%20information%3A%20In,or%20similar%20demographic%20details. ### privacy data use — risk unknown > When a school or employer supplies your GitHub account, they assume the role of Data Controller for most Personal Data used in our Services. This enables them to: - Interpretation (disclaimed): This segment defines the role of a school or employer as Data Controller when they supply a GitHub account, establishing the legal framework under which the organization assumes primary responsibility for most Personal Data processing decisions. - Tier: All - Location: Privacy Policy › “End User Notice: Organization-Provided GitHub Accounts” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20When%20a%20school,This%20enables%20them%20to%3A ### privacy data use — risk unknown > Improving Professional Services: Enhancing delivery, efficacy, quality, and security of Professional Services and the underlying product(s) based on issues identified while providing Professional Services, including fixing software defects, and otherwise keeping the Professional Services up to date and performant. - Interpretation (disclaimed): This segment permits GitHub to use personal data identified during professional services delivery to improve those services and underlying products, including fixing software defects, establishing an operative processing permission tied to service improvement. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Improving%20Professional%20Services%3A,to%20date%20and%20performant. ### privacy data use — risk unknown > GitHub processes Personal Data in compliance with the GDPR, ensuring a lawful basis for each processing activity. The basis varies depending on the data type and the context, including how you access the services. Our processing activities typically fall under these lawful bases: - Interpretation (disclaimed): This segment imposes an obligation on GitHub to process personal data in compliance with GDPR and to ensure a lawful basis exists for each processing activity, establishing a binding legal compliance duty. - Tier: All - Location: Privacy Policy › “Lawful Bases for Processing Personal Data (Applicable to EEA and UK End Users)” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20GitHub%20processes%20Personal,under%20these%20lawful%20bases%3A ### privacy data use — risk unknown > Feedback Data: This consists of information you submit through surveys, reviews, or interactive features. - Interpretation (disclaimed): This segment defines 'Payment Information' as a category of Personal Data collected for paid subscriptions, specifying the data elements (name, billing address, payment specifics), which is relevant to commercial use and data collection obligations. - Tier: All - Location: Privacy Policy › “From You” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Feedback%20Data%3A%20This,reviews%2C%20or%20interactive%20features. ### privacy data use — risk unknown > Non-Discrimination: We will not hold it against you when you exercise any of your rights. On the contrary, we encourage you to review your privacy settings closely and contact us with any questions. - Interpretation (disclaimed): Imposes a non-discrimination obligation on the platform, prohibiting it from penalizing users for exercising their privacy rights, and encourages users to review privacy settings. - Tier: All - Location: Privacy Policy › “Privacy Rights” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Non-Discrimination%3A%20We%20will,us%20with%20any%20questions. ### privacy data use — risk unknown > Delivering Professional Services: We use Personal Data to deliver training, consulting or implementation (“Professional Services”). This includes providing technical support, professional planning, advice, guidance, data migration, deployment, and solution/software development services. - Interpretation (disclaimed): This segment permits GitHub to use personal data to deliver professional services including technical support, consulting, data migration, and software development, defining the scope of processing for service delivery. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Delivering%20Professional%20Services%3A,and%20solution%2Fsoftware%20development%20services. ### privacy data use — risk unknown > You have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. GitHub does not engage in such profiling as defined by Colorado law, so there’s no need to opt out. - Interpretation (disclaimed): Discloses that the platform does not engage in profiling that produces legal or similarly significant effects as defined under Colorado law, effectively disclaiming the need for users to opt out of such profiling. - Tier: All - Location: Privacy Policy › “Colorado/Connecticut/Virginia” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20You%20have%20the,need%20to%20opt%20out. ### privacy data use — risk unknown > Manage and administer your GitHub account, including adjusting privacy settings. - Interpretation (disclaimed): This segment grants the organization-as-Data-Controller the permission to manage and administer a user's GitHub account, including adjusting privacy settings, as a direct consequence of the controller role assumed under the organization-provided account arrangement. - Tier: All - Location: Privacy Policy › “End User Notice: Organization-Provided GitHub Accounts” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Manage%20and%20administer,including%20adjusting%20privacy%20settings. ### privacy data use — risk unknown > To opt out of the sharing of your personal information, you can click on the "Do Not Share My Personal Information" link on the footer of our Websites or use the Global Privacy Control ("GPC") if available. Authorized agents can also submit opt-out requests on your behalf. - Interpretation (disclaimed): Describes the procedure for opting out of personal information sharing via a website link or Global Privacy Control, and permits authorized agents to submit opt-out requests on behalf of users. - Tier: All - Location: Privacy Policy › “Exercising your Privacy Rights” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20To%20opt%20out,requests%20on%20your%20behalf. ### privacy data use — risk unknown > Our Services are not intended for individuals under the age of 13. We do not intentionally gather Personal Data from such individuals. If you become aware that a minor has provided us with Personal Data, please notify us . - Interpretation (disclaimed): Restricts use of GitHub's services to individuals 13 and older, prohibits intentional collection of Personal Data from minors under 13, and establishes a notification procedure for inadvertent collection, creating a compliance obligation under children's privacy laws. - Tier: All - Location: Privacy Policy › “Information for Minors” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Our%20Services%20are,please%20notify%20us%20. ### privacy data use — risk unknown > To make an access, deletion, correction, or opt-out request, please send an email to privacy[at]github[dot]com and follow the instructions provided. We may need to verify your identity before processing your request. If you choose to use an authorized agent to submit a request on your behalf, please ensure they have your signed permission or power of attorney as required. - Interpretation (disclaimed): Establishes the procedure for submitting access, deletion, correction, or opt-out requests via email, including identity verification requirements and authorized agent submission rules. - Tier: All - Location: Privacy Policy › “Exercising your Privacy Rights” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20To%20make%20an,of%20attorney%20as%20required. ### privacy data use — risk unknown > Safety and Security: To promote safety, integrity, and security across our Services, we process Personal Data, using both automated and, at times, manual techniques for abuse detection, prevention, and violations of terms of service. - Interpretation (disclaimed): This segment permits GitHub to process personal data using automated and manual techniques for abuse detection, security enforcement, and terms of service violation prevention, granting an operative right to conduct such processing. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Safety%20and%20Security%3A,of%20terms%20of%20service. ### privacy data use — risk unknown > The sources of personal information from whom we collected are: directly from you, automatically or from third parties. - Interpretation (disclaimed): Discloses the sources from which personal information was collected — directly from the user, automatically, or from third parties — as required by California privacy law. - Tier: All - Location: Privacy Policy › “Mandatory Disclosures” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20The%20sources%20of,or%20from%20third%20parties. ### privacy data use — risk unknown > The table below provides additional information about how we use different types of cookies: - Interpretation (disclaimed): This segment incorporates by reference a table providing additional detail on how different types of cookies are used, directing readers to further operative content. - Tier: All - Location: Privacy Policy › “How do we and our partners use cookies and similar technologies?” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20The%20table%20below,different%20types%20of%20cookies%3A ### privacy data use — risk unknown > Many browsers provide cookie controls which may limit the types of cookies you encounter online. Check out the documentation for your browser to learn more. - Interpretation (disclaimed): This segment advises users of their right to use browser-level cookie controls to limit the types of cookies they encounter, directing them to browser documentation. - Tier: All - Location: Privacy Policy › “Generally for all websites” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Many%20browsers%20provide,browser%20to%20learn%20more. ### privacy data use — risk unknown > Geolocation Information: Depending on the Service's functionality, we collect regional geolocation data. - Interpretation (disclaimed): This segment defines 'Service Usage Information' as a category of automatically collected Personal Data, enumerating specific data elements such as IP address, device information, session details, timestamps, OS/app version, repository contribution data, and feature performance metrics. - Tier: All - Location: Privacy Policy › “Automatically” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Geolocation%20Information%3A%20Depending,collect%20regional%20geolocation%20data. ### privacy data use — risk unknown > When you use third-party extensions, integrations, or follow references and links within our Services, the privacy policies of these third parties apply to any Personal Data you provide or consent to share with them. Their privacy statements will govern how this data is processed. - Interpretation (disclaimed): This segment is the section heading 'Personal Data We Collect,' introducing the disclosure of what categories of personal data GitHub collects and the variables affecting what is collected, serving as a definitional foundation for the data collection obligations that follow. - Tier: All - Location: Privacy Policy › “Third Party Access and Data Protection” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20When%20you%20use,this%20data%20is%20processed. ### privacy data use — risk unknown > We also make the following disclosures for purposes of compliance with California privacy law: - Interpretation (disclaimed): States that the following disclosures are made for compliance with California privacy law, establishing the legal basis and obligatory nature of the subsequent disclosures. - Tier: All - Location: Privacy Policy › “Mandatory Disclosures” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20We%20also%20make,with%20California%20privacy%20law%3A ### privacy data use — risk unknown > Service Provision: We use Personal Data to deliver and update our Services as configured and used by You, and to make ongoing personalized experiences and recommendations. - Interpretation (disclaimed): This segment permits GitHub to use personal data to deliver, update, and personalize services as configured by the user, establishing an operative basis for ongoing service-related data processing. - Tier: All - Location: Privacy Policy › “Processing Purposes: How We Use Your Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Service%20Provision%3A%20We,personalized%20experiences%20and%20recommendations. ### privacy data use — risk unknown > GitHub uses cookies to provide, secure and improve our Service or to develop new features and functionality of our Service. For example, we use them to (i) keep you logged in, (ii) remember your preferences, (iii) identify your device for security and fraud purposes, including as needed to maintain the integrity of our Service, (iv) compile statistical reports, and (v) provide information and insight for future development of GitHub. We provide more information about cookies on GitHub that describes the cookies we set, the needs we have for those cookies, and the expiration of such cookies. - Interpretation (disclaimed): This segment grants GitHub permission to use cookies for specified purposes including session management, preference storage, security/fraud detection, statistical reporting, and product development, establishing the legal basis and scope of cookie deployment. - Tier: All - Location: Privacy Policy › “Cookies and tracking technologies” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20GitHub%20uses%20cookies,expiration%20of%20such%20cookies. ### data retention — risk medium > We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile and the Content of your repositories within 90 days of cancellation or termination (though some information may remain in encrypted backups). This information cannot be recovered once your Account is canceled. - Interpretation (disclaimed): The 90-day deletion window is relatively standard, but the undefined retention period for 'encrypted backups' creates ambiguity about full data erasure. The 90-day window for requesting a content copy may be insufficient for users who are unaware of this deadline. - Tier: All - Location: § 2 (Upon Cancellation) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=We%20will%20retain%20and,your%20Account%20is%20canceled. ### data retention — risk medium > Access through IDE for Chat and Code Completions: Prompts and Suggestions: Not retained User Engagement Data: Kept for two years. Feedback Data: Stored for as long as needed for its intended purpose. All other GitHub Copilot access and use: Prompts and Suggestions: Retained for 28 days. User Engagement Data: Kept for two years. Feedback Data: Stored for as long as needed for its intended purpose. - Interpretation (disclaimed): Retention policies vary significantly by access method. The open-ended 'as long as needed' standard for Feedback Data creates uncertainty. 28-day prompt retention for non-IDE access may implicate GDPR storage limitation principles. These are defaults for Business/Enterprise; Individual tier retention is not separately specified here. - Tier: Enterprise - Location: “How long does GitHub retain Copilot data for Business and Enterprise customers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=Access%20through%20IDE%20for,for%20its%20intended%20purpose. ### data retention — risk medium > Retaining prompts and suggestions is necessary for chat on github.com, mobile, and CLI Copilot because those features’ effectiveness depends on using thread history to improve responses. The Copilot model requires access to previous interactions to deliver accurate and relevant suggestions. - Interpretation (disclaimed): The functional justification for retention may satisfy GDPR's necessity requirement but users sharing sensitive information via chat/mobile/CLI should be aware of this retention. Applies across all tiers using these access modes. - Tier: All - Location: “Why do some Copilot features retain prompts and suggestions?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=Retaining%20prompts%20and%20suggestions,accurate%20and%20relevant%20suggestions. ### data retention — risk medium > The default settings for Copilot Business and Enterprise Customers are as follows:  Access through IDE for Chat and Code Completions: Prompts and Suggestions: Not retained User Engagement Data: Kept for two years. Feedback Data: Stored for as long as needed for its intended purpose. All other GitHub Copilot access and use: Prompts and Suggestions: Retained for 28 days. User Engagement Data: Kept for two years. Feedback Data: Stored for as long as needed for its intended purpose. - Interpretation (disclaimed): While IDE prompts and suggestions are not retained, the same data submitted via github.com, mobile, or CLI is stored for 28 days. The open-ended 'feedback data' retention period creates unpredictable exposure. Enterprise customers should evaluate whether non-IDE usage is permissible under their data governance requirements. - Tier: Paid - Location: “How long does GitHub retain Copilot data for Business and Enterprise customers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=The%20default%20settings%20for,for%20its%20intended%20purpose. ### data retention — risk medium > Please note that we may retain certain data as necessary for legal obligations or for establishing, exercising, or defending legal claims. - Interpretation (disclaimed): This carve-out allows GitHub to override user deletion/erasure requests by invoking legal obligations or litigation-related purposes, which are broadly defined and subjectively determined by GitHub. - Tier: All - Location: Privacy Policy › “The right to access the data collected about you” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Please%20note%20that%20we,or%20defending%20legal%20claims. ### data retention — risk low > Upon receiving your verified request, we will promptly delete your personal information (unless an exception applies), and instruct our service providers to do the same. We employ brief retention terms by design. - Interpretation (disclaimed): The deletion commitment is subject to broad exceptions (legal obligation, fraud detection, abuse investigation, security). 'Brief retention terms by design' is a positive data minimization posture but is not quantified, limiting enforceability. - Tier: All - Location: Privacy Policy › “Privacy Rights” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Upon%20receiving%20your%20verified,retention%20terms%20by%20design. ### data retention — risk unknown > It is your responsibility to properly cancel your Account with GitHub. You can cancel your Account at any time by going into your Settings in the global navigation bar at the top of the screen. The Account screen provides a simple, no questions asked cancellation link. We are not able to cancel Accounts in response to an email or phone request. - Interpretation (disclaimed): Describes the procedure for account cancellation, specifying that users must self-cancel through account Settings and that GitHub cannot process cancellation requests via email or phone, establishing procedural requirements for termination. - Tier: All - Location: § 1 (Account Cancellation) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20It%20is%20your,email%20or%20phone%20request. ### data retention — risk unknown > We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile and the Content of your repositories within 90 days of cancellation or termination (though some information may remain in encrypted backups). This information cannot be recovered once your Account is canceled. - Interpretation (disclaimed): Establishes GitHub's obligation to retain information only as necessary for legal obligations, dispute resolution, and agreement enforcement, and imposes a 90-day deletion timeline for profile and repository content after cancellation or termination, with a caveat for encrypted backups and irrecoverability. - Tier: All - Location: § 2 (Upon Cancellation) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%20will%20retain,your%20Account%20is%20canceled. ### data retention — risk unknown > Upon request, we will make a reasonable effort to provide an Account owner with a copy of your lawful, non-infringing Account contents after Account cancellation, termination, or downgrade. You must make this request within 90 days of cancellation, termination, or downgrade. - Interpretation (disclaimed): Grants account owners a right to request a copy of lawful, non-infringing account contents after cancellation, termination, or downgrade, subject to a 90-day request deadline. - Tier: All - Location: § 2 (Upon Cancellation) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Upon%20request%2C%20we,cancellation%2C%20termination%2C%20or%20downgrade. ### data retention — risk unknown > We will not delete Content that you have contributed to other Users' repositories or that other Users have forked. - Interpretation (disclaimed): This clause creates an exception to the deletion obligation, specifying that Content contributed to other users' repositories or forked by other users will not be deleted upon account cancellation, preserving the integrity of shared repositories. - Tier: All - Location: § 2 (Upon Cancellation) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%20will%20not,other%20Users%20have%20forked. ### data retention — risk unknown > Upon request, we will make a reasonable effort to provide an Account owner with a copy of your lawful, non-infringing Account contents after Account cancellation, termination, or downgrade. You must make this request within 90 days of cancellation, termination, or downgrade. - Interpretation (disclaimed): This clause grants the account owner the right to request a copy of their lawful, non-infringing account contents after cancellation, termination, or downgrade, subject to the condition that the request is made within 90 days of the triggering event. - Tier: All - Location: § 2 (Upon Cancellation) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Upon%20request%2C%20we,cancellation%2C%20termination%2C%20or%20downgrade. ### data retention — risk unknown > User Engagement Data: Kept for two years. - Interpretation (disclaimed): This segment imposes an obligation to keep User Engagement Data for two years when accessed through the IDE for Chat and Code Completions, defining a mandatory minimum retention period for this data category. - Tier: All - Location: “Prompts and Suggestions: Not retained” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20User%20Engagement%20Data%3A%20Kept%20for%20two%20years. ### data retention — risk unknown > Feedback Data: Stored for as long as needed for its intended purpose. - Interpretation (disclaimed): This segment establishes that Feedback Data is stored for as long as needed for its intended purpose, imposing a purpose-based retention standard as an ongoing obligation for the IDE access category. - Tier: All - Location: “Prompts and Suggestions: Not retained” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Feedback%20Data%3A%20Stored,for%20its%20intended%20purpose. ### data retention — risk unknown > User Engagement Data: Kept for two years. - Interpretation (disclaimed): This segment imposes a two-year retention obligation for User Engagement Data under all other Copilot access methods beyond the IDE, establishing a mandatory retention period. - Tier: All - Location: “Prompts and Suggestions: Not retained” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20User%20Engagement%20Data%3A%20Kept%20for%20two%20years. ### data retention — risk unknown > Retaining prompts and suggestions is necessary for chat on github.com, mobile, and CLI Copilot because those features’ effectiveness depends on using thread history to improve responses. The Copilot model requires access to previous interactions to deliver accurate and relevant suggestions. - Interpretation (disclaimed): This segment provides a functional justification and exception explaining why chat on github.com, mobile, and CLI retains prompts and suggestions — because thread history is necessary for feature effectiveness — thereby creating an exception to the general no-retention default for those specific access channels. - Tier: All - Location: “Why do some Copilot features retain prompts and suggestions?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Retaining%20prompts%20and,and%20relevant%20suggestions.%20 ### data retention — risk unknown > If and for how long GitHub’s retains Copilot data depends on how a Copilot user accesses Copilot and for what purpose. The default settings for Copilot Business and Enterprise Customers are as follows:  Access through IDE for Chat and Code Completions: - Interpretation (disclaimed): This segment establishes that retention duration is conditional on how and for what purpose Copilot is accessed, and introduces the default retention settings applicable to Business and Enterprise customers, setting up the framework for the specific retention periods that follow. - Tier: All - Location: “How long does GitHub retain Copilot data for Business and Enterprise customers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20If%20and%20for,and%20Code%20Completions%3A%20 ### data retention — risk unknown > Feedback Data: Stored for as long as needed for its intended purpose. - Interpretation (disclaimed): This segment specifies that Feedback Data is stored for as long as needed for its intended purpose, establishing a purpose-limited retention standard rather than a fixed period. - Tier: All - Location: “Prompts and Suggestions: Not retained” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Feedback%20Data%3A%20Stored,for%20its%20intended%20purpose. ### data retention — risk unknown > User Engagement Data: Kept for two years. - Interpretation (disclaimed): This segment reiterates that User Engagement Data is retained for two years for all other Copilot access modes, establishing a consistent retention period across access types. - Tier: All - Location: “Prompts and Suggestions: Not retained” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20User%20Engagement%20Data%3A%20Kept%20for%20two%20years. ### data retention — risk unknown > Retaining prompts and suggestions is necessary for chat on github.com, mobile, and CLI Copilot because those features’ effectiveness depends on using thread history to improve responses. The Copilot model requires access to previous interactions to deliver accurate and relevant suggestions. - Interpretation (disclaimed): This segment explains that retaining prompts and suggestions is operationally necessary for chat on github.com, mobile, and CLI Copilot because thread history is required for feature effectiveness, justifying the exception to the general no-retention default for those access modes. - Tier: All - Location: “Why do some Copilot features retain prompts and suggestions?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Retaining%20prompts%20and,and%20relevant%20suggestions.%20 ### data retention — risk unknown > We aim to promptly respond to requests in compliance with legal requirements. Please note that we may retain certain data as necessary for legal obligations or for establishing, exercising, or defending legal claims. - Interpretation (disclaimed): Commits GitHub to timely responses to data requests in compliance with legal requirements, while asserting the exception that certain data may be retained for legal obligations or establishment/exercise/defense of legal claims. - Tier: All - Location: Privacy Policy › “The right to access the data collected about you” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20We%20aim%20to,or%20defending%20legal%20claims. ### data retention — risk unknown > The length of time a cookie will stay on your browser or device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay until they expire or are deleted. The expiration time or retention period applicable to persistent cookies depends on the purpose of the cookie collection and tool used. You may be able to delete cookie data. For more information, see GitHub General Privacy Statement . - Interpretation (disclaimed): This segment specifies the retention periods for session versus persistent cookies, explaining that session cookies expire on browser close while persistent cookies persist until expiration or deletion, and references the General Privacy Statement for further detail, creating a data retention obligation context. - Tier: All - Location: Privacy Policy › “Cookies and tracking technologies” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20The%20length%20of,General%20Privacy%20Statement%20. ### data retention — risk unknown > Right to a Timely Response: You are allowed to make two free requests in any 12-month period. We commit to responding to your request within 45 days. In complex cases, we may extend our response time by an additional 45 days. - Interpretation (disclaimed): Establishes the procedural framework for responding to data rights requests, including a cap of two free requests per 12-month period and a 45-day response window with a 45-day extension for complex cases. - Tier: All - Location: Privacy Policy › “Privacy Rights” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Right%20to%20a,an%20additional%2045%20days. ### data retention — risk unknown > California residents under the age of 18 who are registered users of online sites, services, or applications have a right under California Business and Professions Code Section 22581 to remove, or request and obtain removal of, content or information they have publicly posted. To remove content or information you have publicly posted, please submit a Private Information Removal request . Alternatively, to request that we remove such content or information, please send a detailed description of the specific content or information you wish to have removed to GitHub support . Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances. If you have any questions about our privacy practices with respect to California residents, please send an email to privacy[at]github[dot]com. - Interpretation (disclaimed): Grants California residents under 18 the right to remove or request removal of publicly posted content under California Business and Professions Code Section 22581, and establishes the procedure for submitting such removal requests. - Tier: All - Location: Privacy Policy › “Removal of Content” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20California%20residents%20under,an%20email%20to%20privacy%5Bat%5Dgithub%5Bdot%5Dcom. ### data retention — risk unknown > We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile and the Content of your repositories within 90 days of cancellation or termination (though some information may remain in encrypted backups). This information cannot be recovered once your Account is canceled. - Interpretation (disclaimed): This clause obligates GitHub to retain user information as needed for legal compliance, dispute resolution, and agreement enforcement, but requires deletion of the user's full profile and repository content within 90 days of cancellation or termination (with exceptions for encrypted backups), and warns that deleted information is unrecoverable. - Tier: All - Location: § 2 (Upon Cancellation) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%20will%20retain,your%20Account%20is%20canceled. ### data retention — risk unknown > It is your responsibility to properly cancel your Account with GitHub. You can cancel your Account at any time by going into your Settings in the global navigation bar at the top of the screen. The Account screen provides a simple, no questions asked cancellation link. We are not able to cancel Accounts in response to an email or phone request. - Interpretation (disclaimed): This clause establishes the procedure for account cancellation, directing users to the Settings page and specifying that cancellation must be performed through the provided self-service link, and clarifies that GitHub cannot process cancellations via email or phone. - Tier: All - Location: § 1 (Account Cancellation) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20It%20is%20your,email%20or%20phone%20request. ### data retention — risk unknown > We will not delete Content that you have contributed to other Users' repositories or that other Users have forked. - Interpretation (disclaimed): Creates an exception to the deletion obligation by stating GitHub will not delete content contributed to other users' repositories or content that has been forked, limiting the scope of post-cancellation deletion rights. - Tier: All - Location: § 2 (Upon Cancellation) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%20will%20not,other%20Users%20have%20forked. ### data retention — risk unknown > User Engagement Data: Kept for two years. - Interpretation (disclaimed): This segment establishes that User Engagement Data is retained for a fixed period of two years under the default settings for Business and Enterprise customers, creating a defined retention obligation. - Tier: All - Location: “Prompts and Suggestions: Not retained” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20User%20Engagement%20Data%3A%20Kept%20for%20two%20years. ### data retention — risk unknown > Feedback Data: Stored for as long as needed for its intended purpose. - Interpretation (disclaimed): This segment mandates that Feedback Data under all other Copilot access methods be stored for as long as needed for its intended purpose, establishing an ongoing purpose-linked retention obligation. - Tier: All - Location: “Prompts and Suggestions: Not retained” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Feedback%20Data%3A%20Stored,for%20its%20intended%20purpose. ### data retention — risk unknown > All other GitHub Copilot access and use: Prompts and Suggestions: Retained for 28 days. - Interpretation (disclaimed): This segment specifies that for all Copilot access modes other than IDE Chat and Code Completions, prompts and suggestions are retained for 28 days, establishing a defined default retention period applicable to those use contexts. - Tier: All - Location: “Prompts and Suggestions: Not retained” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20All%20other%20GitHub,Retained%20for%2028%20days. ### data retention — risk unknown > Feedback Data: Stored for as long as needed for its intended purpose. - Interpretation (disclaimed): This segment reiterates that Feedback Data for all other access modes is stored for as long as needed for its intended purpose, applying a purpose-limitation retention standard consistently. - Tier: All - Location: “Prompts and Suggestions: Not retained” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Feedback%20Data%3A%20Stored,for%20its%20intended%20purpose. ### data retention — risk unknown > All other GitHub Copilot access and use: Prompts and Suggestions: Retained for 28 days. - Interpretation (disclaimed): This segment establishes that prompts and suggestions for all other Copilot access and use cases are retained for 28 days, imposing a defined retention period as an obligation for those access methods. - Tier: All - Location: “Prompts and Suggestions: Not retained” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20All%20other%20GitHub,Retained%20for%2028%20days. ### data retention — risk unknown > If and for how long GitHub’s retains Copilot data depends on how a Copilot user accesses Copilot and for what purpose. The default settings for Copilot Business and Enterprise Customers are as follows:  Access through IDE for Chat and Code Completions: - Interpretation (disclaimed): This segment explains that retention duration depends on how and for what purpose Copilot is accessed, and announces that default retention settings for Business and Enterprise customers will be described, establishing the procedural framework for interpreting the retention rules. - Tier: All - Location: “How long does GitHub retain Copilot data for Business and Enterprise customers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20If%20and%20for,and%20Code%20Completions%3A%20 ### data retention — risk unknown > GitHub uses appropriate administrative, technical, and physical security controls to protect your Personal Data. We’ll retain your Personal Data as long as your account is active and as needed to fulfill contractual obligations, comply with legal requirements, resolve disputes, and enforce agreements. The retention duration depends on the purpose of data collection and any legal obligations. - Interpretation (disclaimed): Obligates GitHub to apply appropriate security controls and to retain Personal Data for the duration of account activity and as needed for contractual, legal, dispute resolution, and enforcement purposes, tying retention duration to the purpose of collection and applicable legal obligations. - Tier: All - Location: Privacy Policy › “Security and Retention” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20GitHub%20uses%20appropriate,and%20any%20legal%20obligations. ### data retention — risk unknown > Right to request Deletion: You reserve the right to request the deletion of your data, barring a few exceptions. Such exceptions include circumstances where we are required to retain data to comply with legal obligations, detect fraudulent activity, investigate reports of abuse or other violations of our Terms of Service, or rectify security issues. Upon receiving your verified request, we will promptly delete your personal information (unless an exception applies), and instruct our service providers to do the same. We employ brief retention terms by design. - Interpretation (disclaimed): Grants users the right to request deletion of personal data, defines the exceptions under which deletion may be withheld (legal obligations, fraud, abuse, security), and imposes an obligation on the platform to delete data and instruct service providers accordingly upon verified request. - Tier: All - Location: Privacy Policy › “Privacy Rights” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Right%20to%20request,retention%20terms%20by%20design. ### subprocessors data sharing — risk high > Affiliates: Personal Data may be shared with GitHub affiliates, including Microsoft, to facilitate customer service, marketing and advertising, order fulfillment, billing, technical support, legal and compliance obligations, product development and improvement (including training and improving artificial intelligence and machine learning technologies), and for other purposes described in their respective privacy statements. When we share data with affiliates, they will process it in accordance with applicable law and their privacy commitments. - Interpretation (disclaimed): Sharing Personal Data with Microsoft for AI model training purposes represents a significant data flow outside GitHub's direct control. Users are bound by Microsoft's privacy statements for such downstream processing. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Affiliates%3A%20Personal%20Data%20may,and%20their%20privacy%20commitments. ### subprocessors data sharing — risk high > Some of these cookies and technologies may be provided by third parties, including service providers and advertising partners. For example, our analytics and advertising partners may use these technologies in our Services to collect personal information (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) related to your online activities over time and across Services for various purposes, including targeted advertising. - Interpretation (disclaimed): Allowing third-party advertising partners to collect personal information via the platform's own services constitutes direct third-party data collection, which may constitute a 'sale' or 'share' under CCPA and similar laws, and raises GDPR consent and data controller concerns. - Tier: All - Location: Privacy Policy › “How do we and our partners use cookies and similar technologies?” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Some%20of%20these%20cookies,purposes%2C%20including%20targeted%20advertising. ### subprocessors data sharing — risk high > We disclosed the following categories of personal information for a business purpose in the last 12 months: identifiers/contact information, demographic information (such as gender and rough geographic location), payment information, commercial information, Internet or other electronic network activity information, geolocation data, audio, electronic, visual or similar information, and inferences drawn from the above. We disclosed each category to third-party business partners and service providers, third-party sites or platforms such as social networking sites, and other third parties as described in the Sharing of Personal Data section of our Privacy Statement. - Interpretation (disclaimed): Disclosure of payment and sensitive personal data to social networking sites goes significantly beyond standard service-provider processing and may implicate CCPA 'sharing' rules, GDPR restrictions on transfers to third parties, and financial data protection obligations. - Tier: All - Location: Privacy Policy › “Mandatory Disclosures” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=We%20disclosed%20the%20following,of%20our%20Privacy%20Statement. ### subprocessors data sharing — risk high > We and/or our partners also share the information we collect or infer with third parties for these purposes. - Interpretation (disclaimed): The phrase 'we and/or our partners' combined with 'infer' indicates that derived/inferred data is also shared, which may not be transparent to users and could implicate privacy rights under CCPA (right to know about inferences) and GDPR profiling rules. - Tier: All - Location: Privacy Policy › “How do we and our partners use cookies and similar technologies?” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=We%20and%2For%20our%20partners,parties%20for%20these%20purposes. ### subprocessors data sharing — risk high > As defined by applicable law, we “shared” the following categories of personal information in the last 12 months: identifiers/contact information, Internet or other electronic network activity information, and inferences drawn from the above. We shared each category to or with advertising networks, data analytics providers, and social networks. - Interpretation (disclaimed): CCPA defines 'sharing' as disclosing personal information for cross-context behavioral advertising. GitHub's acknowledgment that it shares such data with advertising networks triggers CCPA opt-out rights and signals significant commercial data monetization. - Tier: All - Location: Privacy Policy › “Mandatory Disclosures” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=As%20defined%20by%20applicable,providers%2C%20and%20social%20networks. ### subprocessors data sharing — risk medium > Corporate Transaction Entities: we might disclose Personal Data within the limits of the law and in accordance with this Privacy Statement for strategic business transactions such as sales or a merger. - Interpretation (disclaimed): Corporate transaction disclosures are standard but represent a risk that user data could transfer to a new controller whose privacy practices differ materially from GitHub's current commitments. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Corporate%20Transaction%20Entities%3A%20we,sales%20or%20a%20merger. ### subprocessors data sharing — risk medium > Please visit https://docs.github.com/en/site-policy/privacy-policies/github-subprocessors to see our list of Subprocessors. - Interpretation (disclaimed): Incorporating the subprocessor list by reference to a URL means GitHub can add/change subprocessors at any time without amending the privacy statement itself, reducing user visibility into who processes their data. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Please%20visit%20https%3A%2F%2Fdocs.github.com%2Fen%2Fsite-policy%2Fprivacy-policies%2Fgithub-subprocessors%20to,our%20list%20of%20Subprocessors. ### subprocessors data sharing — risk medium > Unless you opt out, GitHub's Affiliates may use your Inputs and Outputs under this license in accordance with their applicable privacy and contractual obligations. This license does not, however, permit GitHub or its Affiliates to share your Inputs or Outputs with third-party AI model providers for their own independent model training purposes. - Interpretation (disclaimed): Default sharing of user inputs/outputs with GitHub affiliates (without user action) is a notable privacy risk. While third-party AI providers are excluded from independent training use, affiliate sharing is governed only by those affiliates' own 'applicable privacy and contractual obligations,' which are not defined in this document. - Tier: Free - Location: § 3 (Development and Improvement Using Your Input and Output) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=Unless%20you%20opt%20out%2C,independent%20model%20training%20purposes. ### subprocessors data sharing — risk medium > GitHub Copilot is powered by generative AI models developed by GitHub, OpenAI, and Microsoft. - Interpretation (disclaimed): The involvement of OpenAI and Microsoft as model providers means user input data is transmitted to and processed by third-party subprocessors. The document does not detail data-processing agreements, data residency, or retention obligations for these subprocessors, creating ambiguity about downstream data handling. - Tier: All - Location: “What data has GitHub Copilot been trained on?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=GitHub%20Copilot%20is%20powered,GitHub%2C%20OpenAI%2C%20and%20Microsoft. ### subprocessors data sharing — risk medium > Delegate tasks to third-party coding agents like Claude by Anthropic and OpenAI Codex (Preview) - Interpretation (disclaimed): Delegating tasks to Claude (Anthropic) or Codex (OpenAI) inherently involves sharing user input data with those third-party providers. The scope of data shared, retention practices, and contractual safeguards with those subprocessors are not disclosed in this document, creating ambiguity about data protection posture. - Tier: Paid - Location: “Max plan Included” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=Delegate%20tasks%20to%20third-party,and%20OpenAI%20Codex%20(Preview) ### subprocessors data sharing — risk medium > Upon your instruction, we may share Personal Data with third-party applications available on our Marketplace. You are responsible for the data you instruct us to share with these applications. - Interpretation (disclaimed): GitHub shifts liability for data shared with Marketplace third parties entirely to the user. This limits GitHub's accountability and may expose users to unknown data practices by those apps. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Upon%20your%20instruction%2C%20we,share%20with%20these%20applications. ### subprocessors data sharing — risk medium > Subprocessors and Service Providers: We may use vendors to provide services on our behalf, including hosting, marketing, advertising, social, analytics, support ticketing, credit card processing, or security services. They are bound by contractual obligations to ensure the security, privacy, and confidentiality of your information. Please visit https://docs.github.com/en/site-policy/privacy-policies/github-subprocessors to see our list of Subprocessors. - Interpretation (disclaimed): While GitHub claims subprocessors are contractually bound, the full list is external and subject to change. The range of services (advertising, analytics, etc.) means Personal Data may flow to numerous third parties. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Subprocessors%20and%20Service%20Providers%3A,our%20list%20of%20Subprocessors. ### subprocessors data sharing — risk low > GitHub has the responsibility for the processing of Personal Data it receives under the Data Privacy Framework (DPF) Principles and subsequently transfers to a third party acting as an agent on GitHub’s behalf. GitHub shall remain liable under the DPF Principles if its agent processes such Personal Data in a manner inconsistent with the DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage. - Interpretation (disclaimed): While GitHub accepts DPF liability for subprocessor/agent misuse, the escape clause ('unless the organization proves it is not responsible') allows GitHub to disclaim liability if it can establish lack of responsibility, which may be difficult for users to contest. - Tier: All - Location: Privacy Policy › “Data Privacy Framework (DPF)” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=GitHub%20has%20the%20responsibility,rise%20to%20the%20damage. ### subprocessors data sharing — risk unknown > In cases where your organization grants access to GitHub products, GitHub acts as the Data Controller solely for specific processing activities. These activities are clearly defined in a contractual agreement with your organization, known as a Data Protection Agreement. You can review our standard Data Protection Agreement at GitHub Data Protection Agreement . For those limited purposes, this Statement governs the handling of your Personal Data. For all other aspects of GitHub product usage, your organization's policies apply. - Interpretation (disclaimed): This segment defines the limited circumstances under which GitHub acts as Data Controller for organization-provided accounts, references the Data Protection Agreement as the governing contractual instrument, provides a link to the standard DPA, and delineates which aspects of the privacy statement apply versus those governed by the organization's own policies. - Tier: All - Location: Privacy Policy › “End User Notice: Organization-Provided GitHub Accounts” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20In%20cases%20where,your%20organization's%20policies%20apply. ### subprocessors data sharing — risk unknown > Abuse and Fraud Prevention Entities: We may disclose Personal Data based on a good faith belief it is needed to prevent fraud, abuse, or attacks on our Services, or to protect the safety of GitHub and our users. - Interpretation (disclaimed): This segment permits GitHub to disclose personal data to abuse and fraud prevention entities based on a good faith belief that disclosure is necessary to prevent fraud, abuse, or attacks, establishing a conditional permission for such third-party disclosure. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Abuse%20and%20Fraud,GitHub%20and%20our%20users. ### subprocessors data sharing — risk unknown > We may share Personal Data with the following recipients: - Interpretation (disclaimed): This segment introduces the list of recipients with whom GitHub may share personal data, serving as an introductory definitional framing for the enumerated sharing disclosures that follow. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20We%20may%20share,with%20the%20following%20recipients%3A ### subprocessors data sharing — risk unknown > Affiliates: Personal Data may be shared with GitHub affiliates, including Microsoft, to facilitate customer service, marketing and advertising, order fulfillment, billing, technical support, legal and compliance obligations, product development and improvement (including training and improving artificial intelligence and machine learning technologies), and for other purposes described in their respective privacy statements. When we share data with affiliates, they will process it in accordance with applicable law and their privacy commitments. - Interpretation (disclaimed): This segment permits sharing of personal data with GitHub affiliates including Microsoft for customer service, marketing, billing, technical support, product development, and AI/ML training purposes, and imposes an obligation on affiliates to process data lawfully and per their privacy commitments. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Affiliates%3A%20Personal%20Data,and%20their%20privacy%20commitments. ### subprocessors data sharing — risk unknown > GitHub Organization Accounts: If an organization adds you to their GitHub account, we might share Personal Data with that organization to fulfill the commercial relationship. In such a case, your use of the Services is protected by a data protection agreement and terms between your organization and GitHub - Interpretation (disclaimed): This segment permits GitHub to share personal data with organizational account holders when a user is added to that organization's account to fulfill the commercial relationship, conditioned on the existence of a data protection agreement between the organization and GitHub. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20GitHub%20Organization%20Accounts%3A,your%20organization%20and%20GitHub ### subprocessors data sharing — risk unknown > Mobile identifiers for analytics can be accessed and used by apps on mobile devices in much the same way that websites access and use cookies. When visiting Enterprise Marketing pages, like resources.github.com, on a mobile device these may allow us and our third-party analytics and advertising partners to collect data for sales and marketing purposes. - Interpretation (disclaimed): This segment grants GitHub and its third-party analytics and advertising partners permission to use mobile identifiers on Enterprise Marketing Pages to collect data for sales and marketing purposes through mobile apps. - Tier: All - Location: Privacy Policy › “What are cookies and similar technologies?” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Mobile%20identifiers%20for,sales%20and%20marketing%20purposes. ### subprocessors data sharing — risk unknown > The GitHub Services use cookies and similar technologies for a variety of purposes, including to store your preferences and settings, enable you to sign-in, analyze how our Services perform, track your interaction with the Services, develop inferences, combat fraud, and fulfill other legitimate purposes. Some of these cookies and technologies may be provided by third parties, including service providers and advertising partners. For example, our analytics and advertising partners may use these technologies in our Services to collect personal information (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) related to your online activities over time and across Services for various purposes, including targeted advertising. GitHub will place non-essential cookies on pages where we market products and services to enterprise customers, for example, on resources.github.com. - Interpretation (disclaimed): This segment grants GitHub and third-party service providers and advertising partners permission to use cookies and similar technologies to collect personal information, analyze service performance, track interactions, develop inferences, and combat fraud. - Tier: All - Location: Privacy Policy › “How do we and our partners use cookies and similar technologies?” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20The%20GitHub%20Services,for%20example%2C%20on%20resources.github.com. ### subprocessors data sharing — risk unknown > We and/or our partners also share the information we collect or infer with third parties for these purposes. - Interpretation (disclaimed): This segment grants GitHub and its partners permission to share collected or inferred personal information with third parties for analytics and advertising purposes, constituting a data sharing permission. - Tier: All - Location: Privacy Policy › “How do we and our partners use cookies and similar technologies?” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20We%20and%2For%20our,parties%20for%20these%20purposes. ### subprocessors data sharing — risk unknown > We do not sell your covered information, as defined under Chapter 603A of the Nevada Revised Statutes. If you still have questions about your covered information or anything else in our Privacy Statement, please send an email to privacy[at]github[dot]com. - Interpretation (disclaimed): States that the platform does not sell covered information as defined under Nevada Revised Statutes Chapter 603A, creating a restriction on sale of personal data and providing a contact for related inquiries. - Tier: All - Location: Privacy Policy › “Nevada” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20We%20do%20not,an%20email%20to%20privacy%5Bat%5Dgithub%5Bdot%5Dcom. ### subprocessors data sharing — risk ambiguous > These practices are outlined in GitHub’s Data Protection Agreement ( DPA ), which details our data handling commitments to our data controller customers. - Interpretation (disclaimed): The document provides no information about which subprocessors or affiliates receive data, their locations, or safeguards. Risk cannot be assessed from this document alone; the DPA must be reviewed separately. - Tier: Enterprise - Location: “How does GitHub use the Copilot data from Business and Enterprise Subscribers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=These%20practices%20are%20outlined,our%20data%20controller%20customers. ### subprocessors data sharing — risk unknown > These practices are outlined in GitHub’s Data Protection Agreement ( DPA ), which details our data handling commitments to our data controller customers. GitHub also uses certain personal data with customer authorization under the DPA, for the following purposes: - Interpretation (disclaimed): This segment incorporates by reference GitHub's Data Protection Agreement (DPA) as the governing instrument for data handling commitments, and identifies the DPA as authorizing specific personal data uses by GitHub, establishing the contractual framework for data processing relationships with controller customers. - Tier: All - Location: “How does GitHub use the Copilot data from Business and Enterprise Subscribers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20These%20practices%20are,the%20following%20purposes%3A%20 ### subprocessors data sharing — risk unknown > We disclosed the following categories of personal information for a business purpose in the last 12 months: identifiers/contact information, demographic information (such as gender and rough geographic location), payment information, commercial information, Internet or other electronic network activity information, geolocation data, audio, electronic, visual or similar information, and inferences drawn from the above. We disclosed each category to third-party business partners and service providers, third-party sites or platforms such as social networking sites, and other third parties as described in the Sharing of Personal Data section of our Privacy Statement. - Interpretation (disclaimed): Discloses the categories of personal information shared with third-party business partners, service providers, social networking sites, and other third parties for business purposes during the last 12 months, fulfilling California privacy law disclosure obligations. - Tier: All - Location: Privacy Policy › “Mandatory Disclosures” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20We%20disclosed%20the,of%20our%20Privacy%20Statement. ### subprocessors data sharing — risk unknown > Information from Other Users of the Services: Other users may share information about you when they submit issues and comments. We may also receive information about you if you are identified as a representative or administrator on your company's account. - Interpretation (disclaimed): This segment defines Personal Data acquired from publicly available sources as a category of third-party data collection, establishing that GitHub may supplement user data with publicly accessible information. - Tier: All - Location: Privacy Policy › “From Third Parties” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Information%20from%20Other,on%20your%20company's%20account. ### subprocessors data sharing — risk unknown > Subprocessors and Service Providers: We may use vendors to provide services on our behalf, including hosting, marketing, advertising, social, analytics, support ticketing, credit card processing, or security services. They are bound by contractual obligations to ensure the security, privacy, and confidentiality of your information. Please visit https://docs.github.com/en/site-policy/privacy-policies/github-subprocessors to see our list of Subprocessors. - Interpretation (disclaimed): This segment permits use of subprocessors and service providers for hosting, marketing, analytics, and security services, and imposes contractual obligations on those vendors to ensure security, privacy, and confidentiality of user information, with a reference to a published subprocessor list. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Subprocessors%20and%20Service,our%20list%20of%20Subprocessors. ### subprocessors data sharing — risk unknown > Services you linked to your GitHub account: When you or your administrator integrate third-party apps or services with our Services, we receive information based on your settings with those services. This can include details like your name and email from services like Google for authentication. The information we receive depends on the third-party's settings and privacy policies. Always review these to understand what data is shared with our Services. - Interpretation (disclaimed): This segment defines the receipt of Personal Data from vendors, resellers, partners, and affiliates as a category of third-party data collection, establishing that such data is used for purposes outlined in the privacy statement. - Tier: All - Location: Privacy Policy › “From Third Parties” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Services%20you%20linked,shared%20with%20our%20Services. ### subprocessors data sharing — risk unknown > Corporate Transaction Entities: we might disclose Personal Data within the limits of the law and in accordance with this Privacy Statement for strategic business transactions such as sales or a merger. - Interpretation (disclaimed): This segment permits disclosure of personal data in the context of corporate transactions such as sales or mergers, within legal limits and consistent with the privacy statement, establishing an operative permission for M&A-related data sharing. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Corporate%20Transaction%20Entities%3A,sales%20or%20a%20merger. ### subprocessors data sharing — risk unknown > Web beacons are electronic images (also called “single-pixel” or “clear GIFs”) that are contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third party). This allows that web server to log information about your device and to set and read its own cookies. In the same way, third-party content on our websites (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content. - Interpretation (disclaimed): This segment defines web beacons and explains how they cause browsers to connect to third-party web servers, enabling third-party data collection through cookies and logging, thereby defining a mechanism of third-party data sharing. - Tier: All - Location: Privacy Policy › “What are cookies and similar technologies?” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Web%20beacons%20are,that%20hosts%20that%20content. ### subprocessors data sharing — risk unknown > As defined by applicable law, we “shared” the following categories of personal information in the last 12 months: identifiers/contact information, Internet or other electronic network activity information, and inferences drawn from the above. We shared each category to or with advertising networks, data analytics providers, and social networks. - Interpretation (disclaimed): Discloses the categories of personal information 'shared' as defined by California law in the last 12 months, specifically with advertising networks, data analytics providers, and social networks, satisfying mandatory disclosure requirements. - Tier: All - Location: Privacy Policy › “Mandatory Disclosures” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20As%20defined%20by,providers%2C%20and%20social%20networks. ### subprocessors data sharing — risk unknown > Competent Authorities: We may disclose Personal Data to authorized law enforcement, regulators, courts, or other public authorities in response to lawful requests or to protect our rights and safety. Please refer to our Guidelines for Legal Requests of User Data for more information. - Interpretation (disclaimed): This segment permits disclosure of personal data to law enforcement, regulators, courts, or other public authorities in response to lawful requests or to protect GitHub's rights and safety, establishing a legal compliance-based sharing permission. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Competent%20Authorities%3A%20We,Data%20for%20more%20information. ### subprocessors data sharing — risk unknown > GitHub has the responsibility for the processing of Personal Data it receives under the Data Privacy Framework (DPF) Principles and subsequently transfers to a third party acting as an agent on GitHub’s behalf. GitHub shall remain liable under the DPF Principles if its agent processes such Personal Data in a manner inconsistent with the DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage. - Interpretation (disclaimed): Establishes GitHub's ongoing liability under DPF Principles for Personal Data transferred to third-party agents, including residual liability where agents process data inconsistently with DPF Principles unless GitHub proves non-responsibility. - Tier: All - Location: Privacy Policy › “Data Privacy Framework (DPF)” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20GitHub%20has%20the,rise%20to%20the%20damage. ### subprocessors data sharing — risk unknown > Right to Know Data Recipients: We share your information with service providers for legitimate business operations, such as data storage and hosting. For more details, please see “Sharing Your Information” below. - Interpretation (disclaimed): This segment grants users the right to know the recipients of their shared personal information, disclosing that GitHub shares information with service providers for legitimate business operations such as data storage and hosting, and incorporating a cross-reference to further detail. - Tier: All - Location: Privacy Policy › “Privacy Rights” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Right%20to%20Know,%E2%80%9CSharing%20Your%20Information%E2%80%9D%20below. ### subprocessors data sharing — risk unknown > Publicly Available Sources: We may acquire information about you from publicly available sources. - Interpretation (disclaimed): This segment defines the data received from third-party apps and services linked to a user's GitHub account (e.g., Google authentication), clarifying that the scope of data received depends on the user's settings and the third party's privacy policies, and imposing an implicit obligation on users to review those policies. - Tier: All - Location: Privacy Policy › “From Third Parties” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Publicly%20Available%20Sources%3A,from%20publicly%20available%20sources. ### subprocessors data sharing — risk unknown > Other Third-party Applications: Upon your instruction, we may share Personal Data with third-party applications available on our Marketplace. You are responsible for the data you instruct us to share with these applications. - Interpretation (disclaimed): This segment permits GitHub to share personal data with third-party Marketplace applications at the user's instruction and assigns responsibility for such sharing to the user, establishing a user-directed sharing permission with accompanying liability allocation. