Privacy Policy

Back to GitGuardian legal

Last updated on February 17, 2025

At GitGuardian, we care about your privacy and are committed to protect your Personal Data in accordance with all applicable data protection laws and regulations.

This GitGuardian Privacy Notice (the “Notice”) gives you information about how GitGuardian (collectively referred to as “GitGuardian”, “we”, “our”, “us”) collect Personal Data about you (“you” or “your”) in when you use our website https://gitguardian.com (“Website”), online products and monitoring services at https://dashboard.gitguardian.com (“Platform”) (collectively, “Services”) and how and why we use that Personal Data in the course of providing your the Services. GitGuardian’s website and platform is owned and operated by, or on behalf of, GitGuardian.

Please carefully read and fully understand this Notice before starting to use our Services.

The Notice explains:

Identity and contact details of the Data Controller
Personal Data we collect
Purposes and Legal bases we rely on to process your Personal Data
How we share your Personal Data
How we safeguard your Personal Data
How long we keep your Personal Data
How your Personal Data is transferred internationally
How you can exercise your data subject rights
Cookies
Update of the Notice
Contact us

Please note that this Notice covers users of our Services, excluding:

(i) applicants or candidates for a job position or offer (which privacy notice may be accessed here: https://www.gitguardian.com/legal/global-applicant-and-candidate-privacy-notice); and

(ii) clients, partners or prospects (which privacy notice is here: https://www.gitguardian.com/legal/client-partner-prospect-privacy-notice)

The provision of your Personal Data is necessary in order to process your data with regard to the use of the Services. If you do not provide your Personal Data, we might not be able to process your request.

Identity and contact details of the Data Controller

GitGuardan SAS is a company headquartered in France, at the registered address 54 rue de Seine 75006 Paris, France, with a US affiliate, GitGuardian Inc., based at 185 Alewife Brook Parkway Ste 210 Cambridge MA 02138.

When we say “GitGuardian” we’re referring to the GitGuardian entities that control and are responsible for your Personal Data.

Personal Data we collect

For the purpose of this Notice, “Personal Data” refers to the information that identifies, relates to, and describes or is reasonably capable of being associated with or being linked (directly or indirectly) to you.

In connection with the Services, we may collect, use and store Personal Data, either:

directly from you when you submit your data via the Services (e.g. when you create an account, participate in any interactive features of the Services, fill out a form, pay for subscriptions, communicate with us via third party social media sites, request support or otherwise communicate with us); or
from automatic collection by us when you use the Services.

Type of Personal Data	Examples
Account data	Name, email address, company name, postal address, phone number (if any), payment information (if any)
Support data	Name, email address, title, company, content of the request
Use of Services data	Log files, IP address, traces, metrics, online identifier, mailing address, session date, time, and duration; the pages you viewed; and the page you visited before navigating to the products or websites, device information
Cookies and similar technologies	We use cookies and similar technologies (like web beacons and pixels) to collect information about your interactions with our Services, including identifiers, usage data, session information. For more information about how we use cookies and similar technologies, please see our Cookie Policy: https://www.gitguardian.com/legal/cookie-policy

Regarding sensitive information, please note that we do not collect or process Personal Data that reveals your government identifiers, financial accounts, racial or ethnic origin, religious, political or philosophical beliefs, genetic data, biometric data, trade union membership, or information about your health/sex life/sexual orientation (“Sensitive Personal Data”).

Purposes and legal bases we rely on to process your Personal Data

We process your Personal Data for the purposes and based on the following below:

Purposes	Legal bases
To provide you with our Services: - Create your GitGuardian account - Enable you to have full access to the Services; - Provide and deliver the products and services you request, process transactions and send you related information, including confirmations and invoices;	- Contractual agreement (the terms and conditions of the website and platform); - Our legitimate interest in establishing and/or maintaining a contractual relationship with you, the company or business to which you belong, or to respond to your requests or questions
To improve our Services: - Provide, maintain and improve the Services; - Monitor and analyze trends, usage and activities in connection with the Services; - Link or combine with information we get from others to help understand your needs and provide you with better service;	Our legitimate interest to provide you always with the best services and to match your expectations
To communicate with you: - Send you technical notices, updates, security alerts, and support and administrative messages - Respond to your comments, questions and requests, and provide customer support; - Communicate with you about products, services, offers, promotions, rewards, and events offered by GitGuardian and others, and provide news and information we think will be of interest to you; - Notify you about important changes to the Services, including changes or updates to this Privacy Policy;	- Our legitime interest to provide you always with the best services and to match your expectations
To ensure security: - Detect, investigate and prevent fraud and other illegal activities and protect the rights and property of GitGuardian and others	- Our legal obligations as a business entity; in cases where our client is a natural person, we use your Personal Data to investigate and prevent fraud or misconduct and to protect our economic interests. - Our legitimate interest for monitoring compliance with regulatory obligations.
To market and promote our Services: - Personalize and improve the Services and provide advertisements, content or features that match user profiles or interests	- Our legitimate interest to inform you of products, solutions, services and offers that may be of interest to you, to send you invitations to participate in GitGuardian’s activities or events, to share market research with you, to send you marketing or sales promotion activities, or to send you customer satisfaction surveys (Please note that You may object at any time to the use of your Personal Data for marketing purposes. For further details, please see Section 8 ‘How you can exercise your data subject rights?’) - Your consent to receive commercial information, if your Personal Data have been collected through our collection forms on our websites
To comply with our legal obligations: - Comply with any of our legal and regulatory requirements; - Having evidence in case a legal claim is pursued by you.	- Our legal obligation: in order to comply with statutory and/or regulatory requirements and obligations, such as equality and immigration legislation, your data may also be used in investigations or as needed in legal proceedings

How we share your Personal Data

We do not sell your Personal Data to third parties. We also do not share your Personal Data to third parties for cross-context behavioral advertising.

Internally, your Personal Data will be shared, on a need-to-know basis, with our Affiliates, or will be subject of business transfers, where relevant, in connection with, or during negotiations of, any merger, sale of GitGuardian assets, financing, or acquisition of all or a portion of our business by another company.

With regard to external third parties, we endeavor to take appropriate steps to ensure that any third party who receives your Personal Data is bound to maintain its confidentiality.

Service Providers, business partners: We use third-party service providers, including payment services providers, who work on our behalf, including to provide hosting services, authentication services, cybersecurity, anti-fraud services, and advertising, which may require us to share your personal information;
Administrative or judicial entities: There may be instances where we may share information about you in response to a request for information if we believe disclosure is permitted or required by an applicable law, regulation, or legal process, including to comply with a subpoena or applicable court order. Further, we may share your personal information with any person to whom disclosure is necessary to enable us to enforce our rights under this Privacy Policy or under any agreement we enter with you or to protect the rights, property, or safety of GitGuardian or third parties;
Advertising and Analytics Services Provided by others: We may allow the following companies to serve advertisements on our behalf across the Internet and in applications: Google Ads, Google analytics, X, Facebook, Quora, Bing ads, Linkedin, Piwik, using email addresses and cookies that are collected. These entities use technologies including cookies, web beacons, device identifiers and other tools to collect information about your use of the Services and other websites and applications, including your IP address, web browser, pages viewed, time spent on pages or in apps, links clicked and conversion information. This information may be used by GitGuardian and GitGuardian service providers to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites and better understand your online activity. For more information about cookies, please see below and for further information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please see GitGuardian’s Cookie Policy.

EXTERNAL LINKS. The Website may, from time to time, contain links to external sites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. We are not responsible for the privacy policies or the content of such sites.

SOCIAL SHARING FEATURES. The Website may offer social sharing features and other integrated tools (“Third-Party”), which lets you share information you find on our website with other media, and vice versa. When you visit one of our pages the plugin establishes a direct connection between your browser and the third-party server. Thus, the Third-Party receives information from your browser as set out in the Third-Party's privacy policy. Please note that we, as provider of the pages, have no knowledge as to the contents of the submitted data or its use by the Third-Party. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.

‍LOG-IN FEATURES. We may allow you to sign up and log in using your Google account. If you sign up using your Google email account, Google will ask your permission to share certain information from your Google account with us. This may include your first name, last name, gender, general location, your timezone and birthday. This information is collected by Google and is provided to us under the terms of Google’s privacy policy.. You can control the information that we receive from Google using the privacy settings in your Google account.

How we safeguard your Personal Data

GitGuardian has implemented and continues maintaining all appropriate technical and organizational measures to protect your Personal Data and ensure the confidentiality, integrity, availability and resilience of all our processing systems and services. We aim at continuously improving our physical, digital and procedural safeguards to prevent any unauthorized access, disclosure, use, modification, damage or loss of your Personal Data.

How long we keep your Personal Data

Unless otherwise required or permitted by applicable laws and regulations, we endeavor not to retain your Personal Data for longer than it takes to complete the legitimate purpose/interests for which it was collected.