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Other%20Third-party%20Applications%3A,share%20with%20these%20applications. ### subprocessors data sharing — risk unknown > Under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law. California Customers may request further information about our compliance with this law by emailing (privacy[at]github[dot]com). Please note that businesses are required to respond to one request per California Customer each year and may not be required to respond to requests made by means other than through the designated email address. - Interpretation (disclaimed): Restricts the platform from disclosing personal information to third parties for their direct marketing purposes under the California Shine the Light Act, and provides a disclosure that no such sharing occurs. - Tier: All - Location: Privacy Policy › “Shine the Light Act” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Under%20California%20Civil,the%20designated%20email%20address. ### subprocessors data sharing — risk unknown > Partners and Resellers: We cooperate with third-parties that offer sales, consulting, support, and technical services for our Services. We may share your data with these partners and resellers where allowed, and with your consent when required. - Interpretation (disclaimed): This segment permits sharing of personal data with sales, consulting, support, and technical service partners and resellers where allowed and with user consent where required, establishing a conditional permission for partner data sharing. - Tier: All - Location: Privacy Policy › “Sharing of Personal Data” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Partners%20and%20Resellers%3A,your%20consent%20when%20required. ### audit rights dpa residency — risk medium > Yes. GitHub and customers can enter a Data Protection Agreement that supports compliance with the GDPR and similar legislation. - Interpretation (disclaimed): The permissive framing ('can enter') rather than a mandatory DPA for Business/Enterprise customers means GDPR-required controller-processor terms may not automatically apply. Users must proactively request and execute the DPA to obtain those protections. - Tier: Enterprise - Location: “Does GitHub Copilot support compliance with the GDPR and other data protection laws?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=Yes.%20GitHub%20and%20customers,GDPR%20and%20similar%20legislation. ### audit rights dpa residency — risk medium > GitHub stores and processes Personal Data in a variety of locations, including your local region, the United States, and other countries where GitHub, its affiliates, subsidiaries, or subprocessors have operations. We transfer Personal Data from the European Union, the United Kingdom, and Switzerland to countries that the European Commission has not recognized as having an adequate level of data protection. When we engage in such transfers, we generally rely on the standard contractual clauses published by the European Commission under Commission Implementing Decision 2021/914 , to help protect your rights and enable these protections to travel with your data. - Interpretation (disclaimed): Data may flow to countries lacking adequate data protection under GDPR standards. GitHub relies on SCCs as the transfer mechanism, which provides a legal basis but may not guarantee equivalent practical protections to those in the EU/UK. - Tier: All - Location: Privacy Policy › “International data transfers” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=GitHub%20stores%20and%20processes,travel%20with%20your%20data. ### audit rights dpa residency — risk low > Does GitHub Copilot support compliance with the GDPR and other data protection laws? ### Yes. GitHub and customers can enter a Data Protection Agreement that supports compliance with the GDPR and similar legislation. - Interpretation (disclaimed): GitHub offers a DPA for GDPR compliance but the document does not confirm it is automatically applicable to all plans or that audit rights, sub-processor lists, or data residency terms are included. Enterprises should verify DPA scope before relying on GDPR compliance representations. - Tier: Enterprise - Location: “Does GitHub Copilot support compliance with the GDPR and other data protection laws?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=Does%20GitHub%20Copilot%20support,GDPR%20and%20similar%20legislation. ### audit rights dpa residency — risk low > A Data Protection Agreement governs the relationship between GitHub and the Data Controller. For further details regarding their privacy practices, please refer to the privacy statement of the organization providing your account. In cases where your organization grants access to GitHub products, GitHub acts as the Data Controller solely for specific processing activities. These activities are clearly defined in a contractual agreement with your organization, known as a Data Protection Agreement. You can review our standard Data Protection Agreement at GitHub Data Protection Agreement . - Interpretation (disclaimed): The DPA governs data processing where the organization is the Data Controller. Individual end users under organizational accounts have limited direct rights under GitHub's privacy statement and must rely on their organization's policies. - Tier: Enterprise - Location: Privacy Policy › “End User Notice: Organization-Provided GitHub Accounts” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=A%20Data%20Protection%20Agreement,Data%20Protection%20Agreement%20. ### audit rights dpa residency — risk unknown > The right to request detailed information about the specific types of Personal Data we've collected over the past 12 months, including data disclosed for business purposes - Interpretation (disclaimed): This segment establishes a data subject's right to request detailed information about categories of personal data collected over the past 12 months, including data disclosed for business purposes, operationalizing a transparency and access right. - Tier: All - Location: Privacy Policy › “The right to access the data collected about you” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20The%20right%20to,disclosed%20for%20business%20purposes ### audit rights dpa residency — risk unknown > The right to rectify or update inaccurate or incomplete Personal Data under certain circumstances - Interpretation (disclaimed): This segment establishes an individual's right to rectify or update inaccurate or incomplete personal data under certain circumstances, creating an operative correction right. - Tier: All - Location: Privacy Policy › “The right to access the data collected about you” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20The%20right%20to,Data%20under%20certain%20circumstances ### audit rights dpa residency — risk unknown > GitHub also complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. GitHub has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. GitHub has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/ . - Interpretation (disclaimed): States GitHub's certification and adherence to the EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF Principles with the U.S. Department of Commerce, constituting a formal legal commitment governing cross-border data transfers. - Tier: All - Location: Privacy Policy › “Data Privacy Framework (DPF)” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20GitHub%20also%20complies,please%20visit%20https%3A%2F%2Fwww.dataprivacyframework.gov%2F%20. ### audit rights dpa residency — risk unknown > GitHub B.V. - Interpretation (disclaimed): Identifies GitHub B.V. as a legal entity and data controller, relevant to establishing jurisdiction and DPA residency for EU data subjects. - Tier: All - Location: Privacy Policy › “Contact Us” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20GitHub%20B.V. ### audit rights dpa residency — risk unknown > GitHub, Inc. 88 Colin P. Kelly Jr. St. - Interpretation (disclaimed): Identifies GitHub, Inc. and its San Francisco address as the US entity, establishing the principal US controller entity and its physical location relevant to governing law and cross-border transfer accountability. - Tier: All - Location: Privacy Policy › “The Netherlands” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20GitHub%2C%20Inc.%2088,P.%20Kelly%20Jr.%20St. ### audit rights dpa residency — risk unknown > Yes. GitHub and customers can enter a Data Protection Agreement that supports compliance with the GDPR and similar legislation. - Interpretation (disclaimed): This segment confirms that GitHub and customers may enter a Data Protection Agreement to support GDPR compliance, granting customers the right to establish a formal DPA relationship for regulatory compliance purposes. - Tier: All - Location: “Does GitHub Copilot support compliance with the GDPR and other data protection laws?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Yes.%20GitHub%20and,GDPR%20and%20similar%20legislation. ### audit rights dpa residency — risk unknown > These practices are outlined in GitHub’s Data Protection Agreement ( DPA ), which details our data handling commitments to our data controller customers. GitHub also uses certain personal data with customer authorization under the DPA, for the following purposes: - Interpretation (disclaimed): Incorporates GitHub's Data Protection Agreement (DPA) by reference as governing data handling commitments to controller customers, and introduces additional authorized data use purposes under the DPA, establishing the DPA as the operative legal instrument for data processing obligations. - Tier: All - Location: “How does GitHub use the Copilot data from Business and Enterprise Subscribers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20These%20practices%20are,the%20following%20purposes%3A%20 ### audit rights dpa residency — risk unknown > Yes. GitHub and customers can enter a Data Protection Agreement that supports compliance with the GDPR and similar legislation. - Interpretation (disclaimed): This segment confirms that GitHub and customers can enter into a Data Protection Agreement to support compliance with GDPR and similar legislation, establishing the availability of a formal DPA mechanism as a contractual right for customers. - Tier: All - Location: “Does GitHub Copilot support compliance with the GDPR and other data protection laws?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Yes.%20GitHub%20and,GDPR%20and%20similar%20legislation. ### audit rights dpa residency — risk unknown > GitHub stores and processes Personal Data in a variety of locations, including your local region, the United States, and other countries where GitHub, its affiliates, subsidiaries, or subprocessors have operations. We transfer Personal Data from the European Union, the United Kingdom, and Switzerland to countries that the European Commission has not recognized as having an adequate level of data protection. When we engage in such transfers, we generally rely on the standard contractual clauses published by the European Commission under Commission Implementing Decision 2021/914 , to help protect your rights and enable these protections to travel with your data. To learn more about the European Commission’s decisions on the adequacy of the protection of personal data in the countries where GitHub processes personal data, see this article on the European Commission website . - Interpretation (disclaimed): Discloses that GitHub stores and processes Personal Data across multiple jurisdictions including the US and other countries, and states the legal mechanism (EU Commission Standard Contractual Clauses under Decision 2021/914) used to legitimise transfers from the EU, UK, and Switzerland to countries lacking adequacy decisions. - Tier: All - Location: Privacy Policy › “International data transfers” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20GitHub%20stores%20and,European%20Commission%20website%20. ### audit rights dpa residency — risk unknown > To exercise these rights, please send an email to privacy[at]github[dot]com and follow the instructions provided. To verify your identity for security, we may request extra information before addressing your data-related request. Please contact our Data Protection Officer at dpo[at]github[dot]com for any feedback or concerns. Depending on your region, you have the right to complain to your local Data Protection Authority. European users can find authority contacts on the European Data Protection Board website, and UK users on the Information Commissioner’s Office website. - Interpretation (disclaimed): Establishes the procedure for exercising data subject rights (email to privacy@github.com), identity verification steps, contact for the DPO, and the right to lodge a complaint with a local Data Protection Authority, including jurisdiction-specific guidance for EU and UK users. - Tier: All - Location: Privacy Policy › “The right to access the data collected about you” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20To%20exercise%20these,Information%20Commissioner%E2%80%99s%20Office%20website. ### audit rights dpa residency — risk unknown > The right to erase or limit the processing of your Personal Data under specific conditions - Interpretation (disclaimed): This segment establishes an individual's right to erasure or restriction of processing of personal data under specific conditions, creating operative deletion and limitation rights for data subjects. - Tier: All - Location: Privacy Policy › “The right to access the data collected about you” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20The%20right%20to,Data%20under%20specific%20conditions ### audit rights dpa residency — risk ambiguous > Right to Know Data Recipients: We share your information with service providers for legitimate business operations, such as data storage and hosting. For more details, please see “Sharing Your Information” below. - Interpretation (disclaimed): The document does not specify data residency, DPA commitments, or user audit rights in this excerpt. Enterprise customers typically require explicit DPA and residency terms; their absence here is notable. - Tier: All - Location: Privacy Policy › “Privacy Rights” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=Right%20to%20Know%20Data,%E2%80%9CSharing%20Your%20Information%E2%80%9D%20below. ### indemnity liability — risk high > You are responsible for your use of Output, including ensuring it complies with applicable law and does not infringe third-party rights. Your indemnity obligations in Section Q apply to your use of AI Features and Output, including claims arising from Output you incorporate into your products or services. - Interpretation (disclaimed): Combining the absence of any IP warranty on outputs with a broad indemnity obligation creates high risk for users, particularly those incorporating AI-generated code or content into commercial products. The user indemnifies GitHub for the very IP risks GitHub has disclaimed responsibility for. - Tier: All - Location: § 5 (Your Responsibility and Indemnity) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=You%20are%20responsible%20for,your%20products%20or%20services. ### indemnity liability — risk high > You agree to indemnify us, defend us, and hold us harmless from and against any and all claims, liabilities, and expenses, including attorneys’ fees, arising out of your use of the Website and the Service, including but not limited to your violation of this Agreement, provided that GitHub (1) promptly gives you written notice of the claim, demand, suit or proceeding; (2) gives you sole control of the defense and settlement of the claim, demand, suit or proceeding (provided that you may not settle any claim, demand, suit or proceeding unless the settlement unconditionally releases GitHub of all liability); and (3) provides to you all reasonable assistance, at your expense. - Interpretation (disclaimed): This is a standard but broad indemnification clause requiring the user to defend and hold harmless GitHub for any claims arising from the user's use or violations. The requirement that any settlement unconditionally release GitHub limits the user's settlement flexibility and could increase litigation costs. - Tier: All - Location: § Q (Release and Indemnification) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=You%20agree%20to%20indemnify,assistance%2C%20at%20your%20expense. ### indemnity liability — risk high > GitHub provides the Website and the Service “as is” and “as available,” without warranty of any kind. Without limiting this, we expressly disclaim all warranties, whether express, implied or statutory, regarding the Website and the Service including without limitation any warranty of merchantability, fitness for a particular purpose, title, security, accuracy and non-infringement. - Interpretation (disclaimed): A blanket disclaimer of all warranties, including implied warranties of merchantability, fitness, and non-infringement, is the broadest possible liability exclusion. This is especially significant for enterprise or commercial users who may have relied on platform stability or IP safety. - Tier: All - Location: § O (Disclaimer of Warranties) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=GitHub%20provides%20the%20Website,security%2C%20accuracy%20and%20non-infringement. ### indemnity liability — risk high > Q. Release and Indemnification You are fully responsible for your use of the service. - Interpretation (disclaimed): Section Q's summary language ('fully responsible') is a strong signal of a broad indemnification obligation. Without the operative text, the exact scope of the indemnity, release, and any carve-outs cannot be confirmed, but the risk to users is expected to be high. - Tier: All - Location: Article M - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=Q.%20Release%20and%20Indemnification,use%20of%20the%20service. ### indemnity liability — risk high > P. Limitation of Liability We will not be liable for damages or losses arising from your use or inability to use the service or otherwise arising under this agreement. Please read this section carefully; it limits our obligations to you. - Interpretation (disclaimed): A broad limitation-of-liability clause that excludes damages from both use and inability to use the service substantially limits user recourse. This is a high-risk surface for users in the event of service failures or data loss. - Tier: All - Location: Article M - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=P.%20Limitation%20of%20Liability,our%20obligations%20to%20you. ### indemnity liability — risk high > You understand and agree that we will not be liable to you or any third party for any loss of profits, use, goodwill, or data, or for any incidental, indirect, special, consequential or exemplary damages, however arising, that result from the use, disclosure, or display of your User-Generated Content; your use or inability to use the Service; any modification, price change, suspension or discontinuance of the Service; the Service generally or the software or systems that make the Service available; unauthorized access to or alterations of your transmissions or data; statements or conduct of any third party on the Service; any other user interactions that you input or receive through your use of the Service; or any other matter relating to the Service. Our liability is limited whether or not we have been informed of the possibility of such damages, and even if a remedy set forth in this Agreement is found to have failed of its essential purpose. We will have no liability for any failure or delay due to matters beyond our reasonable control. - Interpretation (disclaimed): This limitation of liability clause excludes virtually all meaningful damages a user could suffer, including loss of data and loss of profits. Notably it excludes liability even for unauthorized access to user transmissions or data, which is particularly relevant for an AI/developer platform storing code and sensitive content. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=You%20understand%20and%20agree,beyond%20our%20reasonable%20control. ### indemnity liability — risk high > O. Disclaimer of Warranties We provide our service as is, and we make no promises or guarantees about this service. Please read this section carefully; you should understand what to expect. - Interpretation (disclaimed): An as-is disclaimer eliminates implied warranties of merchantability and fitness for a particular purpose, leaving users with no warranty protection. This significantly limits user remedies. - Tier: All - Location: Article M - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=O.%20Disclaimer%20of%20Warranties,understand%20what%20to%20expect. ### indemnity liability — risk high > The primary differences between the organization offerings and the individual offering are license management, policy management, and IP indemnity. - Interpretation (disclaimed): The absence of IP indemnity for Free/Pro/Pro+ users means those users must independently bear the risk of third-party intellectual property claims arising from use of Copilot-generated code. This is a significant legal exposure for commercial users on individual plans. - Tier: Free - Location: “What are the differences between the GitHub Copilot Business, GitHub Copilot Enterprise, and GitHub Copilot Individual plans?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=The%20primary%20differences%20between,management%2C%20and%20IP%20indemnity. ### indemnity liability — risk medium > If you have a dispute with one or more Users, you agree to release GitHub from any and all claims, demands and damages (actual and consequential) of every kind and nature, known and unknown, arising out of or in any way connected with such disputes. - Interpretation (disclaimed): This release clause covers 'known and unknown' claims, which in California requires a specific waiver of Civil Code §1542. Such broad releases can extinguish claims users may not yet be aware of arising from third-party conduct on the platform. - Tier: All - Location: § Q (Release and Indemnification) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=If%20you%20have%20a,connected%20with%20such%20disputes. ### indemnity liability — risk unknown > Q. Release and Indemnification You are fully responsible for your use of the service. - Interpretation (disclaimed): Summary entry for Section Q stating users are fully responsible for their service use; cross-reference incorporating indemnification obligations placed on users. - Tier: All - Location: Article M - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Q.%20Release%20and,of%20the%20service.%20 ### indemnity liability — risk unknown > You are responsible for all content posted and activity that occurs under your Account (even when content is posted by others who have Accounts under your Account). - Interpretation (disclaimed): Imposes obligation on the user for all content posted and activity occurring under their Account, including activity by sub-account holders, establishing broad user-side liability for Account use. - Tier: All - Location: § 4 (Account Security) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20are%20responsible,Accounts%20under%20your%20Account). ### indemnity liability — risk unknown > Your indemnity obligations in Section Q apply to your use of AI Features and Output, including claims arising from Output you incorporate into your products or services. - Interpretation (disclaimed): Incorporates Section Q indemnity obligations into the context of AI Features and Output, extending indemnity to claims arising from Output incorporated into the user's products or services. - Tier: All - Location: § 5 (Your Responsibility and Indemnity) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Your%20indemnity%20obligations,your%20products%20or%20services. ### indemnity liability — risk unknown > any other matter relating to the Service. - Interpretation (disclaimed): Catch-all exclusion of liability for any other matter relating to the Service, providing maximum breadth to GitHub's limitation of liability provisions. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20any%20other%20matter%20relating%20to%20the%20Service. ### indemnity liability — risk unknown > Short version: We provide our service as is, and we make no promises or guarantees about this service. Please read this section carefully; you should understand what to expect. - Interpretation (disclaimed): Plain-language summary warning users that the service is provided as-is with no promises or guarantees, setting user expectations before the formal warranty disclaimer. - Tier: All - Location: § O (Disclaimer of Warranties) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20We,what%20to%20expect.%20 ### indemnity liability — risk unknown > GitHub does not warrant that the Service will meet your requirements; that the Service will be uninterrupted, timely, secure, or error-free; that the information provided through the Service is accurate, reliable or correct; that any defects or errors will be corrected; that the Service will be available at any particular time or location; or that the Service is free of viruses or other harmful components. You assume full responsibility and risk of loss resulting from your downloading and/or use of files, information, content or other material obtained from the Service. - Interpretation (disclaimed): Extends the warranty disclaimer to specific performance characteristics (uptime, accuracy, security, virus-free operation) and shifts full risk of loss from downloading or using service content to the user. - Tier: All - Location: § O (Disclaimer of Warranties) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20does%20not,obtained%20from%20the%20Service. ### indemnity liability — risk unknown > You understand and agree that we will not be liable to you or any third party for any loss of profits, use, goodwill, or data, or for any incidental, indirect, special, consequential or exemplary damages, however arising, that result from - Interpretation (disclaimed): Establishes that GitHub is not liable to the user or any third party for loss of profits, use, goodwill, data, or any incidental/indirect/special/consequential/exemplary damages arising from enumerated circumstances, broadly limiting GitHub's financial liability. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20understand%20and,arising%2C%20that%20result%20from ### indemnity liability — risk unknown > any modification, price change, suspension or discontinuance of the Service; - Interpretation (disclaimed): Excludes liability for damages resulting from service modification, price changes, suspension, or discontinuance, limiting GitHub's responsibility for business decisions affecting service availability. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20any%20modification%2C%20price,discontinuance%20of%20the%20Service%3B ### indemnity liability — risk unknown > any other user interactions that you input or receive through your use of the Service; or - Interpretation (disclaimed): Excludes liability for damages from any other user interactions input or received through the Service, providing a broad catch-all limitation on inter-user conduct liability. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20any%20other%20user,of%20the%20Service%3B%20or ### indemnity liability — risk unknown > Short version: You are responsible for your use of the service. If you harm someone else or get into a dispute with someone else, we will not be involved. - Interpretation (disclaimed): Plain-language summary placing responsibility for service use on the user and disclaiming GitHub's involvement in user disputes, framing the indemnification obligations that follow. - Tier: All - Location: § Q (Release and Indemnification) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20You,not%20be%20involved.%20 ### indemnity liability — risk unknown > If you have a dispute with one or more Users, you agree to release GitHub from any and all claims, demands and damages (actual and consequential) of every kind and nature, known and unknown, arising out of or in any way connected with such disputes. - Interpretation (disclaimed): Requires users involved in disputes with other users to release GitHub from all claims, demands, and damages of every kind arising from such disputes, extinguishing GitHub's liability as a remedy mechanism. - Tier: All - Location: § Q (Release and Indemnification) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20you%20have,connected%20with%20such%20disputes. ### indemnity liability — risk unknown > Q. Release and Indemnification You are fully responsible for your use of the service. - Interpretation (disclaimed): Summary entry describing the Release and Indemnification section; states user is fully responsible for their service use, incorporating the indemnification obligation by reference. - Tier: All - Location: Article M - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Q.%20Release%20and,of%20the%20service.%20 ### indemnity liability — risk unknown > You are responsible for all content posted and activity that occurs under your Account (even when content is posted by others who have Accounts under your Account). - Interpretation (disclaimed): Disclaims GitHub liability for loss or damage arising from user's failure to maintain Account security, reinforcing the allocation of risk to the user for security breaches attributable to their own non-compliance. - Tier: All - Location: § 4 (Account Security) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20are%20responsible,Accounts%20under%20your%20Account). ### indemnity liability — risk unknown > You are responsible for reviewing, testing, and validating any Output before use. - Interpretation (disclaimed): Imposes an obligation on users to review, test, and validate Output before use, placing the burden of quality assurance on the user rather than GitHub. - Tier: All - Location: § 4 (Disclaimers) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20are%20responsible,any%20Output%20before%20use. ### indemnity liability — risk unknown > You are responsible for your use of Output, including ensuring it complies with applicable law and does not infringe third-party rights. - Interpretation (disclaimed): Places responsibility on users for their use of AI Output, including ensuring compliance with applicable law and non-infringement of third-party rights. - Tier: All - Location: § 5 (Your Responsibility and Indemnity) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20are%20responsible,not%20infringe%20third-party%20rights. ### indemnity liability — risk unknown > Invoicing For invoiced Users, User agrees to pay the fees in full, up front without deduction or setoff of any kind, in U.S. Dollars. User must pay the fees within thirty (30) days of the GitHub invoice date. Amounts payable under this Agreement are non-refundable, except as otherwise provided in this Agreement. If User fails to pay any fees on time, GitHub reserves the right, in addition to taking any other action at law or equity, to (i) charge interest on past due amounts at 1.0% per month or the highest interest rate allowed by law, whichever is less, and to charge all expenses of recovery, and (ii) terminate the applicable order form. User is solely responsible for all taxes, fees, duties and governmental assessments (except for taxes based on GitHub's net income) that are imposed or become due in connection with this Agreement. - Interpretation (disclaimed): This clause imposes obligations on invoiced users to pay fees in full, upfront, in U.S. dollars within 30 days of invoice without deduction or setoff, and grants GitHub the right to charge interest at 1.0% per month or the maximum legal rate on overdue amounts plus recovery expenses, establishing financial remedies for non-payment. - Tier: All - Location: § 3 (Billing Schedule; No Refunds) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Invoicing%20For%20invoiced,connection%20with%20this%20Agreement. ### indemnity liability — risk unknown > Short version: We will not be liable for damages or losses arising from your use or inability to use the service or otherwise arising under this agreement. Please read this section carefully; it limits our obligations to you. - Interpretation (disclaimed): Plain-language summary stating GitHub will not be liable for damages or losses arising from use of or inability to use the service, flagging the operative limitations that follow. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20We,obligations%20to%20you.%20 ### indemnity liability — risk unknown > You understand and agree that we will not be liable to you or any third party for any loss of profits, use, goodwill, or data, or for any incidental, indirect, special, consequential or exemplary damages, however arising, that result from - Interpretation (disclaimed): Establishes that GitHub will not be liable to the user or any third party for loss of profits, use, goodwill, data, or any incidental, indirect, special, consequential, or exemplary damages, however arising, introducing the enumerated triggering circumstances. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20understand%20and,arising%2C%20that%20result%20from ### indemnity liability — risk unknown > the Service generally or the software or systems that make the Service available; - Interpretation (disclaimed): Excludes liability for damages arising from the Service generally or the underlying software and systems, broadly limiting GitHub's exposure for platform-level issues. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20the%20Service%20generally,make%20the%20Service%20available%3B ### indemnity liability — risk unknown > unauthorized access to or alterations of your transmissions or data; - Interpretation (disclaimed): Excludes liability for unauthorized access to or alterations of user transmissions or data, limiting GitHub's responsibility for security breaches by third parties. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20unauthorized%20access%20to,your%20transmissions%20or%20data%3B ### indemnity liability — risk unknown > statements or conduct of any third party on the Service; - Interpretation (disclaimed): Excludes liability for damages arising from statements or conduct of third parties on the Service, limiting GitHub's responsibility for third-party actions. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20statements%20or%20conduct,party%20on%20the%20Service%3B ### indemnity liability — risk unknown > any other user interactions that you input or receive through your use of the Service; or - Interpretation (disclaimed): Excludes liability for damages resulting from user interactions input or received through the Service, broadly limiting exposure for peer-to-peer harms. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20any%20other%20user,of%20the%20Service%3B%20or ### indemnity liability — risk unknown > If you have a dispute with one or more Users, you agree to release GitHub from any and all claims, demands and damages (actual and consequential) of every kind and nature, known and unknown, arising out of or in any way connected with such disputes. - Interpretation (disclaimed): Requires the user to release GitHub from all claims, demands, and damages of every kind arising out of disputes with other users, extinguishing GitHub's liability for inter-user conflicts. - Tier: All - Location: § Q (Release and Indemnification) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20you%20have,connected%20with%20such%20disputes. ### indemnity liability — risk unknown > You’re entitled to IP indemnification from GitHub for the unmodified suggestions when Copilot’s filtering is enabled. If you do elect to enable this feature, the copyright responsibility is ours, not our customers. As part of our ongoing commitment to responsible AI, GitHub and Microsoft extends our IP indemnity and protection support to our customers who are empowering their teams with GitHub Copilot. See Microsoft's Copilot Copyright Commitment for more details. - Interpretation (disclaimed): Grants users the right to IP indemnification from GitHub for unmodified suggestions when Copilot's duplicate-detection filtering is enabled, and references Microsoft's Copilot Copyright Commitment as the governing commitment, establishing the scope and conditions of copyright liability coverage. - Tier: All - Location: “Can GitHub Copilot users simply use suggestions without concern?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20You%E2%80%99re%20entitled%20to,Commitment%20for%20more%20details. ### indemnity liability — risk unknown > Depending on your particular use case, you should consider implementing the protections discussed above. It is your responsibility to assess what is appropriate for the situation and implement appropriate safeguards. - Interpretation (disclaimed): This segment grants customers IP indemnification from GitHub for unmodified Copilot suggestions when the filtering feature is enabled, shifts copyright responsibility to GitHub and Microsoft in that scenario, and references Microsoft's Copilot Copyright Commitment as further indemnity support, establishing a conditional remedy for IP claims. - Tier: All - Location: “Can GitHub Copilot users simply use suggestions without concern?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Depending%20on%20your,and%20implement%20appropriate%20safeguards. ### indemnity liability — risk unknown > any modification, price change, suspension or discontinuance of the Service; - Interpretation (disclaimed): Excludes liability for damages caused by modification, price change, suspension, or discontinuance of the Service, protecting GitHub from claims related to service changes. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20any%20modification%2C%20price,discontinuance%20of%20the%20Service%3B ### indemnity liability — risk unknown > Your indemnity obligations in Section Q apply to your use of AI Features and Output, including claims arising from Output you incorporate into your products or services. - Interpretation (disclaimed): Incorporates Section Q indemnity obligations and extends them to cover use of AI Features and Output, including claims arising from Output incorporated into user products or services. - Tier: All - Location: § 5 (Your Responsibility and Indemnity) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Your%20indemnity%20obligations,your%20products%20or%20services. ### indemnity liability — risk unknown > You are responsible for keeping your Account secure while you use our Service. We offer tools such as two-factor authentication to help you maintain your Account's security, but the content of your Account and its security are up to you. - Interpretation (disclaimed): Assigns responsibility to the user for maintaining Account and password security and expressly disclaims GitHub's liability for any loss or damage resulting from the user's failure to comply with that security obligation. - Tier: All - Location: § 4 (Account Security) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20are%20responsible,are%20up%20to%20you. ### indemnity liability — risk unknown > any other matter relating to the Service. - Interpretation (disclaimed): Catch-all exclusion of liability for any other matter relating to the Service, functioning as a broad sweep of residual damage claims. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20any%20other%20matter%20relating%20to%20the%20Service. ### indemnity liability — risk unknown > Short version: We provide our service as is, and we make no promises or guarantees about this service. Please read this section carefully; you should understand what to expect. - Interpretation (disclaimed): Plain-language summary warning users that the service is provided as-is with no promises or guarantees, setting expectations for the formal disclaimer that follows. - Tier: All - Location: § O (Disclaimer of Warranties) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20We,what%20to%20expect.%20 ### indemnity liability — risk unknown > GitHub does not warrant that the Service will meet your requirements; that the Service will be uninterrupted, timely, secure, or error-free; that the information provided through the Service is accurate, reliable or correct; that any defects or errors will be corrected; that the Service will be available at any particular time or location; or that the Service is free of viruses or other harmful components. You assume full responsibility and risk of loss resulting from your downloading and/or use of files, information, content or other material obtained from the Service. - Interpretation (disclaimed): Disclaims warranties of uninterrupted or error-free service, accuracy of information, and freedom from viruses, and places full responsibility and risk of loss on the user for downloaded content. - Tier: All - Location: § O (Disclaimer of Warranties) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20does%20not,obtained%20from%20the%20Service. ### indemnity liability — risk unknown > GitHub has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately. GitHub reserves the right to refuse service to anyone for any reason at any time. - Interpretation (disclaimed): This is a section heading ('Survival') that introduces the survival clause; it labels the following substantive provision about post-termination obligations. - Tier: All - Location: § 3 (GitHub May Terminate) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20has%20the,reason%20at%20any%20time. ### indemnity liability — risk unknown > Our liability is limited whether or not we have been informed of the possibility of such damages, and even if a remedy set forth in this Agreement is found to have failed of its essential purpose. We will have no liability for any failure or delay due to matters beyond our reasonable control. - Interpretation (disclaimed): States that liability is capped regardless of notice of possible damages and even if a contractual remedy fails its essential purpose, and further excludes liability for failures or delays beyond GitHub's reasonable control. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Our%20liability%20is,beyond%20our%20reasonable%20control. ### indemnity liability — risk unknown > your use or inability to use the Service; - Interpretation (disclaimed): Excludes liability for damages resulting from the user's use of or inability to use the Service, a core limitation on GitHub's exposure. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20your%20use%20or,to%20use%20the%20Service%3B ### indemnity liability — risk unknown > Output is provided "as-is" and subject to the disclaimers in Section O. Without limiting Section O: Output may be inaccurate, incomplete, or non-functional. Output may resemble third-party code, including code under open source licenses. We do not guarantee that Output is free of errors, vulnerabilities, or intellectual property claims. - Interpretation (disclaimed): Provides as-is disclaimer for AI Output, warning it may be inaccurate, incomplete, non-functional, or resemble third-party or open-source code, and disclaims any guarantee that Output is free from errors, vulnerabilities, or IP claims. - Tier: All - Location: § 4 (Disclaimers) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Output%20is%20provided,or%20intellectual%20property%20claims. ### indemnity liability — risk unknown > GitHub provides the Website and the Service “as is” and “as available,” without warranty of any kind. Without limiting this, we expressly disclaim all warranties, whether express, implied or statutory, regarding the Website and the Service including without limitation any warranty of merchantability, fitness for a particular purpose, title, security, accuracy and non-infringement. - Interpretation (disclaimed): Formally disclaims all warranties—express, implied, or statutory—including merchantability, fitness for purpose, title, security, accuracy, and non-infringement regarding the Website and Service. - Tier: All - Location: § O (Disclaimer of Warranties) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20provides%20the,security%2C%20accuracy%20and%20non-infringement. ### indemnity liability — risk unknown > Short version: You are responsible for your use of the service. If you harm someone else or get into a dispute with someone else, we will not be involved. - Interpretation (disclaimed): Plain-language summary stating users are responsible for their own service use and that GitHub will not be involved in user disputes, previewing the release and indemnity clauses. - Tier: All - Location: § Q (Release and Indemnification) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20You,not%20be%20involved.%20 ### indemnity liability — risk unknown > You agree to indemnify us, defend us, and hold us harmless from and against any and all claims, liabilities, and expenses, including attorneys’ fees, arising out of your use of the Website and the Service, including but not limited to your violation of this Agreement, provided that GitHub (1) promptly gives you written notice of the claim, demand, suit or proceeding; (2) gives you sole control of the defense and settlement of the claim, demand, suit or proceeding (provided that you may not settle any claim, demand, suit or proceeding unless the settlement unconditionally releases GitHub of all liability); and (3) provides to you all reasonable assistance, at your expense. - Interpretation (disclaimed): Imposes a broad indemnification obligation on the user to defend, indemnify, and hold GitHub harmless from claims, liabilities, and attorneys' fees arising from the user's use of the service or violation of the Agreement, subject to notice and control conditions placed on GitHub. - Tier: All - Location: § Q (Release and Indemnification) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20agree%20to,assistance%2C%20at%20your%20expense. ### indemnity liability — risk unknown > P. Limitation of Liability We will not be liable for damages or losses arising from your use or inability to use the service or otherwise arising under this agreement. Please read this section carefully; it limits our obligations to you. - Interpretation (disclaimed): Summary entry describing the Limitation of Liability section; cross-references GitHub's limitation on liability for damages or losses arising from service use, incorporating that limitation by reference. - Tier: All - Location: Article M - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20P.%20Limitation%20of,obligations%20to%20you.%20 ### indemnity liability — risk unknown > statements or conduct of any third party on the Service; - Interpretation (disclaimed): Excludes liability for damages resulting from statements or conduct of third parties on the Service, insulating GitHub from user-generated harmful content claims. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20statements%20or%20conduct,party%20on%20the%20Service%3B ### indemnity liability — risk unknown > Our liability is limited whether or not we have been informed of the possibility of such damages, and even if a remedy set forth in this Agreement is found to have failed of its essential purpose. We will have no liability for any failure or delay due to matters beyond our reasonable control. - Interpretation (disclaimed): Confirms the liability limitation applies regardless of notice of potential damages and even if contractual remedies fail their essential purpose, and further excludes liability for failures due to circumstances beyond GitHub's reasonable control (force majeure). - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Our%20liability%20is,beyond%20our%20reasonable%20control. ### indemnity liability — risk unknown > All provisions of this Agreement which, by their nature, should survive termination will survive termination — including, without limitation: ownership provisions, warranty disclaimers, indemnity, and limitations of liability. - Interpretation (disclaimed): Specifies that ownership provisions, warranty disclaimers, indemnity, and limitations of liability survive termination of the Agreement, preserving key legal obligations and rights beyond the contractual relationship's end. - Tier: All - Location: § 4 (Survival) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20All%20provisions%20of,and%20limitations%20of%20liability. ### indemnity liability — risk unknown > GitHub provides the Website and the Service “as is” and “as available,” without warranty of any kind. Without limiting this, we expressly disclaim all warranties, whether express, implied or statutory, regarding the Website and the Service including without limitation any warranty of merchantability, fitness for a particular purpose, title, security, accuracy and non-infringement. - Interpretation (disclaimed): Formal disclaimer of all warranties — express, implied, and statutory — including merchantability, fitness for purpose, title, security, accuracy, and non-infringement, removing GitHub's legal obligations regarding service quality. - Tier: All - Location: § O (Disclaimer of Warranties) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20provides%20the,security%2C%20accuracy%20and%20non-infringement. ### indemnity liability — risk unknown > GitHub has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately. GitHub reserves the right to refuse service to anyone for any reason at any time. - Interpretation (disclaimed): Grants GitHub the unilateral right to suspend or terminate user access at any time, with or without cause or notice, and to refuse service to any person at any time, establishing broad termination rights in GitHub's favor. - Tier: All - Location: § 3 (GitHub May Terminate) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20has%20the,reason%20at%20any%20time. ### indemnity liability — risk unknown > You are responsible for your use of Output, including ensuring it complies with applicable law and does not infringe third-party rights. - Interpretation (disclaimed): Places responsibility on the user for their use of Output, including ensuring compliance with applicable law and non-infringement of third-party rights, establishing a duty of care in Output deployment. - Tier: All - Location: § 5 (Your Responsibility and Indemnity) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20are%20responsible,not%20infringe%20third-party%20rights. ### indemnity liability — risk unknown > You agree to indemnify us, defend us, and hold us harmless from and against any and all claims, liabilities, and expenses, including attorneys’ fees, arising out of your use of the Website and the Service, including but not limited to your violation of this Agreement, provided that GitHub (1) promptly gives you written notice of the claim, demand, suit or proceeding; (2) gives you sole control of the defense and settlement of the claim, demand, suit or proceeding (provided that you may not settle any claim, demand, suit or proceeding unless the settlement unconditionally releases GitHub of all liability); and (3) provides to you all reasonable assistance, at your expense. - Interpretation (disclaimed): Imposes a broad obligation on the user to indemnify, defend, and hold harmless GitHub against all claims, liabilities, and expenses including attorneys' fees arising from the user's use of the service or violation of the Agreement, subject to procedural conditions including prompt notice and user control of defense and settlement. - Tier: All - Location: § Q (Release and Indemnification) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20agree%20to,assistance%2C%20at%20your%20expense. ### indemnity liability — risk unknown > You are responsible for keeping your Account secure while you use our Service. We offer tools such as two-factor authentication to help you maintain your Account's security, but the content of your Account and its security are up to you. - Interpretation (disclaimed): Places responsibility on the user for maintaining Account security and content, noting GitHub offers tools like two-factor authentication but disclaiming ultimate responsibility, thereby allocating security obligations to the user. - Tier: All - Location: § 4 (Account Security) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20are%20responsible,are%20up%20to%20you. ### indemnity liability — risk unknown > the Service generally or the software or systems that make the Service available; - Interpretation (disclaimed): Excludes liability for damages arising from the Service generally or the underlying software and systems, broadly shielding GitHub from infrastructure-related claims. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20the%20Service%20generally,make%20the%20Service%20available%3B ### indemnity liability — risk unknown > You are responsible for maintaining the security of your Account and password. GitHub cannot and will not be liable for any loss or damage from your failure to comply with this security obligation. - Interpretation (disclaimed): Assigns the user responsibility for Account and password security and explicitly disclaims GitHub's liability for any loss or damage resulting from the user's failure to comply with that security obligation. - Tier: All - Location: § 4 (Account Security) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20are%20responsible,with%20this%20security%20obligation. ### indemnity liability — risk unknown > Short version: We will not be liable for damages or losses arising from your use or inability to use the service or otherwise arising under this agreement. Please read this section carefully; it limits our obligations to you. - Interpretation (disclaimed): Plain-language summary that GitHub will not be liable for damages or losses arising from use or inability to use the service, reducing GitHub's obligations to users. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20We,obligations%20to%20you.%20 ### indemnity liability — risk unknown > P. Limitation of Liability We will not be liable for damages or losses arising from your use or inability to use the service or otherwise arising under this agreement. Please read this section carefully; it limits our obligations to you. - Interpretation (disclaimed): Summary entry for Section P describing limitation of liability for damages arising from service use; cross-reference incorporating liability limitation provisions and directing users to read carefully. - Tier: All - Location: Article M - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20P.%20Limitation%20of,obligations%20to%20you.%20 ### indemnity liability — risk unknown > your use or inability to use the Service; - Interpretation (disclaimed): Extends liability exclusion to damages arising from the user's use or inability to use the Service, removing GitHub's responsibility for service unavailability or performance failures. - Tier: All - Location: § P (Limitation of Liability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20your%20use%20or,to%20use%20the%20Service%3B ### indemnity liability — risk unknown > If a code suggestion matches existing code, there is risk that using that suggestion could trigger claims of copyright infringement, which would depend on the amount and nature of code used, and the context of how the code is used. In many ways, this is the same risk that arises when using any code that a developer does not originate, such as copying code from an online source, or reusing code from a library. That is why responsible organizations and developers recommend that users employ code scanning policies to identify and evaluate potential matching code. In Copilot, you can opt whether to allow Copilot to suggest code completions that match publicly available code on GitHub.com. For more information, see " Configuring GitHub Copilot settings on GitHub.com ". If you have allowed suggestions that match public code, GitHub Copilot can provide you with details about the matching code when you accept such suggestions. Matching code does not necessarily mean copyright infringement, so it is ultimately up to the user to determine whether to use the suggestion, and what and who to attribute (along with other license compliance) in appropriate circumstances. - Interpretation (disclaimed): This segment acknowledges the risk of copyright infringement claims if a code suggestion matches existing code, advises users to employ code scanning policies, and frames this risk as analogous to reusing code from any external source, thereby disclosing legal risk without accepting liability for infringement arising from user use of suggestions. - Tier: All - Location: “What are the intellectual property considerations when using GitHub Copilot?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=If%20a%20code%20suggestion,compliance)%20in%20appropriate%20circumstances. ### indemnity liability — risk unknown > Not necessarily. GitHub Copilot users should align their use of Copilot with their respective risk tolerances. As noted above, GitHub Copilot is not intended to replace developers, or their individual skill and judgment, and is not intended to fully automate the process of code development. The same risks that apply to the use of any third-party code apply to the use of Copilot’s suggestions. - Interpretation (disclaimed): This segment places on the customer the responsibility to assess what safeguards are appropriate for their use case and to implement them, establishing a customer-side due diligence obligation that limits GitHub's liability for downstream misuse. - Tier: All - Location: “Can GitHub Copilot users simply use suggestions without concern?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Not%20necessarily.%20GitHub,use%20of%20Copilot%E2%80%99s%20suggestions. ### confidentiality — risk medium > This Agreement supersedes any proposal or prior agreement oral or written, and any other communications between you and GitHub relating to the subject matter of these terms including any confidentiality or nondisclosure agreements. - Interpretation (disclaimed): By superseding prior NDAs or confidentiality agreements, this clause could strip users of bespoke confidentiality protections they may have previously negotiated with GitHub, replacing them solely with whatever the ToS provides. - Tier: All - Location: § 5 (Amendments; Complete Agreement) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=This%20Agreement%20supersedes%20any,confidentiality%20or%20nondisclosure%20agreements. ### confidentiality — risk medium > Confidentiality Obligations. You agree that any non-public Beta Preview information we give you, such as information about a private Beta Preview, will be considered GitHub’s confidential information (collectively, “Confidential Information”), regardless of whether it is marked or identified as such. You agree to only use such Confidential Information for the express purpose of testing and evaluating the Beta Preview (the “Purpose”), and not for any other purpose. You should use the same degree of care as you would with your own confidential information, but no less than reasonable precautions to prevent any unauthorized use, disclosure, publication, or dissemination of our Confidential Information. You promise not to disclose, publish, or disseminate any Confidential Information to any third party, unless we don’t otherwise prohibit or restrict such disclosure (for example, you might be part of a GitHub-organized group discussion about a private Beta Preview feature). - Interpretation (disclaimed): The 'regardless of whether marked' standard expands the scope of what constitutes Confidential Information beyond typical NDA practice, increasing the risk that users inadvertently breach the agreement. The use restriction is narrow (testing/evaluation only). - Tier: All - Location: § 2 (Confidentiality) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=Confidentiality%20Obligations.%20You%20agree,private%20Beta%20Preview%20feature). ### confidentiality — risk unknown > Short version: We treat the content of private repositories as confidential, and we only access it as described in Section E.3 below—for security purposes, to assist the repository owner with a support matter, to maintain the integrity of the Service, to comply with our legal obligations, if we have reason to believe the contents are in violation of the law, or with your consent. - Interpretation (disclaimed): Short-version summary defining GitHub's treatment of private repository contents as confidential and enumerating the narrow circumstances permitting access, serving as an interpretive overview for the detailed provisions that follow. - Tier: All - Location: § E (Private Repositories) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20We,with%20your%20consent.%20 ### confidentiality — risk unknown > Some Accounts may have private repositories, which allow the User to control access to Content. - Interpretation (disclaimed): Defines the nature of private repositories as allowing the user to control access to content, establishing the foundational premise for the confidentiality provisions that follow. - Tier: All - Location: § 1 (Control of Private Repositories) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Some%20Accounts%20may,control%20access%20to%20Content. ### confidentiality — risk unknown > for security purposes; - Interpretation (disclaimed): Identifies security purposes as a permitted exception allowing GitHub to access private repository content without user consent. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20for%20security%20purposes%3B ### confidentiality — risk unknown > for automated scanning or manual review for known vulnerabilities, active malware, or other content known to violate our Terms of Service; - Interpretation (disclaimed): Permits automated scanning or manual review of private repository content for known vulnerabilities, active malware, or Terms of Service violations as an exception to the general no-access rule. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20for%20automated%20scanning,our%20Terms%20of%20Service%3B ### confidentiality — risk unknown > to maintain the integrity of the Service; or - Interpretation (disclaimed): Permits GitHub to access private repository content for the purpose of maintaining the integrity of the Service without requiring user consent. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20to%20maintain%20the,of%20the%20Service%3B%20or ### confidentiality — risk unknown > to comply with our legal obligations if we have reason to believe the contents are in violation of the law. - Interpretation (disclaimed): Permits GitHub to access private repository content to comply with legal obligations where there is reason to believe the contents violate the law. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20to%20comply%20with,violation%20of%20the%20law. ### confidentiality — risk unknown > Additionally, we may be compelled by law to disclose the contents of your private repositories. - Interpretation (disclaimed): Acknowledges that GitHub may be legally compelled to disclose private repository contents, establishing a legal-process exception to the confidentiality obligation. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Additionally%2C%20we%20may,of%20your%20private%20repositories. ### confidentiality — risk unknown > Short version: Beta Previews may not be supported or may change at any time. You may receive confidential information through those programs that must remain confidential while the program is private. We'd love your feedback to make our Beta Previews better. - Interpretation (disclaimed): Short-version description of Beta Previews terms, summarizing that previews may change without notice, may involve confidential information requiring secrecy, and inviting feedback; serves as a definitional and contextual framing for the operative clauses. - Tier: All - Location: § K (Beta Previews) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20Beta,Beta%20Previews%20better.%20 ### confidentiality — risk unknown > Some Accounts may have private repositories, which allow the User to control access to Content. - Interpretation (disclaimed): Section header for confidentiality of private repositories, serving as a structural incorporation reference for GitHub's confidentiality obligations regarding private repository content. - Tier: All - Location: § 1 (Control of Private Repositories) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Some%20Accounts%20may,control%20access%20to%20Content. ### confidentiality — risk unknown > You control access to the content of your private repositories. GitHub considers the contents of private repositories to be confidential to you, as set forth in Section E.2, and GitHub personnel will not access private repository content without your consent except in the following circumstances: - Interpretation (disclaimed): Lists security as one of the enumerated exceptions permitting GitHub personnel to access private repository content without user consent, qualifying the general restriction established in Section E.3. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20control%20access,in%20the%20following%20circumstances%3A ### confidentiality — risk unknown > for automated scanning or manual review for known vulnerabilities, active malware, or other content known to violate our Terms of Service; - Interpretation (disclaimed): Lists supporting the repository owner with a support matter as an enumerated exception permitting GitHub personnel to access private repository content without user consent. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20for%20automated%20scanning,our%20Terms%20of%20Service%3B ### confidentiality — risk unknown > to assist the repository owner with a support matter; - Interpretation (disclaimed): Lists maintaining the integrity of the Service as an enumerated exception permitting GitHub personnel to access private repository content without user consent. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20to%20assist%20the,with%20a%20support%20matter%3B ### confidentiality — risk unknown > to comply with our legal obligations if we have reason to believe the contents are in violation of the law. - Interpretation (disclaimed): Permits users to enable additional access to their private repositories beyond the default, and establishes that enabling GitHub services or features requiring additional rights to private repository content may expand those rights while maintaining confidentiality treatment, with a requirement that GitHub explain any additional rights needed. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20to%20comply%20with,violation%20of%20the%20law. ### confidentiality — risk unknown > You may enable various GitHub services or features that require additional rights to Your Content in private repositories. These rights may vary depending on the service or feature, but GitHub will continue to treat your private repository Content as confidential. If those services or features require rights in addition to those we need to provide the GitHub Service, we will provide an explanation of those rights. - Interpretation (disclaimed): States that GitHub may be legally compelled to disclose private repository contents, establishing a legal-obligation exception to the confidentiality protections for private repositories. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20may%20enable,explanation%20of%20those%20rights. ### confidentiality — risk unknown > If you’d like to use GitHub’s trademarks, you must follow all of our trademark guidelines, including those on our logos page: https://github.com/logos . - Interpretation (disclaimed): Restricts use of GitHub's trademarks and logos to compliance with GitHub's trademark guidelines, creating an obligation to follow those guidelines as a condition of use. - Tier: All - Location: § 2 (GitHub Trademarks and Logos) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20you%E2%80%99d%20like,logos%20page%3A%20https%3A%2F%2Fgithub.com%2Flogos%20. ### confidentiality — risk unknown > Beta Previews may not be supported and may be changed at any time without notice. In addition, Beta Previews are not subject to the same security measures and auditing to which the Service has been and is subject. By using a Beta Preview, you use it at your own risk. - Interpretation (disclaimed): Sub-section header introducing the confidentiality obligations applicable to Beta Preview users who receive non-public information. - Tier: All - Location: § 1 (Subject to Change) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Beta%20Previews%20may,your%20own%20risk.%20 ### confidentiality — risk unknown > Exceptions. Confidential Information will not include information that is: (a) or becomes publicly available without breach of this Agreement through no act or inaction on your part (such as when a private Beta Preview becomes a public Beta Preview); (b) known to you before we disclose it to you; (c) independently developed by you without breach of any confidentiality obligation to us or any third party; or (d) disclosed with permission from GitHub. You will not violate the terms of this Agreement if you are required to disclose Confidential Information pursuant to operation of law, provided GitHub has been given reasonable advance written notice to object, unless prohibited by law. - Interpretation (disclaimed): This clause defines the exceptions to what qualifies as Confidential Information, carving out publicly available information, previously known information, independently developed information, and permissively disclosed information from confidentiality obligations, and also provides an exception for legally compelled disclosure. - Tier: All - Location: § 2 (Confidentiality) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Exceptions.%20Confidential%20Information,unless%20prohibited%20by%20law. ### confidentiality — risk unknown > This Agreement may only be modified by a written amendment signed by an authorized representative of GitHub, or by the posting by GitHub of a revised version in accordance with Section R. Changes to These Terms . These Terms of Service, together with the GitHub Privacy Statement, represent the complete and exclusive statement of the agreement between you and us. This Agreement supersedes any proposal or prior agreement oral or written, and any other communications between you and GitHub relating to the subject matter of these terms including any confidentiality or nondisclosure agreements. - Interpretation (disclaimed): States that the agreement may only be modified by signed written amendment or posted revised version per Section R, declares these Terms together with the GitHub Privacy Statement as the complete and exclusive agreement, superseding all prior proposals, oral or written agreements, and confidentiality or nondisclosure agreements. - Tier: All - Location: § 5 (Amendments; Complete Agreement) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20This%20Agreement%20may,confidentiality%20or%20nondisclosure%20agreements. ### confidentiality — risk unknown > If your GitHub account has private repositories, our ability and rights to access private repository information is set forth in Section E (Private Repositories) of the GitHub Terms of Service. - Interpretation (disclaimed): This segment incorporates by reference Section E (Private Repositories) of the GitHub Terms of Service to define the scope and limits of GitHub's ability and rights to access private repository information, making those terms operative with respect to confidentiality of private data. - Tier: All - Location: Privacy Policy › “Private repositories: GitHub Access” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20If%20your%20GitHub,GitHub%20Terms%20of%20Service. ### confidentiality — risk unknown > Short version: Beta Previews may not be supported or may change at any time. You may receive confidential information through those programs that must remain confidential while the program is private. We'd love your feedback to make our Beta Previews better. - Interpretation (disclaimed): Sub-section header for the 'Subject to Change' provision under Beta Previews, introducing disclaimers about support, stability, and security of Beta Preview features. - Tier: All - Location: § K (Beta Previews) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20Beta,Beta%20Previews%20better.%20 ### confidentiality — risk unknown > Short version: We treat the content of private repositories as confidential, and we only access it as described in Section E.3 below—for security purposes, to assist the repository owner with a support matter, to maintain the integrity of the Service, to comply with our legal obligations, if we have reason to believe the contents are in violation of the law, or with your consent. - Interpretation (disclaimed): Section header for control of private repositories, serving as a structural definition/incorporation reference for the access control terms that follow. - Tier: All - Location: § E (Private Repositories) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20We,with%20your%20consent.%20 ### confidentiality — risk unknown > You may choose to enable additional access to your private repositories. For example: - Interpretation (disclaimed): Grants users the ability to voluntarily enable additional access to their private repositories, indicating that expanded access is opt-in and user-directed. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20may%20choose,private%20repositories.%20For%20example%3A ### confidentiality — risk unknown > to maintain the integrity of the Service; or - Interpretation (disclaimed): Lists compliance with legal obligations where GitHub has reason to believe the contents violate the law as an enumerated exception permitting GitHub personnel to access private repository content without user consent. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20to%20maintain%20the,of%20the%20Service%3B%20or ### confidentiality — risk ambiguous > E. Private Repositories This section talks about how GitHub will treat content you post in private repositories. - Interpretation (disclaimed): Private repository confidentiality is a key concern for enterprise and individual users storing proprietary code. Without Section E's operative text, the scope of protections and GitHub's reserved access rights cannot be assessed. - Tier: All - Location: Article D - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=E.%20Private%20Repositories%20This,post%20in%20private%20repositories. ### confidentiality — risk unknown > As a user of Beta Previews, you may get access to special information that isn’t available to the rest of the world. Due to the sensitive nature of this information, it’s important for us to make sure that you keep that information secret. - Interpretation (disclaimed): Defines non-public Beta Preview information as GitHub's Confidential Information and obligates users to use it only for the express purpose of testing and evaluating the Beta Preview, applying a duty of care no less than reasonable precaution to protect such information. - Tier: All - Location: § 2 (Confidentiality) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20As%20a%20user,keep%20that%20information%20secret. ### confidentiality — risk unknown > GitHub considers the contents of private repositories to be confidential to you. GitHub will protect the contents of private repositories from unauthorized use, access, or disclosure in the same manner that we would use to protect our own confidential information of a similar nature and in no event with less than a reasonable degree of care. - Interpretation (disclaimed): Section header for access to private repositories, serving as a structural incorporation reference for the enumerated circumstances under which GitHub personnel may access private repository content. - Tier: All - Location: § 2 (Confidentiality of Private Repositories) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20considers%20the,reasonable%20degree%20of%20care. ### confidentiality — risk unknown > Confidentiality Obligations. You agree that any non-public Beta Preview information we give you, such as information about a private Beta Preview, will be considered GitHub’s confidential information (collectively, “Confidential Information”), regardless of whether it is marked or identified as such. You agree to only use such Confidential Information for the express purpose of testing and evaluating the Beta Preview (the “Purpose”), and not for any other purpose. You should use the same degree of care as you would with your own confidential information, but no less than reasonable precautions to prevent any unauthorized use, disclosure, publication, or dissemination of our Confidential Information. You promise not to disclose, publish, or disseminate any Confidential Information to any third party, unless we don’t otherwise prohibit or restrict such disclosure (for example, you might be part of a GitHub-organized group discussion about a private Beta Preview feature). - Interpretation (disclaimed): Defines Beta Preview non-public information as GitHub's Confidential Information, obligates users to use it only for testing and evaluating the Beta Preview, and requires users to apply at least reasonable precautions—no less than those applied to their own confidential information—to protect it. - Tier: All - Location: § 2 (Confidentiality) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Confidentiality%20Obligations.%20You,private%20Beta%20Preview%20feature). ### confidentiality — risk unknown > This Section D.9 does not apply to Access solely for the purpose of academic research or if, on the date you Access the Content, the number of monthly active users of the products or services made available by you is less than 700 million in the preceding calendar month. For the purposes of this Section, "you" shall refer to you and any entity that directly or indirectly controls, is controlled by, or is under common control with you (affiliates). - Interpretation (disclaimed): Section header introducing the private repositories section, followed by a short-version summary establishing the confidentiality treatment of private repository content and enumerating the limited circumstances under which GitHub may access it. - Tier: All - Location: § 9 (Access Reciprocity) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20This%20Section%20D.9,control%20with%20you%20(affiliates). ### confidentiality — risk unknown > If you provide your private repository content as Input to AI Features, we may use that Input to provide, develop, train, and improve the Service, including AI Features. Your ability to opt out under Section J.3 applies to this use of private repository content. We will not otherwise use your private repository contents to develop or improve the Service. - Interpretation (disclaimed): Obligates GitHub to provide notice to users regarding access to private repository content, subject to exceptions for legal disclosure requirements, legal obligations, legal process, automated scanning, or security threat responses, establishing a transparency duty around private repository access. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20you%20provide,or%20improve%20the%20Service. ### confidentiality — risk unknown > Exceptions. Confidential Information will not include information that is: (a) or becomes publicly available without breach of this Agreement through no act or inaction on your part (such as when a private Beta Preview becomes a public Beta Preview); (b) known to you before we disclose it to you; (c) independently developed by you without breach of any confidentiality obligation to us or any third party; or (d) disclosed with permission from GitHub. You will not violate the terms of this Agreement if you are required to disclose Confidential Information pursuant to operation of law, provided GitHub has been given reasonable advance written notice to object, unless prohibited by law. - Interpretation (disclaimed): Defines the exceptions to what constitutes Confidential Information, carving out publicly available, previously known, independently developed, or permissively disclosed information, and provides a safe harbor when disclosure is compelled by law. - Tier: All - Location: § 2 (Confidentiality) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Exceptions.%20Confidential%20Information,unless%20prohibited%20by%20law. ### confidentiality — risk unknown > If you’d like to use GitHub’s trademarks, you must follow all of our trademark guidelines, including those on our logos page: https://github.com/logos . - Interpretation (disclaimed): Imposes an obligation on users who wish to use GitHub's trademarks to comply with GitHub's trademark guidelines, including logo-specific guidelines linked therein. - Tier: All - Location: § 2 (GitHub Trademarks and Logos) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20you%E2%80%99d%20like,logos%20page%3A%20https%3A%2F%2Fgithub.com%2Flogos%20. ### confidentiality — risk unknown > GitHub will provide notice regarding our access to private repository content, unless for legal disclosure , to comply with our legal obligations, or where otherwise bound by requirements under law, for automated scanning, or if in response to a security threat or other risk to security. - Interpretation (disclaimed): Obligates GitHub to provide notice to users when accessing private repository content, subject to exceptions for legal disclosure requirements, legal obligations, automated scanning, or security threat responses. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20will%20provide,other%20risk%20to%20security. ### confidentiality — risk unknown > By choosing to contribute Content to a public repository, you are choosing to and directing us to make such Content accessible to everyone on the internet. Unless specifically set forth herein, these Terms do not restrict lawful access to or use of the contents of public repositories by third parties, or by GitHub or its Affiliates. - Interpretation (disclaimed): Establishes that contributing to a public repository directs GitHub to make that content accessible to all internet users and explicitly permits lawful third-party access to public repository contents without restriction under these Terms. - Tier: All - Location: § 8 (Public Repositories and Lawful Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20By%20choosing%20to,GitHub%20or%20its%20Affiliates. ### confidentiality — risk unknown > You may enable various GitHub services or features that require additional rights to Your Content in private repositories. These rights may vary depending on the service or feature, but GitHub will continue to treat your private repository Content as confidential. If those services or features require rights in addition to those we need to provide the GitHub Service, we will provide an explanation of those rights. - Interpretation (disclaimed): Obligates GitHub to explain any additional rights required by optional services or features that access private repository content, while maintaining the general confidentiality treatment. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20may%20enable,explanation%20of%20those%20rights. ### confidentiality — risk unknown > to assist the repository owner with a support matter; - Interpretation (disclaimed): Permits GitHub personnel to access private repository content without consent in order to assist the repository owner with a support matter. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20to%20assist%20the,with%20a%20support%20matter%3B ### confidentiality — risk unknown > GitHub considers the contents of private repositories to be confidential to you. GitHub will protect the contents of private repositories from unauthorized use, access, or disclosure in the same manner that we would use to protect our own confidential information of a similar nature and in no event with less than a reasonable degree of care. - Interpretation (disclaimed): Obligates GitHub to treat private repository contents as confidential and to protect them from unauthorized use, access, or disclosure using at least a reasonable degree of care equivalent to the protection GitHub applies to its own confidential information. - Tier: All - Location: § 2 (Confidentiality of Private Repositories) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20considers%20the,reasonable%20degree%20of%20care. ### confidentiality — risk unknown > You control access to the content of your private repositories. GitHub considers the contents of private repositories to be confidential to you, as set forth in Section E.2, and GitHub personnel will not access private repository content without your consent except in the following circumstances: - Interpretation (disclaimed): Restricts GitHub personnel from accessing private repository content without user consent except in the enumerated circumstances that follow, reinforcing the confidentiality obligation. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20control%20access,in%20the%20following%20circumstances%3A ### confidentiality — risk unknown > As a user of Beta Previews, you may get access to special information that isn’t available to the rest of the world. Due to the sensitive nature of this information, it’s important for us to make sure that you keep that information secret. - Interpretation (disclaimed): Establishes that Beta Preview users may receive non-public special information and imposes a general duty of secrecy over such information due to its sensitive nature, framing the confidentiality obligation. - Tier: All - Location: § 2 (Confidentiality) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20As%20a%20user,keep%20that%20information%20secret. ### governing law disputes — risk medium > S. Miscellaneous Please see this section for legal details including our choice of law. - Interpretation (disclaimed): Choice-of-law provisions determine the jurisdiction whose law governs disputes. Non-US users may face disadvantage if US law (likely California or Delaware) is mandated. The full operative terms are in the missing Section S. - Tier: All - Location: Article M - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=S.%20Miscellaneous%20Please%20see,our%20choice%20of%20law. ### governing law disputes — risk medium > Except to the extent applicable law provides otherwise, this Agreement between you and GitHub and any access to or use of the Website or the Service are governed by the federal laws of the United States of America and the laws of the State of California, without regard to conflict of law provisions. You and GitHub agree to submit to the exclusive jurisdiction and venue of the courts located in the City and County of San Francisco, California. However, any claim for injunctive relief with respect to a violation of section D.9 may be brought in any jurisdiction. - Interpretation (disclaimed): Mandatory California/federal law and exclusive San Francisco venue provisions may disadvantage international users or those in other US states who would face significant cost and inconvenience to litigate disputes. The carve-out for injunctive relief in any jurisdiction benefits GitHub more than users. - Tier: All - Location: § 1 (Governing Law) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=Except%20to%20the%20extent,brought%20in%20any%20jurisdiction. ### governing law disputes — risk low > In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, GitHub commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF should first contact GitHub at: dpo[at]github[dot]com. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of the International Centre for Dispute Resolution are provided at no cost to you. An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. - Interpretation (disclaimed): The DPF dispute resolution pathway funnels complaints through internal processes, then third-party ADR, and finally binding arbitration. While offered at no cost, binding arbitration forecloses court-based remedies for affected EU/UK/Swiss users. - Tier: All - Location: Privacy Policy › “Dispute resolution process” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=In%20compliance%20with%20the,the%20other%20DPF%20mechanisms. ### governing law disputes — risk unknown > S. Miscellaneous Please see this section for legal details including our choice of law. - Interpretation (disclaimed): Summary entry for Section S referencing legal details including choice of law; cross-reference incorporating governing law and dispute resolution provisions. - Tier: All - Location: Article M - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20S.%20Miscellaneous%20Please,choice%20of%20law.%20 ### governing law disputes — risk unknown > Communications made through email or GitHub Support's messaging system will not constitute legal notice to GitHub or any of its officers, employees, agents or representatives in any situation where notice to GitHub is required by contract or any law or regulation. Legal notice to GitHub must be in writing and served on GitHub's legal agent . - Interpretation (disclaimed): Specifies the required procedure for legal notices to GitHub, establishing that email or support messages do not constitute legal notice and that formal legal notice must be in writing and served on GitHub's legal agent, governing the dispute-notification mechanism. - Tier: All - Location: § 2 (Legal Notice to GitHub Must Be in Writing) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Communications%20made%20through,GitHub's%20legal%20agent%20. ### governing law disputes — risk unknown > Short version: We want our users to be informed of important changes to our terms, but some changes aren't that important — we don't want to bother you every time we fix a typo. So while we may modify this agreement at any time, we will notify users of any material changes and give you time to adjust to them. - Interpretation (disclaimed): Plain-language summary explaining GitHub's intent to notify users of material changes while reserving the right to modify the agreement at any time, framing the amendment procedures that follow. - Tier: All - Location: § R (Changes to These Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20We,adjust%20to%20them.%20 ### governing law disputes — risk unknown > Throughout this Agreement, each section includes titles and brief summaries of the following terms and conditions. These section titles and brief summaries are not legally binding. - Interpretation (disclaimed): Clarifies that section titles and brief summaries throughout the Agreement are not legally binding, defining the interpretive status of organizational headings so they cannot be used to create legal obligations. - Tier: All - Location: § 3 (Section Headings and Summaries) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Throughout%20this%20Agreement%2C,are%20not%20legally%20binding. ### governing law disputes — risk unknown > If any part of this Agreement is held invalid or unenforceable, that portion of the Agreement will be construed to reflect the parties’ original intent. The remaining portions will remain in full force and effect. Any failure on the part of GitHub to enforce any provision of this Agreement will not be considered a waiver of our right to enforce such provision. Our rights under this Agreement will survive any termination of this Agreement. - Interpretation (disclaimed): Establishes severability (invalid portions construed to reflect original intent), no-waiver (failure to enforce does not waive rights), and survival (GitHub's rights survive termination), providing interpretive rules that preserve the Agreement's enforceability and GitHub's ongoing rights. - Tier: All - Location: § 4 (Severability, No Waiver, and Survival) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20any%20part,termination%20of%20this%20Agreement. ### governing law disputes — risk unknown > Questions about the Terms of Service? Contact us through the GitHub Support portal . - Interpretation (disclaimed): Provides the procedure for users to contact GitHub with questions about the Terms of Service via the GitHub Support portal, establishing a formal channel for legal inquiries. - Tier: All - Location: § 6 (Questions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Questions%20about%20the,GitHub%20Support%20portal%20. ### governing law disputes — risk unknown > The “Website” refers to GitHub’s website located at github.com , and all content, services, and products provided by GitHub at or through the Website. It also refers to GitHub-owned subdomains of github.com, such as education.github.com and pages.github.com . These Terms also govern GitHub’s conference websites, such as githubuniverse.com , and product websites, such as electronjs.org . Occasionally, websites owned by GitHub may provide different or additional terms of service. If those additional terms conflict with this Agreement, the more specific terms apply to the relevant page or service. - Interpretation (disclaimed): Defines 'Website' and its scope, including subdomains and conference/product sites, and specifies that more specific terms prevail over this Agreement in case of conflict, establishing a hierarchy of governing terms. - Tier: All - Location: § A (Definitions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20The%20%E2%80%9CWebsite%E2%80%9D%20refers,relevant%20page%20or%20service. ### governing law disputes — risk unknown > All use of the GitHub API is subject to these Terms of Service and the GitHub Privacy Statement . - Interpretation (disclaimed): Subjects all API use to both the Terms of Service and the GitHub Privacy Statement, incorporating those documents as binding on API users. - Tier: All - Location: § H (API Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20All%20use%20of,GitHub%20Privacy%20Statement%20. ### governing law disputes — risk unknown > For contractual purposes, you (1) consent to receive communications from us in an electronic form via the email address you have submitted or via the Service; and (2) agree that all Terms of Service, agreements, notices, disclosures, and other communications that we provide to you electronically satisfy any legal requirement that those communications would satisfy if they were on paper. This section does not affect your non-waivable rights. - Interpretation (disclaimed): This is a section heading ('Legal Notice to GitHub Must Be in Writing') that introduces the formal legal notice requirements; it labels the following substantive provision. - Tier: All - Location: § 1 (Electronic Communication Required) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20For%20contractual%20purposes%2C,affect%20your%20non-waivable%20rights. ### governing law disputes — risk unknown > Short version: We want our users to be informed of important changes to our terms, but some changes aren't that important — we don't want to bother you every time we fix a typo. So while we may modify this agreement at any time, we will notify users of any material changes and give you time to adjust to them. - Interpretation (disclaimed): Plain-language summary explaining GitHub's policy of notifying users of material changes while reserving the right to modify the agreement at any time. - Tier: All - Location: § R (Changes to These Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20We,adjust%20to%20them.%20 ### governing law disputes — risk unknown > GitHub may assign or delegate these Terms of Service and/or the GitHub Privacy Statement , in whole or in part, to any person or entity at any time with or without your consent, including the license grant in Section D.4. You may not assign or delegate any rights or obligations under the Terms of Service or Privacy Statement without our prior written consent, and any unauthorized assignment and delegation by you is void. - Interpretation (disclaimed): Permits GitHub to freely assign or delegate the Terms and privacy statement at any time without consent, while restricting users from assigning or delegating any rights or obligations without GitHub's prior written consent, voiding any unauthorized assignment. - Tier: All - Location: § 2 (Non-Assignability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20may%20assign,by%20you%20is%20void. ### governing law disputes — risk unknown > Questions about the Terms of Service? Contact us through the GitHub Support portal . - Interpretation (disclaimed): Directs users with questions about the Terms of Service to contact GitHub through the GitHub Support portal, establishing a procedural channel for inquiry. - Tier: All - Location: § 6 (Questions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Questions%20about%20the,GitHub%20Support%20portal%20. ### governing law disputes — risk unknown > If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of the International Centre for Dispute Resolution are provided at no cost to you. - Interpretation (disclaimed): Provides an escalation path for unresolved DPF complaints to the International Centre for Dispute Resolution (ICDR/ADR) at no cost to the complainant, establishing an alternative dispute resolution mechanism. - Tier: All - Location: Privacy Policy › “Dispute resolution process” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20If%20you%20do,no%20cost%20to%20you. ### governing law disputes — risk unknown > We reserve the right, at our sole discretion, to amend these Terms of Service at any time and will update these Terms of Service in the event of any such amendments. We will notify our Users of material changes to this Agreement, such as price increases, at least 30 days prior to the change taking effect by posting a notice on our Website or sending email to the primary email address specified in your GitHub account. Customer's continued use of the Service after those 30 days constitutes agreement to those revisions of this Agreement. For any other modifications, your continued use of the Website constitutes agreement to our revisions of these Terms of Service. You can view all changes to these Terms in our Site Policy repository. - Interpretation (disclaimed): Reserves GitHub's right to amend the Terms at its sole discretion, requires 30-day advance notice of material changes via website posting or email, and deems continued use after 30 days as acceptance of revisions. - Tier: All - Location: § R (Changes to These Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%20reserve%20the,our%20Site%20Policy%20repository. ### governing law disputes — risk unknown > If any part of this Agreement is held invalid or unenforceable, that portion of the Agreement will be construed to reflect the parties’ original intent. The remaining portions will remain in full force and effect. Any failure on the part of GitHub to enforce any provision of this Agreement will not be considered a waiver of our right to enforce such provision. Our rights under this Agreement will survive any termination of this Agreement. - Interpretation (disclaimed): Establishes severability (invalid portions are construed to reflect original intent while remaining portions stay in effect), no-waiver (failure to enforce is not a waiver), and survival (GitHub's rights survive termination), providing structural rules for the agreement's enforceability. - Tier: All - Location: § 4 (Severability, No Waiver, and Survival) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20any%20part,termination%20of%20this%20Agreement. ### governing law disputes — risk unknown > We reserve the right at any time and from time to time to modify or discontinue, temporarily or permanently, the Website (or any part of it) with or without notice. - Interpretation (disclaimed): Reserves GitHub's right to modify or discontinue the Website or any part of it, temporarily or permanently, at any time with or without notice, establishing a broad unilateral right of service alteration. - Tier: All - Location: § R (Changes to These Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%20reserve%20the,with%20or%20without%20notice. ### governing law disputes — risk unknown > Except to the extent applicable law provides otherwise, this Agreement between you and GitHub and any access to or use of the Website or the Service are governed by the federal laws of the United States of America and the laws of the State of California, without regard to conflict of law provisions. You and GitHub agree to submit to the exclusive jurisdiction and venue of the courts located in the City and County of San Francisco, California. However, any claim for injunctive relief with respect to a violation of section D.9 may be brought in any jurisdiction. - Interpretation (disclaimed): Establishes that the agreement is governed by U.S. federal law and California state law, submits disputes to the exclusive jurisdiction of San Francisco courts, with an exception allowing injunctive relief claims under section D.9 to be brought in any jurisdiction. - Tier: All - Location: § 1 (Governing Law) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Except%20to%20the,brought%20in%20any%20jurisdiction. ### governing law disputes — risk unknown > S. Miscellaneous Please see this section for legal details including our choice of law. - Interpretation (disclaimed): Summary entry directing readers to the Miscellaneous section for legal details including choice of law; cross-references the governing law and dispute resolution provisions. - Tier: All - Location: Article M - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20S.%20Miscellaneous%20Please,choice%20of%20law.%20 ### governing law disputes — risk unknown > Throughout this Agreement, each section includes titles and brief summaries of the following terms and conditions. These section titles and brief summaries are not legally binding. - Interpretation (disclaimed): Clarifies that section titles and brief summaries throughout the agreement are not legally binding, preventing their use as operative contract terms in disputes. - Tier: All - Location: § 3 (Section Headings and Summaries) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Throughout%20this%20Agreement%2C,are%20not%20legally%20binding. ### governing law disputes — risk unknown > In some situations, third parties' terms may apply to your use of GitHub. For example, you may be a member of an organization on GitHub with its own terms or license agreements; you may download an application that integrates with GitHub; or you may use GitHub to authenticate to another service. Please be aware that while these Terms are our full agreement with you, other parties' terms govern their relationships with you. - Interpretation (disclaimed): Incorporates the Government Amendment to GitHub Terms of Service for government users or government-capacity access, making those provisions binding on such users. - Tier: All - Location: § 5 (Additional Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20In%20some%20situations%2C,their%20relationships%20with%20you. ### governing law disputes — risk unknown > GitHub may assign or delegate these Terms of Service and/or the GitHub Privacy Statement , in whole or in part, to any person or entity at any time with or without your consent, including the license grant in Section D.4. You may not assign or delegate any rights or obligations under the Terms of Service or Privacy Statement without our prior written consent, and any unauthorized assignment and delegation by you is void. - Interpretation (disclaimed): Permits GitHub to assign or delegate the Terms and Privacy Statement including license grants to any person at any time without user consent, while restricting users from assigning or delegating any rights or obligations without GitHub's prior written consent and voiding any unauthorized assignment. - Tier: All - Location: § 2 (Non-Assignability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20may%20assign,by%20you%20is%20void. ### governing law disputes — risk unknown > In some situations, third parties' terms may apply to your use of GitHub. For example, you may be a member of an organization on GitHub with its own terms or license agreements; you may download an application that integrates with GitHub; or you may use GitHub to authenticate to another service. Please be aware that while these Terms are our full agreement with you, other parties' terms govern their relationships with you. - Interpretation (disclaimed): Acknowledges that third-party terms may apply in certain contexts (organizations, integrations, authentication) and clarifies that while these Terms govern the GitHub relationship, third-party terms separately govern those third-party relationships. - Tier: All - Location: § 5 (Additional Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20In%20some%20situations%2C,their%20relationships%20with%20you. ### governing law disputes — risk unknown > For contractual purposes, you (1) consent to receive communications from us in an electronic form via the email address you have submitted or via the Service; and (2) agree that all Terms of Service, agreements, notices, disclosures, and other communications that we provide to you electronically satisfy any legal requirement that those communications would satisfy if they were on paper. This section does not affect your non-waivable rights. - Interpretation (disclaimed): Requires users to consent to receive electronic communications from GitHub and to accept that electronic communications satisfy legal notice requirements, establishing the binding nature of electronic delivery and communications for contractual purposes. - Tier: All - Location: § 1 (Electronic Communication Required) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20For%20contractual%20purposes%2C,affect%20your%20non-waivable%20rights. ### governing law disputes — risk unknown > This Agreement may only be modified by a written amendment signed by an authorized representative of GitHub, or by the posting by GitHub of a revised version in accordance with Section R. Changes to These Terms . These Terms of Service, together with the GitHub Privacy Statement, represent the complete and exclusive statement of the agreement between you and us. This Agreement supersedes any proposal or prior agreement oral or written, and any other communications between you and GitHub relating to the subject matter of these terms including any confidentiality or nondisclosure agreements. - Interpretation (disclaimed): Specifies that the Agreement may only be modified by written amendment from an authorized GitHub representative or by GitHub posting a revised version per Section R; incorporates the Privacy Statement as part of the complete agreement; and supersedes all prior proposals, oral or written agreements, and confidentiality or non-disclosure agreements between the parties. - Tier: All - Location: § 5 (Amendments; Complete Agreement) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20This%20Agreement%20may,confidentiality%20or%20nondisclosure%20agreements. ### governing law disputes — risk unknown > Except to the extent applicable law provides otherwise, this Agreement between you and GitHub and any access to or use of the Website or the Service are governed by the federal laws of the United States of America and the laws of the State of California, without regard to conflict of law provisions. You and GitHub agree to submit to the exclusive jurisdiction and venue of the courts located in the City and County of San Francisco, California. However, any claim for injunctive relief with respect to a violation of section D.9 may be brought in any jurisdiction. - Interpretation (disclaimed): Establishes that the Agreement is governed by U.S. federal law and California state law, requires submission to exclusive jurisdiction and venue in San Francisco courts, and carves out an exception permitting injunctive relief claims under section D.9 to be brought in any jurisdiction. - Tier: All - Location: § 1 (Governing Law) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Except%20to%20the,brought%20in%20any%20jurisdiction. ### governing law disputes — risk unknown > We reserve the right, at our sole discretion, to amend these Terms of Service at any time and will update these Terms of Service in the event of any such amendments. We will notify our Users of material changes to this Agreement, such as price increases, at least 30 days prior to the change taking effect by posting a notice on our Website or sending email to the primary email address specified in your GitHub account. Customer's continued use of the Service after those 30 days constitutes agreement to those revisions of this Agreement. For any other modifications, your continued use of the Website constitutes agreement to our revisions of these Terms of Service. You can view all changes to these Terms in our Site Policy repository. - Interpretation (disclaimed): Establishes GitHub's right to amend the Terms at its sole discretion, requires 30-day advance notice for material changes such as price increases via website posting or email, and deems continued use of the Service after 30 days as acceptance of the revised terms. - Tier: All - Location: § R (Changes to These Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%20reserve%20the,our%20Site%20Policy%20repository. ### governing law disputes — risk unknown > The “Website” refers to GitHub’s website located at github.com , and all content, services, and products provided by GitHub at or through the Website. It also refers to GitHub-owned subdomains of github.com, such as education.github.com and pages.github.com . These Terms also govern GitHub’s conference websites, such as githubuniverse.com , and product websites, such as electronjs.org . Occasionally, websites owned by GitHub may provide different or additional terms of service. If those additional terms conflict with this Agreement, the more specific terms apply to the relevant page or service. - Interpretation (disclaimed): Defines 'Website' and specifies that these Terms govern multiple GitHub web properties, with an incorporation rule that more specific terms apply when additional terms conflict with the Agreement. - Tier: All - Location: § A (Definitions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20The%20%E2%80%9CWebsite%E2%80%9D%20refers,relevant%20page%20or%20service. ### governing law disputes — risk unknown > We reserve the right at any time and from time to time to modify or discontinue, temporarily or permanently, the Website (or any part of it) with or without notice. - Interpretation (disclaimed): Reserves GitHub's right at any time to modify or discontinue the Website or any part of it, temporarily or permanently, with or without notice, establishing broad unilateral rights over service availability. - Tier: All - Location: § R (Changes to These Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%20reserve%20the,with%20or%20without%20notice. ### governing law disputes — risk unknown > In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, GitHub commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF should first contact GitHub at: dpo[at]github[dot]com. - Interpretation (disclaimed): Commits GitHub to resolving DPF Principles-related complaints from EU, UK, and Swiss individuals and designates the DPO email as the first point of contact for such complaints, establishing a required pre-dispute procedure. - Tier: All - Location: Privacy Policy › “Dispute resolution process” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20In%20compliance%20with,contact%20GitHub%20at%3A%20dpo%5Bat%5Dgithub%5Bdot%5Dcom. ### governing law disputes — risk unknown > GitHub is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Under Section 5 of the Federal Trade Commission Act (15 U.S.C. § 45), an organization's failure to abide by commitments to implement the DPF Principles may be challenged as deceptive by the FTC. The FTC has the power to prohibit such misrepresentations through administrative orders or by seeking court orders. - Interpretation (disclaimed): Confirms GitHub is subject to FTC investigatory and enforcement powers under Section 5 of the FTC Act, establishing that failure to adhere to DPF Principles may be treated as deceptive and subject to administrative or court orders. - Tier: All - Location: Privacy Policy › “Government Enforcement” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20GitHub%20is%20subject,by%20seeking%20court%20orders. ### governing law disputes — risk unknown > Below are translations of this document into other languages. In the event of any conflict, uncertainty, or apparent inconsistency between any of those versions and the English version, this English version is the controlling version. - Interpretation (disclaimed): Establishes the English version of the Privacy Statement as the authoritative controlling version in cases of conflict, uncertainty, or inconsistency with translated versions, creating a binding interpretation rule. - Tier: All - Location: Privacy Policy › “Translations” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20Below%20are%20translations,is%20the%20controlling%20version. ### governing law disputes — risk unknown > An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. For additional information visit https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction . - Interpretation (disclaimed): Grants individuals the conditional right to invoke binding arbitration under the DPF Annex I mechanism for unresolved DPF compliance complaints, creating an enforceable dispute resolution right. - Tier: All - Location: Privacy Policy › “Dispute resolution process” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20An%20individual%20has,information%20visit%20https%3A%2F%2Fwww.dataprivacyframework.gov%2Fframework-article%2FANNEX-I-introduction%20. ### moderation enforcement — risk high > GitHub has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately. GitHub reserves the right to refuse service to anyone for any reason at any time. - Interpretation (disclaimed): This is a maximally broad unilateral termination clause. For paid users or businesses dependent on the platform, abrupt termination without cause or notice creates significant operational and financial risk. No-refund provisions in the payment section compound this risk. - Tier: All - Location: § 3 (GitHub May Terminate) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=GitHub%20has%20the%20right,reason%20at%20any%20time. ### moderation enforcement — risk medium > For abuse detection, prevention, and protection, virus scanning, and scanning to detect violations of terms of service - Interpretation (disclaimed): The explicit reference to scanning content for violations of terms of service means user inputs and outputs are subject to monitoring. No safe harbor or procedural protections for suspension/termination are described in this document. - Tier: All - Location: “To comply with and resolve legal obligations” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=For%20abuse%20detection%2C%20prevention%2C,of%20terms%20of%20service ### moderation enforcement — risk low > In addition to off-topic, harmful, and offensive output filters, GitHub Copilot also scans the outputs for vulnerable code. - Interpretation (disclaimed): Output scanning for policy violations and vulnerable code implies that GitHub reviews or processes generated outputs for enforcement purposes. While beneficial for safety, it confirms that outputs are not fully opaque to GitHub's systems. - Tier: All - Location: “Does GitHub Copilot include a filtering mechanism to mitigate risk?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=In%20addition%20to%20off-topic%2C,outputs%20for%20vulnerable%20code. ### moderation enforcement — risk low > If we learn of any User under the age of 13, we will terminate that User’s Account immediately . - Interpretation (disclaimed): This clause reflects US legal obligations under COPPA. It is a standard compliance-driven enforcement provision rather than a discretionary risk. - Tier: All - Location: § 3 (Account Requirements) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=If%20we%20learn%20of,User%E2%80%99s%20Account%20immediately%20. ### moderation enforcement — risk low > GitHub Copilot includes filters to block offensive language in the prompts and to avoid synthesizing suggestions in sensitive contexts. We continue to work on improving the filter system to more intelligently detect and remove offensive outputs. If you see offensive outputs, please report them directly to copilot-safety@github.com so that we can improve our safeguards. - Interpretation (disclaimed): GitHub applies automated content moderation to both user prompts and generated outputs. This gives GitHub discretion to block or modify content, potentially affecting legitimate professional use cases. The document acknowledges the system is imperfect ('continue to work on improving'), meaning users may encounter inconsistent enforcement. - Tier: All - Location: “Does GitHub Copilot produce offensive outputs?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=GitHub%20Copilot%20includes%20filters,can%20improve%20our%20safeguards. ### moderation enforcement — risk unknown > You must be a human to create an Account. Accounts registered by "bots" or other automated methods are not permitted. We do permit machine accounts: - Interpretation (disclaimed): Restricts Account creation to human users, prohibiting bots or automated methods from registering Accounts, while carving out a limited exception for machine accounts. - Tier: All - Location: § 3 (Account Requirements) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20must%20be,do%20permit%20machine%20accounts%3A ### moderation enforcement — risk unknown > You may not use GitHub in violation of export control or sanctions laws of the United States or any other applicable jurisdiction. You may not use GitHub if you are or are working on behalf of a Specially Designated National (SDN) or a person subject to similar blocking or denied party prohibitions administered by a U.S. government agency. GitHub may allow persons in certain sanctioned countries or territories to access certain GitHub services pursuant to U.S. government authorizations. For more information, please see our Export Controls policy . - Interpretation (disclaimed): Prohibits use of GitHub in violation of U.S. or applicable export control or sanctions laws, and bars use by Specially Designated Nationals or similarly restricted parties, with a limited permission for sanctioned-country access under U.S. government authorizations. - Tier: All - Location: § 3 (Account Requirements) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20may%20not,Export%20Controls%20policy%20. ### moderation enforcement — risk unknown > You will promptly notify GitHub by contacting us through the GitHub Support portal if you become aware of any unauthorized use of, or access to, our Service through your Account, including any unauthorized use of your password or Account. - Interpretation (disclaimed): Establishes a procedural obligation requiring the user to promptly notify GitHub through the Support portal upon becoming aware of any unauthorized use of or access to their Account or password. - Tier: All - Location: § 4 (Account Security) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20will%20promptly,your%20password%20or%20Account. ### moderation enforcement — risk unknown > Short version: GitHub hosts a wide variety of collaborative projects from all over the world, and that collaboration only works when our users are able to work together in good faith. While using the service, you must follow the terms of this section, which include some restrictions on content you can post, conduct on the service, and other limitations. In short, be excellent to each other. - Interpretation (disclaimed): Short-version summary for the Acceptable Use section stating users must follow restrictions on content, conduct, and other limitations while using the service, establishing the general obligation to comply with acceptable use requirements. - Tier: All - Location: Article C (Acceptable Use) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20GitHub,to%20each%20other.%20 ### moderation enforcement — risk unknown > Your use of the Website and Service must not violate any applicable laws, including copyright or trademark laws, export control or sanctions laws, or other laws in your jurisdiction. You are responsible for making sure that your use of the Service is in compliance with laws and any applicable regulations. - Interpretation (disclaimed): Imposes an obligation on users to ensure their use of the Website and Service does not violate applicable laws including copyright, trademark, export control, and sanctions laws, placing compliance responsibility on the user. - Tier: All - Location: Article C (Acceptable Use) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Your%20use%20of,and%20any%20applicable%20regulations. ### moderation enforcement — risk unknown > If you believe that content on our website violates your copyright, please contact us in accordance with our Digital Millennium Copyright Act Policy . If you are a copyright owner and you believe that content on GitHub violates your rights, please contact us via our convenient DMCA form or by emailing copyright@github.com . There may be legal consequences for sending a false or frivolous takedown notice. Before sending a takedown request, you must consider legal uses such as fair use and licensed uses. - Interpretation (disclaimed): Establishes the procedure for reporting copyright infringement via the DMCA Policy and DMCA form, warns of legal consequences for false takedown notices, and requires consideration of fair use before submitting a request. - Tier: All - Location: § F (Copyright Infringement and DMCA Policy) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20you%20believe,use%20and%20licensed%20uses. ### moderation enforcement — risk unknown > We will terminate the Accounts of repeat infringers of this policy. - Interpretation (disclaimed): Obligates GitHub to terminate accounts of repeat copyright infringers, establishing an enforcement consequence for repeated violations of the DMCA policy. - Tier: All - Location: § F (Copyright Infringement and DMCA Policy) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%20will%20terminate,infringers%20of%20this%20policy. ### moderation enforcement — risk unknown > Abuse or excessively frequent requests to GitHub via the API may result in the temporary or permanent suspension of your Account's access to the API. GitHub, in our sole discretion, will determine abuse or excessive usage of the API. We will make a reasonable attempt to warn you via email prior to suspension. - Interpretation (disclaimed): Describes GitHub's enforcement procedure for API abuse or excessive use, including temporary or permanent account suspension at GitHub's sole discretion and a reasonable attempt to provide prior email warning. - Tier: All - Location: § H (API Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Abuse%20or%20excessively,email%20prior%20to%20suspension. ### moderation enforcement — risk unknown > You may not share API tokens to exceed GitHub's rate limitations. - Interpretation (disclaimed): Prohibits users from sharing API tokens in a manner that would exceed GitHub's rate limitations, restricting token-sharing behavior to enforce usage caps. - Tier: All - Location: § H (API Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20may%20not,exceed%20GitHub's%20rate%20limitations. ### moderation enforcement — risk unknown > Beta Previews may not be supported and may be changed at any time without notice. In addition, Beta Previews are not subject to the same security measures and auditing to which the Service has been and is subject. By using a Beta Preview, you use it at your own risk. - Interpretation (disclaimed): Disclaims any obligation to support Beta Previews, reserves GitHub's right to change them at any time without notice, states they are not subject to the same security and auditing standards as the Service, and places risk of use on the user. - Tier: All - Location: § 1 (Subject to Change) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Beta%20Previews%20may,your%20own%20risk.%20 ### moderation enforcement — risk unknown > You must be a human to create an Account. Accounts registered by "bots" or other automated methods are not permitted. We do permit machine accounts: - Interpretation (disclaimed): Defines 'machine account' with specific eligibility criteria (human acceptance of Terms, valid email, responsibility for actions, automated-tasks-only use) and limits users to one free machine account in addition to a free Personal Account. - Tier: All - Location: § 3 (Account Requirements) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20must%20be,do%20permit%20machine%20accounts%3A ### moderation enforcement — risk unknown > We have a few simple rules for Accounts on GitHub's Service. - Interpretation (disclaimed): Restricts Account creation to human actors and prohibits registration by bots or automated methods, while carving out a defined exception for machine accounts under specific conditions. - Tier: All - Location: § 3 (Account Requirements) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%20have%20a,Accounts%20on%20GitHub's%20Service. ### moderation enforcement — risk unknown > One person or legal entity may maintain no more than one free Account (if you choose to control a machine account as well, that's fine, but it can only be used for running a machine). - Interpretation (disclaimed): Imposes minimum age requirement of 13, states compliance with U.S. law obligations, prohibits users under 13, and mandates immediate account termination upon discovery of underage users, constituting an enforcement obligation and restriction. - Tier: All - Location: § 3 (Account Requirements) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20One%20person%20or,for%20running%20a%20machine). ### moderation enforcement — risk unknown > Your login may only be used by one person — i.e., a single login may not be shared by multiple people. A paid Organization may only provide access to as many Personal Accounts as your subscription allows. - Interpretation (disclaimed): Prohibits use of GitHub in violation of U.S. and other applicable export control or sanctions laws, restricts access by Specially Designated Nationals or sanctioned-party-adjacent persons, and permits GitHub to allow access in certain sanctioned territories pursuant to government authorizations. - Tier: All - Location: § 3 (Account Requirements) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Your%20login%20may,as%20your%20subscription%20allows. ### moderation enforcement — risk unknown > You are responsible for maintaining the security of your Account and password. GitHub cannot and will not be liable for any loss or damage from your failure to comply with this security obligation. - Interpretation (disclaimed): Requires the user to promptly notify GitHub through the Support portal upon becoming aware of any unauthorized use of or access to their Account, establishing a procedural reporting obligation. - Tier: All - Location: § 4 (Account Security) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20are%20responsible,with%20this%20security%20obligation. ### moderation enforcement — risk unknown > You may not share API tokens to exceed GitHub's rate limitations. - Interpretation (disclaimed): Prohibits sharing of API tokens in a manner that exceeds GitHub's rate limitations, restricting token distribution to prevent circumvention of usage controls. - Tier: All - Location: § H (API Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20may%20not,exceed%20GitHub's%20rate%20limitations. ### moderation enforcement — risk unknown > GitHub Copilot is entirely optional and requires you to opt in before gaining access. You can easily configure its usage directly in the editor, enabling or disabling it at any time. Additionally, you have control over which file types GitHub Copilot is active for. - Interpretation (disclaimed): Grants the user the permission to opt in, enable, or disable GitHub Copilot and control which file types it is active for, establishing user-level configurability rights over the service. - Tier: All - Location: “What if I do not want GitHub Copilot?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20is,Copilot%20is%20active%20for. ### moderation enforcement — risk unknown > For abuse detection, prevention, and protection, virus scanning, and scanning to detect violations of terms of service - Interpretation (disclaimed): This segment permits GitHub to use personal data for abuse detection, prevention, protection, virus scanning, and scanning for terms of service violations, establishing authorized enforcement-related data processing purposes. - Tier: All - Location: “To comply with and resolve legal obligations” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20For%20abuse%20detection%2C,terms%20of%20service%20 ### moderation enforcement — risk unknown > With the filter enabled, Copilot checks code suggestions for matches or near-matches against public code on GitHub of 65 lexemes or more (on average,150 characters). If there is a match, the suggestion will not be shown to the user. - Interpretation (disclaimed): This segment specifies the operational procedure by which the duplication detection filter works — checking for matches of 65 lexemes or more against public GitHub code and suppressing matching suggestions — defining the technical enforcement mechanism. - Tier: All - Location: “Does GitHub Copilot include a filtering mechanism to mitigate risk?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20With%20the%20filter,shown%20to%20the%20user. ### moderation enforcement — risk unknown > Public code may contain insecure coding patterns, bugs, or references to outdated APIs or idioms. When GitHub Copilot synthesizes code suggestions based on this data, it can also synthesize code that contains these undesirable patterns. Copilot has filters in place that either block or notify users of insecure code patterns that are detected in Copilot suggestions. These filters target the most common vulnerable coding patterns, including hardcoded credentials , SQL injections , and path injections . Additionally, in recent years we’ve provided tools such as GitHub Advanced Security, GitHub Actions, Dependabot, and CodeQL to open source projects to help improve code quality. Of course, you should always use GitHub Copilot together with good testing and code review practices and security tools, as well as your own judgment. - Interpretation (disclaimed): This segment acknowledges that Copilot may synthesize insecure code patterns from public code training data, while describing filters that block or notify users of detected insecure patterns such as hardcoded credentials, SQL injections, and path injections, thereby disclosing the risk and limiting GitHub's liability for insecure code suggestions while describing mitigation measures. - Tier: All - Location: “Can GitHub Copilot introduce insecure code in its suggestions?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Public%20code%20may,as%20your%20own%20judgment. ### moderation enforcement — risk unknown > The product is called “Copilot” not “Autopilot” and it’s not intended to generate code without oversight. You should use exactly the same sorts of safeguards and diligence with Copilot’s suggestions as you would use with any third-party code. - Interpretation (disclaimed): Disclaimer stating the product is not 'Autopilot' and that users must apply the same safeguards to Copilot suggestions as to any third-party code, limiting GitHub's liability for unsupervised use. - Tier: All - Location: “Is GitHub Copilot intended to fully automate code generation and replace developers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20The%20product%20is,with%20any%20third-party%20code. ### moderation enforcement — risk unknown > Depending on your particular use case, you should consider implementing the protections discussed above. It is your responsibility to assess what is appropriate for the situation and implement appropriate safeguards. - Interpretation (disclaimed): Places the obligation on the user to assess risk tolerance and implement appropriate safeguards depending on their use case, thereby allocating responsibility to the customer rather than GitHub. - Tier: All - Location: “Can GitHub Copilot users simply use suggestions without concern?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Depending%20on%20your,and%20implement%20appropriate%20safeguards. ### moderation enforcement — risk unknown > With the filter enabled, Copilot checks code suggestions for matches or near-matches against public code on GitHub of 65 lexemes or more (on average,150 characters). If there is a match, the suggestion will not be shown to the user. - Interpretation (disclaimed): This segment specifies the technical threshold (65 lexemes or more, approximately 150 characters) and operational behavior of the duplication detection filter—checking for matches and suppressing suggestions when a match is found—establishing the enforcement procedure for the filter. - Tier: All - Location: “Does GitHub Copilot include a filtering mechanism to mitigate risk?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20With%20the%20filter,shown%20to%20the%20user. ### moderation enforcement — risk unknown > Public code may contain insecure coding patterns, bugs, or references to outdated APIs or idioms. When GitHub Copilot synthesizes code suggestions based on this data, it can also synthesize code that contains these undesirable patterns. Copilot has filters in place that either block or notify users of insecure code patterns that are detected in Copilot suggestions. These filters target the most common vulnerable coding patterns, including hardcoded credentials , SQL injections , and path injections . Additionally, in recent years we’ve provided tools such as GitHub Advanced Security, GitHub Actions, Dependabot, and CodeQL to open source projects to help improve code quality. Of course, you should always use GitHub Copilot together with good testing and code review practices and security tools, as well as your own judgment. - Interpretation (disclaimed): This segment explains that public training data may contain insecure patterns that Copilot can reproduce, and describes filters in place to block or notify users of detected insecure code patterns such as hardcoded credentials, SQL injections, and path injections, balancing the risk disclosure with moderation measures. - Tier: All - Location: “Can GitHub Copilot introduce insecure code in its suggestions?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Public%20code%20may,as%20your%20own%20judgment. ### moderation enforcement — risk unknown > GitHub Copilot includes filters to block offensive language in the prompts and to avoid synthesizing suggestions in sensitive contexts. We continue to work on improving the filter system to more intelligently detect and remove offensive outputs. If you see offensive outputs, please report them directly to copilot-safety@github.com so that we can improve our safeguards. GitHub takes this challenge very seriously and we are committed to addressing it. - Interpretation (disclaimed): This segment describes GitHub's use of filters to block offensive language in prompts and outputs, imposes a practical obligation on the platform to maintain moderation safeguards, directs users to report offensive outputs to a designated email address, and commits GitHub to improving its content moderation systems. - Tier: All - Location: “Does GitHub Copilot produce offensive outputs?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20includes,committed%20to%20addressing%20it. ### moderation enforcement — risk unknown > F. Copyright & DMCA Policy This section talks about how GitHub will respond if you believe someone is infringing your copyrights on GitHub. - Interpretation (disclaimed): Summary entry describing GitHub's DMCA and copyright policy; incorporates by reference the procedure and enforcement mechanism for copyright infringement claims. - Tier: All - Location: Article D - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20F.%20Copyright%20%26%23x26%3B,copyrights%20on%20GitHub.