This generally means that:

We will retain copies of your Personal Data in a form that allows for identification only for as long as:
- We maintain an ongoing relationship with you;
- Your Personal Data are necessary in connection with the purposes set out in this Privacy Notice and we have a valid legal basis
Data collected when you request information or when you contact us is kept for two (2) years from our last contact, unless you object;
Data collected for commercial purposes is kept for two (2) years from our last contact, unless you object;
Data collected when you exercise your rights relating to your Personal Data is kept for 5 years in intermediate storage from the time the request is closed;

Some Data may be kept at the latest 10 years after collection unless longer retention is required for other valid reasons such as compliance with legal obligations, to resolve disputes or enforce contracts.

Where applicable and for specific Personal Data, as long as needed to comply with any applicable laws or for the establishment, exercise, or defense of a legal challenge related to our business relationship.

How your data are transferred internationally

We may share your Personal Data with our US office, which is located outside of the EEA, in the US. This international transfer of your Personal Data is covered by Standard Contractual Clauses approved by the European Commission, as provided for in Article 46 of the RGPD. If you would like to have access to these Standard Contractual Clauses, please contact us as per Section 11 ‘Contact Us’.

Prior to any sharing with third parties as defined in Section 4, all of our third party recipients are required to take appropriate security measures to protect Personal Data in accordance with our policies. We only allow them to process your Personal Data for specific purposes and in accordance with our instructions and, where applicable, we have taken suitable measures to ensure that your Personal Data is transferred in accordance with applicable data protection law, including, for example, to countries that adequately safeguard Personal Data as approved by the European Commission, or for the transfer of Personal Data to a third country by adopting the standard data protection clauses adopted by the Commission in accordance with Article 46 of the GDPR.

Further information about the appropriate safeguards may be obtained by contacting us at legal@gitguardian.com.

How you can exercise your data subject rights

Before using our Services, you should ensure that all Personal Data you submit is accurate and complete. If you are unable to provide accurate and complete information for any reason or are unwilling to submit the Personal Data required for a specific position, we may not proceed further with your requests.

You may access, update or change personal information you have provided by logging into the Services or emailing us at support@gitguardian.com. Subject to the terms of your agreements with us, you may deactivate their accounts by emailing us at support@gitguardian.com, but note that we may retain certain personal information as necessary to comply with our legal obligations or for legitimate business purposes, such as to resolve disputes or enforce our agreements.

In addition to the above and in accordance with applicable laws and regulations, you have the following rights to your Personal Data:

Your rights	Description
Right of access (art. 15 GDPR)	You can request a confirmation as to whether or not your Personal Data is processed and you can, where applicable, receive a copy of your Personal Data.
Right of rectification (art. 16 GDPR)	You can have your inaccurate Personal Data corrected and incomplete Personal Data completed.
Right of erasure (art. 17 GDPR)	You can have your Personal Data erased under certain conditions.
Right to restrict processing (art. 18 GDPR)	You can require us to restrict processing your Personal Data under certain conditions.
Right of portability (art. 20 GDPR)	You can receive certain Personal Data that you provided in a machine-readable format under certain requirements.
Right to object (art. 21 GDPR)	You can object to the processing of your Personal Data for certain purposes such as direct marketing.
Withdraw consent (art. 7 GDPR)	You can withdraw consent to the processing of your Personal Data
Right to lodge a complaint (art. 15 GDPR)	If you think that the way we process your Personal Data does not comply with applicable data protection laws, you can contact the relevant competent data protection authority. GitGuardian’s lead supervisory authority under GDPR is the French Data Protection Authority CNIL (https://www.cnil.fr/fr/plaintes)
Right to set post-mortem guidelines	You may define specific guidelines for the storage, erasure and communication of your Personal Data after your death. These specific guidelines will only concern the treatments implemented by us and will be limited to this perimeter alone.
Applicable to data subjects of GitGuardian in the state of California, as per the California (“CCPA”): right to non-discrimination	You have the right not to receive discriminatory treatment because you have exercised any of your rights under the CCPA

Before we accede to such a request, we may need to verify your identity. To ensure security and traceability, you may be asked to submit a written request. We always ensure we will promptly respond to such requests.

To make such a request, please click here or write to legal@gitguardian.com.

We may decline to process or limit certain requests under certain circumstances, e.g. if they are manifestly unfounded or excessive, or if they adversely affect the rights and freedoms of others.

Cookies

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services. For more information, please see GitGuardian’s Cookie Policy (https://www.gitguardian.com/legal/cookie-policy).

Update of the Notice

GitGuardian reserves the right to update or change this Notice at any time. You are informed of the date of the last update at the top of this Notice. We will keep the Notice up to date with any changes.

Contact us

Should you have any questions or concerns about this Notice or your privacy, please contact us at legal@gitguardian.com.