%20 ### moderation enforcement — risk unknown > Abuse or excessively frequent requests to GitHub via the API may result in the temporary or permanent suspension of your Account's access to the API. GitHub, in our sole discretion, will determine abuse or excessive usage of the API. We will make a reasonable attempt to warn you via email prior to suspension. - Interpretation (disclaimed): Describes GitHub's enforcement procedure for API abuse or excessive requests, including potential temporary or permanent suspension determined at GitHub's sole discretion, with a reasonable attempt to provide email warning before suspension. - Tier: All - Location: § H (API Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Abuse%20or%20excessively,email%20prior%20to%20suspension. ### moderation enforcement — risk unknown > Additionally, we may be compelled by law to disclose the contents of your private repositories. - Interpretation (disclaimed): Section header for copyright infringement and DMCA policy, serving as a structural incorporation reference for the takedown and enforcement procedures that follow. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Additionally%2C%20we%20may,of%20your%20private%20repositories. ### moderation enforcement — risk unknown > for security purposes; - Interpretation (disclaimed): Lists automated or manual scanning for known vulnerabilities, active malware, or Terms of Service violations as a permitted basis for GitHub to access private repository content without user consent, constituting a moderation-related exception to the confidentiality restriction. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20for%20security%20purposes%3B ### moderation enforcement — risk unknown > Short version: GitHub hosts a wide variety of collaborative projects from all over the world, and that collaboration only works when our users are able to work together in good faith. While using the service, you must follow the terms of this section, which include some restrictions on content you can post, conduct on the service, and other limitations. In short, be excellent to each other. - Interpretation (disclaimed): Imposes an obligation on users not to violate GitHub's Acceptable Use Policies or Community Guidelines under any circumstances, incorporating those external policies as binding restrictions by reference. - Tier: All - Location: Article C (Acceptable Use) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20GitHub,to%20each%20other.%20 ### moderation enforcement — risk unknown > GitHub will provide notice regarding our access to private repository content, unless for legal disclosure , to comply with our legal obligations, or where otherwise bound by requirements under law, for automated scanning, or if in response to a security threat or other risk to security. - Interpretation (disclaimed): Directs users to contact GitHub via specified channels for DMCA copyright infringement claims, warns of legal consequences for false or frivolous takedown notices, and obligates users to consider fair use and licensed uses before submitting takedown requests, establishing the procedural framework for copyright enforcement. - Tier: All - Location: § 3 (Access) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20will%20provide,other%20risk%20to%20security. ### moderation enforcement — risk unknown > Short version: You own content you create, but you allow us certain rights to it, so that we can display and share the content you post. You still have control over your content, and responsibility for it, and the rights you grant us are limited to those we need to provide the service. We have the right to remove content or close Accounts if we need to. - Interpretation (disclaimed): Places responsibility on the user for their Content and any resulting harm, disclaims GitHub's responsibility for public display or misuse of that Content, and establishes GitHub's right to refuse or remove content violating law or policies, including a procedure reference for private repository access. - Tier: All - Location: Article D (User-Generated Content) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20You,we%20need%20to.%20 ### moderation enforcement — risk unknown > You must be age 13 or older. While we are thrilled to see brilliant young coders get excited by learning to program, we must comply with United States law. GitHub does not target our Service to children under 13, and we do not permit any Users under 13 on our Service. If we learn of any User under the age of 13, we will terminate that User’s Account immediately . If you are a resident of a country outside the United States, your country’s minimum age may be older; in such a case, you are responsible for complying with your country’s laws. - Interpretation (disclaimed): Imposes a minimum age requirement of 13 and mandates immediate Account termination upon discovery of underage users; also places compliance responsibility on users in jurisdictions with higher minimum age laws. - Tier: All - Location: § 3 (Account Requirements) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20must%20be,with%20your%20country%E2%80%99s%20laws. ### moderation enforcement — risk unknown > You agree that you will not under any circumstances violate our Acceptable Use Policies or Community Guidelines . - Interpretation (disclaimed): Obliges users not to violate GitHub's Acceptable Use Policies or Community Guidelines under any circumstances, incorporating those policies by reference as binding restrictions. - Tier: All - Location: Article C (Acceptable Use) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20agree%20that,or%20Community%20Guidelines%20. ### moderation enforcement — risk unknown > A machine account is an Account set up by an individual human who accepts the Terms on behalf of the Account, provides a valid email address, and is responsible for its actions. A machine account is used exclusively for performing automated tasks. Multiple users may direct the actions of a machine account, but the owner of the Account is ultimately responsible for the machine's actions. You may maintain no more than one free machine account in addition to your free Personal Account. - Interpretation (disclaimed): Defines 'machine account,' specifies conditions for its permitted use (human acceptance of Terms, valid email, automated tasks only), and imposes responsibility on the Account owner for its actions, with a limit of one free machine account per user. - Tier: All - Location: § 3 (Account Requirements) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20A%20machine%20account,your%20free%20Personal%20Account. ### moderation enforcement — risk unknown > No. Copilot is a tool intended to make developers more efficient. It’s not intended to replace developers, who should continue to apply the same sorts of safeguards and diligence they would apply with regard to any third-party code of unknown origin. - Interpretation (disclaimed): Disclaimer clarifying that Copilot is not intended to replace developer oversight or judgment, thereby limiting GitHub's responsibility for outputs by placing diligence obligations on the user. - Tier: All - Location: “Is GitHub Copilot intended to fully automate code generation and replace developers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20No.%20Copilot%20is,code%20of%20unknown%20origin. ### moderation enforcement — risk unknown > Not necessarily. GitHub Copilot users should align their use of Copilot with their respective risk tolerances. As noted above, GitHub Copilot is not intended to replace developers, or their individual skill and judgment, and is not intended to fully automate the process of code development. The same risks that apply to the use of any third-party code apply to the use of Copilot’s suggestions. - Interpretation (disclaimed): Disclaimer that Copilot is not intended to replace developer skill and judgment or fully automate code development, and that the same third-party code risks apply, limiting GitHub's responsibility for suggestion quality and safety. - Tier: All - Location: “Can GitHub Copilot users simply use suggestions without concern?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Not%20necessarily.%20GitHub,use%20of%20Copilot%E2%80%99s%20suggestions. ### moderation enforcement — risk unknown > In addition to off-topic, harmful, and offensive output filters, GitHub Copilot also scans the outputs for vulnerable code. - Interpretation (disclaimed): This segment establishes that Copilot scans outputs for off-topic, harmful, offensive content, and vulnerable code, imposing an ongoing enforcement obligation as part of the platform's content moderation commitments. - Tier: All - Location: “Does GitHub Copilot include a filtering mechanism to mitigate risk?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20In%20addition%20to,outputs%20for%20vulnerable%20code. ### moderation enforcement — risk unknown > Identifying best practices for use of third party code is beyond the scope of this section. That said, whatever practices your organization currently uses – rigorous functionality testing, code scanning, security testing, etc. – you should continue these policies with Copilot’s suggestions. Moreover, you should make sure your code editor or editor does not automatically compile or run generated code before you review it. - Interpretation (disclaimed): Imposes an obligation on users to continue existing code-review and security-testing practices when using Copilot suggestions, and to prevent automatic compilation or execution of generated code before review. - Tier: All - Location: “Is GitHub Copilot intended to fully automate code generation and replace developers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Identifying%20best%20practices,before%20you%20review%20it. ### moderation enforcement — risk unknown > Yes, GitHub Copilot does include an optional code referencing filter to detect and suppress certain suggestions that match public code on GitHub. GitHub has created a duplication detection filter to detect and suppress suggestions that contain code segments over a certain length that match public code on GitHub. This filter can be enabled by the administrator for your enterprise and it can apply for all organizations within your enterprise, or the administrator can defer control to individual organizations. - Interpretation (disclaimed): This segment describes the optional duplication detection filter that detects and suppresses suggestions matching public code on GitHub, and specifies that enterprise administrators can enable it for all organizations or delegate control, establishing the permission structure for filter configuration. - Tier: All - Location: “Does GitHub Copilot include a filtering mechanism to mitigate risk?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Yes%2C%20GitHub%20Copilot,to%20individual%20organizations.%20 ### moderation enforcement — risk unknown > We are conducting internal testing of GitHub Copilot’s ease of use by developers with disabilities and working to ensure that GitHub Copilot is accessible to all developers. Please feel free to share your feedback on GitHub Copilot accessibility in our feedback forum . - Interpretation (disclaimed): This segment describes internal testing efforts for accessibility and invites user feedback, functioning as a disclaimer about the current state of accessibility support without imposing legal obligations or restrictions. - Tier: All - Location: “Does GitHub Copilot support accessibility features?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20We%20are%20conducting,our%20feedback%20forum%20. ### moderation enforcement — risk unknown > GitHub Copilot includes filters to block offensive language in the prompts and to avoid synthesizing suggestions in sensitive contexts. We continue to work on improving the filter system to more intelligently detect and remove offensive outputs. If you see offensive outputs, please report them directly to copilot-safety@github.com so that we can improve our safeguards. GitHub takes this challenge very seriously and we are committed to addressing it. - Interpretation (disclaimed): Describes GitHub's obligation to maintain content filters blocking offensive language in prompts and suggestions, and establishes a procedure for users to report offensive outputs, reflecting an ongoing enforcement commitment. - Tier: All - Location: “Does GitHub Copilot produce offensive outputs?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20includes,committed%20to%20addressing%20it. ### moderation enforcement — risk unknown > ‘GitHub AI Credits paid usage’ must be enabled to allow enterprises to be charged for GitHub AI Credits exceeding their included usage. - Interpretation (disclaimed): Specifies that a second Copilot code review policy must be explicitly enabled to allow non-licensed members to use Copilot code review on github.com, establishing a mandatory two-step administrative activation procedure. - Tier: All - Location: “Is Copilot code review usage from users without a Copilot license enabled by default? How do I control the cost?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20%E2%80%98GitHub%20AI%20Credits,exceeding%20their%20included%20usage. ### moderation enforcement — risk unknown > Access to Copilot Business and Enterprise is managed by your GitHub Administrator. They can control access to preview features, models, and set GitHub Copilot policies for your organization. Additionally, you can use your network firewall to explicitly allow access to Copilot Business and/or block access to Copilot Pro or Free. For more details, refer to the documentation . - Interpretation (disclaimed): Describes the administrative procedure by which access to Copilot Business and Enterprise is managed, including administrator control over policies, preview features, models, and the use of network firewalls to allow or block access to specific tiers. - Tier: All - Location: “How do I control access to GitHub Copilot in my company?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Access%20to%20Copilot,to%20the%20documentation%20. ### moderation enforcement — risk unknown > In addition to off-topic, harmful, and offensive output filters, GitHub Copilot also scans the outputs for vulnerable code. - Interpretation (disclaimed): This segment discloses that Copilot scans outputs for vulnerable code in addition to filtering off-topic, harmful, and offensive content, establishing ongoing moderation obligations applied to all generated outputs. - Tier: All - Location: “Does GitHub Copilot include a filtering mechanism to mitigate risk?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20In%20addition%20to,outputs%20for%20vulnerable%20code. ### moderation enforcement — risk unknown > Yes, GitHub Copilot does include an optional code referencing filter to detect and suppress certain suggestions that match public code on GitHub. GitHub has created a duplication detection filter to detect and suppress suggestions that contain code segments over a certain length that match public code on GitHub. This filter can be enabled by the administrator for your enterprise and it can apply for all organizations within your enterprise, or the administrator can defer control to individual organizations. - Interpretation (disclaimed): This segment describes the optional code referencing filter that administrators may enable to detect and suppress Copilot suggestions matching public code on GitHub, establishing the administrative right to configure enforcement controls at the enterprise or organization level. - Tier: All - Location: “Does GitHub Copilot include a filtering mechanism to mitigate risk?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Yes%2C%20GitHub%20Copilot,to%20individual%20organizations.%20 ### tier differences — risk high > When a school or employer supplies your GitHub account, they assume the role of Data Controller for most Personal Data used in our Services. This enables them to: Manage and administer your GitHub account, including adjusting privacy settings. Access and utilize your Personal Data, which includes details on how you use the Services, as well as your content and files. - Interpretation (disclaimed): Organization-provided accounts shift Data Controller status to the organization, granting employers/schools broad access to employee/student Personal Data including content and files, with GitHub acting only as Data Processor. - Tier: Enterprise - Location: Privacy Policy › “End User Notice: Organization-Provided GitHub Accounts” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=When%20a%20school%20or,your%20content%20and%20files. ### tier differences — risk high > GitHub uses the Copilot data from Individual subscribers for all the operational purposes described above for Business/Enterprise subscribers. In addition, for Individual subscribers only: GitHub may use Copilot interaction data — including prompts (inputs), s uggestions (outputs), and code snippets generated during Copilot sessions — to train and improve AI models. - Interpretation (disclaimed): The document explicitly carves out a training-use right that applies only to Individual (Free/Pro/Pro+) subscribers, creating a significant tier-based risk differential. - Tier: Free - Location: “How does GitHub use the Copilot data from Individual (Free/Pro/Pro+) Subscribers?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=GitHub%20uses%20the%20Copilot,and%20improve%20AI%20models. ### tier differences — risk high > IP indemnity Free plan Not included Pro plan Not included Pro+ plan Not included Max plan Not included - Interpretation (disclaimed): IP indemnity — protection against third-party IP infringement claims arising from AI-generated code — is not available on any individual pricing tier shown. This means users have no contractual backstop if generated code infringes third-party IP rights. Enterprise plans (not detailed on this page) may differ. - Tier: All - Location: “IP indemnity” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=IP%20indemnity%20Free%20plan,Max%20plan%20Not%20included ### tier differences — risk medium > Audit logs 4x+ included usage than Pro $70 monthly total credits for Pro+ - Interpretation (disclaimed): Audit log availability is restricted to Pro+ and above. Organizations or individual users subject to compliance frameworks requiring activity audit trails must upgrade to at least Pro+ to obtain this feature. - Tier: Paid - Location: “Audit logs” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=Audit%20logs%204x%2B%20included,total%20credits%20for%20Pro%2B ### tier differences — risk medium > The primary differences between the organization offerings and the individual offering are license management, policy management, and IP indemnity. Organizations can choose between GitHub Copilot Business and GitHub Copilot Enterprise. GitHub Copilot Business primarily features GitHub Copilot in the coding environment - that is the IDE, CLI and GitHub Mobile. GitHub Copilot Enterprise includes everything in GitHub Copilot Business. It also  adds an additional layer of customization for organizations and integrates into GitHub.com as a chat interface to allow developers to converse with GitHub Copilot throughout the platform. GitHub Copilot Enterprise can index an organization’s codebase for a deeper understanding of the customer’s knowledge for more tailored suggestions and will offer customers access to fine-tuned custom, private models for inline suggestions . GitHub Copilot Individual is designed for individual developers, freelancers, students, educators, and open source maintainers. The plan includes all the features of GitHub Copilot Business except organizational license management, policy management, and IP indemnity. - Interpretation (disclaimed): The explicit exclusion of IP indemnity from individual/Free/Pro plans means users on those tiers have no contractual protection from GitHub against third-party IP claims arising from Copilot-generated output. Organizations on Business or Enterprise receive IP indemnity, creating a significant legal risk differential. - Tier: All - Location: “What are the differences between the GitHub Copilot Business, GitHub Copilot Enterprise, and GitHub Copilot Individual plans?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=The%20primary%20differences%20between,management%2C%20and%20IP%20indemnity. ### tier differences — risk medium > This filter can be enabled by the administrator for your enterprise and it can apply for all organizations within your enterprise, or the administrator can defer control to individual organizations. - Interpretation (disclaimed): The public code matching/filtering feature is scoped to Enterprise tier and is administrator-controlled. This means Free/Pro users may lack equivalent IP-risk mitigation tooling, which is relevant to the conditioned IP indemnity discussed elsewhere in the document. - Tier: Enterprise - Location: “Does GitHub Copilot include a filtering mechanism to mitigate risk?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=This%20filter%20can%20be,control%20to%20individual%20organizations. ### tier differences — risk medium > The training and data-use provisions in Section J.3 apply only to individual licenses. If your use of the Service is governed by a GitHub Customer Agreement or volume licensing agreement, those agreements govern the use of your data in connection with AI Features and Section J.3 does not apply to you. - Interpretation (disclaimed): Individual-tier users face default training-use data obligations that enterprise customers do not. This tier asymmetry means individual users bear meaningfully higher data-use risk unless they affirmatively opt out. - Tier: Free - Location: § 1 (Applicability) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=The%20training%20and%20data-use,not%20apply%20to%20you. ### tier differences — risk medium > If you have signed up for GitHub Enterprise Cloud, the Enterprise Cloud Addendum applies to you, and you agree to its provisions. - Interpretation (disclaimed): Enterprise-tier users are subject to supplemental terms in the Enterprise Cloud Addendum. Those terms may include different data handling, liability, or SLA provisions that are not visible in the base ToS. - Tier: Enterprise - Location: § 5 (Additional Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=If%20you%20have%20signed,agree%20to%20its%20provisions. ### tier differences — risk medium > Enterprise-grade security Free plan Not included Pro plan Not included Pro+ plan Not included Max plan Not included - Interpretation (disclaimed): The absence of enterprise-grade security controls (e.g., enhanced access management, audit controls, compliance certifications) from all listed individual tiers creates risk for users processing sensitive data or operating under regulatory obligations. - Tier: All - Location: “Enterprise-grade security” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=Enterprise-grade%20security%20Free%20plan,Max%20plan%20Not%20included ### tier differences — risk medium > SAML SSO authentication Free plan Not included Pro plan Not included Pro+ plan Not included Max plan Not included - Interpretation (disclaimed): Absence of SAML SSO from all listed tiers means that identity federation, mandatory MFA enforcement via IdP, and centralized access revocation are not available, which is a material gap for enterprise or regulated-industry users on individual plans. - Tier: All - Location: “SAML SSO authentication” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=SAML%20SSO%20authentication%20Free,Max%20plan%20Not%20included ### tier differences — risk medium > Delegate tasks to third-party coding agents like Claude by Anthropic and OpenAI Codex (Preview) Free plan Not included Pro plan Not included Pro+ plan Included Max plan Included - Interpretation (disclaimed): Access to third-party agents introduces subprocessor/data-sharing risk because user code and prompts may be transmitted to Anthropic or OpenAI under their respective terms. This feature is gated at Pro+ ($39/month) and Max ($100/month), meaning lower-tier users are not exposed to this risk. - Tier: Paid - Location: “Max plan Included” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=Delegate%20tasks%20to%20third-party,Included%20Max%20plan%20Included ### tier differences — risk medium > Usage from non-licensed users is billed directly to your organization as GitHub AI Credits. This flexible model allows you to get full review coverage on every PR without purchasing a full Copilot seat for non-development contributors who may not need Copilot. Usage from your existing licensed users continues to draw from their included monthly allowance as it does today. Beginning June 1, 2026, code review workflows also consume GitHub Actions minutes. - Interpretation (disclaimed): Enabling Copilot code review for non-licensed users shifts from a flat-seat cost model to a metered consumption model billed as AI Credits plus Actions minutes. Without budget controls, organizations face open-ended liability for usage by all PR authors. - Tier: Enterprise - Location: “How does billing work for Copilot code review usage generated by users without a Copilot license?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=Usage%20from%20non-licensed%20users,consume%20GitHub%20Actions%20minutes. ### tier differences — risk low > No. GitHub does not use either Copilot Business or Enterprise data to train its models. - Interpretation (disclaimed): Clear contractual carve-out for Business and Enterprise tiers from model training. This is a meaningful tier differentiation that lowers risk for organizational subscribers relative to individual plans. - Tier: Enterprise - Location: “Does GitHub use Copilot Business or Enterprise data to train GitHub’s model?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=No.%20GitHub%20does%20not,to%20train%20its%20models. ### tier differences — risk low > GitHub Copilot Free users are limited to 2000 completions and 50 chat requests (including Copilot Edits). - Interpretation (disclaimed): Usage limitations on the Free tier are a standard commercial restriction. The risk to users is service interruption rather than legal or IP exposure, but the caps may affect operational reliance on the service. - Tier: Free - Location: “What is included in GitHub Copilot Free?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=GitHub%20Copilot%20Free%20users,requests%20(including%20Copilot%20Edits). ### tier differences — risk low > GitHub Mobile for Copilot Pro and Copilot Business have access to Bing and public repository code search. Copilot Enterprise in GitHub Mobile gives you additional access to your organization's knowledge. - Interpretation (disclaimed): Enterprise-tier mobile users have their organizational codebase knowledge accessible through GitHub Mobile, which may increase the risk of sensitive organizational data being transmitted through mobile network channels or stored on mobile devices. - Tier: Enterprise - Location: “What languages, IDEs, and platforms does GitHub Copilot support?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=GitHub%20Mobile%20for%20Copilot,to%20your%20organization%26%23x27%3Bs%20knowledge. ### tier differences — risk low > A paid Organization may only provide access to as many Personal Accounts as your subscription allows. - Interpretation (disclaimed): Paid tier Organizations are contractually limited to the number of user seats in their subscription, which is a standard SaaS commercial term. - Tier: Paid - Location: § 3 (Account Requirements) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=A%20paid%20Organization%20may,as%20your%20subscription%20allows. ### tier differences — risk low > On GitHub Copilot Business and GitHub Copilot Enterprise, admins set usage limits and decide whether additional paid usage is allowed. If it isn't, Copilot pauses until the next cycle. - Interpretation (disclaimed): Admin-enforced usage caps on Business/Enterprise tiers give organizations cost control but may result in unexpected service interruption for individual developers within the organization if limits are reached and paid overage is not enabled. - Tier: Enterprise - Location: “What happens when I hit my usage limit?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=On%20GitHub%20Copilot%20Business,until%20the%20next%20cycle. ### tier differences — risk low > GitHub Copilot Max is built for heavy Copilot usage, including sustained agent-driven workflows, and includes $100/month in GitHub AI Credits. - Interpretation (disclaimed): The introduction of a credits-based billing model for the Max tier creates ambiguity around cost predictability for agent-driven workflows. The document does not specify what happens when credits are exhausted, creating potential service interruption or additional cost risk. - Tier: Paid - Location: “What are the differences between the Free, Pro, Pro+, Max, Business, and Enterprise plans?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=GitHub%20Copilot%20Max%20is,in%20GitHub%20AI%20Credits. ### tier differences — risk low > Inline suggestions Free plan 2,000 per month Pro plan Unlimited Pro+ plan Unlimited Max plan Unlimited - Interpretation (disclaimed): Free plan users face a monthly usage ceiling on inline code completions. Exceeding this limit may interrupt workflows. Paid tiers (Pro, Pro+, Max) have unlimited completions. - Tier: Free - Location: “Inline suggestions” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=Inline%20suggestions%20Free%20plan,Unlimited%20Max%20plan%20Unlimited ### tier differences — risk low > Purchase additional GitHub AI Credits Free plan Not included Pro plan Included Pro+ plan Included Max plan Included - Interpretation (disclaimed): Free plan users are limited to the bundled credit allotment with no mechanism to extend usage by purchasing additional credits, unlike paid tiers. - Tier: Free - Location: “Purchase additional GitHub AI Credits” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=Purchase%20additional%20GitHub%20AI,Included%20Max%20plan%20Included ### tier differences — risk low > Priority access to new models and features 2.9x+ included usage than Pro+ $200 monthly total credits for Max - Interpretation (disclaimed): Priority access to new models is a Max-only benefit, meaning Free, Pro, and Pro+ users may receive new model access on a delayed or limited basis. This creates a tiered capability gap that could affect users whose workflows depend on the latest model versions. - Tier: Paid - Location: “Priority access to new models and features” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=Priority%20access%20to%20new,total%20credits%20for%20Max ### tier differences — risk unknown > Your login may only be used by one person — i.e., a single login may not be shared by multiple people. A paid Organization may only provide access to as many Personal Accounts as your subscription allows. - Interpretation (disclaimed): Restricts a login to a single person prohibiting credential sharing, and limits paid Organizations to providing access only up to the number of Personal Accounts permitted by the subscription, creating tier-based usage restrictions. - Tier: All - Location: § 3 (Account Requirements) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Your%20login%20may,as%20your%20subscription%20allows. ### tier differences — risk unknown > If you are a government User or otherwise accessing or using any GitHub Service in a government capacity, this Government Amendment to GitHub Terms of Service applies to you, and you agree to its provisions. - Interpretation (disclaimed): Incorporates the Government Amendment to GitHub Terms of Service by reference, making it binding on government users and creating a distinct tier of obligations for government account holders. - Tier: All - Location: § 5 (Additional Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20you%20are,agree%20to%20its%20provisions. ### tier differences — risk unknown > You may change your level of service at any time by choosing a plan option or going into your Billing settings . If you choose to downgrade your Account, you may lose access to Content, features, or capacity of your Account. Please see our section on Cancellation for information on getting a copy of that Content. - Interpretation (disclaimed): Describes the procedure for changing service level and warns that downgrading may result in loss of access to Content, features, or capacity, and cross-references the Cancellation section for data retrieval. - Tier: All - Location: § 2 (Upgrades, Downgrades, and Changes) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20may%20change,copy%20of%20that%20Content. ### tier differences — risk unknown > K. Beta Previews These are some of the additional terms that apply to GitHub's features that are still in development. - Interpretation (disclaimed): Summary entry describing Beta Previews section; cross-references additional terms applicable to features still in development, incorporating those terms by reference and noting a distinct tier of service conditions. - Tier: All - Location: Article I - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20K.%20Beta%20Previews,still%20in%20development.%20 ### tier differences — risk unknown > "Beta Previews" mean software, services, or features identified as alpha, beta, preview, early access, or evaluation, or words or phrases with similar meanings. - Interpretation (disclaimed): Defines 'Beta Previews' as software, services, or features identified as alpha, beta, preview, early access, or evaluation; this definition scopes a distinct service tier subject to additional terms. - Tier: All - Location: § A (Definitions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20%22Beta%20Previews%22%20mean,phrases%20with%20similar%20meanings. ### tier differences — risk unknown > GitHub may offer subscription-based access to our API for those Users who require high-throughput access or access that would result in resale of GitHub's Service. - Interpretation (disclaimed): Permits GitHub to offer subscription-based high-throughput API access for users who require it or intend to resell GitHub's Service, establishing a tiered access model. - Tier: All - Location: § H (API Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20may%20offer,resale%20of%20GitHub's%20Service. ### tier differences — risk unknown > Short version: You are responsible for any fees associated with your use of GitHub. We are responsible for communicating those fees to you clearly and accurately, and letting you know well in advance if those prices change. - Interpretation (disclaimed): This short-version summary establishes the allocation of fee responsibility between the user and GitHub and GitHub's obligation to communicate pricing clearly, functioning as a plain-language summary of the payment section's obligations. - Tier: All - Location: Article L (Payment) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20You,those%20prices%20change.%20 ### tier differences — risk unknown > Our pricing and payment terms are available at github.com/pricing . If you agree to a subscription price, that will remain your price for the duration of the payment term; however, prices are subject to change at the end of a payment term. - Interpretation (disclaimed): Duplicate of segment 165 content; this clause specifies where pricing is found and confirms subscription price stability within a payment term while allowing changes at term end, creating a contractual pricing commitment for the current term. - Tier: All - Location: § 1 (Pricing) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Our%20pricing%20and,of%20a%20payment%20term. ### tier differences — risk unknown > We will immediately bill you when you upgrade from the free plan to any paying plan. - Interpretation (disclaimed): This clause establishes that GitHub will immediately bill the user upon upgrading from a free plan to a paid plan, setting out the billing timing obligation triggered by a plan upgrade. - Tier: All - Location: § 2 (Upgrades, Downgrades, and Changes) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20We%20will%20immediately,to%20any%20paying%20plan. ### tier differences — risk unknown > Payment Based on Plan For monthly or yearly payment plans, the Service is billed in advance on a monthly or yearly basis respectively and is non-refundable. There will be no refunds or credits for partial months of service, downgrade refunds, or refunds for months unused with an open Account; however, the service will remain active for the length of the paid billing period. In order to treat everyone equally, no exceptions will be made. - Interpretation (disclaimed): This clause establishes that subscription plans are billed in advance and are non-refundable, explicitly prohibiting refunds or credits for partial months, downgrades, or unused time, and stating no exceptions will be made, which restricts user rights to seek reimbursement. - Tier: All - Location: § 3 (Billing Schedule; No Refunds) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Payment%20Based%20on,exceptions%20will%20be%20made. ### tier differences — risk unknown > By agreeing to these Terms, you are giving us permission to charge your on-file credit card, PayPal account, or other approved methods of payment for fees that you authorize for GitHub. - Interpretation (disclaimed): This clause grants GitHub explicit permission from the user to charge their stored payment method for authorized fees, establishing the legal basis for GitHub to initiate charges against the user's on-file payment method. - Tier: All - Location: § 4 (Authorization) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20By%20agreeing%20to,you%20authorize%20for%20GitHub. ### tier differences — risk unknown > You are responsible for all fees, including taxes, associated with your use of the Service. By using the Service, you agree to pay GitHub any charge incurred in connection with your use of the Service. If you dispute the matter, contact us through the GitHub Support portal . You are responsible for providing us with a valid means of payment for paid Accounts. Free Accounts are not required to provide payment information. - Interpretation (disclaimed): This clause imposes an obligation on users to pay all fees including taxes associated with service use, to provide valid payment information for paid accounts, and to contact GitHub Support to dispute charges, allocating full financial responsibility for service usage to the user. - Tier: All - Location: § 5 (Responsibility for Payment) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20are%20responsible,to%20provide%20payment%20information. ### tier differences — risk unknown > Promotion available for Copilot Business and Copilot Enterprise customers through August 2026 — - Interpretation (disclaimed): Announces a promotional offer specifically available to Copilot Business and Copilot Enterprise customers through August 2026, granting a time-limited benefit tied to specific subscription tiers. - Tier: All - Location: “Skip to content” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Promotion%20available%20for,August%202026%20%E2%80%94%20 ### tier differences — risk unknown > ### - Interpretation (disclaimed): Grants Pro-tier users access to Cloud agent and code review features, defining an entitlement not available in the Free tier. - Tier: All - Location: “Everything in Free and:” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20%23%23%23 ### tier differences — risk unknown > $15 monthly total credits for Pro - Interpretation (disclaimed): Defines the 'Pro+' tier at $39 USD per user/month, describes its intended use case, and discloses a temporary pause on new sign-ups while permitting existing Student and Pro customers to upgrade. - Tier: All - Location: “Model selection” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20%2415%20monthly%20total%20credits%20for%20Pro%20 ### tier differences — risk unknown > ### - Interpretation (disclaimed): Grants Pro+ users access to audit logs, a compliance and governance feature that constitutes a tier-specific right relevant to accountability and oversight. - Tier: All - Location: “Everything in Pro and:” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20%23%23%23 ### tier differences — risk unknown > 2.9x+ included usage than Pro+ $200 monthly total credits for Max - Interpretation (disclaimed): Defines the included usage quantity for the Max plan (2.9x+ more than Pro+, $200 monthly total credits), establishing the scope of entitlements that differentiate this tier from others. - Tier: All - Location: “Priority access to new models and features” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%202.9x%2B%20included%20usage,credits%20for%20Max%20 ### tier differences — risk unknown > $10 per month - Interpretation (disclaimed): Defines the price point ($10 per month) for the Pro tier, establishing the recurring financial obligation associated with this plan. - Tier: All - Location: “Pro” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20%2410%20per%20month%20 ### tier differences — risk unknown > $39 per month - Interpretation (disclaimed): Defines the price point ($39 per month) for the Pro+ tier, establishing the recurring financial obligation associated with this plan. - Tier: All - Location: “Pro+” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20%2439%20per%20month%20 ### tier differences — risk unknown > Variable additional usage on top of your base. Flex allotments may change over time. - Interpretation (disclaimed): Defines Flex allotments as variable additional usage on top of base credits and disclaims that flex allotments may change over time, creating a reservation of right to modify this benefit. - Tier: All - Location: “Flex allotment” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Variable%20additional%20usage,may%20change%20over%20time. ### tier differences — risk unknown > GitHub (including github.com and GitHub Mobile) - Interpretation (disclaimed): Identifies GitHub (including github.com and GitHub Mobile) as the platform/surface where a feature is available, defining the scope of access across plan tiers. - Tier: All - Location: “Max plan Included” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20(including%20github.com%20and%20GitHub%20Mobile) ### tier differences — risk unknown > App modernization for Java and .NET - Interpretation (disclaimed): Defines 'App modernization for Java and .NET' as a product feature, scoping the capability subject to tier-based inclusion or exclusion rules below. - Tier: All - Location: “Max plan Included” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20App%20modernization%20for%20Java%20and%20.NET ### tier differences — risk unknown > Custom instructions with instructions.md - Interpretation (disclaimed): Defines 'Custom instructions with instructions.md' as a feature category whose availability is differentiated across subscription tiers. - Tier: All - Location: “Max plan Included” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Custom%20instructions%20with%20instructions.md ### tier differences — risk unknown > Assign work to Copilot to research, plan, and write code — with or without a pull request - Interpretation (disclaimed): Describes the functional scope of the Cloud agent feature—assigning work to Copilot for research, planning, and code writing—establishing what is included or excluded per tier. - Tier: All - Location: “Cloud agent” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Assign%20work%20to,without%20a%20pull%20request ### tier differences — risk unknown > Free plan Anthropic Claude Haiku 4.5 - Interpretation (disclaimed): States that the Free plan includes access to Anthropic Claude Haiku 4.5, establishing a contractual model entitlement for free-tier users. - Tier: All - Location: “Available models” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Free%20plan%20Anthropic%20Claude%20Haiku%204.5%20 ### tier differences — risk unknown > OpenAI GPT-5.2 OpenAI GPT-5.2-Codex OpenAI GPT-5.3-Codex OpenAI GPT-5.4 OpenAI GPT-5.4 mini OpenAI GPT-5.5 Google Gemini 2.5 Pro - Interpretation (disclaimed): Lists multiple OpenAI GPT-5 series models and Google Gemini 2.5 Pro as available, establishing model access entitlements for the applicable plan tier. - Tier: All - Location: “OpenAI GPT-5 mini” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20OpenAI%20GPT-5.2%20OpenAI,Gemini%202.5%20Pro%20 ### tier differences — risk unknown > Google Gemini 3.1 Pro (Preview) Google Gemini 3.5 Flash - Interpretation (disclaimed): Lists Google Gemini 3.1 Pro (Preview) and Google Gemini 3.5 Flash as available models, establishing model access entitlements (including preview-status conditions) for the applicable plan tier. - Tier: All - Location: “Google Gemini 3 Flash (Preview)” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Google%20Gemini%203.1,Gemini%203.5%20Flash%20 ### tier differences — risk unknown > Anthropic Claude Sonnet 4.5 Anthropic Claude Sonnet 4.6 Anthropic Claude Opus 4.5 Anthropic Claude Opus 4.6 Anthropic Claude Opus 4.6 (fast mode) (Preview) Anthropic Claude Opus 4.7 Anthropic Claude Opus 4.8 - Interpretation (disclaimed): Lists multiple Anthropic Claude Opus and Sonnet models available under the Pro plan, defining the full set of model entitlements for that tier. - Tier: All - Location: “Anthropic Claude Sonnet 4” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Anthropic%20Claude%20Sonnet,Claude%20Opus%204.8%20 ### tier differences — risk unknown > OpenAI GPT-5.2 OpenAI GPT-5.2-Codex OpenAI GPT-5.3-Codex OpenAI GPT-5.4 OpenAI GPT-5.4 mini OpenAI GPT-5.5 Google Gemini 2.5 Pro - Interpretation (disclaimed): Lists multiple OpenAI GPT-5 variants and Google Gemini 2.5 Pro as models available under the Pro plan, defining the breadth of model access for that tier. - Tier: All - Location: “OpenAI GPT-5 mini” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20OpenAI%20GPT-5.2%20OpenAI,Gemini%202.5%20Pro%20 ### tier differences — risk unknown > Anthropic Claude Sonnet 4.5 Anthropic Claude Sonnet 4.6 Anthropic Claude Opus 4.5 Anthropic Claude Opus 4.6 Anthropic Claude Opus 4.6 (fast mode) (Preview) Anthropic Claude Opus 4.7 Anthropic Claude Opus 4.8 - Interpretation (disclaimed): Lists multiple Anthropic Claude Opus and Sonnet models available under the Pro+ plan, defining the full set of model entitlements for that tier. - Tier: All - Location: “Anthropic Claude Sonnet 4” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Anthropic%20Claude%20Sonnet,Claude%20Opus%204.8%20 ### tier differences — risk unknown > OpenAI GPT-5.2 OpenAI GPT-5.2-Codex OpenAI GPT-5.3-Codex OpenAI GPT-5.4 OpenAI GPT-5.4 mini OpenAI GPT-5.5 Google Gemini 2.5 Pro - Interpretation (disclaimed): Lists multiple OpenAI GPT-5 variants and Google Gemini 2.5 Pro as models available under the Pro+ plan, defining the breadth of model access for that tier. - Tier: All - Location: “OpenAI GPT-5 mini” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20OpenAI%20GPT-5.2%20OpenAI,Gemini%202.5%20Pro%20 ### tier differences — risk unknown > Google Gemini 3.1 Pro (Preview) Google Gemini 3.5 Flash - Interpretation (disclaimed): Lists 'Google Gemini 3.1 Pro (Preview)' and 'Google Gemini 3.5 Flash' as models available under the Pro+ plan, defining the model access entitlements for that tier. - Tier: All - Location: “Google Gemini 3 Flash (Preview)” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Google%20Gemini%203.1,Gemini%203.5%20Flash%20 ### tier differences — risk unknown > Anthropic Claude Sonnet 4.5 Anthropic Claude Sonnet 4.6 Anthropic Claude Opus 4.5 Anthropic Claude Opus 4.6 Anthropic Claude Opus 4.6 (fast mode) (Preview) Anthropic Claude Opus 4.7 Anthropic Claude Opus 4.8 - Interpretation (disclaimed): Lists multiple Anthropic Claude Opus and Sonnet models available under the Max plan, defining the full set of model entitlements for that tier. - Tier: All - Location: “Anthropic Claude Sonnet 4” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Anthropic%20Claude%20Sonnet,Claude%20Opus%204.8%20 ### tier differences — risk unknown > OpenAI GPT-5.2 OpenAI GPT-5.2-Codex OpenAI GPT-5.3-Codex OpenAI GPT-5.4 OpenAI GPT-5.4 mini OpenAI GPT-5.5 Google Gemini 2.5 Pro - Interpretation (disclaimed): Lists multiple OpenAI GPT-5 variants and Google Gemini 2.5 Pro as models available under the Max plan, defining the breadth of model access for that tier. - Tier: All - Location: “OpenAI GPT-5 mini” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20OpenAI%20GPT-5.2%20OpenAI,Gemini%202.5%20Pro%20 ### tier differences — risk unknown > GitHub Copilot Free is a new free pricing tier with limited functionality for individual developers. Users assigned a Copilot Business or Copilot Enterprise seat are not eligible for access. Users with access to Copilot Pro through a paid subscription, trial, or through an existing verified OSS, student, faculty, or MVP account may elect to use Free instead. - Interpretation (disclaimed): Segment defines eligibility restrictions for the GitHub Copilot Free tier, specifying that users with Business or Enterprise seats are excluded, and describes conditions under which Pro subscribers may elect to use Free instead, thereby creating a set of access restrictions and permissions that differentiate subscription tiers. - Tier: All - Location: “Who is eligible to access GitHub Copilot for free?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20Free,use%20Free%20instead.%20 ### tier differences — risk unknown > Switch to a less expensive model. Lightweight models use fewer credits per interaction and stretch your remaining allowance further. - Interpretation (disclaimed): Describes the administrative procedure for Business and Enterprise plans under which admins set usage limits, decide whether additional paid usage is allowed, and explains that Copilot pauses if additional paid usage is not enabled, with tracking alerts at 75%, 90%, and 100% of configured budgets. - Tier: All - Location: “What happens when I hit my usage limit?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Switch%20to%20a,remaining%20allowance%20further.%20 ### tier differences — risk unknown > If you're on the Free plan, you can upgrade to Pro through your Copilot settings page or directly on the Copilot marketing page . - Interpretation (disclaimed): Describes the procedure a Free-plan user must follow to upgrade to Copilot Pro, specifying the settings page and marketing page as the available upgrade paths. - Tier: All - Location: “How can I upgrade my GitHub Copilot Free license to Copilot Pro?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20If%20you%26%23x27%3Bre%20on,Copilot%20marketing%20page%20. ### tier differences — risk unknown > GitHub Copilot Autofix provides contextual explanations and code suggestions to help developers fix vulnerabilities in code, and is included in GitHub Advanced Security and available to all public repositories. - Interpretation (disclaimed): Section header framing the question of whether non-licensed users can use Copilot code review, introducing the permission and policy conditions described in the following segment. - Tier: All - Location: “Which plan includes GitHub Copilot Autofix?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20Autofix,to%20all%20public%20repositories. ### tier differences — risk unknown > We encourage admins to set up budgets to control spending on our metered products , especially customers who have not enabled the ‘Premium request paid usage’ policy in the past. You can track all premium request usage in your billing dashboard to monitor and control spending. - Interpretation (disclaimed): Section header introducing the definition of GitHub AI Credits and how they function as the payment mechanism for AI usage across plans. - Tier: All - Location: “Is Copilot code review usage from users without a Copilot license enabled by default? How do I control the cost?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20We%20encourage%20admins,monitor%20and%20control%20spending. ### tier differences — risk unknown > No. This capability is off by default and gives the enterprise admin control to enable or disable. An admin must explicitly enable two separate policies to activate: - Interpretation (disclaimed): Specifies that the non-licensed user code review capability is off by default and requires explicit admin activation of two separate policies, restricting automatic enablement and placing control with the enterprise admin. - Tier: All - Location: “Is Copilot code review usage from users without a Copilot license enabled by default? How do I control the cost?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20No.%20This%20capability,policies%20to%20activate%3A%20 ### tier differences — risk unknown > GitHub Copilot has multiple offerings for organizations and an offering for individual developers. All the offerings include both inline suggestion and chat assistance. The primary differences between the organization offerings and the individual offering are license management, policy management, and IP indemnity. Organizations can choose between GitHub Copilot Business and GitHub Copilot Enterprise. GitHub Copilot Business primarily features GitHub Copilot in the coding environment - that is the IDE, CLI and GitHub Mobile. GitHub Copilot Enterprise includes everything in GitHub Copilot Business. It also  adds an additional layer of customization for organizations and integrates into GitHub.com as a chat interface to allow developers to converse with GitHub Copilot throughout the platform. GitHub Copilot Enterprise can index an organization’s codebase for a deeper understanding of the customer’s knowledge for more tailored suggestions and will offer customers access to fine-tuned custom, private models for inline suggestions . GitHub Copilot Individual is designed for individual developers, freelancers, students, educators, and open source maintainers. The plan includes all the features of GitHub Copilot Business except organizational license management, policy management, and IP indemnity. - Interpretation (disclaimed): Defines the primary distinctions among Copilot plans (license management, policy management, IP indemnity, feature scope), establishing the legal rights and feature entitlements associated with each tier. - Tier: All - Location: “What are the differences between the GitHub Copilot Business, GitHub Copilot Enterprise, and GitHub Copilot Individual plans?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20has,management%2C%20and%20IP%20indemnity. ### tier differences — risk unknown > GitHub Copilot is entirely optional and requires you to opt in before gaining access. You can easily configure its usage directly in the editor, enabling or disabling it at any time. Additionally, you have control over which file types GitHub Copilot is active for. - Interpretation (disclaimed): Describes the administrative procedure by which enterprise administrators manage Copilot Business and Enterprise access, control preview features and models, set policies, and use network firewalls to control access, relevant to tier-specific governance rights. - Tier: All - Location: “What if I do not want GitHub Copilot?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20is,Copilot%20is%20active%20for. ### tier differences — risk unknown > Access to Copilot Business and Enterprise is managed by your GitHub Administrator. They can control access to preview features, models, and set GitHub Copilot policies for your organization. Additionally, you can use your network firewall to explicitly allow access to Copilot Business and/or block access to Copilot Pro or Free. For more details, refer to the documentation . - Interpretation (disclaimed): Section header asking about differences between Free, Pro, Pro+, Max, Business, and Enterprise plans; introduces the tier-difference definitional content that follows. - Tier: All - Location: “How do I control access to GitHub Copilot in my company?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Access%20to%20Copilot,to%20the%20documentation%20. ### tier differences — risk unknown > GitHub Copilot Free users are limited to 2000 completions and 50 chat requests (including Copilot Edits). - Interpretation (disclaimed): Imposes specific quantitative limits on Free plan users — 2000 completions and 50 chat requests — restricting the volume of service available under that tier. - Tier: All - Location: “What is included in GitHub Copilot Free?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20Free,requests%20(including%20Copilot%20Edits). ### tier differences — risk unknown > Organizations can now enable Copilot code review on all pull requests on github.com—including pull requests from users who are not assigned a Copilot license . This allows you to extend the quality and rich analysis of Copilot code review to all pull requests, regardless of its author, giving you complete coverage and confidence that pull requests have been reviewed. To enable this functionality, an enterprise/org admin must first have Copilot enabled and then enabled two policies. Note : This capability is not supported for Copilot code reviews in VS Code or other IDEs. - Interpretation (disclaimed): Grants organizations permission to enable Copilot code review for pull requests from users without a Copilot license, subject to admin enabling two policies, while also noting the restriction that this capability is not supported in VS Code or other IDEs. - Tier: All - Location: “Can users in my organization use Copilot code reviews for their pull requests if they don’t have a Copilot license?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Organizations%20can%20now,Code%20or%20other%20IDEs. ### tier differences — risk unknown > Usage from non-licensed users is billed directly to your organization as GitHub AI Credits. This flexible model allows you to get full review coverage on every PR without purchasing a full Copilot seat for non-development contributors who may not need Copilot. Usage from your existing licensed users continues to draw from their included monthly allowance as it does today. Beginning June 1, 2026, code review workflows also consume GitHub Actions minutes. - Interpretation (disclaimed): Establishes that usage from non-licensed users is billed as GitHub AI Credits to the organization, and that beginning June 1, 2026, code review workflows also consume GitHub Actions minutes, creating financial obligations tied to feature use across license tiers. - Tier: All - Location: “How does billing work for Copilot code review usage generated by users without a Copilot license?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Usage%20from%20non-licensed,consume%20GitHub%20Actions%20minutes. ### tier differences — risk unknown > We encourage admins to set up budgets to control spending on our metered products , especially customers who have not enabled the ‘Premium request paid usage’ policy in the past. You can track all premium request usage in your billing dashboard to monitor and control spending. - Interpretation (disclaimed): Recommends that admins set up budgets to control spending on metered products and describes how to track premium request usage in the billing dashboard, outlining a cost-management procedure tied to tier-based metered usage. - Tier: All - Location: “Is Copilot code review usage from users without a Copilot license enabled by default? How do I control the cost?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20We%20encourage%20admins,monitor%20and%20control%20spending. ### tier differences — risk unknown > When you've used your monthly allowance, you have a few options: Wait for your next cycle. Your included allowance resets every month. - Interpretation (disclaimed): Describes the option to wait for the next billing cycle when the monthly allowance is exhausted, establishing that the included allowance resets monthly as a standard procedure. - Tier: All - Location: “What happens when I hit my usage limit?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20When%20you%26%23x27%3Bve%20used,resets%20every%20month.%20 ### tier differences — risk unknown > Switch to a less expensive model. Lightweight models use fewer credits per interaction and stretch your remaining allowance further. - Interpretation (disclaimed): Describes the option to switch to a less expensive model to extend remaining allowance, outlining a cost-management procedure available to users at their usage limit. - Tier: All - Location: “What happens when I hit my usage limit?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Switch%20to%20a,remaining%20allowance%20further.%20 ### tier differences — risk unknown > If you are a government User or otherwise accessing or using any GitHub Service in a government capacity, this Government Amendment to GitHub Terms of Service applies to you, and you agree to its provisions. - Interpretation (disclaimed): Incorporates the Enterprise Cloud Addendum for users who have signed up for GitHub Enterprise Cloud, making its provisions binding and applicable as additional or supplemental terms for that tier. - Tier: All - Location: § 5 (Additional Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20you%20are,agree%20to%20its%20provisions. ### tier differences — risk unknown > Google Gemini 3.1 Pro (Preview) Google Gemini 3.5 Flash - Interpretation (disclaimed): Lists 'Google Gemini 3.1 Pro (Preview)' and 'Google Gemini 3.5 Flash' as models available under the Pro plan, defining the model access entitlements for that tier. - Tier: All - Location: “Google Gemini 3 Flash (Preview)” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Google%20Gemini%203.1,Gemini%203.5%20Flash%20 ### tier differences — risk unknown > Organizations. The "owner" of an Organization that was created under these Terms has ultimate administrative control over that Organization and the Content within it. Within the Service, an owner can manage User access to the Organization’s data and projects. An Organization may have multiple owners, but there must be at least one Personal Account designated as an owner of an Organization. If you are the owner of an Organization under these Terms, we consider you responsible for the actions that are performed on or through that Organization. - Interpretation (disclaimed): Defines owner responsibilities for Organizations, establishes that owners bear responsibility for actions performed through the Organization, and requires at least one Personal Account as owner, creating distinct obligations for organizational account holders. - Tier: All - Location: § 1 (Account Controls) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Organizations.%20The%20%22owner%22,or%20through%20that%20Organization. ### tier differences — risk unknown > Payment Based on Usage Some Service features are billed based on your usage. A limited quantity of these Service features may be included in your plan for a limited term without additional charge. If you choose to use paid Service features beyond the quantity included in your plan, you pay for those Service features based on your actual usage in the preceding month. Monthly payment for these purchases will be charged on a periodic basis in arrears. See GitHub Additional Product Terms for Details . - Interpretation (disclaimed): This clause describes usage-based billing, establishes that a limited quantity of usage features is included in a plan, and obligates users to pay for overages based on actual usage from the preceding month billed in arrears, with reference to GitHub Additional Product Terms for further detail. - Tier: All - Location: § 3 (Billing Schedule; No Refunds) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Payment%20Based%20on,Terms%20for%20Details%20. ### tier differences — risk unknown > A machine account is an Account set up by an individual human who accepts the Terms on behalf of the Account, provides a valid email address, and is responsible for its actions. A machine account is used exclusively for performing automated tasks. Multiple users may direct the actions of a machine account, but the owner of the Account is ultimately responsible for the machine's actions. You may maintain no more than one free machine account in addition to your free Personal Account. - Interpretation (disclaimed): Restricts each person or legal entity to no more than one free Account, with a limited exception for machine accounts used solely for automated tasks, creating a quantitative account-tier limitation. - Tier: All - Location: § 3 (Account Requirements) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20A%20machine%20account,your%20free%20Personal%20Account. ### tier differences — risk unknown > “User,” “You,” and “Your” refer to the individual person, company, or organization that has visited or is using the Website or Service; that accesses or uses any part of the Account; or that directs the use of the Account in the performance of its functions. A User must be at least 13 years of age. Special terms may apply for business or government Accounts (See Section B(5): Additional Terms ). - Interpretation (disclaimed): Defines 'User,' 'You,' and 'Your' and establishes eligibility requirements including minimum age (13) and notes that special terms apply for business or government accounts, creating differentiated obligations by account type. - Tier: All - Location: § A (Definitions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20%E2%80%9CUser%2C%E2%80%9D%20%E2%80%9CYou%2C%E2%80%9D%20and,B(5)%3A%20Additional%20Terms%20). ### tier differences — risk unknown > You may change your level of service at any time by choosing a plan option or going into your Billing settings . If you choose to downgrade your Account, you may lose access to Content, features, or capacity of your Account. Please see our section on Cancellation for information on getting a copy of that Content. - Interpretation (disclaimed): This clause permits users to change their service level at any time but imposes a restriction by warning that downgrading may result in loss of access to Content, features, or account capacity, and cross-references the Cancellation section for content recovery options. - Tier: All - Location: § 2 (Upgrades, Downgrades, and Changes) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20may%20change,copy%20of%20that%20Content. ### tier differences — risk unknown > Short version: Personal Accounts and Organizations have different administrative controls; a human must create your Account; you must be 13 or over; you must provide a valid email address; and you may not have more than one free Account. You alone are responsible for your Account and anything that happens while you are signed in to or using your Account. You are responsible for keeping your Account secure. - Interpretation (disclaimed): Summary provision distinguishing Personal Accounts from Organizations, stating age requirements, email requirements, single-free-account limits, and placing responsibility for Account security and activity on the user. - Tier: All - Location: § B (Account Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20Personal,your%20Account%20secure.%20 ### tier differences — risk unknown > If you upgrade to a higher level of service, we will bill you for the upgraded plan immediately. - Interpretation (disclaimed): This clause states that upgrading to a higher service level results in immediate billing for the upgraded plan, establishing the timing obligation for billing upon a service-level upgrade. - Tier: All - Location: § 2 (Upgrades, Downgrades, and Changes) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20you%20upgrade,the%20upgraded%20plan%20immediately. ### tier differences — risk unknown > You must be age 13 or older. While we are thrilled to see brilliant young coders get excited by learning to program, we must comply with United States law. GitHub does not target our Service to children under 13, and we do not permit any Users under 13 on our Service. If we learn of any User under the age of 13, we will terminate that User’s Account immediately . If you are a resident of a country outside the United States, your country’s minimum age may be older; in such a case, you are responsible for complying with your country’s laws. - Interpretation (disclaimed): Restricts a single login to one person (no credential sharing) and limits paid Organizations to providing access to as many Personal Accounts as the subscription allows, creating tier-based access restrictions. - Tier: All - Location: § 3 (Account Requirements) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20You%20must%20be,with%20your%20country%E2%80%99s%20laws. ### tier differences — risk unknown > $70 monthly total credits for Pro+ - Interpretation (disclaimed): Section header indicating Max includes everything in Pro+ plus additional features, establishing cumulative entitlement structure for the highest tier. - Tier: All - Location: “4x+ included usage than Pro” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20%2470%20monthly%20total%20credits%20for%20Pro%2B%20 ### tier differences — risk unknown > If you change from a monthly billing plan to a yearly billing plan, GitHub will bill you for a full year at the next monthly billing date. - Interpretation (disclaimed): This clause specifies that switching from monthly to yearly billing results in GitHub billing for a full year at the next monthly billing date, defining the billing consequence and timing of that plan change. - Tier: All - Location: § 2 (Upgrades, Downgrades, and Changes) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20you%20change,next%20monthly%20billing%20date. ### tier differences — risk unknown > GitHub may offer subscription-based access to our API for those Users who require high-throughput access or access that would result in resale of GitHub's Service. - Interpretation (disclaimed): Permits GitHub to offer subscription-based API access tiers for users requiring high-throughput access or resale-level access, establishing a differentiated commercial tier for the API. - Tier: All - Location: § H (API Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20GitHub%20may%20offer,resale%20of%20GitHub's%20Service. ### tier differences — risk unknown > Short version: Personal Accounts and Organizations have different administrative controls; a human must create your Account; you must be 13 or over; you must provide a valid email address; and you may not have more than one free Account. You alone are responsible for your Account and anything that happens while you are signed in to or using your Account. You are responsible for keeping your Account secure. - Interpretation (disclaimed): Short-version summary distinguishing Personal Accounts from Organizations, stating the user's sole responsibility for Account activity and security, and noting age and email requirements; functions as a definitional and obligation-setting introduction to the section. - Tier: All - Location: § B (Account Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Short%20version%3A%20Personal,your%20Account%20secure.%20 ### tier differences — risk unknown > One person or legal entity may maintain no more than one free Account (if you choose to control a machine account as well, that's fine, but it can only be used for running a machine). - Interpretation (disclaimed): Restricts individuals and legal entities to no more than one free Account, with a limited exception for a machine account used exclusively for automated tasks, differentiating free-tier usage. - Tier: All - Location: § 3 (Account Requirements) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20One%20person%20or,for%20running%20a%20machine). ### tier differences — risk unknown > If you have signed up for GitHub Enterprise Cloud, the Enterprise Cloud Addendum applies to you, and you agree to its provisions. - Interpretation (disclaimed): Incorporates the Enterprise Cloud Addendum by reference and makes it binding on users who have signed up for GitHub Enterprise Cloud, establishing additional obligations for that subscription tier. - Tier: All - Location: § 5 (Additional Terms) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20If%20you%20have,agree%20to%20its%20provisions. ### tier differences — risk unknown > Organizations. The "owner" of an Organization that was created under these Terms has ultimate administrative control over that Organization and the Content within it. Within the Service, an owner can manage User access to the Organization’s data and projects. An Organization may have multiple owners, but there must be at least one Personal Account designated as an owner of an Organization. If you are the owner of an Organization under these Terms, we consider you responsible for the actions that are performed on or through that Organization. - Interpretation (disclaimed): Defines the role of Organization 'owner,' grants that owner ultimate administrative control over the Organization and its Content, and imposes responsibility on the owner for actions performed on or through that Organization, distinguishing Organization-tier obligations. - Tier: All - Location: § 1 (Account Controls) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20Organizations.%20The%20%22owner%22,or%20through%20that%20Organization. ### tier differences — risk unknown > “User,” “You,” and “Your” refer to the individual person, company, or organization that has visited or is using the Website or Service; that accesses or uses any part of the Account; or that directs the use of the Account in the performance of its functions. A User must be at least 13 years of age. Special terms may apply for business or government Accounts (See Section B(5): Additional Terms ). - Interpretation (disclaimed): Defines 'User,' 'You,' and 'Your' and establishes eligibility requirements including a minimum age of 13, with a cross-reference to additional terms for business or government accounts, creating distinct tier conditions. - Tier: All - Location: § A (Definitions) - Source: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service - Snapshot SHA-256: `6dd75ad6a94942a04350fdc5da0723f64af0b6faaba9e50861a16cebd4ad3084` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#:~:text=%20%E2%80%9CUser%2C%E2%80%9D%20%E2%80%9CYou%2C%E2%80%9D%20and,B(5)%3A%20Additional%20Terms%20). ### tier differences — risk unknown > GitHub Copilot Free users are limited to 2000 completions and 50 chat requests (including Copilot Edits). - Interpretation (disclaimed): Limits GitHub Copilot Free users to 2000 completions and 50 chat requests per period, establishing quantitative usage caps that distinguish the Free tier from paid tiers. - Tier: All - Location: “What is included in GitHub Copilot Free?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20Free,requests%20(including%20Copilot%20Edits). ### tier differences — risk unknown > Keep working with paid usage. Set a dollar budget for additional usage and Copilot continues without interruption. Credits draw down at $0.01 each, so a $10 budget covers 1,000 credits. - Interpretation (disclaimed): Permits users to continue working beyond their included allowance by setting a dollar budget for paid usage, defining the credit draw-down rate and providing an illustrative calculation. - Tier: All - Location: “What happens when I hit my usage limit?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Keep%20working%20with,covers%201%2C000%20credits.%20 ### tier differences — risk unknown > GitHub Copilot has multiple offerings for organizations and an offering for individual developers. All the offerings include both code completion and chat assistance. The primary differences between the organization offerings and the individual offering are license management, policy management, and IP indemnity. Organizations can choose between GitHub Copilot Business and GitHub Copilot Enterprise. GitHub Copilot Business primarily features GitHub Copilot in the coding environment - that is the IDE, CLI and GitHub Mobile. GitHub Copilot Enterprise includes everything in GitHub Copilot Business. It also  adds an additional layer of customization for organizations and integrates into GitHub.com as a chat interface to allow developers to converse with Copilot  throughout the platform. GitHub Copilot Enterprise can index an organization’s codebase for a deeper understanding of the customer’s knowledge for more tailored suggestions and will offer customers access to fine-tuned custom, private models for code completion. GitHub Copilot Pro is designed for individual developers, freelancers, students, educators, and open source maintainers. The plan includes all the features of GitHub Copilot Business except organizational license management, policy management, and IP indemnity. GitHub Copilot Max is built for heavy Copilot usage, including sustained agent-driven workflows, and includes $100/month in GitHub AI Credits. - Interpretation (disclaimed): Repeats definitional content distinguishing organization and individual Copilot plan offerings, including differences in license management, policy management, IP indemnity, and feature scope across tiers. - Tier: All - Location: “What are the differences between the Free, Pro, Pro+, Max, Business, and Enterprise plans?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20has,in%20GitHub%20AI%20Credits. ### tier differences — risk unknown > GitHub Copilot has multiple offerings for organizations and an offering for individual developers. All the offerings include both code completion and chat assistance. The primary differences between the organization offerings and the individual offering are license management, policy management, and IP indemnity. Organizations can choose between GitHub Copilot Business and GitHub Copilot Enterprise. GitHub Copilot Business primarily features GitHub Copilot in the coding environment - that is the IDE, CLI and GitHub Mobile. GitHub Copilot Enterprise includes everything in GitHub Copilot Business. It also  adds an additional layer of customization for organizations and integrates into GitHub.com as a chat interface to allow developers to converse with Copilot  throughout the platform. GitHub Copilot Enterprise can index an organization’s codebase for a deeper understanding of the customer’s knowledge for more tailored suggestions and will offer customers access to fine-tuned custom, private models for code completion. GitHub Copilot Pro is designed for individual developers, freelancers, students, educators, and open source maintainers. The plan includes all the features of GitHub Copilot Business except organizational license management, policy management, and IP indemnity. GitHub Copilot Max is built for heavy Copilot usage, including sustained agent-driven workflows, and includes $100/month in GitHub AI Credits. - Interpretation (disclaimed): Defines the substantive differences between individual and organizational Copilot plans, explicitly identifying license management, policy management, and IP indemnity as distinguishing features between tiers, which has direct legal relevance to indemnity and license rights. - Tier: All - Location: “What are the differences between the Free, Pro, Pro+, Max, Business, and Enterprise plans?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20has,in%20GitHub%20AI%20Credits. ### tier differences — risk unknown > Usage from non-licensed users is billed directly to your organization as GitHub AI Credits. This flexible model allows you to get full review coverage on every PR without purchasing a full Copilot seat for non-development contributors who may not need Copilot. Usage from your existing licensed users continues to draw from their included monthly allowance as it does today. Beginning June 1, 2026, code review workflows also consume GitHub Actions minutes. - Interpretation (disclaimed): Section header introducing the opt-in nature and cost-control mechanisms for non-licensed-user Copilot code review, framing the procedure and restrictions in the segments that follow. - Tier: All - Location: “How does billing work for Copilot code review usage generated by users without a Copilot license?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Usage%20from%20non-licensed,consume%20GitHub%20Actions%20minutes. ### tier differences — risk unknown > Access to Haiku 4.5, GPT-5 mini, and more - Interpretation (disclaimed): Grants Free-tier users permission to access specific AI models (Haiku 4.5, GPT-5 mini, and more), defining the scope of model access for this tier. - Tier: All - Location: “2,000 completions per month” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Access%20to%20Haiku,mini%2C%20and%20more%20 ### tier differences — risk unknown > For everyday coding with agents in GitHub Copilot. $ 10 USD per user / month New plan sign-ups are temporarily paused as we ensure a high-quality experience. We appreciate your patience. Learn more - Interpretation (disclaimed): Section header indicating that the Pro plan includes everything in the Free plan plus additional features, establishing a cumulative entitlement structure across tiers. - Tier: All - Location: “Pro” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20For%20everyday%20coding,patience.%20Learn%20more%20 ### tier differences — risk unknown > GitHub AI Credits are how you pay for AI usage in GitHub Copilot. Every plan includes a monthly allowance: 1 AI credit = $0.01 USD. You use credits when you chat with Copilot, work with agents, or use Copilot CLI, Spaces, and Spark. Code completions and next edit suggestions don't use credits. They remain unlimited with every paid plan. How many credits an interaction uses depends on the model you choose and the complexity of the task. A quick question to a lightweight model costs a fraction of a credit. A longer agent session on a frontier model across many files costs more. - Interpretation (disclaimed): Continues the definition of GitHub AI Credits by explaining how credits are consumed across interaction types and models, establishing the economic structure of credit usage across tiers. - Tier: All - Location: “What are GitHub AI Credits?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20AI%20Credits,files%20costs%20more.%20 ### tier differences — risk unknown > Agent mode, code review, coding agent, Copilot CLI, and Copilot Chat use premium requests, with usage varying by model. Model options may vary by feature. Learn more about premium requests - Interpretation (disclaimed): Specifies that agent mode, code review, coding agent, Copilot CLI, and Copilot Chat consume premium requests with variable usage by model, and that model options may vary by feature — establishing a usage-cost and access restriction that differentiates plan consumption rights and incorporates a cross-reference to further premium request details. - Tier: All - Location: “Available models” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Agent%20mode%2C%20code,about%20premium%20requests%20 ### tier differences — risk unknown > For getting started with GitHub Copilot. $ 0 USD - Interpretation (disclaimed): Defines the price point of the Free plan at $0 USD and its purpose ('getting started'), establishing the commercial terms of this tier. - Tier: All - Location: “Free” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20For%20getting%20started,%24%200%20USD%20 ### tier differences — risk unknown > Max plan Anthropic Claude Haiku 4.5 - Interpretation (disclaimed): Identifies 'Anthropic Claude Haiku 4.5' as a model included in the Max plan, defining the model access entitlements for that subscription tier. - Tier: All - Location: “Raptor mini (Preview)” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Max%20plan%20Anthropic%20Claude%20Haiku%204.5%20 ### tier differences — risk unknown > Credits used when interacting with Copilot features. Chat, agent mode, code review, Copilot cloud agent, Copilot CLI, and Copilot Apps consume GitHub AI Credits. Free plan supports CLI and agent mode. Learn more - Interpretation (disclaimed): Defines which Copilot features (Chat, agent mode, code review, Copilot cloud agent, CLI, Apps) consume GitHub AI Credits and specifies that the Free plan is limited to CLI and agent mode, establishing feature-access restrictions by tier. - Tier: All - Location: “Total GitHub AI Credits” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Credits%20used%20when,mode.%20Learn%20more%20 ### tier differences — risk unknown > Pro+ plan Anthropic Claude Haiku 4.5 - Interpretation (disclaimed): Identifies 'Anthropic Claude Haiku 4.5' as a model included in the Pro+ plan, defining the model access entitlements for that subscription tier. - Tier: All - Location: “Raptor mini (Preview)” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Pro%2B%20plan%20Anthropic%20Claude%20Haiku%204.5%20 ### tier differences — risk unknown > GitHub Copilot has multiple offerings for organizations and an offering for individual developers. All the offerings include both inline suggestion and chat assistance. The primary differences between the organization offerings and the individual offering are license management, policy management, and IP indemnity. Organizations can choose between GitHub Copilot Business and GitHub Copilot Enterprise. GitHub Copilot Business primarily features GitHub Copilot in the coding environment - that is the IDE, CLI and GitHub Mobile. GitHub Copilot Enterprise includes everything in GitHub Copilot Business. It also  adds an additional layer of customization for organizations and integrates into GitHub.com as a chat interface to allow developers to converse with GitHub Copilot throughout the platform. GitHub Copilot Enterprise can index an organization’s codebase for a deeper understanding of the customer’s knowledge for more tailored suggestions and will offer customers access to fine-tuned custom, private models for inline suggestions . GitHub Copilot Individual is designed for individual developers, freelancers, students, educators, and open source maintainers. The plan includes all the features of GitHub Copilot Business except organizational license management, policy management, and IP indemnity. - Interpretation (disclaimed): Segment defines the primary distinctions among GitHub Copilot plans, explicitly identifying license management, policy management, and IP indemnity as differentiating features between organizational and individual offerings, and describes the scope of each tier's included capabilities. - Tier: All - Location: “What are the differences between the GitHub Copilot Business, GitHub Copilot Enterprise, and GitHub Copilot Individual plans?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20has,management%2C%20and%20IP%20indemnity. ### tier differences — risk unknown > GitHub Copilot Autofix provides contextual explanations and code suggestions to help developers fix vulnerabilities in code, and is included in GitHub Advanced Security and available to all public repositories. - Interpretation (disclaimed): Defines what GitHub Copilot Autofix does and specifies its inclusion in GitHub Advanced Security and availability to public repositories, establishing feature-level tier entitlements. - Tier: All - Location: “Which plan includes GitHub Copilot Autofix?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20Autofix,to%20all%20public%20repositories. ### tier differences — risk unknown > Given public sources are predominantly in English, GitHub Copilot will likely work less well in scenarios where natural language prompts provided by the developer are not in English and/or are grammatically incorrect. Therefore, non-English speakers might experience a lower quality of service. - Interpretation (disclaimed): This segment disclaims that GitHub Copilot's quality of service may be lower for non-English speakers due to the predominantly English training data, functioning as a disclaimer about differential service quality based on language use without creating a formal legal obligation or restriction. - Tier: All - Location: “Will GitHub Copilot work as well using languages other than English?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Given%20public%20sources,lower%20quality%20of%20service. ### tier differences — risk unknown > GitHub Copilot Autofix provides contextual explanations and code suggestions to help developers fix vulnerabilities in code, and is included in GitHub Advanced Security . - Interpretation (disclaimed): Defines that Copilot Autofix (contextual vulnerability fix suggestions) is included only in GitHub Advanced Security, establishing the tier boundary for this feature. - Tier: All - Location: “Which plan includes GitHub Copilot Autofix?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20Autofix,GitHub%20Advanced%20Security%20. ### tier differences — risk unknown > If you're on the Free plan, you can upgrade to Pro through your Copilot settings page or directly on the Copilot marketing page . - Interpretation (disclaimed): Describes the procedure by which Free plan users can upgrade to the Pro tier, establishing a path between service tiers with distinct entitlements. - Tier: All - Location: “How can I upgrade my GitHub Copilot Free license to Copilot Pro?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20If%20you%26%23x27%3Bre%20on,Copilot%20marketing%20page%20. ### tier differences — risk unknown > Pro plan Anthropic Claude Haiku 4.5 - Interpretation (disclaimed): Identifies 'Anthropic Claude Haiku 4.5' as a model included in the Pro plan, defining the model access entitlements for that subscription tier. - Tier: All - Location: “Raptor mini (Preview)” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Pro%20plan%20Anthropic%20Claude%20Haiku%204.5%20 ### tier differences — risk unknown > Google Gemini 3.1 Pro (Preview) Google Gemini 3.5 Flash - Interpretation (disclaimed): Lists 'Google Gemini 3.1 Pro (Preview)' and 'Google Gemini 3.5 Flash' as models available under the Max plan, defining the model access entitlements for that tier. - Tier: All - Location: “Google Gemini 3 Flash (Preview)” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Google%20Gemini%203.1,Gemini%203.5%20Flash%20 ### tier differences — risk unknown > ‘GitHub AI Credits paid usage’ must be enabled to allow enterprises to be charged for GitHub AI Credits exceeding their included usage. - Interpretation (disclaimed): States that the 'GitHub AI Credits paid usage' policy must be enabled to allow charges for AI Credits exceeding included usage, establishing a prerequisite obligation for paid overage billing. - Tier: All - Location: “Is Copilot code review usage from users without a Copilot license enabled by default? How do I control the cost?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20%E2%80%98GitHub%20AI%20Credits,exceeding%20their%20included%20usage. ### tier differences — risk unknown > GitHub Copilot is available on your favorite platforms: - Interpretation (disclaimed): Introduces the list of supported platforms where GitHub Copilot is available, defining the scope of platform compatibility relevant to all tiers. - Tier: All - Location: “Best value” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20is,on%20your%20favorite%20platforms%3A ### tier differences — risk unknown > Included AI credits are shared org-wide with admin controls for spending. - Interpretation (disclaimed): Defines pooled usage as org-wide sharing of included AI credits with admin controls for spending, establishing the governance mechanism for credit consumption in organizational accounts. - Tier: All - Location: “Pooled usage” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Included%20AI%20credits,admin%20controls%20for%20spending. ### tier differences — risk unknown > On GitHub Copilot Business and GitHub Copilot Enterprise, admins set usage limits and decide whether additional paid usage is allowed. If it isn't, Copilot pauses until the next cycle. You can track your usage and reset date in your Copilot settings, with alerts at 75%, 90%, and 100% of any configured budget. - Interpretation (disclaimed): Specifies that on Business and Enterprise plans, admins set usage limits and can restrict additional paid usage, causing Copilot to pause if limits are reached, and describes monitoring alerts at 75%, 90%, and 100% of configured budgets. - Tier: All - Location: “What happens when I hit my usage limit?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20On%20GitHub%20Copilot,any%20configured%20budget.%20 ### tier differences — risk unknown > Agent mode use in VS Code, Visual Studio, JetBrains, Eclipse, and Xcode - Interpretation (disclaimed): Defines the scope of Agent mode use by specifying the IDEs (VS Code, Visual Studio, JetBrains, Eclipse, and Xcode) where the feature is permitted, limiting or bounding its availability. - Tier: All - Location: “Agent mode” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Agent%20mode%20use,JetBrains%2C%20Eclipse%2C%20and%20Xcode ### tier differences — risk unknown > $0 - Interpretation (disclaimed): Defines the price point ($0) for the Free tier, establishing the consideration (or lack thereof) associated with this plan level. - Tier: All - Location: “Free” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20%240%20 ### tier differences — risk unknown > GitHub AI Credits are how you pay for AI usage in GitHub Copilot. Every plan includes a monthly allowance: 1 AI credit = $0.01 USD. You use credits when you chat with Copilot, work with agents, or use Copilot CLI, Spaces, and Spark. Code completions and next edit suggestions don't use credits. They remain unlimited with every paid plan. How many credits an interaction uses depends on the model you choose and the complexity of the task. A quick question to a lightweight model costs a fraction of a credit. A longer agent session on a frontier model across many files costs more. - Interpretation (disclaimed): Section header introducing what happens when a user's usage limit is reached, framing the options and limitations described in the following segments. - Tier: All - Location: “What are GitHub AI Credits?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20AI%20Credits,files%20costs%20more.%20 ### tier differences — risk unknown > User management in github.com - Interpretation (disclaimed): Identifies 'User management in github.com' as a feature, defining the administrative user management capability referenced in subsequent tier availability rows. - Tier: All - Location: “Max plan Not included” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20User%20management%20in%20github.com ### tier differences — risk unknown > Anthropic Claude Sonnet 4.5 Anthropic Claude Sonnet 4.6 Anthropic Claude Opus 4.5 Anthropic Claude Opus 4.6 Anthropic Claude Opus 4.6 (fast mode) (Preview) Anthropic Claude Opus 4.7 Anthropic Claude Opus 4.8 - Interpretation (disclaimed): Lists multiple Anthropic Claude models (Sonnet 4.5 through Opus 4.8) as available, establishing model access entitlements for the applicable plan tier, including preview-status models subject to additional conditions. - Tier: All - Location: “Anthropic Claude Sonnet 4” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Anthropic%20Claude%20Sonnet,Claude%20Opus%204.8%20 ### tier differences — risk unknown > GitHub Copilot Autofix provides contextual explanations and code suggestions to help developers fix vulnerabilities in code, and is included in GitHub Advanced Security . - Interpretation (disclaimed): Segment defines that GitHub Copilot Autofix is included in GitHub Advanced Security, specifying a tier-based feature allocation that determines what functionality is available under which plan. - Tier: All - Location: “Which plan includes GitHub Copilot Autofix?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20Autofix,GitHub%20Advanced%20Security%20. ### tier differences — risk unknown > GitHub Copilot Free is a new free pricing tier with limited functionality for individual developers. Users assigned a Copilot Business or Copilot Enterprise seat are not eligible for access. Users with access to Copilot Pro through a paid subscription, trial, or through an existing verified OSS, student, faculty, or MVP account may elect to use Free instead. - Interpretation (disclaimed): Defines eligibility conditions for the GitHub Copilot Free tier, specifying which user categories are excluded (Business/Enterprise seat holders) and which may elect to downgrade to Free, establishing the scope of tier access rights. - Tier: All - Location: “Who is eligible to access GitHub Copilot for free?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20GitHub%20Copilot%20Free,use%20Free%20instead.%20 ### tier differences — risk unknown > Organizations can now enable Copilot code review on all pull requests on github.com—including pull requests from users who are not assigned a Copilot license . This allows you to extend the quality and rich analysis of Copilot code review to all pull requests, regardless of its author, giving you complete coverage and confidence that pull requests have been reviewed. To enable this functionality, an enterprise/org admin must first have Copilot enabled and then enabled two policies. Note : This capability is not supported for Copilot code reviews in VS Code or other IDEs. - Interpretation (disclaimed): Section header introducing the billing treatment for Copilot code review usage generated by non-licensed users, framing the commercial obligation described in the following segment. - Tier: All - Location: “Can users in my organization use Copilot code reviews for their pull requests if they don’t have a Copilot license?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Organizations%20can%20now,Code%20or%20other%20IDEs. ### tier differences — risk unknown > $100 per month - Interpretation (disclaimed): Defines the price point ($100 per month) for the Max tier, establishing the recurring financial obligation associated with this plan. - Tier: All - Location: “Max” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20%24100%20per%20month%20 ### tier differences — risk unknown > Delegate tasks to third-party coding agents like Claude by Anthropic and OpenAI Codex (Preview) - Interpretation (disclaimed): Defines the feature of delegating tasks to third-party coding agents (Claude by Anthropic and OpenAI Codex in Preview), establishing the scope of third-party agent integration subject to tier-based access and implicating subprocessor relationships. - Tier: All - Location: “Max plan Included” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20Delegate%20tasks%20to,and%20OpenAI%20Codex%20(Preview) ### tier differences — risk unknown > A new Copilot code review policy ( ‘Allow members without a Copilot license to use Copilot code review in github.com’ ) must also be enabled. - Interpretation (disclaimed): States that a specific Copilot code review policy must also be explicitly enabled to allow non-licensed members to use the feature, imposing a procedural obligation on admins as a condition of access. - Tier: All - Location: “Is Copilot code review usage from users without a Copilot license enabled by default? How do I control the cost?” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20A%20new%20Copilot,must%20also%20be%20enabled. ### tier differences — risk unknown > No credit card required. Verified students have access to the GitHub Copilot Student plan. Learn more - Interpretation (disclaimed): States that no credit card is required for the Free plan, and creates a special exception granting verified students access to the GitHub Copilot Student plan, differentiating eligibility conditions by user category. - Tier: All - Location: “Copilot CLI” - Source: https://github.com/features/copilot/plans - Snapshot SHA-256: `3093f9e2a519be10993d953f0f92f99f1396d8ba974fcffe826d6382f5ddf98c` - Wayback: — - Deep link: https://github.com/features/copilot/plans#:~:text=%20No%20credit%20card,plan.%20Learn%20more%20 ### tier differences — risk unknown > If you live in Colorado, Connecticut, or Virginia you have some additional rights: - Interpretation (disclaimed): Introduces the scope of additional privacy rights available to residents of Colorado, Connecticut, and Virginia, establishing jurisdiction-specific applicability for the rights that follow. - Tier: All - Location: Privacy Policy › “Colorado/Connecticut/Virginia” - Source: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement - Snapshot SHA-256: `41aae0b52b175a72b1454549172f49289a3ab9df7b28aa96bbceb1a9c5674189` - Wayback: — - Deep link: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement#:~:text=%20If%20you%20live,have%20some%20additional%20rights%3A --- # GRC Risk Assessment — Cursor - Platform: **Cursor** (cursor) - Headline risk rating: **HIGH** - Website: https://www.cursor.sh - Generated: 2026-06-14T10:33:42.976Z - Findings (verified, published): **279** > Every assertion is anchored to a verbatim quote with a SHA-256 snapshot hash and a Wayback archive URL for independent verification. Informational only; not legal advice. ## Control crosswalk (NIST AI RMF 1.0 + ISO/IEC 42001) | Surface | Risk | Confidence | NIST AI RMF | ISO/IEC 42001 | |---|---|---|---|---| | training use | medium | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | low | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | prompt ownership | medium | low | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | output ownership | medium | low | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | commercial use | medium | medium | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | low | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | low | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | ambiguous | low | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | data retention | medium | medium | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | low | low | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | ambiguous | medium | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | ambiguous | medium | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | subprocessors data sharing | medium | low | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | medium | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | low | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | ambiguous | low | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | audit rights dpa residency | medium | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | indemnity liability | high | medium | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | high | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | high | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | high | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | high | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | medium | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | confidentiality | medium | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | medium | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | governing law disputes | high | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | high | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | high | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | medium | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | medium | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | medium | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | medium | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | medium | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | medium | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | medium | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | medium | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | low | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | low | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | moderation enforcement | high | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | medium | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | ## Evidence (verbatim, with provenance) ### training use — risk medium > We do not use Inputs or Suggestions to train our models, or permit third parties to use them for training, unless: (1) they are flagged for security review (in which case we may analyze them to improve our ability to detect and enforce our Terms of Service ), (2) you explicitly report them to us (for example, as Feedback), or (3) you’ve explicitly agreed to their use for such training purposes. You can find instructions in the Service on how to manage your preferences regarding the use of Inputs and Suggestions for training. - Interpretation (disclaimed): Default position is no training use of Inputs/Suggestions, which is user-favorable. However, two automatic exceptions exist (security flagging and explicit user reporting) that could result in content being analyzed without affirmative opt-in. The third exception requires explicit agreement. Users should review and manage training preferences in-Service. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=We%20do%20not%20use,and%20Suggestions%20for%20training. ### training use — risk low > 1.3. Model Training. ANYSPHERE WILL NOT USE CONTENT TO TRAIN, OR ALLOW ANY THIRD PARTY TO TRAIN, ANY AI MODELS, UNLESS YOU’VE EXPLICITLY AGREED TO THE USE OF CONTENT FOR TRAINING. You can find instructions in the Service for how to manage your preferences regarding the use of Inputs and Suggestions for training. - Interpretation (disclaimed): This is a user-favorable clause that prohibits training use of Content absent explicit consent. Risk is low provided explicit consent is meaningfully obtained and not bundled with general terms acceptance. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=1.3.%20Model%20Training.%20ANYSPHERE,and%20Suggestions%20for%20training. ### training use — risk unknown > Note: For information about how we collect and use training information to develop our models that power the Service, and your choices with respect to that information, please see our Privacy Overview. - Interpretation (disclaimed): This segment directs users to the Privacy Overview for information about how training data is collected and used, and what choices users have, thereby incorporating by reference a separate document governing training data rights and options. - Tier: All - Location: Privacy Policy › “Privacy Policy” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Note%3A%20For%20information,see%20our%20Privacy%20Overview. ### training use — risk unknown > We do not use Inputs or Suggestions to train our models, or permit third parties to use them for training, unless: (1) they are flagged for security review (in which case we may analyze them to improve our ability to detect and enforce our Terms of Service ), (2) you explicitly report them to us (for example, as Feedback), or (3) you’ve explicitly agreed to their use for such training purposes. You can find instructions in the Service on how to manage your preferences regarding the use of Inputs and Suggestions for training. - Interpretation (disclaimed): This segment restricts the use of Inputs and Suggestions for model training by default, prohibiting third-party use for training as well, while establishing three exceptions (security review flagging, explicit user reporting, and explicit user consent), and references user controls for managing training preferences. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20do%20not,and%20Suggestions%20for%20training. ### training use — risk unknown > Note: For information about how we collect and use training information to develop our models that power the Service, and your choices with respect to that information, please see our Privacy Overview. - Interpretation (disclaimed): Cross-references the Privacy Overview for information about how training data is collected and used to develop AI models, and describes user choices with respect to that information, incorporating those provisions by reference and signaling user rights regarding training data use. - Tier: All - Location: Privacy Policy › “Privacy Policy” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Note%3A%20For%20information,see%20our%20Privacy%20Overview. ### training use — risk unknown > 1.3. Model Training. ANYSPHERE WILL NOT USE CONTENT TO TRAIN, OR ALLOW ANY THIRD PARTY TO TRAIN, ANY AI MODELS, UNLESS YOU’VE EXPLICITLY AGREED TO THE USE OF CONTENT FOR TRAINING. You can find instructions in the Service for how to manage your preferences regarding the use of Inputs and Suggestions for training. - Interpretation (disclaimed): Expressly prohibits Anysphere from using Content to train AI models or allowing third parties to do so unless the user has explicitly opted in, establishing a default no-training restriction and describing how users can manage training preferences. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%201.3.%20Model%20Training.,and%20Suggestions%20for%20training. ### training use — risk unknown > 1.3. Model Training. ANYSPHERE WILL NOT USE CONTENT TO TRAIN, OR ALLOW ANY THIRD PARTY TO TRAIN, ANY AI MODELS, UNLESS YOU’VE EXPLICITLY AGREED TO THE USE OF CONTENT FOR TRAINING. You can find instructions in the Service for how to manage your preferences regarding the use of Inputs and Suggestions for training. - Interpretation (disclaimed): This segment explicitly prohibits Anysphere from using Content to train AI models or allowing third parties to do so unless the user has explicitly opted in, establishing a strong restriction on training use with an opt-in exception and instructions for managing preferences. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%201.3.%20Model%20Training.,and%20Suggestions%20for%20training. ### training use — risk unknown > 5.4. Usage Data. Anysphere may: (i) collect, analyze, and otherwise process Usage Data internally for its business purposes, including for security and analytics, to enhance the Service, and for other development and corrective purposes; and (ii) disclose Usage Data to third parties only in an aggregated and/or de-identified form and in a manner that does not identify you. “Usage Data” means technical logs, data, and learnings about Customer’s use of and interactions with the Service, but excludes Content. - Interpretation (disclaimed): Permits Anysphere to collect, analyze, and process Usage Data for internal business purposes including security, analytics, and service enhancement, and to disclose it to third parties only in aggregated or de-identified form, while defining Usage Data as excluding Content. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%205.4.%20Usage%20Data.,Service%2C%20but%20excludes%20Content. ### training use — risk unknown > We do not use Inputs or Suggestions to train our models, or permit third parties to use them for training, unless: (1) they are flagged for security review (in which case we may analyze them to improve our ability to detect and enforce our Terms of Service ), (2) you explicitly report them to us (for example, as Feedback), or (3) you’ve explicitly agreed to their use for such training purposes. You can find instructions in the Service on how to manage your preferences regarding the use of Inputs and Suggestions for training. - Interpretation (disclaimed): This segment restricts Anysphere from using Inputs or Suggestions to train its models or permitting third parties to do so, subject to three named exceptions: security review flagging, explicit user reporting, or explicit user consent, establishing the primary restriction on training data use with limited carve-outs. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20do%20not,and%20Suggestions%20for%20training. ### prompt ownership — risk medium > 1.2. Content. You may provide inputs to the Service (“ Inputs ”) and receive code, outputs, or other functions based on the Inputs provided by you (collectively, “ Suggestions ”) (Inputs and Suggestions are collectively “ Content ”). We may use Content to provide the Service, comply with applicable law, enforce our terms and policies, and keep the Service safe. By submitting Inputs to the Service, you represent and warrant that you have all rights, licenses, and permissions that are necessary for us to process the Inputs under these Terms and to provide the Service to you. - Interpretation (disclaimed): The license granted to Anysphere over user Inputs for purposes including service provision and safety is relatively broad. The clause also shifts risk to users by requiring them to warrant they have all necessary rights to submitted Inputs. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=1.2.%20Content.%20You%20may,the%20Service%20to%20you. ### prompt ownership — risk unknown > 5.1. Service. Anysphere and its licensors shall own and retain all right, title and interest in and to the Service, all improvements, enhancements or modifications thereto, and all intellectual property rights associated with the foregoing. There are no implied licenses in these Terms and Anysphere reserves all rights to the Service not granted in these Terms. - Interpretation (disclaimed): Asserts Anysphere's exclusive ownership of the Service and all improvements and intellectual property rights therein, expressly excludes implied licenses, and reserves all rights not expressly granted. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%205.1.%20Service.%20Anysphere,granted%20in%20these%20Terms. ### prompt ownership — risk unknown > 5.2. Feedback. We appreciate the thoughts and comments from our users. If you choose to provide input and suggestions regarding existing functionalities, problems with or proposed modifications or improvements to the Service (“ Feedback ”), then you grant Anysphere the right to exploit the Feedback without restriction or compensation to you. - Interpretation (disclaimed): Grants Anysphere an unrestricted, uncompensated right to exploit user Feedback regarding the Service, effectively transferring any user interest in such feedback to Anysphere. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%205.2.%20Feedback.%20We,or%20compensation%20to%20you. ### prompt ownership — risk unknown > 5.2. Feedback. We appreciate the thoughts and comments from our users. If you choose to provide input and suggestions regarding existing functionalities, problems with or proposed modifications or improvements to the Service (“ Feedback ”), then you grant Anysphere the right to exploit the Feedback without restriction or compensation to you. - Interpretation (disclaimed): Grants Anysphere an unrestricted, uncompensated right to exploit user-submitted Feedback, effectively transferring practical control over feedback content without restriction or compensation to the user. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%205.2.%20Feedback.%20We,or%20compensation%20to%20you. ### prompt ownership — risk unknown > Inputs and Suggestions: The Service allows you to submit content (" Inputs "), which generate responses (" Suggestions ") based on your Inputs. If you include personal data or reference external content in your Inputs, we will collect that information and it may be reproduced in the Suggestions we provide. - Interpretation (disclaimed): This segment defines 'Inputs' and 'Suggestions,' establishes that personal data within Inputs will be collected and may be reproduced in Suggestions, creating a foundational definition that governs downstream ownership, processing, and training-use provisions. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Inputs%20and%20Suggestions%3A,the%20Suggestions%20we%20provide. ### output ownership — risk medium > 1.4. Limitations for Suggestions. You acknowledge that Suggestions are generated automatically by machine learning technology and may be similar to or the same as Suggestions provided to other customers, and no rights to any Suggestions generated, provided, or returned by the Service for or to other customers are granted to you under these Terms. - Interpretation (disclaimed): Acknowledging that Suggestions may be identical to those given to other users, and that no exclusivity is granted, creates IP risk for users who commercially rely on generated code believing it to be unique. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=1.4.%20Limitations%20for%20Suggestions.,you%20under%20these%20Terms. ### output ownership — risk unknown > 1.2. Content. You may provide inputs to the Service (“ Inputs ”) and receive code, outputs, or other functions based on the Inputs provided by you (collectively, “ Suggestions ”) (Inputs and Suggestions are collectively “ Content ”). We may use Content to provide the Service, comply with applicable law, enforce our terms and policies, and keep the Service safe. By submitting Inputs to the Service, you represent and warrant that you have all rights, licenses, and permissions that are necessary for us to process the Inputs under these Terms and to provide the Service to you. - Interpretation (disclaimed): Defines 'Inputs,' 'Suggestions,' and 'Content,' and grants Anysphere permission to use Content to provide the Service, enforce policies, and comply with law; also imposes a warranty obligation on users regarding rights to submitted Inputs. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%201.2.%20Content.%20You,the%20Service%20to%20you. ### output ownership — risk unknown > 1.4. Limitations for Suggestions. You acknowledge that Suggestions are generated automatically by machine learning technology and may be similar to or the same as Suggestions provided to other customers, and no rights to any Suggestions generated, provided, or returned by the Service for or to other customers are granted to you under these Terms. Further, you acknowledge that there are numerous limitations that apply with respect to Suggestions provided by large language and other AI models (each an “AI Model” ), including that (i) Suggestions may contain errors or misleading information, (ii) AI Models are based on predefined rules and algorithms that lack the ability to think creatively and come up with new ideas and can result in repetitive or formulaic content, (iii) AI Models can struggle with understanding the nuances of language, including slang, idioms, and cultural references, (iv) AI Models can struggle with complex tasks that require reasoning, judgment and decision-making, and (v) data used to train AI models may be of poor quality or biased. You agree that you are responsible for evaluating, and bearing all risks associated with, the use of any Suggestions, including any reliance on the accuracy, completeness, or usefulness of Suggestions. - Interpretation (disclaimed): Disclaims any grant to a user of rights in Suggestions generated for other customers, and discloses limitations of AI-generated Suggestions including potential errors and similarity to outputs provided to others. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%201.4.%20Limitations%20for,or%20usefulness%20of%20Suggestions. ### output ownership — risk unknown > 5.3. Content. You retain all of your right, title, and interest that you have in Inputs, and Anysphere hereby assigns to you all of our right, title, and interest if any in and to any Suggestions. - Interpretation (disclaimed): Confirms that users retain all rights in their Inputs and that Anysphere assigns to users any rights it may have in Suggestions, establishing user ownership over both inputs and AI-generated outputs. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%205.3.%20Content.%20You,and%20to%20any%20Suggestions. ### output ownership — risk unknown > 1.2. Content. You may provide inputs to the Service (“ Inputs ”) and receive code, outputs, or other functions based on the Inputs provided by you (collectively, “ Suggestions ”) (Inputs and Suggestions are collectively “ Content ”). We may use Content to provide the Service, comply with applicable law, enforce our terms and policies, and keep the Service safe. By submitting Inputs to the Service, you represent and warrant that you have all rights, licenses, and permissions that are necessary for us to process the Inputs under these Terms and to provide the Service to you. - Interpretation (disclaimed): This segment defines Content (Inputs and Suggestions), grants Anysphere permission to use Content to provide the Service and comply with law, and imposes a representation and warranty obligation on users that they have all necessary rights to allow Anysphere to process their Inputs. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%201.2.%20Content.%20You,the%20Service%20to%20you. ### output ownership — risk unknown > 1.4. Limitations for Suggestions. You acknowledge that Suggestions are generated automatically by machine learning technology and may be similar to or the same as Suggestions provided to other customers, and no rights to any Suggestions generated, provided, or returned by the Service for or to other customers are granted to you under these Terms. Further, you acknowledge that there are numerous limitations that apply with respect to Suggestions provided by large language and other AI models (each an “AI Model” ), including that (i) Suggestions may contain errors or misleading information, (ii) AI Models are based on predefined rules and algorithms that lack the ability to think creatively and come up with new ideas and can result in repetitive or formulaic content, (iii) AI Models can struggle with understanding the nuances of language, including slang, idioms, and cultural references, (iv) AI Models can struggle with complex tasks that require reasoning, judgment and decision-making, and (v) data used to train AI models may be of poor quality or biased. You agree that you are responsible for evaluating, and bearing all risks associated with, the use of any Suggestions, including any reliance on the accuracy, completeness, or usefulness of Suggestions. - Interpretation (disclaimed): This segment disclaims that users have rights to Suggestions generated for other customers, acknowledges that Suggestions may be non-unique, and warns of inherent limitations of AI-generated outputs including potential errors and misleading information, limiting user rights and Anysphere's implied warranties regarding Suggestions. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%201.4.%20Limitations%20for,or%20usefulness%20of%20Suggestions. ### output ownership — risk unknown > 5.3. Content. You retain all of your right, title, and interest that you have in Inputs, and Anysphere hereby assigns to you all of our right, title, and interest if any in and to any Suggestions. - Interpretation (disclaimed): Affirms the user retains all right, title, and interest in Inputs, and assigns to the user all of Anysphere's right, title, and interest in Suggestions, establishing user ownership of both inputs and AI-generated outputs. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%205.3.%20Content.%20You,and%20to%20any%20Suggestions. ### output ownership — risk unknown > 5.1. Service. Anysphere and its licensors shall own and retain all right, title and interest in and to the Service, all improvements, enhancements or modifications thereto, and all intellectual property rights associated with the foregoing. There are no implied licenses in these Terms and Anysphere reserves all rights to the Service not granted in these Terms. - Interpretation (disclaimed): Reserves all right, title, and interest in the Service and its improvements to Anysphere and its licensors, expressly excludes implied licenses, and restricts users to only those rights explicitly granted in the Terms. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%205.1.%20Service.%20Anysphere,granted%20in%20these%20Terms. ### commercial use — risk medium > You agree that you are responsible for evaluating, and bearing all risks associated with, the use of any Suggestions, including any reliance on the accuracy, completeness, or usefulness of Suggestions. - Interpretation (disclaimed): Full risk transfer to users for commercial reliance on Suggestions, combined with no liability from Anysphere for suggestion quality, means users have no recourse for losses arising from defective outputs in commercial deployments. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=You%20agree%20that%20you,or%20usefulness%20of%20Suggestions. ### commercial use — risk unknown > 1.1. Provision of Access. Anysphere is an applied research company working on automating coding. The Service offers a suite of coding tools driven by machine learning to help developers write code more easily and efficiently and can provide suggested code, outputs or other functions. Subject to your compliance with these Terms, Anysphere grants you a limited right to access and use the Service. - Interpretation (disclaimed): Grants the user a limited right to access and use the Service, subject to compliance with the Terms, and describes the nature of the Service as AI-driven coding tools. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%201.1.%20Provision%20of,and%20use%20the%20Service. ### commercial use — risk unknown > 1.1. Provision of Access. Anysphere is an applied research company working on automating coding. The Service offers a suite of coding tools driven by machine learning to help developers write code more easily and efficiently and can provide suggested code, outputs or other functions. Subject to your compliance with these Terms, Anysphere grants you a limited right to access and use the Service. - Interpretation (disclaimed): This segment grants users a limited right to access and use the Service subject to compliance with the Terms, defining the scope of the license and the conditions under which the Service may be used. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%201.1.%20Provision%20of,and%20use%20the%20Service. ### privacy data use — risk medium > Feedback: While using the Service, you may provide feedback, including ideas and suggestions for improvement or rating a Suggestion in response to an Input (" Feedback "). If you provide Feedback on the Service, we may store the entire exchange as part of your Feedback. - Interpretation (disclaimed): The scope of data capture triggered by Feedback is broader than users might expect — it captures 'the entire exchange,' which could include sensitive code, personal data, or confidential business information shared during a session. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=Feedback%3A%20While%20using%20the,part%20of%20your%20Feedback. ### privacy data use — risk medium > We may update this Privacy Policy from time to time. When we do, we will publish an updated version and effective date at the top of this page, unless another type of notice is legally required. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change. - Interpretation (disclaimed): Implied acceptance through continued use following a posted update may not constitute valid consent under GDPR for changes to processing purposes or legal bases. Under GDPR Art. 13/14, material changes to processing require fresh notice and potentially fresh consent. The absence of a required notice period before changes take effect heightens risk for users. - Tier: All - Location: Privacy Policy › “# 8. Privacy policy changes” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=We%20may%20update%20this,acceptance%20of%20such%20change. ### privacy data use — risk medium > Inputs and Suggestions: The Service allows you to submit content (" Inputs "), which generate responses (" Suggestions ") based on your Inputs. If you include personal data or reference external content in your Inputs, we will collect that information and it may be reproduced in the Suggestions we provide. - Interpretation (disclaimed): This clause clarifies that prompt content (including any personal data of third parties) is collected and processed. This raises potential issues under GDPR regarding users acting as data controllers when inputting third-party personal data, and the platform's role as processor of such data. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=Inputs%20and%20Suggestions%3A%20The,the%20Suggestions%20we%20provide. ### privacy data use — risk medium > We may use personal data for the following purposes: To provide and maintain the Service, including optional features that enhance functionality and user experience. To create, manage, and administer your account, including facilitating payments and responding to inquiries. To improve and develop the Service and conduct research, including debugging and identifying or repairing issues that impair functionality. To communicate with you, including sending updates, information about the Service, and events. To prevent, detect, and investigate fraud, abuse, security incidents, and violations of our Terms of Service . To comply with legal obligations and protect the rights, safety, privacy, and property of users, Anysphere, or third parties. To investigate and resolve disputes or security issues. To enforce our Terms of Service and other applicable agreements. - Interpretation (disclaimed): The listed purposes are wide-ranging. 'Improve and develop the Service and conduct research' is a commonly broad catch-all that may permit substantial secondary processing. Users should weigh this against jurisdiction-specific rights (e.g., GDPR purpose limitation principle). - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=We%20may%20use%20personal,and%20other%20applicable%20agreements. ### privacy data use — risk medium > We implement commercially reasonable technical and organizational measures designed to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, please remember that no method of transmission over the Internet or method of electronic storage is completely secure. You should use caution when deciding what information to share with the Service. We are not responsible for any circumvention of privacy settings or security features on the Service or on third-party websites linked through the Service. - Interpretation (disclaimed): 'Commercially reasonable' is a weaker security commitment than ISO 27001, SOC 2, or other certifiable standards. The disclaimer of responsibility for circumvention of security features could limit the platform's liability in the event of a breach caused by inadequate controls, which may conflict with GDPR Art. 32 obligations requiring 'appropriate' technical and organisational measures. - Tier: All - Location: Privacy Policy › “# 5. Security” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=We%20implement%20commercially%20reasonable,linked%20through%20the%20Service. ### privacy data use — risk low > We may aggregate or de-identify personal data so that it no longer identifies you, and use that information for the purposes described above, such as analyzing how the Service is used, improving or adding features, and conducting research. We will maintain de-identified information in its de-identified form and will not attempt to reidentify it, except as required by law. - Interpretation (disclaimed): De-identified data is generally not subject to privacy regulation, so this is a relatively low-risk clause. The commitment not to re-identify (except by law) is a user-protective pledge, though it cannot be independently verified. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=We%20may%20aggregate%20or,as%20required%20by%20law. ### privacy data use — risk low > No sale or targeted advertising: We do not “sell” or “share” personal data for cross-contextual behavioral advertising, and we do not process personal data for “targeted advertising” purposes (as those terms are defined under applicable US state privacy laws). We also do not process sensitive personal data for the purposes of inferring characteristics about a consumer. - Interpretation (disclaimed): This is a user-protective clause that limits a common high-risk data monetization practice. However, the commitment is scoped to the specific legal definitions under 'applicable US state privacy laws,' which may not cover all forms of data monetization in other jurisdictions. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=No%20sale%20or%20targeted,characteristics%20about%20a%20consumer. ### privacy data use — risk ambiguous > Please read the Anysphere Privacy Policy (“ Privacy Policy ”) carefully for information relating to our collection, use, storage, and disclosure of your personal data. - Interpretation (disclaimed): Incorporation by reference to an external policy means users must review a separate document to understand data practices. The actual risk level depends on the Privacy Policy content. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=Please%20read%20the%20Anysphere,of%20your%20personal%20data. ### privacy data use — risk unknown > We at Anysphere, Inc. (“ Anysphere ”, “ we ” or “ us ”) are strongly committed to respecting your privacy and keeping secure any information you share with us. This privacy policy (“ Privacy Policy ”) explains how we collect, use, disclose, and process your personal data when you use Anysphere's software, platform, APIs, Documentation, and related tools, including at the website at www.cursor.com , and all related software made available by Anysphere to build, deploy, host, and manage software projects (“ Service ”). It also tells you how you can access and update your personal information and describes the data protection rights that may be available under your country's or state's laws. Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge you have been informed of and consent to our practices with regard to your personal information and data. - Interpretation (disclaimed): This segment defines the scope and purpose of the Privacy Policy, identifies Anysphere as the data controller, defines the term 'Service,' and describes the categories of processing activities (collect, use, disclose, process) covered, establishing the operative framework for all downstream obligations. - Tier: All - Location: Privacy Policy › “# Introduction” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20at%20Anysphere%2C,personal%20information%20and%20data. ### privacy data use — risk unknown > We collect the following categories of personal data: - Interpretation (disclaimed): This segment introduces the enumeration of personal data categories Anysphere collects, signaling the company's disclosure obligation to inform users of data collection practices. - Tier: All - Location: Privacy Policy › “# 1. Personal data we collect” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20collect%20the,categories%20of%20personal%20data%3A ### privacy data use — risk unknown > Account Information: Anysphere collects identifiers, such as your name and email address, when you sign up for an Anysphere account or to receive information about our Service. - Interpretation (disclaimed): This segment specifies that Anysphere collects identifiers (name, email) upon account registration, defining a concrete data collection obligation and the categories of personal data involved. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Account%20Information%3A%20Anysphere,information%20about%20our%20Service. ### privacy data use — risk unknown > Payment Information: We collect your payment information if you seek to access any paid Anysphere products and services. - Interpretation (disclaimed): This segment states that payment information is collected when users access paid services, establishing a data collection obligation tied to commercial transactions. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Payment%20Information%3A%20We,Anysphere%20products%20and%20services. ### privacy data use — risk unknown > Feedback: While using the Service, you may provide feedback, including ideas and suggestions for improvement or rating a Suggestion in response to an Input (" Feedback "). If you provide Feedback on the Service, we may store the entire exchange as part of your Feedback. - Interpretation (disclaimed): This segment states that Feedback submitted by users, including the full exchange, may be stored, establishing a data collection and retention obligation tied to user-initiated feedback activities. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Feedback%3A%20While%20using,part%20of%20your%20Feedback. ### privacy data use — risk unknown > When you use the Service, we also receive certain technical data automatically. This includes: - Interpretation (disclaimed): This segment states that technical data is automatically collected when users use the Service, establishing automatic data collection as an operative obligation and listing the categories of data involved. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20When%20you%20use,data%20automatically.%20This%20includes%3A ### privacy data use — risk unknown > Usage Data. We collect information about your use of the Service, such as the dates and times of access, browsing history, search, information about the links you click, pages you view, and other information about how you use the Service, and technology on the devices you use to access the Service. - Interpretation (disclaimed): This segment specifies that usage data including access times, browsing history, clicks, and page views is collected, defining the scope of behavioral data collection obligations. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Usage%20Data.%20We,to%20access%20the%20Service. ### privacy data use — risk unknown > Location Information. For security and performance reasons, for example to detect unusual login activity or provide more useful Suggestions, we may determine the geographic location from which your device accesses our Service using information such as your IP address. - Interpretation (disclaimed): This segment permits Anysphere to determine users' geographic location from IP address for security and performance purposes (e.g., detecting unusual login activity, improving Suggestions), granting a conditional right to process location data. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Location%20Information.%20For,as%20your%20IP%20address. ### privacy data use — risk unknown > We may use personal data for the following purposes: - Interpretation (disclaimed): This segment introduces the enumeration of permitted purposes for which personal data may be used, establishing the legal framework for Anysphere's data use obligations and permissions. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20may%20use,for%20the%20following%20purposes%3A ### privacy data use — risk unknown > To communicate with you, including sending updates, information about the Service, and events. - Interpretation (disclaimed): This segment permits Anysphere to use personal data for communications with users, including updates and service information, authorizing processing for communication purposes. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20communicate%20with,the%20Service%2C%20and%20events. ### privacy data use — risk unknown > To comply with legal obligations and protect the rights, safety, privacy, and property of users, Anysphere, or third parties. - Interpretation (disclaimed): This segment permits Anysphere to use personal data to comply with legal obligations and protect the rights, safety, and property of users, Anysphere, and third parties, authorizing processing for legal compliance and safety purposes. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20comply%20with,Anysphere%2C%20or%20third%20parties. ### privacy data use — risk unknown > Right to know what categories of personal data we collect, the purposes for which we use it, and the types of third parties with whom we share it. - Interpretation (disclaimed): Grants users the right to know what categories of personal data are collected, the purposes of collection, and the types of third parties with whom it is shared, establishing a transparency and disclosure right. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Right%20to%20know,whom%20we%20share%20it. ### privacy data use — risk unknown > Access and portability, meaning you can request a copy of the personal data we hold about you and, where applicable, ask us to provide it in a portable format. - Interpretation (disclaimed): Grants users the right to access a copy of their personal data held by Anysphere and, where applicable, to receive it in a portable format, establishing access and data portability rights. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Access%20and%20portability%2C,in%20a%20portable%20format. ### privacy data use — risk unknown > Restriction of our processing of your personal data in limited circumstances, such as while a correction request is pending. - Interpretation (disclaimed): Grants users the right to restrict Anysphere's processing of their personal data in limited circumstances, such as while a correction request is pending, establishing a qualified restriction right. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Restriction%20of%20our,correction%20request%20is%20pending. ### privacy data use — risk unknown > No automated decisions: Anysphere does not make decisions based solely on automated processing that impact your legal rights or has similarly significant effects (e.g. your healthcare or financial circumstances). - Interpretation (disclaimed): Restricts Anysphere from making decisions based solely on automated processing that have legal or similarly significant effects on users, establishing a prohibition on fully automated individual decision-making. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20No%20automated%20decisions%3A,healthcare%20or%20financial%20circumstances). ### privacy data use — risk unknown > No sale or targeted advertising: We do not “sell” or “share” personal data for cross-contextual behavioral advertising, and we do not process personal data for “targeted advertising” purposes (as those terms are defined under applicable US state privacy laws). We also do not process sensitive personal data for the purposes of inferring characteristics about a consumer. - Interpretation (disclaimed): Restricts Anysphere from selling, sharing, or using personal data for cross-contextual behavioral advertising or targeted advertising as defined under applicable US state privacy laws, and prohibits inferring characteristics from sensitive personal data, establishing multiple data use restrictions. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20No%20sale%20or,characteristics%20about%20a%20consumer. ### privacy data use — risk unknown > We at Anysphere, Inc. (“ Anysphere ”, “ we ” or “ us ”) are strongly committed to respecting your privacy and keeping secure any information you share with us. This privacy policy (“ Privacy Policy ”) explains how we collect, use, disclose, and process your personal data when you use Anysphere's software, platform, APIs, Documentation, and related tools, including at the website at www.cursor.com , and all related software made available by Anysphere to build, deploy, host, and manage software projects (“ Service ”). It also tells you how you can access and update your personal information and describes the data protection rights that may be available under your country's or state's laws. Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge you have been informed of and consent to our practices with regard to your personal information and data. - Interpretation (disclaimed): Defines the scope and purpose of the Privacy Policy, identifies Anysphere as the data controller, defines the 'Service' covered, and outlines the policy's subject matter including collection, use, disclosure, and processing of personal data, establishing foundational definitions for the entire document. - Tier: All - Location: Privacy Policy › “# Introduction” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20at%20Anysphere%2C,personal%20information%20and%20data. ### privacy data use — risk unknown > Please note that this Privacy Policy does not apply where Anysphere acts as a data processor and processes personal data on behalf of commercial customers using our commercial services, for example, if your employer has provisioned a Cursor account for you to use at work. Our use of that data is governed by our customer agreements covering access to and use of those offerings. - Interpretation (disclaimed): Carves out from the scope of this Privacy Policy situations where Anysphere acts as a data processor for commercial customers, specifying that such data use is governed by customer agreements rather than this policy, establishing a scope exception for enterprise/employer-provisioned accounts. - Tier: All - Location: Privacy Policy › “# Introduction” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Please%20note%20that,use%20of%20those%20offerings. ### privacy data use — risk unknown > A. Personal data you provide to us directly - Interpretation (disclaimed): This segment introduces the sub-category of personal data provided directly by the user, defining the scope of direct-collection data practices. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20A.%20Personal%20data,to%20us%20directly%20 ### privacy data use — risk unknown > Account Information: Anysphere collects identifiers, such as your name and email address, when you sign up for an Anysphere account or to receive information about our Service. - Interpretation (disclaimed): This segment specifies that Anysphere collects identifiers such as name and email address upon account sign-up or service information requests, constituting a disclosure of a data collection practice and associated obligation. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Account%20Information%3A%20Anysphere,information%20about%20our%20Service. ### privacy data use — risk unknown > Inputs and Suggestions: The Service allows you to submit content (" Inputs "), which generate responses (" Suggestions ") based on your Inputs. If you include personal data or reference external content in your Inputs, we will collect that information and it may be reproduced in the Suggestions we provide. - Interpretation (disclaimed): This segment defines 'Inputs' and 'Suggestions' as terms used throughout the policy and discloses that personal data included in Inputs may be collected and reproduced in Suggestions, establishing both a definition and a data collection disclosure. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Inputs%20and%20Suggestions%3A,the%20Suggestions%20we%20provide. ### privacy data use — risk unknown > Communication Information: If you communicate with us, we collect your name, contact information, and the contents of any messages you send. - Interpretation (disclaimed): This segment discloses that communication data including name, contact information, and message contents is collected when users communicate with the company, identifying a specific data collection practice. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Communication%20Information%3A%20If,any%20messages%20you%20send. ### privacy data use — risk unknown > B. Personal data we receive from your use of the Service - Interpretation (disclaimed): This heading introduces the sub-category of personal data received automatically through use of the Service, scoping the automatic data collection practices disclosed below. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20B.%20Personal%20data,of%20the%20Service%20 ### privacy data use — risk unknown > When you use the Service, we also receive certain technical data automatically. This includes: - Interpretation (disclaimed): This segment discloses that certain technical data is received automatically when the Service is used, establishing the basis for the automatic data collection practices that follow. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20When%20you%20use,data%20automatically.%20This%20includes%3A ### privacy data use — risk unknown > Location Information. For security and performance reasons, for example to detect unusual login activity or provide more useful Suggestions, we may determine the geographic location from which your device accesses our Service using information such as your IP address. - Interpretation (disclaimed): This segment discloses that geographic location data is derived from IP addresses for security and performance purposes, identifying the purpose and method of a specific data collection practice. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Location%20Information.%20For,as%20your%20IP%20address. ### privacy data use — risk unknown > C. Information We Do Not Collect - Interpretation (disclaimed): This heading introduces a sub-section defining the scope of data that Anysphere does not collect, delimiting the boundaries of its data collection practices. - Tier: All - Location: Article C (Information We Do Not Collect) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20C.%20Information%20We%20Do%20Not%20Collect%20 ### privacy data use — risk unknown > Anysphere does not knowingly collect sensitive or special category personal information, such as genetic data, biometric data for the purposes of uniquely identifying a natural person, health information, or religious information. Additionally, Anysphere does not knowingly collect information from or direct any of our Service or content to children under the age of 18. If we learn or have reason to suspect that a user is under the age of 18, we will investigate and, if appropriate, delete the personal data and/or the account. - Interpretation (disclaimed): This segment restricts Anysphere from knowingly collecting sensitive categories of personal data (genetic, biometric, health, religious) and from collecting data from children under 18, and establishes a procedure to investigate and delete data if a minor is identified. - Tier: All - Location: Article C (Information We Do Not Collect) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Anysphere%20does%20not,data%20and%2For%20the%20account. ### privacy data use — risk unknown > We may use personal data for the following purposes: - Interpretation (disclaimed): This segment introduces the enumerated purposes for which personal data may be used, establishing the legal basis and scope of data use practices under the policy. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20may%20use,for%20the%20following%20purposes%3A ### privacy data use — risk unknown > To improve and develop the Service and conduct research, including debugging and identifying or repairing issues that impair functionality. - Interpretation (disclaimed): This segment permits Anysphere to use personal data for Service improvement, research, debugging, and issue resolution, identifying permitted processing purposes. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20improve%20and,issues%20that%20impair%20functionality. ### privacy data use — risk unknown > To communicate with you, including sending updates, information about the Service, and events. - Interpretation (disclaimed): This segment permits Anysphere to use personal data to communicate with users including sending updates and event information, identifying a permitted processing purpose. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20communicate%20with,the%20Service%2C%20and%20events. ### privacy data use — risk unknown > Depending on where you live and the laws that apply in your country of residence, you may have certain rights in relation to your personal data. These may include the right to access, delete, correct, or transfer your personal data; to object to or restrict how we process it; or to withdraw your consent where processing is based on consent. You may also have the right to lodge a complaint with your local data protection authority. - Interpretation (disclaimed): Enumerates the legal rights available to users depending on their jurisdiction, including rights to access, delete, correct, transfer, object to, restrict processing of, and withdraw consent for personal data, as well as the right to lodge complaints with data protection authorities. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Depending%20on%20where,local%20data%20protection%20authority. ### privacy data use — risk unknown > The rights available to you may include: - Interpretation (disclaimed): Introduces an enumerated list of specific user rights that follows, serving as a definitional cross-reference header for the subsequent detailed rights clauses. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20The%20rights%20available%20to%20you%20may%20include%3A ### privacy data use — risk unknown > Deletion of personal data collected from you in connection with your use of the Service, subject to certain exceptions. - Interpretation (disclaimed): Grants users the right to request deletion of personal data collected in connection with service use, subject to certain exceptions, constituting a qualified right to erasure. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Deletion%20of%20personal,subject%20to%20certain%20exceptions. ### privacy data use — risk unknown > Withdrawal of consent, where the legal basis for our processing is based on your consent. Withdrawal does not affect the lawfulness of prior processing. - Interpretation (disclaimed): Grants users the right to withdraw consent where consent is the legal basis for processing, while clarifying that withdrawal does not affect the lawfulness of prior processing, establishing both a right and a temporal limitation on its effect. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Withdrawal%20of%20consent%2C,lawfulness%20of%20prior%20processing. ### privacy data use — risk unknown > No automated decisions: Anysphere does not make decisions based solely on automated processing that impact your legal rights or has similarly significant effects (e.g. your healthcare or financial circumstances). - Interpretation (disclaimed): Restricts Anysphere from making decisions based solely on automated processing that have legal or similarly significant effects on users, constituting a prohibition on certain automated decision-making practices. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20No%20automated%20decisions%3A,healthcare%20or%20financial%20circumstances). ### privacy data use — risk unknown > Please also read our Privacy Policy⁠ , which explains how we collect, use, disclose, and process personal data. - Interpretation (disclaimed): Directs users to the Privacy Policy for information on how personal data is collected, used, disclosed, and processed, incorporating it by reference as a companion document to these Terms. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20Please%20also%20read,and%20process%20personal%20data. ### privacy data use — risk unknown > 3. Account Registration and Access. To access most features of the Service, you must register for an account. When you register for an account, you may be required to provide us with information about yourself, such as your name, email address, or other contact information. You agree that the information you provide to us is accurate, complete, and not misleading, and that you will keep it accurate and up to date at all times. When you register, you will be asked to create a password. You are solely responsible for maintaining the confidentiality of your account and password, and you accept responsibility for all activities that occur under your account. If you believe that your account is no longer secure, you must immediately notify us at hi@cursor.com . - Interpretation (disclaimed): Requires users to register an account and provide accurate information, and imposes an obligation on users to maintain the confidentiality of their account credentials and accept responsibility for account activity. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%203.%20Account%20Registration,us%20at%20hi%40cursor.com%20. ### privacy data use — risk unknown > 5.4. Usage Data. Anysphere may: (i) collect, analyze, and otherwise process Usage Data internally for its business purposes, including for security and analytics, to enhance the Service, and for other development and corrective purposes; and (ii) disclose Usage Data to third parties only in an aggregated and/or de-identified form and in a manner that does not identify you. “Usage Data” means technical logs, data, and learnings about Customer’s use of and interactions with the Service, but excludes Content. - Interpretation (disclaimed): Permits Anysphere to collect, analyze, and use Usage Data for internal business purposes including security and analytics, and permits disclosure to third parties only in aggregated or de-identified form; defines 'Usage Data' as excluding Content. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%205.4.%20Usage%20Data.,Service%2C%20but%20excludes%20Content. ### privacy data use — risk unknown > 7. Communications. We may send you emails concerning our products and services, as well as those of third parties. You may opt out of promotional emails by using any unsubscribe or similar functionality or instructions in the promotional email. - Interpretation (disclaimed): Grants Anysphere the right to send promotional emails about its own and third-party products, while providing users with the right to opt out of such communications. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%207.%20Communications.%20We,in%20the%20promotional%20email. ### privacy data use — risk unknown > 12. Privacy. Please read the Anysphere Privacy Policy (“ Privacy Policy ”) carefully for information relating to our collection, use, storage, and disclosure of your personal data. - Interpretation (disclaimed): This segment incorporates the Privacy Policy by reference and directs users to read it for information on collection, use, storage, and disclosure of personal data, making the Privacy Policy operative as part of the Terms. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2012.%20Privacy.%20Please,of%20your%20personal%20data. ### privacy data use — risk unknown > 17.3. Consent to Electronic Communications. By using the Service, you consent to receiving certain electronic communications from us as further described in our Privacy Policy. Please read our Privacy Policy to learn more about our electronic communications practices. You agree that any notices, agreements, disclosures, or other communications that we send to you electronically will satisfy any legal communication requirements, including that those communications be in writing. - Interpretation (disclaimed): This segment obtains the user's consent to receive electronic communications and obliges the user to accept electronic notices as satisfying legal written communication requirements, while incorporating the Privacy Policy for further detail on electronic communications practices. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2017.3.%20Consent%20to,communications%20be%20in%20writing. ### privacy data use — risk unknown > Please also read our Privacy Policy⁠ , which explains how we collect, use, disclose, and process personal data. - Interpretation (disclaimed): This segment incorporates the Privacy Policy by reference, directing users to read it for information on collection, use, disclosure, and processing of personal data, making privacy obligations operative under the Terms. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20Please%20also%20read,and%20process%20personal%20data. ### privacy data use — risk unknown > 3. Account Registration and Access. To access most features of the Service, you must register for an account. When you register for an account, you may be required to provide us with information about yourself, such as your name, email address, or other contact information. You agree that the information you provide to us is accurate, complete, and not misleading, and that you will keep it accurate and up to date at all times. When you register, you will be asked to create a password. You are solely responsible for maintaining the confidentiality of your account and password, and you accept responsibility for all activities that occur under your account. If you believe that your account is no longer secure, you must immediately notify us at hi@cursor.com . - Interpretation (disclaimed): Obligates the user to provide accurate registration information and maintain its currency, and places sole responsibility on the user for maintaining account confidentiality and password security, creating ongoing affirmative duties tied to account data. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%203.%20Account%20Registration,us%20at%20hi%40cursor.com%20. ### privacy data use — risk unknown > 7. Communications. We may send you emails concerning our products and services, as well as those of third parties. You may opt out of promotional emails by using any unsubscribe or similar functionality or instructions in the promotional email. - Interpretation (disclaimed): Grants Anysphere the right to send promotional emails about its own and third-party products, while providing users the right to opt out of promotional communications via unsubscribe functionality. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%207.%20Communications.%20We,in%20the%20promotional%20email. ### privacy data use — risk unknown > 12. Privacy. Please read the Anysphere Privacy Policy (“ Privacy Policy ”) carefully for information relating to our collection, use, storage, and disclosure of your personal data. - Interpretation (disclaimed): Incorporates the Anysphere Privacy Policy by reference for all matters relating to collection, use, storage, and disclosure of personal data, making it part of the binding terms governing privacy obligations. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2012.%20Privacy.%20Please,of%20your%20personal%20data. ### privacy data use — risk unknown > To investigate and resolve disputes or security issues. - Interpretation (disclaimed): This segment permits Anysphere to use personal data to investigate and resolve disputes or security issues, identifying a permitted processing purpose. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20investigate%20and,disputes%20or%20security%20issues. ### privacy data use — risk unknown > We may update this Privacy Policy from time to time. When we do, we will publish an updated version and effective date at the top of this page, unless another type of notice is legally required. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change. - Interpretation (disclaimed): Establishes the procedure for updating the Privacy Policy, including publication of updated versions and effective dates, and deems continued use of the service after changes as acceptance of those changes, creating a binding amendment mechanism. - Tier: All - Location: Privacy Policy › “# 8. Privacy policy changes” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20may%20update,acceptance%20of%20such%20change. ### privacy data use — risk unknown > Log Information. We collect information about how our Service is performing, including your IP address, browser type and settings, error logs, and other ways that you interact with the Service. - Interpretation (disclaimed): This segment specifies that log information including IP address, browser type, error logs, and interaction data is collected, defining the scope of the logging and data collection obligation. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Log%20Information.%20We,interact%20with%20the%20Service. ### privacy data use — risk unknown > Correction of inaccurate personal data we maintain about you. Please note that while we’ll make reasonable efforts to address correction requests, due to the nature of our models, we cannot guarantee the accuracy of Suggestions generated by the Service. - Interpretation (disclaimed): Grants users the right to request correction of inaccurate personal data, while including a disclaimer that AI-generated suggestions cannot be guaranteed accurate, combining a correction right with a limitation on its scope as applied to model outputs. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Correction%20of%20inaccurate,generated%20by%20the%20Service. ### privacy data use — risk unknown > To comply with legal obligations and protect the rights, safety, privacy, and property of users, Anysphere, or third parties. - Interpretation (disclaimed): This segment permits Anysphere to use personal data to comply with legal obligations and protect the rights, safety, privacy, and property of users, Anysphere, or third parties, identifying permitted processing purposes. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20comply%20with,Anysphere%2C%20or%20third%20parties. ### privacy data use — risk unknown > We encourage you to contact us at hi@cursor.com if you have any questions about this Privacy Policy. - Interpretation (disclaimed): Provides the contact procedure and channel (email address) for users with questions about the Privacy Policy, establishing a designated communication pathway for privacy inquiries. - Tier: All - Location: Privacy Policy › “# 9. Contacting us” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20encourage%20you,about%20this%20Privacy%20Policy. ### privacy data use — risk unknown > Device Information. Your device or browser automatically sends us information about when and how you install, access, or use our Service. This information may include your device type, browser information, operating system information, and mobile network or ISP. This information may depend on your settings and the type of device you use to access the Service. - Interpretation (disclaimed): This segment specifies that device and browser information is automatically collected, detailing the categories (device type, browser info, OS, network/ISP) subject to collection obligations. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Device%20Information.%20Your,to%20access%20the%20Service. ### privacy data use — risk unknown > We collect the following categories of personal data: - Interpretation (disclaimed): This segment states that the company collects specified categories of personal data, establishing a factual obligation disclosure about what data is gathered from users. - Tier: All - Location: Privacy Policy › “# 1. Personal data we collect” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20collect%20the,categories%20of%20personal%20data%3A ### privacy data use — risk unknown > To improve and develop the Service and conduct research, including debugging and identifying or repairing issues that impair functionality. - Interpretation (disclaimed): This segment permits Anysphere to use personal data to improve and develop the Service and conduct research, including debugging, authorizing processing for product development purposes. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20improve%20and,issues%20that%20impair%20functionality. ### privacy data use — risk unknown > Usage Data. We collect information about your use of the Service, such as the dates and times of access, browsing history, search, information about the links you click, pages you view, and other information about how you use the Service, and technology on the devices you use to access the Service. - Interpretation (disclaimed): This segment discloses collection of usage data such as access times, browsing history, links clicked, and pages viewed, identifying specific categories of behavioral data automatically collected from users. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Usage%20Data.%20We,to%20access%20the%20Service. ### privacy data use — risk unknown > Anysphere does not knowingly collect sensitive or special category personal information, such as genetic data, biometric data for the purposes of uniquely identifying a natural person, health information, or religious information. Additionally, Anysphere does not knowingly collect information from or direct any of our Service or content to children under the age of 18. If we learn or have reason to suspect that a user is under the age of 18, we will investigate and, if appropriate, delete the personal data and/or the account. - Interpretation (disclaimed): This segment restricts Anysphere from knowingly collecting sensitive/special category data (genetic, biometric, health, religious) and data from children under 18, and mandates investigation and deletion of such data if discovered, imposing both a restriction and a remedial obligation. - Tier: All - Location: Article C (Information We Do Not Collect) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Anysphere%20does%20not,data%20and%2For%20the%20account. ### privacy data use — risk unknown > We encourage you to contact us at hi@cursor.com if you have any questions about this Privacy Policy. - Interpretation (disclaimed): Provides contact information for users with privacy-related questions, establishing a procedure for users to reach Anysphere regarding the Privacy Policy. - Tier: All - Location: Privacy Policy › “# 9. Contacting us” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20encourage%20you,about%20this%20Privacy%20Policy. ### privacy data use — risk unknown > We may update this Privacy Policy from time to time. When we do, we will publish an updated version and effective date at the top of this page, unless another type of notice is legally required. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change. - Interpretation (disclaimed): Establishes the procedure for updating the Privacy Policy — publishing an updated version and effective date — and deems continued use after changes as acceptance, creating a constructive notice and deemed consent mechanism for policy modifications. - Tier: All - Location: Privacy Policy › “# 8. Privacy policy changes” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20may%20update,acceptance%20of%20such%20change. ### privacy data use — risk unknown > To exercise any of these rights, you or your authorized agent may contact us at hi@cursor.com . We may request information to verify your identity before processing your request. If we deny your request, you may appeal by emailing the same address. Anysphere will not discriminate against you for exercising any privacy rights available under applicable law. - Interpretation (disclaimed): Establishes the procedure for exercising privacy rights — contacting Anysphere via email, identity verification before processing, appeal process for denied requests — and affirms a non-discrimination obligation against users exercising their privacy rights. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20exercise%20any,available%20under%20applicable%20law. ### privacy data use — risk unknown > Cookies & Similar Technologies. We and our service providers utilize cookies, pixels, scripts, or similar technologies to operate and manage the Service and improve your experience. These technologies help us to recognize you, customize or personalize your experience, market additional products or services to you, and analyze and optimize your use of the Service, for example to help maintain your preferences. For more details about how we use these technologies, please visit our Cookie Policy . - Interpretation (disclaimed): This segment discloses that cookies and similar tracking technologies are used by Anysphere and its service providers to operate, manage, and improve the Service, and to market products, identifying a data collection and processing practice and directing users to a Cookie Policy. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Cookies%20%26%20Similar,our%20Cookie%20Policy%20. ### privacy data use — risk unknown > Cookies & Similar Technologies. We and our service providers utilize cookies, pixels, scripts, or similar technologies to operate and manage the Service and improve your experience. These technologies help us to recognize you, customize or personalize your experience, market additional products or services to you, and analyze and optimize your use of the Service, for example to help maintain your preferences. For more details about how we use these technologies, please visit our Cookie Policy . - Interpretation (disclaimed): This segment discloses that cookies and similar tracking technologies are used by Anysphere and its service providers to operate the Service, personalize experience, and analyze usage, establishing a collection and processing obligation with cross-reference to a Cookie Policy. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Cookies%20%26%20Similar,our%20Cookie%20Policy%20. ### privacy data use — risk unknown > Payment Information: We collect your payment information if you seek to access any paid Anysphere products and services. - Interpretation (disclaimed): This segment discloses that payment information is collected when users access paid products and services, identifying a specific category of personal data collected and the condition triggering its collection. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Payment%20Information%3A%20We,Anysphere%20products%20and%20services. ### privacy data use — risk unknown > We may aggregate or de-identify personal data so that it no longer identifies you, and use that information for the purposes described above, such as analyzing how the Service is used, improving or adding features, and conducting research. We will maintain de-identified information in its de-identified form and will not attempt to reidentify it, except as required by law. - Interpretation (disclaimed): This segment permits Anysphere to aggregate or de-identify personal data for analytics, feature development, and research, while imposing an obligation to maintain de-identified data in de-identified form and not attempt re-identification except as required by law. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20may%20aggregate,as%20required%20by%20law. ### privacy data use — risk unknown > Feedback: While using the Service, you may provide feedback, including ideas and suggestions for improvement or rating a Suggestion in response to an Input (" Feedback "). If you provide Feedback on the Service, we may store the entire exchange as part of your Feedback. - Interpretation (disclaimed): This segment defines 'Feedback' and discloses that if feedback is provided, the company may store the entire exchange as part of that feedback, establishing a data retention and collection practice tied to user interactions. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Feedback%3A%20While%20using,part%20of%20your%20Feedback. ### privacy data use — risk unknown > Deletion of personal data collected from you in connection with your use of the Service, subject to certain exceptions. - Interpretation (disclaimed): Grants users the right to request deletion of personal data collected in connection with their use of the Service, subject to certain exceptions, establishing a qualified right to erasure. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Deletion%20of%20personal,subject%20to%20certain%20exceptions. ### privacy data use — risk unknown > Depending on where you live and the laws that apply in your country of residence, you may have certain rights in relation to your personal data. These may include the right to access, delete, correct, or transfer your personal data; to object to or restrict how we process it; or to withdraw your consent where processing is based on consent. You may also have the right to lodge a complaint with your local data protection authority. - Interpretation (disclaimed): Enumerates data subject rights that may apply depending on jurisdiction, including access, deletion, correction, portability, objection, restriction, consent withdrawal, and the right to lodge a complaint with a data protection authority. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Depending%20on%20where,local%20data%20protection%20authority. ### privacy data use — risk unknown > Correction of inaccurate personal data we maintain about you. Please note that while we’ll make reasonable efforts to address correction requests, due to the nature of our models, we cannot guarantee the accuracy of Suggestions generated by the Service. - Interpretation (disclaimed): Grants users the right to request correction of inaccurate personal data, while establishing a limitation that Anysphere cannot guarantee accuracy of AI-generated suggestions, creating both a right and a partial disclaimer regarding model outputs. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Correction%20of%20inaccurate,generated%20by%20the%20Service. ### privacy data use — risk unknown > To exercise any of these rights, you or your authorized agent may contact us at hi@cursor.com . We may request information to verify your identity before processing your request. If we deny your request, you may appeal by emailing the same address. Anysphere will not discriminate against you for exercising any privacy rights available under applicable law. - Interpretation (disclaimed): Establishes the procedure for exercising data subject rights, including contact details, identity verification requirements, appeal process, and a non-discrimination obligation, defining how rights requests are submitted and handled. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20exercise%20any,available%20under%20applicable%20law. ### privacy data use — risk unknown > No sale or targeted advertising: We do not “sell” or “share” personal data for cross-contextual behavioral advertising, and we do not process personal data for “targeted advertising” purposes (as those terms are defined under applicable US state privacy laws). We also do not process sensitive personal data for the purposes of inferring characteristics about a consumer. - Interpretation (disclaimed): Restricts Anysphere from selling or sharing personal data for cross-contextual behavioral advertising, targeted advertising, or inferring characteristics about consumers from sensitive personal data, as those terms are defined under applicable US state privacy laws. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20No%20sale%20or,characteristics%20about%20a%20consumer. ### privacy data use — risk unknown > Device Information. Your device or browser automatically sends us information about when and how you install, access, or use our Service. This information may include your device type, browser information, operating system information, and mobile network or ISP. This information may depend on your settings and the type of device you use to access the Service. - Interpretation (disclaimed): This segment discloses that device and browser information is automatically transmitted to Anysphere upon installation, access, or use of the Service, identifying specific categories of automatically collected data. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Device%20Information.%20Your,to%20access%20the%20Service. ### privacy data use — risk unknown > The rights available to you may include: - Interpretation (disclaimed): Introductory clause that introduces the enumerated list of specific data subject rights described in subsequent segments, functioning as a structural incorporation reference. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20The%20rights%20available%20to%20you%20may%20include%3A ### privacy data use — risk unknown > Communication Information: If you communicate with us, we collect your name, contact information, and the contents of any messages you send. - Interpretation (disclaimed): This segment states that communication content, including names and message contents, is collected when users contact Anysphere, establishing a data collection obligation for communications. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Communication%20Information%3A%20If,any%20messages%20you%20send. ### privacy data use — risk unknown > Restriction of our processing of your personal data in limited circumstances, such as while a correction request is pending. - Interpretation (disclaimed): Grants users the right to restrict processing of personal data in limited circumstances, such as while a correction request is pending, constituting a qualified restriction right. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Restriction%20of%20our,correction%20request%20is%20pending. ### privacy data use — risk unknown > We implement commercially reasonable technical and organizational measures designed to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, please remember that no method of transmission over the Internet or method of electronic storage is completely secure. You should use caution when deciding what information to share with the Service. We are not responsible for any circumvention of privacy settings or security features on the Service or on third-party websites linked through the Service. - Interpretation (disclaimed): Disclaims absolute security by acknowledging that no transmission or storage method is completely secure, limiting Anysphere's responsibility for circumvention of security measures, while noting the implementation of commercially reasonable technical and organizational safeguards. - Tier: All - Location: Privacy Policy › “# 5. Security” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20implement%20commercially,linked%20through%20the%20Service. ### privacy data use — risk unknown > We may aggregate or de-identify personal data so that it no longer identifies you, and use that information for the purposes described above, such as analyzing how the Service is used, improving or adding features, and conducting research. We will maintain de-identified information in its de-identified form and will not attempt to reidentify it, except as required by law. - Interpretation (disclaimed): This segment permits Anysphere to aggregate or de-identify personal data for analysis, feature development, and research purposes, and establishes an obligation to maintain de-identified data in that form except as required by law. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20may%20aggregate,as%20required%20by%20law. ### privacy data use — risk unknown > To create, manage, and administer your account, including facilitating payments and responding to inquiries. - Interpretation (disclaimed): This segment permits Anysphere to use personal data to create, manage, and administer user accounts, facilitate payments, and respond to inquiries, identifying permitted processing purposes. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20create%2C%20manage%2C,and%20responding%20to%20inquiries. ### privacy data use — risk unknown > We collect personal data if you create an account to use our Service or communicate with us. This includes: - Interpretation (disclaimed): This segment states that Anysphere collects personal data when users create accounts or communicate, establishing the legal basis and trigger conditions for data collection obligations. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20collect%20personal,with%20us.%20This%20includes%3A ### privacy data use — risk unknown > Objection to certain types of processing. Where applicable, we will stop processing unless we have legitimate legal grounds to continue. - Interpretation (disclaimed): Grants users the right to object to certain types of processing and obliges Anysphere to cease processing unless legitimate legal grounds exist to continue, establishing both a right and a corresponding obligation. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Objection%20to%20certain,legal%20grounds%20to%20continue. ### privacy data use — risk unknown > Right to know what categories of personal data we collect, the purposes for which we use it, and the types of third parties with whom we share it. - Interpretation (disclaimed): Grants users the right to know what categories of personal data are collected, the purposes of use, and the types of third parties with whom data is shared, constituting a transparency and access right. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Right%20to%20know,whom%20we%20share%20it. ### privacy data use — risk unknown > Please note that this Privacy Policy does not apply where Anysphere acts as a data processor and processes personal data on behalf of commercial customers using our commercial services, for example, if your employer has provisioned a Cursor account for you to use at work. Our use of that data is governed by our customer agreements covering access to and use of those offerings. - Interpretation (disclaimed): This segment carves out the application of this Privacy Policy where Anysphere acts as a data processor for commercial customers, redirecting governance to separate customer agreements, thereby limiting the scope of individual user rights under this policy. - Tier: All - Location: Privacy Policy › “# Introduction” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Please%20note%20that,use%20of%20those%20offerings. ### privacy data use — risk unknown > To investigate and resolve disputes or security issues. - Interpretation (disclaimed): This segment permits Anysphere to use personal data to investigate and resolve disputes or security issues, authorizing processing for dispute resolution purposes. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20investigate%20and,disputes%20or%20security%20issues. ### privacy data use — risk unknown > We collect personal data if you create an account to use our Service or communicate with us. This includes: - Interpretation (disclaimed): This segment discloses that personal data is collected when a user creates an account or communicates with the company, identifying the triggering conditions for data collection obligations. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20collect%20personal,with%20us.%20This%20includes%3A ### privacy data use — risk unknown > To prevent, detect, and investigate fraud, abuse, security incidents, and violations of our Terms of Service . - Interpretation (disclaimed): This segment permits Anysphere to use personal data to prevent, detect, and investigate fraud, abuse, security incidents, and Terms of Service violations, identifying a permitted processing purpose. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20prevent%2C%20detect%2C,Terms%20of%20Service%20. ### privacy data use — risk unknown > To provide and maintain the Service, including optional features that enhance functionality and user experience. - Interpretation (disclaimed): This segment permits Anysphere to use personal data to provide and maintain the Service including optional features, identifying a lawful purpose for processing. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20provide%20and,functionality%20and%20user%20experience. ### privacy data use — risk unknown > To create, manage, and administer your account, including facilitating payments and responding to inquiries. - Interpretation (disclaimed): This segment permits Anysphere to use personal data to manage accounts, process payments, and respond to inquiries, authorizing processing for account administration purposes. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20create%2C%20manage%2C,and%20responding%20to%20inquiries. ### privacy data use — risk unknown > Objection to certain types of processing. Where applicable, we will stop processing unless we have legitimate legal grounds to continue. - Interpretation (disclaimed): Grants users the right to object to certain types of processing, with Anysphere obligated to cease processing unless legitimate legal grounds justify continuation, constituting an objection right with a carve-out exception. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Objection%20to%20certain,legal%20grounds%20to%20continue. ### privacy data use — risk unknown > We implement commercially reasonable technical and organizational measures designed to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, please remember that no method of transmission over the Internet or method of electronic storage is completely secure. You should use caution when deciding what information to share with the Service. We are not responsible for any circumvention of privacy settings or security features on the Service or on third-party websites linked through the Service. - Interpretation (disclaimed): States that Anysphere implements commercially reasonable security measures but disclaims responsibility for security breaches or circumvention of privacy features, limiting liability by acknowledging that no transmission or storage method is completely secure. - Tier: All - Location: Privacy Policy › “# 5. Security” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20implement%20commercially,linked%20through%20the%20Service. ### privacy data use — risk unknown > To provide and maintain the Service, including optional features that enhance functionality and user experience. - Interpretation (disclaimed): This segment permits Anysphere to use personal data to provide and maintain the Service, including optional features, authorizing processing for core service delivery purposes. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20provide%20and,functionality%20and%20user%20experience. ### privacy data use — risk unknown > Log Information. We collect information about how our Service is performing, including your IP address, browser type and settings, error logs, and other ways that you interact with the Service. - Interpretation (disclaimed): This segment discloses that log information including IP address, browser type, error logs, and interaction data is collected to monitor Service performance, identifying a specific automatic data collection practice. - Tier: All - Location: § A (Personal data you provide to us directly) - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Log%20Information.%20We,interact%20with%20the%20Service. ### privacy data use — risk unknown > Access and portability, meaning you can request a copy of the personal data we hold about you and, where applicable, ask us to provide it in a portable format. - Interpretation (disclaimed): Grants users the right to access and receive a portable copy of personal data held by Anysphere, constituting a data portability and access right enforceable under applicable privacy law. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Access%20and%20portability%2C,in%20a%20portable%20format. ### privacy data use — risk unknown > Withdrawal of consent, where the legal basis for our processing is based on your consent. Withdrawal does not affect the lawfulness of prior processing. - Interpretation (disclaimed): Grants users the right to withdraw consent where processing is based on consent, and clarifies that withdrawal does not affect the lawfulness of prior processing, establishing both the right and its temporal limitation. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Withdrawal%20of%20consent%2C,lawfulness%20of%20prior%20processing. ### data retention — risk medium > Upon termination of these Terms, a Subscription Service, or your access to the Service, we may at our option delete any Content or other data associated with your account. - Interpretation (disclaimed): Discretionary deletion clause means users have no guaranteed ability to retrieve their content post-termination. The word 'may' also means data could be retained, creating ambiguity. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=Upon%20termination%20of%20these,associated%20with%20your%20account. ### data retention — risk low > We also may terminate your account if it has been inactive for over a year and you do not have a paid account. If we do, we will provide you with advance notice. - Interpretation (disclaimed): Inactivity-based termination applies only to free accounts; advance notice is provided. This is a relatively user-friendly provision but still results in data deletion risk. - Tier: Free - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=We%20also%20may%20terminate,you%20with%20advance%20notice. ### data retention — risk ambiguous > Anysphere retains your personal data only for as long as necessary to operate the Service effectively and to support legitimate business needs such as legal compliance, safety, dispute resolution, and enforcement of our agreements. The appropriate retention period varies depending on the purpose for which the personal data was collected, its sensitivity, potential risks associated with its use or exposure, and any applicable legal requirements. Your settings may also influence how long we keep certain types of data. For instance, some temporary interactions with the Service may not appear in your history and could be stored for a limited duration for purposes related to safety and system monitoring. When personal data is no longer needed, Anysphere and its service providers will follow procedures to delete, erase, de-identify, or anonymize it in compliance with applicable laws. - Interpretation (disclaimed): The absence of concrete retention timelines makes it impossible for users to know how long their data (including inputs/outputs) is stored. GDPR and similar laws require storage limitation; this policy's vagueness may be non-compliant in some jurisdictions. The safety monitoring carve-out means even 'temporary' interactions are retained. - Tier: All - Location: Privacy Policy › “# 4. Retention” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=Anysphere%20retains%20your%20personal,compliance%20with%20applicable%20laws. ### data retention — risk unknown > Your settings may also influence how long we keep certain types of data. For instance, some temporary interactions with the Service may not appear in your history and could be stored for a limited duration for purposes related to safety and system monitoring. - Interpretation (disclaimed): Describes how user settings influence retention duration for certain data types and notes that some temporary interactions may be stored for a limited period for safety and system monitoring purposes, detailing a retention procedure tied to user-controlled settings. - Tier: All - Location: Privacy Policy › “# 4. Retention” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Your%20settings%20may,safety%20and%20system%20monitoring. ### data retention — risk unknown > When personal data is no longer needed, Anysphere and its service providers will follow procedures to delete, erase, de-identify, or anonymize it in compliance with applicable laws. - Interpretation (disclaimed): Imposes an obligation on Anysphere and its service providers to delete, erase, de-identify, or anonymize personal data when it is no longer needed, in compliance with applicable law, establishing a binding data disposal duty. - Tier: All - Location: Privacy Policy › “# 4. Retention” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20When%20personal%20data,compliance%20with%20applicable%20laws. ### data retention — risk unknown > When personal data is no longer needed, Anysphere and its service providers will follow procedures to delete, erase, de-identify, or anonymize it in compliance with applicable laws. - Interpretation (disclaimed): Describes the procedure Anysphere and its service providers must follow when personal data is no longer needed — deletion, erasure, de-identification, or anonymization in compliance with applicable laws — constituting a procedural data lifecycle obligation. - Tier: All - Location: Privacy Policy › “# 4. Retention” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20When%20personal%20data,compliance%20with%20applicable%20laws. ### data retention — risk unknown > 4.6. Delinquent Accounts. Anysphere may suspend or terminate access to the Service, including fee-based portions of the Service, for any account for which any amount is due but unpaid. In addition to the amount due for the Service, a delinquent account will be charged with fees or charges that are incidental to any chargeback or collection of any unpaid amount, including collection fees. If your payment method is no longer valid at the time a renewal Subscription Fee is due, then Anysphere reserves the right to delete your account and any information associated with your account without any liability to you. - Interpretation (disclaimed): Grants Anysphere the right to suspend or terminate access for delinquent accounts, charge collection fees, and delete the account and associated information without liability if a payment method becomes invalid at renewal. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%204.6.%20Delinquent%20Accounts.,any%20liability%20to%20you. ### data retention — risk unknown > 10. Modification of the Service. Anysphere may modify or discontinue all or any portion of the Service at any time (including by limiting or discontinuing certain features of the Service), temporarily or permanently, without notice to you. Anysphere will have no liability for any change to the Service, including any paid-for functionalities of the Service, or any suspension or termination of your access to or use of the Service. You should retain copies of any Content as needed so that you have access in the event the Service is modified and you lose access to such Content. - Interpretation (disclaimed): Reserves Anysphere's right to modify or discontinue the Service without notice or liability, and advises users to retain their own copies of Content in case access is lost, disclaiming responsibility for content loss. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2010.%20Modification%20of,access%20to%20such%20Content. ### data retention — risk unknown > Anysphere retains your personal data only for as long as necessary to operate the Service effectively and to support legitimate business needs such as legal compliance, safety, dispute resolution, and enforcement of our agreements. The appropriate retention period varies depending on the purpose for which the personal data was collected, its sensitivity, potential risks associated with its use or exposure, and any applicable legal requirements. - Interpretation (disclaimed): Establishes Anysphere's obligation to retain personal data only as long as necessary for service operation and legitimate business needs, and identifies factors that determine the appropriate retention period, including purpose, sensitivity, risk, and legal requirements. - Tier: All - Location: Privacy Policy › “# 4. Retention” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Anysphere%20retains%20your,any%20applicable%20legal%20requirements. ### data retention — risk ambiguous > egitimate business needs such as legal compliance, safety, dispute resolution, and enforcement of our agreements. The appropriate retention period varies depending on the purpose for which the personal data was collected, its sensitivity, potential risks associated with its use or exposure, and any applicable legal requirements. Your settings may also influence how long we keep certain types of data. For instance, some temporary interactions with the Service may not appear in your history and could be stored for a limited duration for purposes related to safety and system monitoring. When personal data is no longer needed, Anysphere and its service providers will follow procedures to delete, erase, de-identify, or anonymize it in compliance with applicable laws. - Interpretation (disclaimed): Indeterminate retention periods create compliance risk under GDPR Art. 13(2)(a) and similar statutes requiring specific or estimable retention durations. The reference to 'settings may also influence' implies some user control but is non-committal. De-identification/anonymization as an alternative to deletion may not satisfy deletion rights under CCPA or GDPR depending on implementation. - Tier: All - Location: Privacy Policy › “# 4. Retention” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=egitimate%20business%20needs%20such,compliance%20with%20applicable%20laws. ### data retention — risk unknown > Your settings may also influence how long we keep certain types of data. For instance, some temporary interactions with the Service may not appear in your history and could be stored for a limited duration for purposes related to safety and system monitoring. - Interpretation (disclaimed): Specifies that user settings influence retention duration and that certain temporary interactions may be stored for a limited period for safety and system monitoring purposes, creating a qualified retention obligation tied to user configuration and operational need. - Tier: All - Location: Privacy Policy › “# 4. Retention” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Your%20settings%20may,safety%20and%20system%20monitoring. ### data retention — risk unknown > Anysphere retains your personal data only for as long as necessary to operate the Service effectively and to support legitimate business needs such as legal compliance, safety, dispute resolution, and enforcement of our agreements. The appropriate retention period varies depending on the purpose for which the personal data was collected, its sensitivity, potential risks associated with its use or exposure, and any applicable legal requirements. - Interpretation (disclaimed): Establishes Anysphere's obligation to retain personal data only as long as necessary for service operation and legitimate business needs (legal compliance, safety, dispute resolution, enforcement), with retention period varying by purpose, sensitivity, risk, and legal requirements. - Tier: All - Location: Privacy Policy › “# 4. Retention” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Anysphere%20retains%20your,any%20applicable%20legal%20requirements. ### subprocessors data sharing — risk medium > We may send you emails concerning our products and services, as well as those of third parties. - Interpretation (disclaimed): This clause implies user contact information may be used in connection with third-party marketing, though the extent of any underlying data sharing is not specified here. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=We%20may%20send%20you,those%20of%20third%20parties. ### subprocessors data sharing — risk medium > Business Transfers: In the event of a merger, acquisition, restructuring, bankruptcy, or other corporate transaction, personal data may be disclosed to counterparties and advisers as part of due diligence or transferred as part of the transaction. - Interpretation (disclaimed): Standard M&A data transfer clause, but users have no control or opt-out right. Post-acquisition, the acquirer's privacy policy may differ materially. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=Business%20Transfers%3A%20In%20the,part%20of%20the%20transaction. ### subprocessors data sharing — risk medium > Business Account Administrators: If you create an account using an email associated with an organization (e.g., your employer), we may disclose account-related information (such as your email address and account status) to that organization. If you're part of a business or enterprise account, administrators may access and manage your use of the Service. - Interpretation (disclaimed): Users on employer-provisioned accounts have reduced privacy expectations. Admins having access to 'use of the Service' is broad and could encompass session content. Individual employees should be aware their activity is visible to organizational admins. - Tier: Enterprise - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=Business%20Account%20Administrators%3A%20If,use%20of%20the%20Service. ### subprocessors data sharing — risk medium > Legal Compliance and Protection of Rights: We may disclose personal data to government authorities or other third parties if we believe doing so is necessary to: (i) comply with applicable laws, regulations, or legal processes, (ii) respond to lawful requests or investigations, (iii) protect the safety, rights, or property of any person, (iv) prevent fraud, security incidents, or other unlawful activity, (v) enforce our Terms of Service or other legal rights, or (vi) protect Anysphere against legal liability. - Interpretation (disclaimed): The enumerated disclosure grounds are standard but the 'protect Anysphere against legal liability' basis effectively allows the company to disclose user data in its own interest in litigation or disputes. No warrant canary or transparency report commitment is mentioned. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=Legal%20Compliance%20and%20Protection,Anysphere%20against%20legal%20liability. ### subprocessors data sharing — risk medium > Affiliates: We may share personal data with affiliates, meaning an entity that controls, is controlled by, or is under common control with, us. They may use personal data in a manner consistent with this Privacy Policy. - Interpretation (disclaimed): Affiliate sharing without requiring separate consent or a more restrictive data use limitation means personal data can flow freely within a corporate family. The policy's broad use purposes effectively apply to all affiliates. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=Affiliates%3A%20We%20may%20share,with%20this%20Privacy%20Policy. ### subprocessors data sharing — risk medium > Service Providers and Business Partners: We may disclose personal data to third-party vendors and service providers who support our business operations and help us deliver and improve the Service. This includes third-party hosting, cloud infrastructure, model, analytics, customer support, safety monitoring, communications, payment processing, compliance services, and IT providers. These parties process personal data only as necessary to perform services on our behalf, consistent with our and your instructions and applicable law. - Interpretation (disclaimed): The inclusion of 'model' providers as a subprocessor category is notable for an AI platform — it means user content may be sent to third-party model APIs. The constraint 'only as necessary' is contractual but not independently verifiable by users. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=Service%20Providers%20and%20Business,instructions%20and%20applicable%20law. ### subprocessors data sharing — risk low > Subprocessors: For commercial uses of the Service where Anysphere acts as a data processor, you can review the third parties we engage on at trust.cursor.com/subprocessors . - Interpretation (disclaimed): Transparency on subprocessors is limited to commercial/enterprise arrangements. Individual/consumer users do not get a formal subprocessor list, which may be a gap for GDPR Article 28 compliance for those users. - Tier: Enterprise - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=Subprocessors%3A%20For%20commercial%20uses,on%20at%20trust.cursor.com%2Fsubprocessors%20. ### subprocessors data sharing — risk unknown > Service Providers and Business Partners: We may disclose personal data to third-party vendors and service providers who support our business operations and help us deliver and improve the Service. This includes third-party hosting, cloud infrastructure, model, analytics, customer support, safety monitoring, communications, payment processing, compliance services, and IT providers. These parties process personal data only as necessary to perform services on our behalf, consistent with our and your instructions and applicable law. - Interpretation (disclaimed): This segment permits disclosure of personal data to third-party vendors and service providers (hosting, cloud, analytics, payment processing, etc.) for business operations, subject to the limitation that these parties process data only as necessary and consistent with instructions and applicable law, establishing both a permission and a contractual constraint on subprocessors. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Service%20Providers%20and,instructions%20and%20applicable%20law. ### subprocessors data sharing — risk unknown > Business Transfers: In the event of a merger, acquisition, restructuring, bankruptcy, or other corporate transaction, personal data may be disclosed to counterparties and advisers as part of due diligence or transferred as part of the transaction. - Interpretation (disclaimed): Grants permission to disclose or transfer personal data to counterparties and advisers in the context of corporate transactions such as mergers, acquisitions, or bankruptcy, establishing a lawful basis for such data sharing. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Business%20Transfers%3A%20In,part%20of%20the%20transaction. ### subprocessors data sharing — risk unknown > Business Account Administrators: If you create an account using an email associated with an organization (e.g., your employer), we may disclose account-related information (such as your email address and account status) to that organization. If you're part of a business or enterprise account, administrators may access and manage your use of the Service. - Interpretation (disclaimed): Permits disclosure of account-related information to the user's organization and grants business account administrators access to manage user activity, establishing organizational data-sharing rights in an enterprise context. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Business%20Account%20Administrators%3A,use%20of%20the%20Service. ### subprocessors data sharing — risk unknown > Other Users and Third Parties You Share Information With: Certain features of the Service may allow you to share Inputs, Suggestions, or other content with other users or third-party applications. Any information you voluntarily share with those parties is subject to their respective terms and privacy policies. - Interpretation (disclaimed): Discloses that information voluntarily shared by users with other users or third-party applications is subject to those parties' own terms and privacy policies, thereby disclaiming Anysphere's responsibility for such downstream data use. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Other%20Users%20and,terms%20and%20privacy%20policies. ### subprocessors data sharing — risk unknown > Subprocessors: For commercial uses of the Service where Anysphere acts as a data processor, you can review the third parties we engage on at trust.cursor.com/subprocessors . - Interpretation (disclaimed): Grants commercial users the right to review the list of third-party subprocessors engaged by Anysphere when it acts as a data processor, directing them to the published subprocessor list at trust.cursor.com/subprocessors. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Subprocessors%3A%20For%20commercial,on%20at%20trust.cursor.com%2Fsubprocessors%20. ### subprocessors data sharing — risk unknown > We may disclose your personal data in the following circumstances: - Interpretation (disclaimed): This segment introduces the circumstances under which personal data may be disclosed to third parties, establishing the framework for data sharing disclosures that follow. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20may%20disclose,in%20the%20following%20circumstances%3A ### subprocessors data sharing — risk unknown > Business Transfers: In the event of a merger, acquisition, restructuring, bankruptcy, or other corporate transaction, personal data may be disclosed to counterparties and advisers as part of due diligence or transferred as part of the transaction. - Interpretation (disclaimed): This segment permits disclosure of personal data to counterparties and advisers in the context of corporate transactions such as mergers, acquisitions, or restructuring, identifying a permitted basis for data transfer. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Business%20Transfers%3A%20In,part%20of%20the%20transaction. ### subprocessors data sharing — risk unknown > Legal Compliance and Protection of Rights: We may disclose personal data to government authorities or other third parties if we believe doing so is necessary to: (i) comply with applicable laws, regulations, or legal processes, (ii) respond to lawful requests or investigations, (iii) protect the safety, rights, or property of any person, (iv) prevent fraud, security incidents, or other unlawful activity, (v) enforce our Terms of Service or other legal rights, or (vi) protect Anysphere against legal liability. - Interpretation (disclaimed): This segment permits disclosure of personal data to government authorities or third parties for legal compliance, safety, fraud prevention, rights enforcement, and liability protection purposes, identifying multiple permitted bases for disclosure. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Legal%20Compliance%20and,Anysphere%20against%20legal%20liability. ### subprocessors data sharing — risk unknown > Affiliates: We may share personal data with affiliates, meaning an entity that controls, is controlled by, or is under common control with, us. They may use personal data in a manner consistent with this Privacy Policy. - Interpretation (disclaimed): This segment permits sharing of personal data with corporate affiliates and defines 'affiliates' as entities under common control, establishing a permitted sharing arrangement with a definitional component. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Affiliates%3A%20We%20may,with%20this%20Privacy%20Policy. ### subprocessors data sharing — risk unknown > With Your Consent: We may disclose personal data when you give us permission to do so, including through features of the Service that are designed to share information. - Interpretation (disclaimed): This segment permits Anysphere to disclose personal data when the user has given explicit consent, including through Service features designed to share information, establishing consent as a basis for disclosure. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20With%20Your%20Consent%3A,designed%20to%20share%20information. ### subprocessors data sharing — risk unknown > Subprocessors: For commercial uses of the Service where Anysphere acts as a data processor, you can review the third parties we engage on at trust.cursor.com/subprocessors . - Interpretation (disclaimed): Imposes an obligation on Anysphere to disclose the list of third-party subprocessors engaged for commercial data processing, directing users to a specific URL for review, which is a core subprocessor transparency requirement under data processor relationships. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Subprocessors%3A%20For%20commercial,on%20at%20trust.cursor.com%2Fsubprocessors%20. ### subprocessors data sharing — risk unknown > 4.3. Payment Processing. To facilitate payment for the Service via bank account, credit card, or debit card, we use Stripe, Inc. and its affiliates (“ Stripe ”), a third-party payment processor. These payment processing services are provided by Stripe and are subject to the Stripe terms and conditions and other policies available at https://stripe.com/legal and Stripe’s Global Privacy Policy available at: https://stripe.com/privacy (collectively, the " Stripe Agreements "). By agreeing to these Terms, users that use the payment functions of the Service also agree to be bound by the Stripe Agreements, as the same may be modified by Stripe from time to time. You hereby authorize Stripe to store and continue billing your specified payment method even after such payment method has expired, to avoid interruptions in payment for your use of the Service. Please contact Stripe for more information. Anysphere assumes no liability or responsibility for any payments you make through the Service. - Interpretation (disclaimed): Identifies Stripe as a third-party payment subprocessor, incorporates the Stripe Agreements by reference, and obligates users who use payment functions to be bound by those agreements. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%204.3.%20Payment%20Processing.,make%20through%20the%20Service. ### subprocessors data sharing — risk unknown > 6. Third-Party Services. The Service may include or incorporate optional third-party services, including without limitation extensions and plug-ins that you may install yourself (“ Third-Party Services ”). Anysphere will clearly indicate such content or features as Third-Party Services via prominent notices or descriptions in the Service. If you elect, in your sole discretion, to access or use a Third-Party Service, your access and use of the Third-Party Service is subject to the terms provided by that Third-Party Service, and you remain responsible for complying with those terms. Anysphere does not make any representations or warranties with respect to Third-Party Services. - Interpretation (disclaimed): Describes Third-Party Services integrated into the platform, clarifies that their use is governed by the third party's terms, and disclaims Anysphere's responsibility for those services. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%206.%20Third-Party%20Services.,respect%20to%20Third-Party%20Services. ### subprocessors data sharing — risk unknown > 4.3. Payment Processing. To facilitate payment for the Service via bank account, credit card, or debit card, we use Stripe, Inc. and its affiliates (“ Stripe ”), a third-party payment processor. These payment processing services are provided by Stripe and are subject to the Stripe terms and conditions and other policies available at https://stripe.com/legal and Stripe’s Global Privacy Policy available at: https://stripe.com/privacy (collectively, the " Stripe Agreements "). By agreeing to these Terms, users that use the payment functions of the Service also agree to be bound by the Stripe Agreements, as the same may be modified by Stripe from time to time. You hereby authorize Stripe to store and continue billing your specified payment method even after such payment method has expired, to avoid interruptions in payment for your use of the Service. Please contact Stripe for more information. Anysphere assumes no liability or responsibility for any payments you make through the Service. - Interpretation (disclaimed): Identifies Stripe as a third-party payment subprocessor, incorporates the Stripe Agreements (including Stripe's Privacy Policy) by reference as binding on users who use payment functions, and discloses the data-sharing relationship with Stripe. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%204.3.%20Payment%20Processing.,make%20through%20the%20Service. ### subprocessors data sharing — risk unknown > 6. Third-Party Services. The Service may include or incorporate optional third-party services, including without limitation extensions and plug-ins that you may install yourself (“ Third-Party Services ”). Anysphere will clearly indicate such content or features as Third-Party Services via prominent notices or descriptions in the Service. If you elect, in your sole discretion, to access or use a Third-Party Service, your access and use of the Third-Party Service is subject to the terms provided by that Third-Party Service, and you remain responsible for complying with those terms. Anysphere does not make any representations or warranties with respect to Third-Party Services. - Interpretation (disclaimed): Discloses that Third-Party Services may be incorporated into the Service, clarifies that their terms govern user access, and disclaims Anysphere's responsibility for the practices or content of those third-party providers. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%206.%20Third-Party%20Services.,respect%20to%20Third-Party%20Services. ### subprocessors data sharing — risk unknown > Service Providers and Business Partners: We may disclose personal data to third-party vendors and service providers who support our business operations and help us deliver and improve the Service. This includes third-party hosting, cloud infrastructure, model, analytics, customer support, safety monitoring, communications, payment processing, compliance services, and IT providers. These parties process personal data only as necessary to perform services on our behalf, consistent with our and your instructions and applicable law. - Interpretation (disclaimed): This segment permits Anysphere to disclose personal data to third-party service providers and business partners for business operations and Service delivery, and imposes a restriction that such parties process data only as necessary consistent with instructions and applicable law. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Service%20Providers%20and,instructions%20and%20applicable%20law. ### subprocessors data sharing — risk unknown > We may disclose your personal data in the following circumstances: - Interpretation (disclaimed): This segment introduces the circumstances under which Anysphere may disclose personal data to third parties, establishing the legal framework for third-party sharing obligations and permissions. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20We%20may%20disclose,in%20the%20following%20circumstances%3A ### subprocessors data sharing — risk unknown > Legal Compliance and Protection of Rights: We may disclose personal data to government authorities or other third parties if we believe doing so is necessary to: (i) comply with applicable laws, regulations, or legal processes, (ii) respond to lawful requests or investigations, (iii) protect the safety, rights, or property of any person, (iv) prevent fraud, security incidents, or other unlawful activity, (v) enforce our Terms of Service or other legal rights, or (vi) protect Anysphere against legal liability. - Interpretation (disclaimed): Grants permission to disclose personal data to government authorities or third parties for legal compliance, safety, fraud prevention, rights enforcement, and liability protection, defining the scope of permissible disclosures outside normal business operations. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Legal%20Compliance%20and,Anysphere%20against%20legal%20liability. ### subprocessors data sharing — risk unknown > Business Account Administrators: If you create an account using an email associated with an organization (e.g., your employer), we may disclose account-related information (such as your email address and account status) to that organization. If you're part of a business or enterprise account, administrators may access and manage your use of the Service. - Interpretation (disclaimed): This segment permits Anysphere to disclose account-related information to the organization associated with a user's email and permits business account administrators to access and manage user data, establishing permitted sharing within enterprise account structures. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Business%20Account%20Administrators%3A,use%20of%20the%20Service. ### subprocessors data sharing — risk unknown > Third-Party Services and Integrations: The Service may include integrations with or links to third-party websites, applications, or services. If you choose to interact with these third parties, your personal data may be disclosed to them directly and governed by their own terms and privacy policies. Our linking or integrating with a third party does not imply endorsement or affiliation. - Interpretation (disclaimed): Discloses that personal data may be shared with third-party services upon user interaction and disclaims responsibility by noting that such data is governed by the third party's own terms, limiting Anysphere's liability for third-party data handling. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Third-Party%20Services%20and,imply%20endorsement%20or%20affiliation. ### subprocessors data sharing — risk unknown > Affiliates: We may share personal data with affiliates, meaning an entity that controls, is controlled by, or is under common control with, us. They may use personal data in a manner consistent with this Privacy Policy. - Interpretation (disclaimed): Permits sharing of personal data with affiliated entities under common control, and defines the scope of permitted use as consistent with the Privacy Policy, establishing both a sharing permission and a use restriction on affiliates. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Affiliates%3A%20We%20may,with%20this%20Privacy%20Policy. ### subprocessors data sharing — risk unknown > Third-Party Services and Integrations: The Service may include integrations with or links to third-party websites, applications, or services. If you choose to interact with these third parties, your personal data may be disclosed to them directly and governed by their own terms and privacy policies. Our linking or integrating with a third party does not imply endorsement or affiliation. - Interpretation (disclaimed): This segment discloses that the Service may include third-party integrations and that personal data shared with those parties is governed by their own terms and policies, disclaiming Anysphere's responsibility for third-party data handling and noting no endorsement is implied. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Third-Party%20Services%20and,imply%20endorsement%20or%20affiliation. ### subprocessors data sharing — risk unknown > Other Users and Third Parties You Share Information With: Certain features of the Service may allow you to share Inputs, Suggestions, or other content with other users or third-party applications. Any information you voluntarily share with those parties is subject to their respective terms and privacy policies. - Interpretation (disclaimed): This segment discloses that information voluntarily shared by users with other users or third-party applications through Service features is governed by those parties' terms and policies, disclaiming Anysphere's responsibility for such onward sharing. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Other%20Users%20and,terms%20and%20privacy%20policies. ### subprocessors data sharing — risk unknown > With Your Consent: We may disclose personal data when you give us permission to do so, including through features of the Service that are designed to share information. - Interpretation (disclaimed): Permits disclosure of personal data to third parties when the user provides explicit consent, establishing consent as a lawful basis for data sharing not otherwise covered by enumerated categories. - Tier: All - Location: Privacy Policy › “# 3. How we share personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20With%20Your%20Consent%3A,designed%20to%20share%20information. ### subprocessors data sharing — risk ambiguous > When personal data is no longer needed, Anysphere and its service providers will follow procedures to delete, erase, de-identify, or anonymize it in compliance with applicable laws. - Interpretation (disclaimed): GDPR Art. 28 requires data processing agreements with sub-processors and obliges controllers to impose equivalent data protection obligations. The vague reference to 'service providers' without enumeration or commitment to DPAs reduces transparency. 'Will follow procedures' is a process commitment, not a result commitment. - Tier: All - Location: Privacy Policy › “# 4. Retention” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=When%20personal%20data%20is,compliance%20with%20applicable%20laws. ### audit rights dpa residency — risk medium > Anysphere processes your personal data for the purposes described in this Privacy Policy on servers located in various jurisdictions, including in the United States. While data protection laws vary by country, we apply the protections outlined in this policy to your personal data regardless of where it is processed, and we only transfer data in accordance with legally valid transfer mechanisms. For users in the European Economic Area, (“EEA”), when you access our Service, your personal data may be transferred to our United States servers to other countries outside the EEA and the UK. Where information is transferred outside the EEA or the UK, we require an adequate level of data protection. - Interpretation (disclaimed): EEA and UK users face cross-border data transfers to the US and 'other countries,' which may have lower data protection standards. The policy does not specify which transfer mechanisms are used (e.g., Standard Contractual Clauses), limiting user ability to assess adequacy of protection. No data residency options are offered. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=Anysphere%20processes%20your%20personal,level%20of%20data%20protection. ### audit rights dpa residency — risk unknown > Anysphere processes your personal data for the purposes described in this Privacy Policy on servers located in various jurisdictions, including in the United States. While data protection laws vary by country, we apply the protections outlined in this policy to your personal data regardless of where it is processed, and we only transfer data in accordance with legally valid transfer mechanisms. For users in the European Economic Area, (“EEA”), when you access our Service, your personal data may be transferred to our United States servers to other countries outside the EEA and the UK. Where information is transferred outside the EEA or the UK, we require an adequate level of data protection. - Interpretation (disclaimed): Discloses that personal data is processed on servers in various jurisdictions including the US, and establishes an obligation to apply consistent protections and use legally valid transfer mechanisms for cross-border data transfers, with specific reference to EEA and UK users. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Anysphere%20processes%20your,level%20of%20data%20protection. ### audit rights dpa residency — risk unknown > Some jurisdictions require specific disclosures regarding how we handle your personal data. The table below supplements this Privacy Policy by providing additional details about the purpose of data collection, type of data collected, and legal basis. For more information, see “Personal data we collect,” “How we use personal data,” and “Retention” above. - Interpretation (disclaimed): States that jurisdiction-specific disclosures supplement the main Privacy Policy and cross-references earlier sections on data collection, use, and retention, incorporating those provisions by reference into the jurisdiction-specific framework. - Tier: All - Location: Privacy Policy › “# 7. Jurisdiction-Specific Disclosures” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Some%20jurisdictions%20require,data%2C%E2%80%9D%20and%20%E2%80%9CRetention%E2%80%9D%20above. ### audit rights dpa residency — risk unknown > Some jurisdictions require specific disclosures regarding how we handle your personal data. The table below supplements this Privacy Policy by providing additional details about the purpose of data collection, type of data collected, and legal basis. For more information, see “Personal data we collect,” “How we use personal data,” and “Retention” above. - Interpretation (disclaimed): Incorporates and supplements the main Privacy Policy with jurisdiction-specific disclosure requirements, cross-referencing other sections on data collection, use, and retention to satisfy local legal obligations regarding transparency. - Tier: All - Location: Privacy Policy › “# 7. Jurisdiction-Specific Disclosures” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Some%20jurisdictions%20require,data%2C%E2%80%9D%20and%20%E2%80%9CRetention%E2%80%9D%20above. ### audit rights dpa residency — risk unknown > Anysphere processes your personal data for the purposes described in this Privacy Policy on servers located in various jurisdictions, including in the United States. While data protection laws vary by country, we apply the protections outlined in this policy to your personal data regardless of where it is processed, and we only transfer data in accordance with legally valid transfer mechanisms. For users in the European Economic Area, (“EEA”), when you access our Service, your personal data may be transferred to our United States servers to other countries outside the EEA and the UK. Where information is transferred outside the EEA or the UK, we require an adequate level of data protection. - Interpretation (disclaimed): Describes the geographic scope of data processing including cross-border transfers to the United States and other countries, and imposes an obligation to use legally valid transfer mechanisms for EEA and UK users, establishing residency and transfer compliance obligations. - Tier: All - Location: Privacy Policy › “# 6. Your rights and choices” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20Anysphere%20processes%20your,level%20of%20data%20protection. ### indemnity liability — risk high > We may assign these Terms and all rights granted under these Terms, including with respect to your Content, at any time without notice or consent. - Interpretation (disclaimed): Unilateral assignment rights allow Anysphere to transfer all contractual rights, including those over user Content, to an unknown successor or acquirer without user knowledge or approval, creating significant risk exposure. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=We%20may%20assign%20these,without%20notice%20or%20consent. ### indemnity liability — risk high > To the fullest extent permitted by law, you are responsible for your use of the Service, and you will defend and indemnify Anysphere, its affiliates and each of their respective shareholders, directors, managers, members, officers, employees, consultants, and agents (together, the “ Anysphere Entities ”) from and against any and all liabilities, claims, damages, expenses (including reasonable attorneys’ fees), and other losses arising out of or relating to: (1) your unauthorized use of, or misuse of, the Service; (2) your violation of any portion of these Terms, any representation, warranty, or agreement referenced in these Terms, or any applicable law or regulation; and (3) any claim that your Input violates any third-party intellectual property, publicity, confidentiality, privacy, or other rights. We reserve the right, at our own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you (without limiting your indemnification obligations with respect to that matter), and in that case, you agree to cooperate with our defense of those claims. - Interpretation (disclaimed): User bears full indemnification obligation for a wide range of claims including third-party IP infringement stemming from inputs. Platform's right to assume control of defense without limiting user's financial obligation is particularly one-sided. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=To%20the%20fullest%20extent,defense%20of%20those%20claims. ### indemnity liability — risk high > THE SERVICE AND SUGGESTIONS ARE PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS. ANYSPHERE DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, RELATING TO THE SERVICE AND SUGGESTIONS, INCLUDING: (a) ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET ENJOYMENT, OR NON-INFRINGEMENT; AND (b) ANY WARRANTY ARISING OUT OF COURSE OF DEALING, USAGE, OR TRADE. ANYSPHERE DOES NOT WARRANT THAT THE SERVICE OR SUGGESTIONS WILL BE UNINTERRUPTED, SECURE, OR FREE OF ERRORS, VIRUSES, OR OTHER HARMFUL COMPONENTS, AND ANYSPHERE DOES NOT WARRANT THAT ANY OF THOSE ISSUES WILL BE CORRECTED. YOU AGREE THAT ANY USE OF SUGGESTIONS FROM OUR SERVICE IS AT YOUR SOLE RISK AND YOU WILL NOT RELY ON ANY SUGGESTION AS A SOURCE OF TRUTH. - Interpretation (disclaimed): Comprehensive warranty disclaimer eliminates any implied guarantees about service quality, security, or output reliability. Users cannot rely on outputs as factually accurate, which is significant for a code-generation AI tool. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=THE%20SERVICE%20AND%20SUGGESTIONS,A%20SOURCE%20OF%20TRUTH. ### indemnity liability — risk high > TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL THE ANYSPHERE ENTITIES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, OR ANY OTHER INTANGIBLE LOSS) ARISING OUT OF OR RELATING TO THESE TERMS, THE SERVICE, OR CONTENT, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT ANY ANYSPHERE ENTITY HAS BEEN INFORMED OF THE POSSIBILITY OF DAMAGE. - Interpretation (disclaimed): Excludes the full spectrum of consequential damages across all legal theories. For business users relying on the service, this means no recovery for lost revenue or data losses caused by the platform. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=TO%20THE%20FULLEST%20EXTENT,THE%20POSSIBILITY%20OF%20DAMAGE. ### indemnity liability — risk high > TO THE FULLEST EXTENT PERMITTED BY LAW, THE AGGREGATE LIABILITY OF THE ANYSPHERE ENTITIES TO YOU FOR ALL CLAIMS, DAMAGES AND LOSSES ARISING OUT OF OR RELATING TO THESE TERMS, THE SERVICE, AND CONTENT, WHETHER IN CONTRACT, TORT, OR OTHERWISE, IS LIMITED TO THE GREATER OF: (A) THE AMOUNT YOU HAVE PAID TO ANYSPHERE FOR ACCESS TO AND USE OF THE SERVICE IN THE SIX (6) MONTHS PRIOR TO THE EVENT OR CIRCUMSTANCE GIVING RISE TO THE CLAIM OR, IF GREATER, (B) $100. THE FOREGOING LIMITATIONS ARE ESSENTIAL TO THESE TERMS, AND WE WOULD NOT OFFER THE SERVICE TO YOU UNDER THESE TERMS WITHOUT THESE LIMITATIONS. THE LIMITATIONS IN THIS SECTION WILL APPLY EVEN IF ANY LIMITED REMEDY FAILS OF ITS ESSENTIAL - Interpretation (disclaimed): Extremely low liability cap limits user recovery to a minimal monetary amount regardless of actual harm. The 'fails of its essential purpose' override removes a common consumer protection backstop. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=TO%20THE%20FULLEST%20EXTENT,OF%20ITS%20ESSENTIAL%20 ### indemnity liability — risk unknown > 1.7. Auto-Code Execution. The Service may include a feature that automatically executes code Suggestions without manual review or confirmation, and will be clearly labeled accordingly. By enabling this feature, you acknowledge and agree that you are assuming all risks associated with the execution of automatically generated code, including without limitation system outages, software defects, data loss, and security vulnerabilities. YOU ARE SOLELY RESPONSIBLE FOR ANY IMPACT RESULTING FROM USE OF THIS FEATURE, INCLUDING ENSURING APPROPRIATE SAFEGUARDS, TESTING, AND MONITORING ARE IN PLACE. - Interpretation (disclaimed): Discloses risks of the auto-code execution feature and places sole responsibility on the user for any resulting impacts, including system outages, data loss, and security vulnerabilities, effectively disclaiming Anysphere's liability for consequences of this feature. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%201.7.%20Auto-Code%20Execution.,MONITORING%20ARE%20IN%20PLACE. ### indemnity liability — risk unknown > 13. Indemnity. To the fullest extent permitted by law, you are responsible for your use of the Service, and you will defend and indemnify Anysphere, its affiliates and each of their respective shareholders, directors, managers, members, officers, employees, consultants, and agents (together, the “ Anysphere Entities ”) from and against any and all liabilities, claims, damages, expenses (including reasonable attorneys’ fees), and other losses arising out of or relating to: (1) your unauthorized use of, or misuse of, the Service; (2) your violation of any portion of these Terms, any representation, warranty, or agreement referenced in these Terms, or any applicable law or regulation; and (3) any claim that your Input violates any third-party intellectual property, publicity, confidentiality, privacy, or other rights. We reserve the right, at our own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you (without limiting your indemnification obligations with respect to that matter), and in that case, you agree to cooperate with our defense of those claims. - Interpretation (disclaimed): This segment imposes a broad indemnification obligation on the user to defend and hold harmless Anysphere and its affiliates against all liabilities, claims, and expenses arising from unauthorized use, misuse, or violation of the Terms, creating a significant financial and legal duty on the user. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2013.%20Indemnity.%20To,defense%20of%20those%20claims. ### indemnity liability — risk unknown > 14. DISCLAIMER OF WARRANTIES. THE SERVICE AND SUGGESTIONS ARE PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS. ANYSPHERE DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, RELATING TO THE SERVICE AND SUGGESTIONS, INCLUDING: (a) ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET ENJOYMENT, OR NON-INFRINGEMENT; AND (b) ANY WARRANTY ARISING OUT OF COURSE OF DEALING, USAGE, OR TRADE. ANYSPHERE DOES NOT WARRANT THAT THE SERVICE OR SUGGESTIONS WILL BE UNINTERRUPTED, SECURE, OR FREE OF ERRORS, VIRUSES, OR OTHER HARMFUL COMPONENTS, AND ANYSPHERE DOES NOT WARRANT THAT ANY OF THOSE ISSUES WILL BE CORRECTED. YOU AGREE THAT ANY USE OF SUGGESTIONS FROM OUR SERVICE IS AT YOUR SOLE RISK AND YOU WILL NOT RELY ON ANY SUGGESTION AS A SOURCE OF TRUTH. THE LAWS OF SOME JURISDICTIONS DO NOT ALLOW THE DISCLAIMER OF IMPLIED WARRANTIES, SO SOME OR ALL OF THESE DISCLAIMERS MAY NOT APPLY TO YOU. - Interpretation (disclaimed): This segment disclaims all express and implied warranties regarding the Service and Suggestions, including merchantability, fitness for purpose, and non-infringement, limiting Anysphere's legal exposure for service quality and outcomes. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2014.%20DISCLAIMER%20OF,NOT%20APPLY%20TO%20YOU. ### indemnity liability — risk unknown > 15. LIMITATION OF LIABILITY - Interpretation (disclaimed): This segment is a section heading that introduces the limitation of liability provisions, serving as a structural reference point that defines the scope of the following clauses. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2015.%20LIMITATION%20OF%20LIABILITY%20 ### indemnity liability — risk unknown > 15.1. NO INDIRECT DAMAGES. TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL THE ANYSPHERE ENTITIES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, OR ANY OTHER INTANGIBLE LOSS) ARISING OUT OF OR RELATING TO THESE TERMS, THE SERVICE, OR CONTENT, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT ANY ANYSPHERE ENTITY HAS BEEN INFORMED OF THE POSSIBILITY OF DAMAGE. - Interpretation (disclaimed): This segment excludes indirect, incidental, special, consequential, and punitive damages from Anysphere's liability to the fullest extent permitted by law, significantly restricting the user's available remedies for losses arising from the Terms or Service. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2015.1.%20NO%20INDIRECT,THE%20POSSIBILITY%20OF%20DAMAGE. ### indemnity liability — risk unknown > 15.2. LIABILITY CAP. TO THE FULLEST EXTENT PERMITTED BY LAW, THE AGGREGATE LIABILITY OF THE ANYSPHERE ENTITIES TO YOU FOR ALL CLAIMS, DAMAGES AND LOSSES ARISING OUT OF OR RELATING TO THESE TERMS, THE SERVICE, AND CONTENT, WHETHER IN CONTRACT, TORT, OR OTHERWISE, IS LIMITED TO THE GREATER OF: (A) THE AMOUNT YOU HAVE PAID TO ANYSPHERE FOR ACCESS TO AND USE OF THE SERVICE IN THE SIX (6) MONTHS PRIOR TO THE EVENT OR CIRCUMSTANCE GIVING RISE TO THE CLAIM OR, IF GREATER, (B) $100. THE FOREGOING LIMITATIONS ARE ESSENTIAL TO THESE TERMS, AND WE WOULD NOT OFFER THE SERVICE TO YOU UNDER THESE TERMS WITHOUT THESE LIMITATIONS. THE LIMITATIONS IN THIS SECTION WILL APPLY EVEN IF ANY LIMITED REMEDY FAILS OF ITS ESSENTIAL PURPOSE. - Interpretation (disclaimed): This segment caps Anysphere's aggregate liability to the greater of amounts paid in the prior six months or $100, establishing a monetary ceiling on the user's ability to recover damages and declaring this cap essential to the agreement. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2015.2.%20LIABILITY%20CAP.,OF%20ITS%20ESSENTIAL%20PURPOSE. ### indemnity liability — risk unknown > 1.7. Auto-Code Execution. The Service may include a feature that automatically executes code Suggestions without manual review or confirmation, and will be clearly labeled accordingly. By enabling this feature, you acknowledge and agree that you are assuming all risks associated with the execution of automatically generated code, including without limitation system outages, software defects, data loss, and security vulnerabilities. YOU ARE SOLELY RESPONSIBLE FOR ANY IMPACT RESULTING FROM USE OF THIS FEATURE, INCLUDING ENSURING APPROPRIATE SAFEGUARDS, TESTING, AND MONITORING ARE IN PLACE. - Interpretation (disclaimed): Shifts all risk of auto-executed code to the user by disclaiming Anysphere's liability and placing sole responsibility on the user for system outages, data loss, security vulnerabilities, and other impacts arising from enabling the auto-code execution feature. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%201.7.%20Auto-Code%20Execution.,MONITORING%20ARE%20IN%20PLACE. ### indemnity liability — risk unknown > 4.6. Delinquent Accounts. Anysphere may suspend or terminate access to the Service, including fee-based portions of the Service, for any account for which any amount is due but unpaid. In addition to the amount due for the Service, a delinquent account will be charged with fees or charges that are incidental to any chargeback or collection of any unpaid amount, including collection fees. If your payment method is no longer valid at the time a renewal Subscription Fee is due, then Anysphere reserves the right to delete your account and any information associated with your account without any liability to you. - Interpretation (disclaimed): Grants Anysphere the remedy of suspending or terminating access and charging collection fees for delinquent accounts, and reserves the right to delete the account and associated information without liability if a payment method is invalid at renewal. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%204.6.%20Delinquent%20Accounts.,any%20liability%20to%20you. ### indemnity liability — risk unknown > 10. Modification of the Service. Anysphere may modify or discontinue all or any portion of the Service at any time (including by limiting or discontinuing certain features of the Service), temporarily or permanently, without notice to you. Anysphere will have no liability for any change to the Service, including any paid-for functionalities of the Service, or any suspension or termination of your access to or use of the Service. You should retain copies of any Content as needed so that you have access in the event the Service is modified and you lose access to such Content. - Interpretation (disclaimed): Reserves Anysphere's right to modify or discontinue any part of the Service at any time without notice and disclaims all liability for changes, suspensions, or terminations including to paid features, placing responsibility on users to retain copies of their Content. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2010.%20Modification%20of,access%20to%20such%20Content. ### indemnity liability — risk unknown > 13. Indemnity. To the fullest extent permitted by law, you are responsible for your use of the Service, and you will defend and indemnify Anysphere, its affiliates and each of their respective shareholders, directors, managers, members, officers, employees, consultants, and agents (together, the “ Anysphere Entities ”) from and against any and all liabilities, claims, damages, expenses (including reasonable attorneys’ fees), and other losses arising out of or relating to: (1) your unauthorized use of, or misuse of, the Service; (2) your violation of any portion of these Terms, any representation, warranty, or agreement referenced in these Terms, or any applicable law or regulation; and (3) any claim that your Input violates any third-party intellectual property, publicity, confidentiality, privacy, or other rights. We reserve the right, at our own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you (without limiting your indemnification obligations with respect to that matter), and in that case, you agree to cooperate with our defense of those claims. - Interpretation (disclaimed): Imposes a broad indemnification obligation on the user to defend and hold harmless Anysphere and its affiliates against all claims, damages, and expenses arising from the user's misuse, violations of Terms, or other enumerated conduct. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2013.%20Indemnity.%20To,defense%20of%20those%20claims. ### indemnity liability — risk unknown > 14. DISCLAIMER OF WARRANTIES. THE SERVICE AND SUGGESTIONS ARE PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS. ANYSPHERE DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, RELATING TO THE SERVICE AND SUGGESTIONS, INCLUDING: (a) ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET ENJOYMENT, OR NON-INFRINGEMENT; AND (b) ANY WARRANTY ARISING OUT OF COURSE OF DEALING, USAGE, OR TRADE. ANYSPHERE DOES NOT WARRANT THAT THE SERVICE OR SUGGESTIONS WILL BE UNINTERRUPTED, SECURE, OR FREE OF ERRORS, VIRUSES, OR OTHER HARMFUL COMPONENTS, AND ANYSPHERE DOES NOT WARRANT THAT ANY OF THOSE ISSUES WILL BE CORRECTED. YOU AGREE THAT ANY USE OF SUGGESTIONS FROM OUR SERVICE IS AT YOUR SOLE RISK AND YOU WILL NOT RELY ON ANY SUGGESTION AS A SOURCE OF TRUTH. THE LAWS OF SOME JURISDICTIONS DO NOT ALLOW THE DISCLAIMER OF IMPLIED WARRANTIES, SO SOME OR ALL OF THESE DISCLAIMERS MAY NOT APPLY TO YOU. - Interpretation (disclaimed): Disclaims all express and implied warranties regarding the Service and Suggestions, including merchantability, fitness for purpose, and non-infringement, and disclaim that the Service will be uninterrupted, secure, or error-free. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2014.%20DISCLAIMER%20OF,NOT%20APPLY%20TO%20YOU. ### indemnity liability — risk unknown > 15.1. NO INDIRECT DAMAGES. TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL THE ANYSPHERE ENTITIES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, OR ANY OTHER INTANGIBLE LOSS) ARISING OUT OF OR RELATING TO THESE TERMS, THE SERVICE, OR CONTENT, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT ANY ANYSPHERE ENTITY HAS BEEN INFORMED OF THE POSSIBILITY OF DAMAGE. - Interpretation (disclaimed): Limits Anysphere's liability by excluding all indirect, incidental, special, consequential, and punitive damages arising from the Terms, Service, or Content regardless of legal theory or prior notice of potential damage. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2015.1.%20NO%20INDIRECT,THE%20POSSIBILITY%20OF%20DAMAGE. ### indemnity liability — risk unknown > 15.2. LIABILITY CAP. TO THE FULLEST EXTENT PERMITTED BY LAW, THE AGGREGATE LIABILITY OF THE ANYSPHERE ENTITIES TO YOU FOR ALL CLAIMS, DAMAGES AND LOSSES ARISING OUT OF OR RELATING TO THESE TERMS, THE SERVICE, AND CONTENT, WHETHER IN CONTRACT, TORT, OR OTHERWISE, IS LIMITED TO THE GREATER OF: (A) THE AMOUNT YOU HAVE PAID TO ANYSPHERE FOR ACCESS TO AND USE OF THE SERVICE IN THE SIX (6) MONTHS PRIOR TO THE EVENT OR CIRCUMSTANCE GIVING RISE TO THE CLAIM OR, IF GREATER, (B) $100. THE FOREGOING LIMITATIONS ARE ESSENTIAL TO THESE TERMS, AND WE WOULD NOT OFFER THE SERVICE TO YOU UNDER THESE TERMS WITHOUT THESE LIMITATIONS. THE LIMITATIONS IN THIS SECTION WILL APPLY EVEN IF ANY LIMITED REMEDY FAILS OF ITS ESSENTIAL PURPOSE. - Interpretation (disclaimed): Caps Anysphere's aggregate liability for all claims to the greater of fees paid in the prior six months or $100, and states this cap is essential to the agreement and a condition of offering the Service. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2015.2.%20LIABILITY%20CAP.,OF%20ITS%20ESSENTIAL%20PURPOSE. ### confidentiality — risk medium > 16.6. Confidentiality. All aspects of the arbitration proceeding, and any ruling, decision, or award by the arbitrator, will be strictly confidential for the benefit of all parties. - Interpretation (disclaimed): Confidentiality of arbitration proceedings and awards prevents information sharing among users about patterns of platform misconduct, which can benefit the platform disproportionately as a repeat participant. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=16.6.%20Confidentiality.%20All%20aspects,benefit%20of%20all%20parties. ### confidentiality — risk medium > All aspects of the arbitration proceeding, and any ruling, decision, or award by the arbitrator, will be strictly confidential for the benefit of all parties. - Interpretation (disclaimed): Confidentiality in arbitration favors repeat players (the platform) over one-time users by preventing precedent-building and shielding adverse awards from public scrutiny. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=All%20aspects%20of%20the,benefit%20of%20all%20parties. ### confidentiality — risk unknown > 16.6. Confidentiality. All aspects of the arbitration proceeding, and any ruling, decision, or award by the arbitrator, will be strictly confidential for the benefit of all parties. - Interpretation (disclaimed): This segment imposes a strict confidentiality obligation on all aspects of the arbitration proceeding, including any ruling, decision, or award, benefiting all parties to the arbitration. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.6.%20Confidentiality.%20All,benefit%20of%20all%20parties. ### confidentiality — risk unknown > 16.6. Confidentiality. All aspects of the arbitration proceeding, and any ruling, decision, or award by the arbitrator, will be strictly confidential for the benefit of all parties. - Interpretation (disclaimed): Imposes a strict confidentiality obligation on all parties with respect to all aspects of the arbitration proceeding, including any ruling, decision, or award issued by the arbitrator. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.6.%20Confidentiality.%20All,benefit%20of%20all%20parties. ### governing law disputes — risk high > THE OTHER ONLY ON AN INDIVIDUAL BASIS AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE ACTION OR PROCEEDING. UNLESS BOTH YOU AND ANYSPHERE AGREE OTHERWISE, THE ARBITRATOR MAY NOT CONSOLIDATE OR JOIN MORE THAN ONE PERSON’S OR PARTY’S CLAIMS AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A CONSOLIDATED, REPRESENTATIVE, OR CLASS PROCEEDING. ALSO, THE ARBITRATOR MAY AWARD RELIEF (INCLUDING MONETARY, INJUNCTIVE, AND DECLARATORY RELIEF) ONLY IN FAVOR OF THE INDIVIDUAL PARTY SEEKING RELIEF AND ONLY TO THE EXTENT NECESSARY TO PROVIDE RELIEF NECESSITATED BY THAT PARTY’S INDIVIDUAL CLAIM(S), EXCEPT THAT YOU MAY PURSUE A CLAIM FOR AND THE ARBITRATOR MAY AWARD PUBLIC INJUNCTIVE RELIEF UNDER APPLICABLE LAW TO THE EXTENT REQUIRED FOR THE ENFORCEABILITY OF THIS PROVISION. - Interpretation (disclaimed): This clause strips users of the right to participate in class or representative proceedings, significantly limiting remedies available for widespread harms. Arbitration on an individual basis substantially reduces practical recourse for lower-value claims. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=THE%20OTHER%20ONLY%20ON,ENFORCEABILITY%20OF%20THIS%20PROVISION. ### governing law disputes — risk high > You agree that any and all disputes or claims that have arisen or may arise between you and Anysphere, whether arising out of or relating to these Terms (including any alleged breach thereof), the Service, any advertising, or any aspect of the relationship or transactions between us, will be resolved exclusively through final and binding arbitration, rather than a court, in accordance with the terms of this Arbitration Agreement, except that you may assert individual claims in small claims court, if your claims qualify. Further, this Arbitration Agreement does not preclude you from bringing issues to the attention of federal, state, or local agencies, and such agencies can, if the law allows, seek relief against us on your behalf. You agree that, by entering into these Terms, you and Anysphere are each waiving the right to a trial by jury or to participate in a class action. Your rights will be determined by a neutral arbitrator, not a judge or jury. The Federal Arbitration Act governs the interpretation and enforcement of this Arbitration Agreement. You may opt out of arbitration within 30 days of account creation or of any updates to these arbitration terms within 30 days after the update has taken effect, by sending an email to legal@cursor.com from the email address used to create your account, and providing your first and last name and a clear statement of intent that you intend to exercise your right to opt out of mandatory arbitration. - Interpretation (disclaimed): Compelled arbitration removes access to jury trials and class actions. The short opt-out window and requirement to affirmatively opt out place burden on user. Governed by Federal Arbitration Act. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=You%20agree%20that%20any,out%20of%20mandatory%20arbitration. ### governing law disputes — risk high > YOU AND ANYSPHERE AGREE THAT EACH OF US MAY BRING CLAIMS AGAINST THE OTHER ONLY ON AN INDIVIDUAL BASIS AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE ACTION OR PROCEEDING. UNLESS BOTH YOU AND ANYSPHERE AGREE OTHERWISE, THE ARBITRATOR MAY NOT CONSOLIDATE OR JOIN MORE THAN ONE PERSON’S OR PARTY’S CLAIMS AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A CONSOLIDATED, REPRESENTATIVE, OR CLASS PROCEEDING. ALSO, THE ARBITRATOR MAY AWARD RELIEF (INCLUDING MONETARY, INJUNCTIVE, AND DECLARATORY RELIEF) ONLY IN FAVOR OF THE INDIVIDUAL PARTY SEEKING RELIEF AND ONLY TO THE EXTENT NECESSARY TO PROVIDE RELIEF NECESSITATED BY THAT PARTY’S INDIVIDUAL CLAIM(S), EXCEPT THAT YOU MAY PURSUE A CLAIM FOR AND THE ARBITRATOR MAY AWARD PUBLIC INJUNCTIVE RELIEF UNDER APPLICABLE LAW TO THE EXTENT REQUIRED FOR THE ENFORCEABILITY OF THIS PROVISION. - Interpretation (disclaimed): Class action and consolidated proceedings are prohibited. The only exception is public injunctive relief where required by law for enforceability. This substantially reduces leverage for widespread harms. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=YOU%20AND%20ANYSPHERE%20AGREE,ENFORCEABILITY%20OF%20THIS%20PROVISION. ### governing law disputes — risk medium > 16.3. Pre-Arbitration Dispute Resolution. Anysphere is always interested in resolving disputes amicably and efficiently, and most customer concerns can be resolved quickly and to the customer’s satisfaction by emailing legal@cursor.com . If such efforts prove unsuccessful, a party who intends to seek arbitration must first send to the other, by certified mail, a written Notice of Dispute (“ Notice ”) to Anysphere, Inc., 2261 Market Street STE 86466, San Francisco, CA 94114, with an electronic copy additionally sent to legal@cursor.com . The Notice must (i) describe the nature and basis of the claim or dispute and (ii) set forth the specific relief sought. If Anysphere and you do not resolve the claim within sixty (60) calendar days after the Notice is received, you or Anysphere may commence an arbitration proceeding. - Interpretation (disclaimed): The mandatory pre-arbitration dispute resolution process including certified mail notice and a 60-day cooling-off period imposes procedural requirements that delay users' ability to seek relief. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=16.3.%20Pre-Arbitration%20Dispute%20Resolution.,commence%20an%20arbitration%20proceeding. ### governing law disputes — risk medium > 16.4. Arbitration Procedures. Arbitration will be conducted by a neutral arbitrator in accordance with the American Arbitration Association’s (“AAA”) rules and procedures, including the AAA’s Consumer Arbitration Rules (collectively, the “AAA Rules”), as modified by this Arbitration Agreement. - Interpretation (disclaimed): Mandatory arbitration clauses remove users' right to litigate disputes in court. While AAA Consumer Rules provide some protections, arbitration generally favors repeat-player defendants and limits discovery and appeal rights. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=16.4.%20Arbitration%20Procedures.%20Arbitration,by%20this%20Arbitration%20Agreement. ### governing law disputes — risk medium > 16.8. Future Changes to Arbitration Agreement. Notwithstanding any provision in these Terms to the contrary, Anysphere agrees that if it makes any future change to this Arbitration Agreement (other than a change to the Notice Address) while you are a user of the Service, you may reject any such change by sending Anysphere written notice within thirty (30) calendar days of the change to the Notice Address provided above. - Interpretation (disclaimed): While a right to reject future changes is user-favorable, the short 30-day window and written-notice requirement may practically limit users' ability to exercise this right, particularly for consumers who may not monitor terms changes. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=16.8.%20Future%20Changes%20to,Notice%20Address%20provided%20above. ### governing law disputes — risk medium > rts prove unsuccessful, a party who intends to seek arbitration must first send to the other, by certified mail, a written Notice of Dispute (“ Notice ”) to Anysphere, Inc., 2261 Market Street STE 86466, San Francisco, CA 94114, with an electronic copy additionally sent to legal@cursor.com . The Notice must (i) describe the nature and basis of the claim or dispute and (ii) set forth the specific relief sought. If Anysphere and you do not resolve the claim within sixty (60) calendar days after the Notice is received, you or Anysphere may commence an arbitration proceeding. During the arbitration, the amount of any settlement offer made by Anysphere or you will not be disclosed to the arbitrator until after the arbitrator determines the amount, if any, to which you or Anysphere is entitled. - Interpretation (disclaimed): This clause imposes a pre-arbitration dispute resolution process requiring certified mail notice and a 60-day waiting period, which can delay users' ability to seek relief. The blackout on settlement offer disclosure during arbitration may disadvantage users in assessing settlement value. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=rts%20prove%20unsuccessful%2C%20a,or%20Anysphere%20is%20entitled. ### governing law disputes — risk medium > Arbitration will be conducted by a neutral arbitrator in accordance with the American Arbitration Association’s (“AAA”) rules and procedures, including the AAA’s Consumer Arbitration Rules (collectively, the “AAA Rules”), as modified by this Arbitration Agreement. For information on the AAA, please visit its website, https://www.adr.org . Information about the AAA Rules and fees for consumer disputes can be found at the AAA’s consumer arbitration page, https://www.adr.org/consumer . If there is any inconsistency between any term of the AAA Rules and any term of this Arbitration Agreement, the applicable terms of this Arbitration Agreement will control unless the arbitrator determines that the application of the inconsistent Arbitration Agreement terms would not result in a fundamentally fair arbitration. The arbitrator must also follow the provisions of these Terms as a court would. All issues are for the arbitrator to decide, including issues relating to the scope, enforceability, and arbitrability of this Arbitration Agreement. - Interpretation (disclaimed): The priority of the platform's drafted Arbitration Agreement over AAA's neutral rules (except for fundamental fairness) and the delegation of arbitrability to the arbitrator reduce user protections and judicial oversight. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=Arbitration%20will%20be%20conducted,of%20this%20Arbitration%20Agreement. ### governing law disputes — risk medium > If a court or the arbitrator decides that any of the provisions of the subsection above titled “Prohibition of Class and Representative Actions and Non-Individualized Relief” are invalid or unenforceable, then the entirety of this Arbitration Agreement will be null and void, unless such provisions are deemed to be invalid or unenforceable solely with respect to claims for public injunctive relief. The remainder of these Terms will continue to apply. - Interpretation (disclaimed): Tying the entire arbitration agreement to the class action waiver signals the platform's primary goal is preventing class litigation. If the waiver is struck down, the whole arbitration clause unravels rather than surviving without it. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=If%20a%20court%20or,will%20continue%20to%20apply. ### governing law disputes — risk medium > California law will govern these Terms except for its conflicts of laws principles. Except as provided in the Dispute Resolution section above, all claims arising out of or relating to these Terms will be brought exclusively in the federal or state courts of San Francisco, California. - Interpretation (disclaimed): Choice of California law and exclusive San Francisco venue may disadvantage international or out-of-state users by requiring travel or engagement with an unfamiliar jurisdiction for any litigation not covered by arbitration. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=California%20law%20will%20govern,of%20San%20Francisco%2C%20California. ### governing law disputes — risk medium > 17.2. Governing Law. California law will govern these Terms except for its conflicts of laws principles. Except as provided in the Dispute Resolution section above, all claims arising out of or relating to these Terms will be brought exclusively in the federal or state courts of San Francisco, California. - Interpretation (disclaimed): Mandatory forum selection in San Francisco federal or state courts (for any disputes outside arbitration) may create geographic and financial barriers to justice for non-California users. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=17.2.%20Governing%20Law.%20California,of%20San%20Francisco%2C%20California. ### governing law disputes — risk low > Payment of all filing, administration, and arbitrator fees (collectively, the “ Arbitration Fees ”) will be governed by the AAA Rules, unless otherwise provided in this Arbitration Agreement. To the extent any Arbitration Fees are not specifically allocated to either Anysphere or you under the AAA Rules, Anysphere and you shall split them equally; provided that if you are able to demonstrate to the arbitrator that you are economically unable to pay your portion of such Arbitration Fees or if the arbitrator otherwise determines for any reason that you should not be required to pay your portion of any Arbitration Fees, Anysphere will pay your portion of such fees. In addition, if you demonstrate to the arbitrator that the costs of arbitration will be prohibitive as compared to the costs of litigation, Anysphere will pay as much of the Arbitration Fees as the arbitrator deems necessary to prevent the arbitration from being cost-prohibitive. Any payment of attorneys’ fees will be governed by the AAA Rules. - Interpretation (disclaimed): Default equal fee-splitting could be burdensome for users, but hardship and cost-prohibitive safety valves mitigate risk. Attorneys' fees follow AAA Rules rather than a one-sided provision. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=Payment%20of%20all%20filing%2C,by%20the%20AAA%20Rules. ### governing law disputes — risk low > Notwithstanding any provision in these Terms to the contrary, Anysphere agrees that if it makes any future change to this Arbitration Agreement (other than a change to the Notice Address) while you are a user of the Service, you may reject any such change by sending Anysphere written notice within thirty (30) calendar days of the change to the Notice Address provided above. By rejecting any future change, you are agreeing that you will arbitrate any dispute between us in accordance with the language of this Arbitration Agreement as of the date you first accepted these Terms (or accepted any subsequent changes to these Terms). - Interpretation (disclaimed): The opt-out right for future arbitration agreement changes is relatively protective, but requires affirmative action within 30 days; passive users will be bound by any updated terms. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=Notwithstanding%20any%20provision%20in,changes%20to%20these%20Terms). ### governing law disputes — risk unknown > If you are using the Service as part of your work for a company or organization that has a Master Services Agreement (“ MSA ”) with Anysphere, your use of the Service is governed by that MSA. - Interpretation (disclaimed): Creates an exception to these Terms for users whose organizations have a Master Services Agreement with Anysphere, specifying that the MSA governs their use instead. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20If%20you%20are,governed%20by%20that%20MSA. ### governing law disputes — risk unknown > 16. DISPUTE RESOLUTION - Interpretation (disclaimed): This segment is a section heading introducing the dispute resolution provisions, serving as a structural marker that defines the scope of the following arbitration and dispute clauses. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.%20DISPUTE%20RESOLUTION%20 ### governing law disputes — risk unknown > PLEASE READ THIS SECTION CAREFULLY AS IT AFFECTS YOUR RIGHTS. - Interpretation (disclaimed): This segment is a notice directing users to read the dispute resolution section carefully because it affects their legal rights, functioning as a procedural warning required to ensure informed consent to arbitration. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20PLEASE%20READ%20THIS,IT%20AFFECTS%20YOUR%20RIGHTS. ### governing law disputes — risk unknown > 16.1. Agreement to Arbitrate. This Dispute Resolution by Binding Arbitration section is referred to in these Terms as the “ Arbitration Agreement .” You agree that any and all disputes or claims that have arisen or may arise between you and Anysphere, whether arising out of or relating to these Terms (including any alleged breach thereof), the Service, any advertising, or any aspect of the relationship or transactions between us, will be resolved exclusively through final and binding arbitration, rather than a court, in accordance with the terms of this Arbitration Agreement, except that you may assert individual claims in small claims court, if your claims qualify. Further, this Arbitration Agreement does not preclude you from bringing issues to the attention of federal, state, or local agencies, and such agencies can, if the law allows, seek relief against us on your behalf. You agree that, by entering into these Terms, you and Anysphere are each waiving the right to a trial by jury or to participate in a class action. Your rights will be determined by a neutral arbitrator, not a judge or jury. The Federal Arbitration Act governs the interpretation and enforcement of this Arbitration Agreement. You may opt out of arbitration within 30 days of account creation or of any updates to these arbitration terms within 30 days after the update has taken effect, by sending an email to legal@cursor.com from the email address used to create your account, and providing your first and last name and a clear statement of intent that you intend to exercise your right to opt out of mandatory arbitration. - Interpretation (disclaimed): This segment obligates both parties to resolve all disputes exclusively through binding arbitration rather than court proceedings, waiving the right to litigate and defining the broad scope of the arbitration agreement covering all claims related to the Terms or Service. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.1.%20Agreement%20to,out%20of%20mandatory%20arbitration. ### governing law disputes — risk unknown > 17.2. Governing Law. California law will govern these Terms except for its conflicts of laws principles. Except as provided in the Dispute Resolution section above, all claims arising out of or relating to these Terms will be brought exclusively in the federal or state courts of San Francisco, California. - Interpretation (disclaimed): This segment designates California law as the governing law and establishes exclusive jurisdiction in federal or state courts in San Francisco, California for all non-arbitrated claims, binding both parties to a specific legal forum. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2017.2.%20Governing%20Law.,of%20San%20Francisco%2C%20California. ### governing law disputes — risk unknown > 16.2. Prohibition of Class and Representative Actions and Non-Individualized Relief. YOU AND ANYSPHERE AGREE THAT EACH OF US MAY BRING CLAIMS AGAINST THE OTHER ONLY ON AN INDIVIDUAL BASIS AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE ACTION OR PROCEEDING. UNLESS BOTH YOU AND ANYSPHERE AGREE OTHERWISE, THE ARBITRATOR MAY NOT CONSOLIDATE OR JOIN MORE THAN ONE PERSON’S OR PARTY’S CLAIMS AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A CONSOLIDATED, REPRESENTATIVE, OR CLASS PROCEEDING. ALSO, THE ARBITRATOR MAY AWARD RELIEF (INCLUDING MONETARY, INJUNCTIVE, AND DECLARATORY RELIEF) ONLY IN FAVOR OF THE INDIVIDUAL PARTY SEEKING RELIEF AND ONLY TO THE EXTENT NECESSARY TO PROVIDE RELIEF NECESSITATED BY THAT PARTY’S INDIVIDUAL CLAIM(S), EXCEPT THAT YOU MAY PURSUE A CLAIM FOR AND THE ARBITRATOR MAY AWARD PUBLIC INJUNCTIVE RELIEF UNDER APPLICABLE LAW TO THE EXTENT REQUIRED FOR THE ENFORCEABILITY OF THIS PROVISION. - Interpretation (disclaimed): This segment prohibits class and representative actions, restricting both parties to individual claims only and limiting the arbitrator's authority to consolidate claims or award class-wide relief. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.2.%20Prohibition%20of,ENFORCEABILITY%20OF%20THIS%20PROVISION. ### governing law disputes — risk unknown > 16.3. Pre-Arbitration Dispute Resolution. Anysphere is always interested in resolving disputes amicably and efficiently, and most customer concerns can be resolved quickly and to the customer’s satisfaction by emailing legal@cursor.com . If such efforts prove unsuccessful, a party who intends to seek arbitration must first send to the other, by certified mail, a written Notice of Dispute (“ Notice ”) to Anysphere, Inc., 2261 Market Street STE 86466, San Francisco, CA 94114, with an electronic copy additionally sent to legal@cursor.com . The Notice must (i) describe the nature and basis of the claim or dispute and (ii) set forth the specific relief sought. If Anysphere and you do not resolve the claim within sixty (60) calendar days after the Notice is received, you or Anysphere may commence an arbitration proceeding. During the arbitration, the amount of any settlement offer made by Anysphere or you will not be disclosed to the arbitrator until after the arbitrator determines the amount, if any, to which you or Anysphere is entitled. - Interpretation (disclaimed): This segment establishes a mandatory pre-arbitration dispute resolution procedure requiring the aggrieved party to attempt informal resolution and then send a certified written Notice of Dispute before initiating arbitration, including specific address and content requirements. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.3.%20Pre-Arbitration%20Dispute,or%20Anysphere%20is%20entitled. ### governing law disputes — risk unknown > 16.4. Arbitration Procedures. Arbitration will be conducted by a neutral arbitrator in accordance with the American Arbitration Association’s (“AAA”) rules and procedures, including the AAA’s Consumer Arbitration Rules (collectively, the “AAA Rules”), as modified by this Arbitration Agreement. For information on the AAA, please visit its website, https://www.adr.org . Information about the AAA Rules and fees for consumer disputes can be found at the AAA’s consumer arbitration page, https://www.adr.org/consumer . If there is any inconsistency between any term of the AAA Rules and any term of this Arbitration Agreement, the applicable terms of this Arbitration Agreement will control unless the arbitrator determines that the application of the inconsistent Arbitration Agreement terms would not result in a fundamentally fair arbitration. The arbitrator must also follow the provisions of these Terms as a court would. All issues are for the arbitrator to decide, including issues relating to the scope, enforceability, and arbitrability of this Arbitration Agreement. Although arbitration proceedings are usually simpler and more streamlined than trials and other judicial proceedings, the arbitrator can award the same damages and relief on an individual basis that a court can award to an individual under these Terms and applicable law. Decisions by the arbitrator are enforceable in court and may be overturned by a court only for very limited reasons. - Interpretation (disclaimed): This segment prescribes the arbitration procedures, specifying that arbitration will be conducted by a neutral arbitrator under AAA Consumer Arbitration Rules, and that in case of conflict between AAA Rules and these Terms, these Terms govern. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.4.%20Arbitration%20Procedures.,very%20limited%20reasons.%20 ### governing law disputes — risk unknown > Unless Anysphere and you agree otherwise, any arbitration hearings will take place in a reasonably convenient location for both parties with due consideration of their ability to travel and other pertinent circumstances. If the parties are unable to agree on a location, the determination will be made by AAA. If your claim is for $10,000 or less, Anysphere agrees that you may choose whether the arbitration will be conducted solely on the basis of documents submitted to the arbitrator, through a telephonic hearing, or by an in-person hearing as established by the AAA Rules. If your claim exceeds $10,000, the right to a hearing will be determined by the AAA Rules. Regardless of the manner in which the arbitration is conducted, the arbitrator will issue a reasoned written decision sufficient to explain the essential findings and conclusions on which the award is based. - Interpretation (disclaimed): This segment establishes procedures for determining the location and format of arbitration hearings, including options for document-only, telephonic, or in-person hearings depending on claim amount, and assigns AAA the authority to resolve location disputes. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=Unless%20Anysphere%20and%20you,the%20award%20is%20based. ### governing law disputes — risk unknown > 16.5. Costs of Arbitration. Payment of all filing, administration, and arbitrator fees (collectively, the “ Arbitration Fees ”) will be governed by the AAA Rules, unless otherwise provided in this Arbitration Agreement. To the extent any Arbitration Fees are not specifically allocated to either Anysphere or you under the AAA Rules, Anysphere and you shall split them equally; provided that if you are able to demonstrate to the arbitrator that you are economically unable to pay your portion of such Arbitration Fees or if the arbitrator otherwise determines for any reason that you should not be required to pay your portion of any Arbitration Fees, Anysphere will pay your portion of such fees. In addition, if you demonstrate to the arbitrator that the costs of arbitration will be prohibitive as compared to the costs of litigation, Anysphere will pay as much of the Arbitration Fees as the arbitrator deems necessary to prevent the arbitration from being cost-prohibitive. Any payment of attorneys’ fees will be governed by the AAA Rules. - Interpretation (disclaimed): This segment allocates arbitration costs between the parties, providing that unallocated fees are split equally but allowing the arbitrator to waive the user's portion if they demonstrate economic hardship, establishing a fee-sharing obligation and exception. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.5.%20Costs%20of,by%20the%20AAA%20Rules. ### governing law disputes — risk unknown > 16.7. Severability. If a court or the arbitrator decides that any term or provision of this Arbitration Agreement (other than the subsection above titled “Prohibition of Class and Representative Actions and Non-Individualized Relief”) is invalid or unenforceable, the parties agree to replace such term or provision with a term or provision that is valid and enforceable and that comes closest to expressing the intention of the invalid or unenforceable term or provision, and this Arbitration Agreement will be enforceable as so modified. If a court or the arbitrator decides that any of the provisions of the subsection above titled “Prohibition of Class and Representative Actions and Non-Individualized Relief” are invalid or unenforceable, then the entirety of this Arbitration Agreement will be null and void, unless such provisions are deemed to be invalid or unenforceable solely with respect to claims for public injunctive relief. The remainder of these Terms will continue to apply. - Interpretation (disclaimed): This segment establishes a severability procedure for the arbitration agreement, specifying that invalid terms should be replaced with enforceable equivalents, and that invalidity of the class action waiver renders the entire arbitration agreement void. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.7.%20Severability.%20If,will%20continue%20to%20apply. ### governing law disputes — risk unknown > 16.8. Future Changes to Arbitration Agreement. Notwithstanding any provision in these Terms to the contrary, Anysphere agrees that if it makes any future change to this Arbitration Agreement (other than a change to the Notice Address) while you are a user of the Service, you may reject any such change by sending Anysphere written notice within thirty (30) calendar days of the change to the Notice Address provided above. By rejecting any future change, you are agreeing that you will arbitrate any dispute between us in accordance with the language of this Arbitration Agreement as of the date you first accepted these Terms (or accepted any subsequent changes to these Terms). - Interpretation (disclaimed): This segment grants users the right to reject future changes to the arbitration agreement by sending written notice within 30 days, preserving the existing arbitration terms for that user and creating a procedure for exercising that right. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.8.%20Future%20Changes,changes%20to%20these%20Terms). ### governing law disputes — risk unknown > 17.1. General. These Terms, including the Privacy Policy, and any other agreements expressly incorporated by reference into these Terms, are the entire and exclusive understanding and agreement between you and Anysphere regarding your use of the Service. You may not assign or transfer these Terms or your rights under these Terms, in whole or in part, by operation of law or otherwise, without our prior written consent. We may assign these Terms and all rights granted under these Terms, including with respect to your Content, at any time without notice or consent. The failure to require performance of any provision will not affect our right to require performance at any other time after that, nor will a waiver by us of any breach or default of these Terms, or any provision of these Terms, be a waiver of any subsequent breach or default or a waiver of the provision itself. If any part of these Terms is held to be invalid or unenforceable, then the unenforceable part will be given effect to the greatest extent possible, and the remaining parts will remain in full force and effect. - Interpretation (disclaimed): This segment establishes the Terms as the entire agreement, incorporates the Privacy Policy and other referenced agreements, restricts user assignment of rights, permits Anysphere's unrestricted assignment including with respect to Content, and addresses waiver and severability, creating multiple operative legal obligations and rights. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2017.1.%20General.%20These,full%20force%20and%20effect. ### governing law disputes — risk unknown > Welcome, and thank you for your interest in Anysphere, Inc. (“ Anysphere ,” “ we ,” or “ us ”), makers of the Cursor software platform. These Terms of Service (“ Terms ”) govern your access to and use of Anysphere's software, platform, APIs, Documentation, and related tools, including the website www.cursor.com , and all related software made available by Anysphere to build, deploy, host, and manage software projects (collectively, the “ Service ”). By using the Service, you agree to these Terms. - Interpretation (disclaimed): This segment defines the parties, the scope of the Service, and the binding nature of the Terms upon use, establishing key definitions and the foundational agreement between user and Anysphere. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20Welcome%2C%20and%20thank,agree%20to%20these%20Terms. ### governing law disputes — risk unknown > If you are using the Service as part of your work for a company or organization that has a Master Services Agreement (“ MSA ”) with Anysphere, your use of the Service is governed by that MSA. - Interpretation (disclaimed): This segment establishes that users whose organizations have a Master Services Agreement with Anysphere are governed by that MSA rather than these Terms, creating an exception to the general applicability of the Terms. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20If%20you%20are,governed%20by%20that%20MSA. ### governing law disputes — risk unknown > If you are entering into these Terms on behalf of an entity, you represent that you have the legal authority to bind that entity. - Interpretation (disclaimed): This segment requires that individuals entering into the Terms on behalf of an entity represent they have legal authority to bind that entity, imposing a warranty of authority as a condition of agreement formation. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20If%20you%20are,to%20bind%20that%20entity. ### governing law disputes — risk unknown > 8. Modification of Terms. We may, from time to time, change these Terms. Please check these Terms periodically for changes. If we make any material modifications, we will notify you by updating the date at the top of these Terms and by maintaining a current version of these Terms on this page. All modifications will be effective when they are posted, and your continued accessing or use of the Service will serve as confirmation of your acceptance of those modifications. If you do not agree to the modified Terms, then you must discontinue your use of the Service. - Interpretation (disclaimed): Establishes the procedure for modifying the Terms, including notification via date update and continued use as acceptance, and grants users the right to discontinue use if they do not agree to modifications. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%208.%20Modification%20of,use%20of%20the%20Service. ### governing law disputes — risk unknown > PLEASE READ THIS SECTION CAREFULLY AS IT AFFECTS YOUR RIGHTS. - Interpretation (disclaimed): Serves as a prominent advisory notice directing users to read the Dispute Resolution section carefully because it affects their legal rights, functioning as an incorporation signal for the arbitration provisions that follow. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20PLEASE%20READ%20THIS,IT%20AFFECTS%20YOUR%20RIGHTS. ### governing law disputes — risk unknown > 16.1. Agreement to Arbitrate. This Dispute Resolution by Binding Arbitration section is referred to in these Terms as the “ Arbitration Agreement .” You agree that any and all disputes or claims that have arisen or may arise between you and Anysphere, whether arising out of or relating to these Terms (including any alleged breach thereof), the Service, any advertising, or any aspect of the relationship or transactions between us, will be resolved exclusively through final and binding arbitration, rather than a court, in accordance with the terms of this Arbitration Agreement, except that you may assert individual claims in small claims court, if your claims qualify. Further, this Arbitration Agreement does not preclude you from bringing issues to the attention of federal, state, or local agencies, and such agencies can, if the law allows, seek relief against us on your behalf. You agree that, by entering into these Terms, you and Anysphere are each waiving the right to a trial by jury or to participate in a class action. Your rights will be determined by a neutral arbitrator, not a judge or jury. The Federal Arbitration Act governs the interpretation and enforcement of this Arbitration Agreement. You may opt out of arbitration within 30 days of account creation or of any updates to these arbitration terms within 30 days after the update has taken effect, by sending an email to legal@cursor.com from the email address used to create your account, and providing your first and last name and a clear statement of intent that you intend to exercise your right to opt out of mandatory arbitration. - Interpretation (disclaimed): Obligates both parties to resolve all disputes exclusively through final and binding arbitration rather than court, covering all claims arising from the Terms, the Service, or the parties' relationship, except for enumerated exceptions. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.1.%20Agreement%20to,out%20of%20mandatory%20arbitration. ### governing law disputes — risk unknown > 16.2. Prohibition of Class and Representative Actions and Non-Individualized Relief. YOU AND ANYSPHERE AGREE THAT EACH OF US MAY BRING CLAIMS AGAINST THE OTHER ONLY ON AN INDIVIDUAL BASIS AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE ACTION OR PROCEEDING. UNLESS BOTH YOU AND ANYSPHERE AGREE OTHERWISE, THE ARBITRATOR MAY NOT CONSOLIDATE OR JOIN MORE THAN ONE PERSON’S OR PARTY’S CLAIMS AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A CONSOLIDATED, REPRESENTATIVE, OR CLASS PROCEEDING. ALSO, THE ARBITRATOR MAY AWARD RELIEF (INCLUDING MONETARY, INJUNCTIVE, AND DECLARATORY RELIEF) ONLY IN FAVOR OF THE INDIVIDUAL PARTY SEEKING RELIEF AND ONLY TO THE EXTENT NECESSARY TO PROVIDE RELIEF NECESSITATED BY THAT PARTY’S INDIVIDUAL CLAIM(S), EXCEPT THAT YOU MAY PURSUE A CLAIM FOR AND THE ARBITRATOR MAY AWARD PUBLIC INJUNCTIVE RELIEF UNDER APPLICABLE LAW TO THE EXTENT REQUIRED FOR THE ENFORCEABILITY OF THIS PROVISION. - Interpretation (disclaimed): Restricts both parties from bringing claims on a class or representative basis, prohibits the arbitrator from consolidating claims or presiding over class proceedings, and limits relief to individual claims only. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.2.%20Prohibition%20of,ENFORCEABILITY%20OF%20THIS%20PROVISION. ### governing law disputes — risk unknown > 16.3. Pre-Arbitration Dispute Resolution. Anysphere is always interested in resolving disputes amicably and efficiently, and most customer concerns can be resolved quickly and to the customer’s satisfaction by emailing legal@cursor.com . If such efforts prove unsuccessful, a party who intends to seek arbitration must first send to the other, by certified mail, a written Notice of Dispute (“ Notice ”) to Anysphere, Inc., 2261 Market Street STE 86466, San Francisco, CA 94114, with an electronic copy additionally sent to legal@cursor.com . The Notice must (i) describe the nature and basis of the claim or dispute and (ii) set forth the specific relief sought. If Anysphere and you do not resolve the claim within sixty (60) calendar days after the Notice is received, you or Anysphere may commence an arbitration proceeding. During the arbitration, the amount of any settlement offer made by Anysphere or you will not be disclosed to the arbitrator until after the arbitrator determines the amount, if any, to which you or Anysphere is entitled. - Interpretation (disclaimed): Establishes the mandatory pre-arbitration dispute resolution procedure, requiring the claimant to first attempt informal resolution via email and, if unsuccessful, to send a certified written Notice of Dispute to Anysphere's specified address before initiating arbitration. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.3.%20Pre-Arbitration%20Dispute,or%20Anysphere%20is%20entitled. ### governing law disputes — risk unknown > 16.4. Arbitration Procedures. Arbitration will be conducted by a neutral arbitrator in accordance with the American Arbitration Association’s (“AAA”) rules and procedures, including the AAA’s Consumer Arbitration Rules (collectively, the “AAA Rules”), as modified by this Arbitration Agreement. For information on the AAA, please visit its website, https://www.adr.org . Information about the AAA Rules and fees for consumer disputes can be found at the AAA’s consumer arbitration page, https://www.adr.org/consumer . If there is any inconsistency between any term of the AAA Rules and any term of this Arbitration Agreement, the applicable terms of this Arbitration Agreement will control unless the arbitrator determines that the application of the inconsistent Arbitration Agreement terms would not result in a fundamentally fair arbitration. The arbitrator must also follow the provisions of these Terms as a court would. All issues are for the arbitrator to decide, including issues relating to the scope, enforceability, and arbitrability of this Arbitration Agreement. Although arbitration proceedings are usually simpler and more streamlined than trials and other judicial proceedings, the arbitrator can award the same damages and relief on an individual basis that a court can award to an individual under these Terms and applicable law. Decisions by the arbitrator are enforceable in court and may be overturned by a court only for very limited reasons. - Interpretation (disclaimed): Establishes the procedural rules for arbitration, designating AAA as the administering body and specifying that AAA Rules (including Consumer Arbitration Rules) govern the process, with modifications from the Arbitration Agreement taking precedence over inconsistent AAA Rules. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.4.%20Arbitration%20Procedures.,very%20limited%20reasons.%20 ### governing law disputes — risk unknown > Unless Anysphere and you agree otherwise, any arbitration hearings will take place in a reasonably convenient location for both parties with due consideration of their ability to travel and other pertinent circumstances. If the parties are unable to agree on a location, the determination will be made by AAA. If your claim is for $10,000 or less, Anysphere agrees that you may choose whether the arbitration will be conducted solely on the basis of documents submitted to the arbitrator, through a telephonic hearing, or by an in-person hearing as established by the AAA Rules. If your claim exceeds $10,000, the right to a hearing will be determined by the AAA Rules. Regardless of the manner in which the arbitration is conducted, the arbitrator will issue a reasoned written decision sufficient to explain the essential findings and conclusions on which the award is based. - Interpretation (disclaimed): Specifies procedural details for arbitration hearings, including location determination, and grants the claimant the right to choose hearing format (documents, telephonic, or in-person) when the claim is $10,000 or less, defining logistical rights and obligations of both parties. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=Unless%20Anysphere%20and%20you,the%20award%20is%20based. ### governing law disputes — risk unknown > 16.5. Costs of Arbitration. Payment of all filing, administration, and arbitrator fees (collectively, the “ Arbitration Fees ”) will be governed by the AAA Rules, unless otherwise provided in this Arbitration Agreement. To the extent any Arbitration Fees are not specifically allocated to either Anysphere or you under the AAA Rules, Anysphere and you shall split them equally; provided that if you are able to demonstrate to the arbitrator that you are economically unable to pay your portion of such Arbitration Fees or if the arbitrator otherwise determines for any reason that you should not be required to pay your portion of any Arbitration Fees, Anysphere will pay your portion of such fees. In addition, if you demonstrate to the arbitrator that the costs of arbitration will be prohibitive as compared to the costs of litigation, Anysphere will pay as much of the Arbitration Fees as the arbitrator deems necessary to prevent the arbitration from being cost-prohibitive. Any payment of attorneys’ fees will be governed by the AAA Rules. - Interpretation (disclaimed): Allocates responsibility for arbitration fees between the parties, defaulting to AAA Rules but providing for equal splitting of unallocated fees and exceptions where the arbitrator may require Anysphere to bear the user's share if the user demonstrates economic inability to pay. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.5.%20Costs%20of,by%20the%20AAA%20Rules. ### governing law disputes — risk unknown > 16.7. Severability. If a court or the arbitrator decides that any term or provision of this Arbitration Agreement (other than the subsection above titled “Prohibition of Class and Representative Actions and Non-Individualized Relief”) is invalid or unenforceable, the parties agree to replace such term or provision with a term or provision that is valid and enforceable and that comes closest to expressing the intention of the invalid or unenforceable term or provision, and this Arbitration Agreement will be enforceable as so modified. If a court or the arbitrator decides that any of the provisions of the subsection above titled “Prohibition of Class and Representative Actions and Non-Individualized Relief” are invalid or unenforceable, then the entirety of this Arbitration Agreement will be null and void, unless such provisions are deemed to be invalid or unenforceable solely with respect to claims for public injunctive relief. The remainder of these Terms will continue to apply. - Interpretation (disclaimed): Establishes a severability mechanism specific to the Arbitration Agreement, requiring courts or arbitrators to replace invalid or unenforceable provisions with valid ones that closest match the original intent, and specifying that certain class-action prohibition provisions, if found invalid, may void the entire arbitration agreement. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.7.%20Severability.%20If,will%20continue%20to%20apply. ### governing law disputes — risk unknown > 16.8. Future Changes to Arbitration Agreement. Notwithstanding any provision in these Terms to the contrary, Anysphere agrees that if it makes any future change to this Arbitration Agreement (other than a change to the Notice Address) while you are a user of the Service, you may reject any such change by sending Anysphere written notice within thirty (30) calendar days of the change to the Notice Address provided above. By rejecting any future change, you are agreeing that you will arbitrate any dispute between us in accordance with the language of this Arbitration Agreement as of the date you first accepted these Terms (or accepted any subsequent changes to these Terms). - Interpretation (disclaimed): Grants users the right to reject future changes to the Arbitration Agreement by sending written notice within 30 days, with the effect that the prior version of the Arbitration Agreement will govern any disputes between the parties. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2016.8.%20Future%20Changes,changes%20to%20these%20Terms). ### governing law disputes — risk unknown > 17.1. General. These Terms, including the Privacy Policy, and any other agreements expressly incorporated by reference into these Terms, are the entire and exclusive understanding and agreement between you and Anysphere regarding your use of the Service. You may not assign or transfer these Terms or your rights under these Terms, in whole or in part, by operation of law or otherwise, without our prior written consent. We may assign these Terms and all rights granted under these Terms, including with respect to your Content, at any time without notice or consent. The failure to require performance of any provision will not affect our right to require performance at any other time after that, nor will a waiver by us of any breach or default of these Terms, or any provision of these Terms, be a waiver of any subsequent breach or default or a waiver of the provision itself. If any part of these Terms is held to be invalid or unenforceable, then the unenforceable part will be given effect to the greatest extent possible, and the remaining parts will remain in full force and effect. - Interpretation (disclaimed): Declares the Terms (including the Privacy Policy and incorporated agreements) to be the entire agreement between the parties, restricts user assignment of the Terms without consent, permits Anysphere to freely assign the Terms and all rights including over user Content at any time without notice, and addresses waiver and other general contractual provisions. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2017.1.%20General.%20These,full%20force%20and%20effect. ### governing law disputes — risk unknown > 17.2. Governing Law. California law will govern these Terms except for its conflicts of laws principles. Except as provided in the Dispute Resolution section above, all claims arising out of or relating to these Terms will be brought exclusively in the federal or state courts of San Francisco, California. - Interpretation (disclaimed): Establishes California law as the governing law (excluding conflicts-of-laws principles) and mandates exclusive jurisdiction in the federal or state courts of San Francisco, California for all claims not subject to arbitration under the Dispute Resolution section. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2017.2.%20Governing%20Law.,of%20San%20Francisco%2C%20California. ### governing law disputes — risk unknown > 17.3. Consent to Electronic Communications. By using the Service, you consent to receiving certain electronic communications from us as further described in our Privacy Policy. Please read our Privacy Policy to learn more about our electronic communications practices. You agree that any notices, agreements, disclosures, or other communications that we send to you electronically will satisfy any legal communication requirements, including that those communications be in writing. - Interpretation (disclaimed): Obtains user consent to electronic communications as a condition of using the Service, incorporates the Privacy Policy for further detail, and deems electronic notices legally equivalent to written communications, satisfying any applicable legal writing requirements. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2017.3.%20Consent%20to,communications%20be%20in%20writing. ### moderation enforcement — risk high > We reserve the right to modify, suspend, or discontinue the Services or your access to the Services, in whole or in part, at any time without notice to you. Although we will strive to provide you with reasonable advance notice if we stop offering a Service, there may be urgent situations, such as preventing abuse or addressing security issues or responding to legal requirements, where providing advance notice is not feasible. We will not be liable for any change to or any suspension or discontinuation of the Services or your access to them. - Interpretation (disclaimed): Broad unilateral right to suspend or terminate access with no notice obligation and no liability, which eliminates user recourse for sudden service interruption. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=We%20reserve%20the%20right,your%20access%20to%20them. ### moderation enforcement — risk medium > If you have a Subscription Service, we may terminate the Subscription Service at any time for any other reason. If we exercise this right, we will refund you on a pro rata basis the fees you paid for the remaining portion of your Subscription Service after termination, provided that if we terminate your access to the Service due to a violation of these Terms, you will not be entitled to any refund. - Interpretation (disclaimed): Termination-for-any-reason clause gives platform wide discretion over paying customers. The no-refund carve-out on violation termination incentivizes broad enforcement interpretations. - Tier: Paid - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=If%20you%20have%20a,entitled%20to%20any%20refund. ### moderation enforcement — risk unknown > To prevent, detect, and investigate fraud, abuse, security incidents, and violations of our Terms of Service . - Interpretation (disclaimed): This segment permits Anysphere to use personal data to prevent, detect, and investigate fraud, abuse, security incidents, and Terms of Service violations, authorizing processing for enforcement and security purposes. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20prevent%2C%20detect%2C,Terms%20of%20Service%20. ### moderation enforcement — risk unknown > To enforce our Terms of Service and other applicable agreements. - Interpretation (disclaimed): This segment permits Anysphere to use personal data to enforce the Terms of Service and other applicable agreements, authorizing processing for contractual enforcement purposes. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20enforce%20our,and%20other%20applicable%20agreements. ### moderation enforcement — risk unknown > To enforce our Terms of Service and other applicable agreements. - Interpretation (disclaimed): This segment permits Anysphere to use personal data to enforce its Terms of Service and other applicable agreements, establishing enforcement as a permitted basis for data processing. - Tier: All - Location: Privacy Policy › “# 2. How we use personal data” - Source: https://www.cursor.com/privacy - Snapshot SHA-256: `a79b532431d60e34df0f29771702b628609d8722b314d2d28a0169e141ba4ebf` - Wayback: — - Deep link: https://www.cursor.com/privacy#:~:text=%20To%20enforce%20our,and%20other%20applicable%20agreements. ### moderation enforcement — risk unknown > 1.5. Use Restrictions. Except and solely to the extent such a restriction is impermissible under applicable law, you may not: (i) reverse engineer, disassemble, decompile, decode, or otherwise attempt to derive or gain access to the source code, object code or underlying structure of the Service; (ii) reproduce, modify, translate, or create derivative works of the Service; (iii) rent, lease, lend, or sell the Service; (iv) remove any proprietary notices from the Service; (v) use the Service or any Suggestions to develop or train a model that is competitive with the Service, or engage in model extraction or theft attacks; (vi) probe, scan or attempt to penetrate the Service; (vii) provide to any third party the results of any benchmark tests of the Service, unless you include all necessary information for others to replicate the tests; (viii) harvest, scrape, or extract data from the Service; (ix) use the Service in any manner that infringes, misappropriates, or otherwise violates any third party’s intellectual or other rights, or that violates any applicable laws or regulations; (x) send or otherwise provide to Anysphere data or information that is subject to specific protections under applicable laws beyond any requirements that apply to "personal information" or "personal data" generally, such as for illustrative purposes, information that is regulated by the Health Insurance Portability and Accountability Act, the Payment Card Industry Data Security Standard, the Gramm-Leach-Bliley Act, and other U.S. - Interpretation (disclaimed): Sets out a list of prohibited uses of the Service, including reverse engineering, creating derivative works, selling, using Suggestions to train competing models, and violating applicable laws, restricting how users may interact with the platform. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%201.5.%20Use%20Restrictions.,and%20other%20U.S.%20 ### moderation enforcement — risk unknown > federal, state or foreign laws applying specific security standards; or (xi) knowingly permit any third party to do any of the foregoing. You will promptly notify Anysphere of any unauthorized use that comes to your attention and provide reasonable cooperation to prevent and terminate such use to the extent it is within your control. - Interpretation (disclaimed): Continues the use restrictions by prohibiting facilitation of third-party violations and imposing an obligation on users to promptly notify Anysphere of unauthorized use and cooperate in preventing it. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=federal%2C%20state%20or%20foreign,is%20within%20your%20control. ### moderation enforcement — risk unknown > A description of where the allegedly infringing material is located in the Service so we can find it. - Interpretation (disclaimed): Specifies that copyright infringement notices must include a description of the location within the Service where the allegedly infringing material can be found. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20A%20description%20of,we%20can%20find%20it. ### moderation enforcement — risk unknown > 9. Termination . You may stop accessing the Services at any time. We reserve the right to modify, suspend, or discontinue the Services or your access to the Services, in whole or in part, at any time without notice to you. Although we will strive to provide you with reasonable advance notice if we stop offering a Service, there may be urgent situations, such as preventing abuse or addressing security issues or responding to legal requirements, where providing advance notice is not feasible. We will not be liable for any change to or any suspension or discontinuation of the Services or your access to them. If you have a Subscription Service, we may terminate the Subscription Service at any time for any other reason. If we exercise this right, we will refund you on a pro rata basis the fees you paid for the remaining portion of your Subscription Service after termination, provided that if we terminate your access to the Service due to a violation of these Terms, you will not be entitled to any refund. We also may terminate your account if it has been inactive for over a year and you do not have a paid account. If we do, we will provide you with advance notice. Upon termination of these Terms, a Subscription Service, or your access to the Service, we may at our option delete any Content or other data associated with your account. Sections 1.5, 4 (with respect to fees outstanding as of such expiration or termination), 5, and 13-17 will survive any expiration or termination of our Terms or a Subscription Service. If you believe we have suspended or terminated your account in error, you can file an appeal with us by contacting hi@cursor.com . - Interpretation (disclaimed): Reserves Anysphere's right to modify, suspend, or discontinue the Service or user access at any time without notice, and disclaims liability for such actions, including in urgent situations such as abuse prevention or legal compliance. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%209.%20Termination%20.,by%20contacting%20hi%40cursor.com%20. ### moderation enforcement — risk unknown > 11. Copyright complaints. If you believe that your intellectual property rights have been infringed, please send notice to legal@cursor.com . We may delete or disable content that we believe violates these Terms or is alleged to be infringing and will terminate accounts of repeat infringers where appropriate. Written claims concerning copyright infringement must include the following information: - Interpretation (disclaimed): Establishes the procedure for submitting copyright infringement complaints, specifies the contact address, and describes Anysphere's right to remove infringing content and terminate repeat infringers' accounts. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2011.%20Copyright%20complaints.,include%20the%20following%20information%3A ### moderation enforcement — risk unknown > A physical or electronic signature of the person authorized to act on behalf of the owner of the copyright interest. - Interpretation (disclaimed): Specifies that copyright infringement notices must include a physical or electronic signature from the authorized representative of the copyright owner. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20A%20physical%20or,of%20the%20copyright%20interest. ### moderation enforcement — risk unknown > A description of the copyrighted work that you claim has been infringed upon. - Interpretation (disclaimed): Specifies that copyright infringement notices must include a description of the copyrighted work alleged to have been infringed. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20A%20description%20of,has%20been%20infringed%20upon. ### moderation enforcement — risk unknown > Your address, telephone number, and e-mail address. - Interpretation (disclaimed): This segment specifies a required procedural element (contact information) that must be included in a DMCA takedown notice, establishing a procedural obligation for submitting a copyright infringement claim. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20Your%20address%2C%20telephone%20number%2C%20and%20e-mail%20address. ### moderation enforcement — risk unknown > A statement by you that you have a good-faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law. - Interpretation (disclaimed): This segment specifies a required substantive statement of good-faith belief that must be included in a DMCA takedown notice, establishing a procedural obligation for content dispute resolution. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20A%20statement%20by,agent%2C%20or%20the%20law. ### moderation enforcement — risk unknown > A statement by you that the above information in your notice is accurate and, under penalty of perjury, that you are the copyright owner or authorized to act on the copyright owner’s behalf. - Interpretation (disclaimed): This segment specifies a required accuracy and perjury attestation that must be included in a DMCA takedown notice, imposing a procedural obligation and legal accountability on the submitting party. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20A%20statement%20by,the%20copyright%20owner%E2%80%99s%20behalf. ### moderation enforcement — risk unknown > 17.6. Export and Trade Controls. You must comply with all applicable trade laws, including sanctions and export control laws. The Service may not be used in or for the benefit of, or exported or re-exported to (a) any U.S. embargoed country or territory or (b) any individual or entity with whom dealings are prohibited or restricted under applicable trade laws. Our Service may not be used for any end use prohibited by applicable trade laws, and your Input may not include material or information that requires a government license for release or export. - Interpretation (disclaimed): This segment imposes an obligation on users to comply with all applicable trade laws, sanctions, and export control laws, and restricts use of the Service in embargoed countries or for prohibited end uses, creating compliance duties and use restrictions with legal consequences. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2017.6.%20Export%20and,for%20release%20or%20export. ### moderation enforcement — risk unknown > 1.5. Use Restrictions. Except and solely to the extent such a restriction is impermissible under applicable law, you may not: (i) reverse engineer, disassemble, decompile, decode, or otherwise attempt to derive or gain access to the source code, object code or underlying structure of the Service; (ii) reproduce, modify, translate, or create derivative works of the Service; (iii) rent, lease, lend, or sell the Service; (iv) remove any proprietary notices from the Service; (v) use the Service or any Suggestions to develop or train a model that is competitive with the Service, or engage in model extraction or theft attacks; (vi) probe, scan or attempt to penetrate the Service; (vii) provide to any third party the results of any benchmark tests of the Service, unless you include all necessary information for others to replicate the tests; (viii) harvest, scrape, or extract data from the Service; (ix) use the Service in any manner that infringes, misappropriates, or otherwise violates any third party’s intellectual or other rights, or that violates any applicable laws or regulations; (x) send or otherwise provide to Anysphere data or information that is subject to specific protections under applicable laws beyond any requirements that apply to "personal information" or "personal data" generally, such as for illustrative purposes, information that is regulated by the Health Insurance Portability and Accountability Act, the Payment Card Industry Data Security Standard, the Gramm-Leach-Bliley Act, and other U.S. - Interpretation (disclaimed): This segment prohibits a broad range of activities including reverse engineering, creating derivative works, reselling, removing proprietary notices, and using the Service to develop competing models or engage in model extraction, establishing enforceable use restrictions on the user. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%201.5.%20Use%20Restrictions.,and%20other%20U.S.%20 ### moderation enforcement — risk unknown > federal, state or foreign laws applying specific security standards; or (xi) knowingly permit any third party to do any of the foregoing. You will promptly notify Anysphere of any unauthorized use that comes to your attention and provide reasonable cooperation to prevent and terminate such use to the extent it is within your control. - Interpretation (disclaimed): This segment imposes an obligation on users to promptly notify Anysphere of unauthorized use and to cooperate in preventing and terminating such use, and extends the use restrictions to prohibit knowingly permitting third parties to engage in prohibited activities. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=federal%2C%20state%20or%20foreign,is%20within%20your%20control. ### moderation enforcement — risk unknown > 2. Eligibility. You must be at least the age of majority in your jurisdiction (e.g., 18 years old in the United States) or 18 years old, whichever is higher, to use the Service. By agreeing to these Terms, you represent and warrant to us that: (a) you are at least 18 years old or the age of majority in your jurisdiction, whichever is higher; (b) you have not previously been suspended or removed from the Service; and (c) your registration and use of the Service is in compliance with all applicable laws in your region. - Interpretation (disclaimed): Restricts Service use to users who meet minimum age requirements and have not been previously suspended, and requires registration to comply with applicable laws, establishing eligibility conditions as a prerequisite to access. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%202.%20Eligibility.%20You,laws%20in%20your%20region. ### moderation enforcement — risk unknown > 9. Termination . You may stop accessing the Services at any time. We reserve the right to modify, suspend, or discontinue the Services or your access to the Services, in whole or in part, at any time without notice to you. Although we will strive to provide you with reasonable advance notice if we stop offering a Service, there may be urgent situations, such as preventing abuse or addressing security issues or responding to legal requirements, where providing advance notice is not feasible. We will not be liable for any change to or any suspension or discontinuation of the Services or your access to them. If you have a Subscription Service, we may terminate the Subscription Service at any time for any other reason. If we exercise this right, we will refund you on a pro rata basis the fees you paid for the remaining portion of your Subscription Service after termination, provided that if we terminate your access to the Service due to a violation of these Terms, you will not be entitled to any refund. We also may terminate your account if it has been inactive for over a year and you do not have a paid account. If we do, we will provide you with advance notice. Upon termination of these Terms, a Subscription Service, or your access to the Service, we may at our option delete any Content or other data associated with your account. Sections 1.5, 4 (with respect to fees outstanding as of such expiration or termination), 5, and 13-17 will survive any expiration or termination of our Terms or a Subscription Service. If you believe we have suspended or terminated your account in error, you can file an appeal with us by contacting hi@cursor.com . - Interpretation (disclaimed): Reserves Anysphere's right to modify, suspend, or discontinue Services or user access at any time without notice and disclaims liability for any resulting impact, including in cases of abuse, security issues, or legal requirements. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%209.%20Termination%20.,by%20contacting%20hi%40cursor.com%20. ### moderation enforcement — risk unknown > 11. Copyright complaints. If you believe that your intellectual property rights have been infringed, please send notice to legal@cursor.com . We may delete or disable content that we believe violates these Terms or is alleged to be infringing and will terminate accounts of repeat infringers where appropriate. Written claims concerning copyright infringement must include the following information: - Interpretation (disclaimed): Establishes the procedure for submitting copyright infringement notices, identifies the contact address, and states Anysphere's practice of deleting or disabling infringing content and terminating repeat infringers' accounts. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2011.%20Copyright%20complaints.,include%20the%20following%20information%3A ### moderation enforcement — risk unknown > A physical or electronic signature of the person authorized to act on behalf of the owner of the copyright interest. - Interpretation (disclaimed): Specifies that a valid copyright infringement notice must include a physical or electronic signature of the person authorized to act on behalf of the copyright owner, as part of the DMCA notice procedure. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20A%20physical%20or,of%20the%20copyright%20interest. ### moderation enforcement — risk unknown > A description of the copyrighted work that you claim has been infringed upon. - Interpretation (disclaimed): Specifies that a valid copyright infringement notice must include a description of the copyrighted work claimed to be infringed, as part of the required notice elements. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20A%20description%20of,has%20been%20infringed%20upon. ### moderation enforcement — risk unknown > A description of where the allegedly infringing material is located in the Service so we can find it. - Interpretation (disclaimed): Specifies that a valid copyright infringement notice must include a description of where the allegedly infringing material is located within the Service, enabling Anysphere to locate it. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20A%20description%20of,we%20can%20find%20it. ### moderation enforcement — risk unknown > Your address, telephone number, and e-mail address. - Interpretation (disclaimed): Specifies that a valid copyright infringement notice must include the claimant's address, telephone number, and email address as required contact information elements. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20Your%20address%2C%20telephone%20number%2C%20and%20e-mail%20address. ### moderation enforcement — risk unknown > A statement by you that you have a good-faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law. - Interpretation (disclaimed): Specifies that a valid copyright infringement notice must include a good-faith belief statement that the disputed use is not authorized by the copyright owner, its agent, or the law. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20A%20statement%20by,agent%2C%20or%20the%20law. ### moderation enforcement — risk unknown > A statement by you that the above information in your notice is accurate and, under penalty of perjury, that you are the copyright owner or authorized to act on the copyright owner’s behalf. - Interpretation (disclaimed): Specifies that a valid copyright infringement notice must include an accuracy statement made under penalty of perjury confirming the claimant is the copyright owner or authorized to act on their behalf. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%20A%20statement%20by,the%20copyright%20owner%E2%80%99s%20behalf. ### moderation enforcement — risk unknown > 17.6. Export and Trade Controls. You must comply with all applicable trade laws, including sanctions and export control laws. The Service may not be used in or for the benefit of, or exported or re-exported to (a) any U.S. embargoed country or territory or (b) any individual or entity with whom dealings are prohibited or restricted under applicable trade laws. Our Service may not be used for any end use prohibited by applicable trade laws, and your Input may not include material or information that requires a government license for release or export. - Interpretation (disclaimed): Imposes a compliance obligation on users to adhere to all applicable trade laws, sanctions, and export control laws, and restricts use of the Service in embargoed countries or territories or by sanctioned individuals or entities, as well as prohibiting use for prohibited end uses or submission of content requiring a government export license. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2017.6.%20Export%20and,for%20release%20or%20export. ### tier differences — risk unknown > 1.6. Beta Services . From time to time, Anysphere may make Beta Services available to you. Beta Services shall be clearly designated as beta, pilot, limited release, non-production, early access, evaluation or a similar description. You may choose to use or not use such Beta Services in your sole discretion. Beta Services are intended for evaluation purposes and not for production use, are not fully supported, and may be subject to additional terms that may be presented to you. Beta Services are provided on an "as-is" and "as available" basis without any warranty, support, maintenance, or storage of any kind. Anysphere may discontinue Beta Services at any time in its sole discretion and may never make them generally available. ANYSPHERE SHALL HAVE NO LIABILITY WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH BETA SERVICES - USE AT YOUR OWN RISK. - Interpretation (disclaimed): Describes Beta Services as a distinct, unsupported tier provided on an as-is basis without warranties, support, or maintenance, and reserves Anysphere's right to subject them to additional terms. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%201.6.%20Beta%20Services,AT%20YOUR%20OWN%20RISK. ### tier differences — risk unknown > 4.1. Paid Services. Certain features of the Service may require you to pay fees. Before you pay any fees, you will have an opportunity to review and accept the fees that you will be charged. Unless otherwise specifically provided for in these Terms, all fees are in U.S. Dollars and are non-refundable, except as required by law. The pricing and payment terms in this Section 4 are subject to any pricing and payment terms set forth in an Order Form. - Interpretation (disclaimed): Specifies that certain features require fee payment, that fees are non-refundable except as required by law, and that Order Form pricing terms take precedence, establishing financial obligations for paid service tiers. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%204.1.%20Paid%20Services.,in%20an%20Order%20Form. ### tier differences — risk unknown > 4.2. Pricing. Anysphere reserves the right to determine pricing for the Service. Anysphere will make reasonable efforts to keep pricing information published on the Service up to date. We encourage you to check our pricing page periodically for current pricing information. Anysphere may change the fees for any feature of the Service, including additional fees or charges, if Anysphere gives you advance notice of changes before they apply through the Service user interface, a pop-up notice, email, or through other reasonable means. Your continued use of the Service after the price change becomes effective constitutes your agreement to pay the changed amount. You will be responsible for all taxes associated with the Service, other than taxes based on Anysphere’s net income. Anysphere, at its sole discretion, may make promotional offers with different features and different pricing to any of Anysphere’s customers. These promotional offers, unless made to you, will not apply to your offer or these Terms. - Interpretation (disclaimed): Reserves Anysphere's right to determine and change pricing with advance notice, and establishes that continued use after a price change constitutes acceptance of the new pricing. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%204.2.%20Pricing.%20Anysphere,offer%20or%20these%20Terms. ### tier differences — risk unknown > 4.4. Subscription Service. The Service may include certain subscription-based plans with automatically recurring payments for periodic charges (“ Subscription Service ”). The “ Subscription Billing Date ” is the date when you purchase your first subscription to the Service. The Subscription Service will begin on the Subscription Billing Date and continue for the subscription period that you select on your account (such period, the “ Initial Subscription Period ”), and will automatically renew for successive periods of the same duration as the Initial Subscription Period (the Initial Subscription Period and each such renewal period, each a “ Subscription Period ”) unless you cancel the Subscription Service or we terminate it. If you activate a Subscription Service, then you authorize Anysphere or its third-party payment processors to periodically charge, on a going-forward basis and until cancellation of the Subscription Service, all accrued sums on or before the payment due date. Information on the recurring fee charged by Anysphere for access to the Subscription Service during each Subscription Period (“ Subscription Fee ”), is available on our Pricing Page , or otherwise described in the Service. Your account will be charged automatically on the Subscription Billing Date and thereafter on the renewal date of your Subscription Service for all applicable fees and taxes for the next Subscription Period. You must cancel your Subscription Service at least 24 hours before it renews in order to avoid billing of the next periodic Subscription Fee to your account. - Interpretation (disclaimed): Defines 'Subscription Service,' 'Subscription Billing Date,' 'Initial Subscription Period,' and automatic renewal mechanics, establishing the structure and duration of subscription-based payment obligations. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%204.4.%20Subscription%20Service.,to%20your%20account.%20 ### tier differences — risk unknown > Anysphere or its third-party payment processor will bill the periodic Subscription Fee to the payment method associated with your account or that you otherwise provide to us. You may cancel the Subscription Service by using the cancellation functionality made available in your billing menu or by contacting us at hi@cursor.com . YOUR CANCELLATION MUST BE RECEIVED BEFORE THE RENEWAL DATE IN ORDER TO AVOID CHARGE FOR THE NEXT SUBSCRIPTION PERIOD. - Interpretation (disclaimed): Describes the procedure for canceling a Subscription Service, specifying that cancellation must occur before the renewal date to avoid the next billing cycle charge, and identifies the billing contact. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=Anysphere%20or%20its%20third-party,THE%20NEXT%20SUBSCRIPTION%20PERIOD. ### tier differences — risk unknown > 4.5. Add-On and Usage-Based Features . You may purchase additional products, services or features that are not individually essential for the functioning of the Service, but that Anysphere makes available to its users for enhanced capabilities on a supplemental basis, including usage-based pricing features that are described in the Service (" Add-Ons "). Add-Ons are deemed part of the Service and governed by these Terms. Fees for Add-Ons include our model-based pricing features, available here , or as otherwise described in the Service. - Interpretation (disclaimed): Defines 'Add-Ons' as supplemental features and usage-based pricing elements, clarifies they are governed by these Terms, and references where fee information is available. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%204.5.%20Add-On%20and,described%20in%20the%20Service. ### tier differences — risk unknown > 17.5. No Support. We are under no obligation to provide support for the Service. In instances where we may offer support, the support will be subject to published policies. - Interpretation (disclaimed): This segment disclaims any obligation by Anysphere to provide support for the Service, while noting that any support offered will be subject to published policies, limiting user expectations and Anysphere's support duties. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2017.5.%20No%20Support.,subject%20to%20published%20policies. ### tier differences — risk unknown > 1.6. Beta Services . From time to time, Anysphere may make Beta Services available to you. Beta Services shall be clearly designated as beta, pilot, limited release, non-production, early access, evaluation or a similar description. You may choose to use or not use such Beta Services in your sole discretion. Beta Services are intended for evaluation purposes and not for production use, are not fully supported, and may be subject to additional terms that may be presented to you. Beta Services are provided on an "as-is" and "as available" basis without any warranty, support, maintenance, or storage of any kind. Anysphere may discontinue Beta Services at any time in its sole discretion and may never make them generally available. ANYSPHERE SHALL HAVE NO LIABILITY WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH BETA SERVICES - USE AT YOUR OWN RISK. - Interpretation (disclaimed): Defines Beta Services as a distinct service tier available at Anysphere's discretion, provided on an as-is/as-available basis without warranty, support, or maintenance, and potentially subject to additional terms, establishing reduced obligations for this tier. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%201.6.%20Beta%20Services,AT%20YOUR%20OWN%20RISK. ### tier differences — risk unknown > 4.1. Paid Services. Certain features of the Service may require you to pay fees. Before you pay any fees, you will have an opportunity to review and accept the fees that you will be charged. Unless otherwise specifically provided for in these Terms, all fees are in U.S. Dollars and are non-refundable, except as required by law. The pricing and payment terms in this Section 4 are subject to any pricing and payment terms set forth in an Order Form. - Interpretation (disclaimed): Establishes that certain Service features require fee payment, that all fees are in USD and non-refundable except as required by law, and that Order Form pricing terms govern where applicable, creating payment obligations and refund restrictions tied to paid service tiers. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%204.1.%20Paid%20Services.,in%20an%20Order%20Form. ### tier differences — risk unknown > 4.2. Pricing. Anysphere reserves the right to determine pricing for the Service. Anysphere will make reasonable efforts to keep pricing information published on the Service up to date. We encourage you to check our pricing page periodically for current pricing information. Anysphere may change the fees for any feature of the Service, including additional fees or charges, if Anysphere gives you advance notice of changes before they apply through the Service user interface, a pop-up notice, email, or through other reasonable means. Your continued use of the Service after the price change becomes effective constitutes your agreement to pay the changed amount. You will be responsible for all taxes associated with the Service, other than taxes based on Anysphere’s net income. Anysphere, at its sole discretion, may make promotional offers with different features and different pricing to any of Anysphere’s customers. These promotional offers, unless made to you, will not apply to your offer or these Terms. - Interpretation (disclaimed): Reserves Anysphere's right to determine and modify pricing for the Service with advance notice, and provides that continued use after a price change constitutes acceptance, affecting users' financial obligations across service tiers. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%204.2.%20Pricing.%20Anysphere,offer%20or%20these%20Terms. ### tier differences — risk unknown > 4.4. Subscription Service. The Service may include certain subscription-based plans with automatically recurring payments for periodic charges (“ Subscription Service ”). The “ Subscription Billing Date ” is the date when you purchase your first subscription to the Service. The Subscription Service will begin on the Subscription Billing Date and continue for the subscription period that you select on your account (such period, the “ Initial Subscription Period ”), and will automatically renew for successive periods of the same duration as the Initial Subscription Period (the Initial Subscription Period and each such renewal period, each a “ Subscription Period ”) unless you cancel the Subscription Service or we terminate it. If you activate a Subscription Service, then you authorize Anysphere or its third-party payment processors to periodically charge, on a going-forward basis and until cancellation of the Subscription Service, all accrued sums on or before the payment due date. Information on the recurring fee charged by Anysphere for access to the Subscription Service during each Subscription Period (“ Subscription Fee ”), is available on our Pricing Page , or otherwise described in the Service. Your account will be charged automatically on the Subscription Billing Date and thereafter on the renewal date of your Subscription Service for all applicable fees and taxes for the next Subscription Period. You must cancel your Subscription Service at least 24 hours before it renews in order to avoid billing of the next periodic Subscription Fee to your account. - Interpretation (disclaimed): Defines the Subscription Service, Subscription Billing Date, Initial Subscription Period, and automatic renewal mechanics, establishing the contractual framework for recurring payment obligations under subscription-based plans. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%204.4.%20Subscription%20Service.,to%20your%20account.%20 ### tier differences — risk unknown > Anysphere or its third-party payment processor will bill the periodic Subscription Fee to the payment method associated with your account or that you otherwise provide to us. You may cancel the Subscription Service by using the cancellation functionality made available in your billing menu or by contacting us at hi@cursor.com . YOUR CANCELLATION MUST BE RECEIVED BEFORE THE RENEWAL DATE IN ORDER TO AVOID CHARGE FOR THE NEXT SUBSCRIPTION PERIOD. - Interpretation (disclaimed): Specifies the procedure for billing the periodic Subscription Fee and for cancelling the Subscription Service, including the deadline requirement that cancellation must be received before the renewal date to avoid charges for the next period. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=Anysphere%20or%20its%20third-party,THE%20NEXT%20SUBSCRIPTION%20PERIOD. ### tier differences — risk unknown > 4.5. Add-On and Usage-Based Features . You may purchase additional products, services or features that are not individually essential for the functioning of the Service, but that Anysphere makes available to its users for enhanced capabilities on a supplemental basis, including usage-based pricing features that are described in the Service (" Add-Ons "). Add-Ons are deemed part of the Service and governed by these Terms. Fees for Add-Ons include our model-based pricing features, available here , or as otherwise described in the Service. - Interpretation (disclaimed): Defines Add-Ons as supplemental, non-essential products or features with usage-based or model-based pricing, clarifies they are part of the Service and governed by these Terms, establishing a distinct pricing tier for enhanced capabilities. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%204.5.%20Add-On%20and,described%20in%20the%20Service. ### tier differences — risk unknown > 17.5. No Support. We are under no obligation to provide support for the Service. In instances where we may offer support, the support will be subject to published policies. - Interpretation (disclaimed): Disclaims any obligation on Anysphere's part to provide support for the Service, while noting that any support offered will be subject to published policies, limiting user expectations and Anysphere's liability with respect to support services. - Tier: All - Location: text-fragment link only — source has no section structure - Source: https://www.cursor.com/terms-of-service - Snapshot SHA-256: `f9a7dc6a810e06e7254f1a5c0affcf5d466b3a942d506906c1f70420ccc258cc` - Wayback: — - Deep link: https://www.cursor.com/terms-of-service#:~:text=%2017.5.%20No%20Support.,subject%20to%20published%20policies.