Voice of Practitioners Study: The State of Secrets in AppSec
Download ReportDownload Report

Legal terms


GitGuardian SAS
registered under French law
with a capital of 2.389,51€
Head office: 54, rue de Seine - 75006 Paris - France
Registration number : 833 611 742 at RCS Paris
SIRET number: 833 611 742 00010
Editing Director: Eric Fourrier
E-mail: contact@gitguardian.com
President: Eric Fourrier
Managing Director: Jérémy Thomas


Amazon Web Services EMAE SARL - 38 av John F. Kennedy, L-1855 Luxemburg

Intellectual Property

The general structure, software, texts, images, whether or not animated, photographs, sounds, know-how and any other elements composing the website are the exclusive property of the website editor. These elements are subject to the laws protecting copyright.

Terms of use

By accessing this website, by visiting it and/or utilizing it, you agree that you will not engage in any activity that interferes with or disrupts GitGuardian services, or servers or networks connected to GitGuardian services.


Any total or partial representation of this website by any entity or individual without the website operator’s express authorisation is prohibited and would constitute a counterfeit, sanctioned by Articles L.335-2 and subsequent articles of the French Intellectual Property Code.

At GitGuardian, we respect the intellectual property rights of others, and take copyright infringement very seriously.

GitGuardian SAS, a French corporation and its parents, subsidiaries, and affiliates (collectively “GitGuardian”) enables developers, ops, security and compliance professionals to enforce security policies across public and private code (the “SERVICES”).

The SERVICES enable customers and partners of GitGuardian (the “CUSTOMERS”) to publish content. GitGuardian disclaims all liability with respect to any and all allegedly infringing material disseminated by its CUSTOMERS.

Copyright owners and their authorized agent(s) may submit a complaint of alleged copyright infringement to GitGuardian if they have a good-faith belief that their protected works are being infringed. Such complaints may be emailed to legal@gitguardian.com or sent by regular mail or courier to:

54 rue de Seine
75006 Paris

To be effective, the NOTICE must include:

A physical or electronic signature.
Identification of the copyrighted work claimed to have been infringed (if multiple copyrighted works are covered by a single notification, a representative list of such works).
Information reasonably sufficient to permit GitGuardian to contact the owner or authorized agent, such as an address, telephone number, and email address.
The following statement: “I have a good faith belief that use of the copyrighted materials described above as allegedly infringing is not authorized by the copyright owner, its agent, or the law.”
The following statement: “I swear that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.”

GitGuardian DMCA notice

At GitGuardian, we respect the intellectual property rights of others, and take copyright infringement very seriously.

GitGuardian SAS, a French corporation and its parents, subsidiaries, and affiliates (collectively “GitGuardian”) enables developers, ops, security and compliance professionals to enforce security policies across public and private code. This DMCA Policy (the “POLICY”) applies to all services, products, and components thereof which are offered by GitGuardian (the “SERVICES”).

The SERVICES enable customers and partners of GitGuardian (the “CUSTOMERS”) to publish content. GitGuardian disclaims all liability with respect to any and all allegedly infringing material disseminated by its CUSTOMERS.

Copyright owners and their authorized agent(s) may submit a complaint of alleged copyright infringement to GitGuardian if they have a good-faith belief that their protected works are being infringed. Such complains (each, a “DMCA NOTICE”) may be emailed to legal@gitguardian.com or sent by regular mail or courier to:

Copyright Agent
54 rue de Seine
75006 Paris

To be effective, a DMCA NOTICE must include:

A physical or electronic signature.
Identification of the copyrighted work claimed to have been infringed (if multiple copyrighted works are covered by a single notification, a representative list of such works).
Identification of the material that is claimed to be infringing or to be the subject of infringing activity, including information reasonably sufficient to permit GitGuardian to locate the material.
Information reasonably sufficient to permit GitGuardian to contact the owner or authorized agent, such as an address, telephone number, and email address.
The following statement: “I have a good faith belief that use of the copyrighted materials described above as allegedly infringing is not authorized by the copyright owner, its agent, or the law.”

This document informs Users about the technologies that help this Website to achieve the purposes described below. Such technologies allow the Owner to access and store information (for example by using a Cookie) or use resources (for example by running a script) on a User’s device as they interact with this Website.

For simplicity, all such technologies are defined as "Trackers" within this document – unless there is a reason to differentiate.
For example, while Cookies can be used on both web and mobile browsers, it would be inaccurate to talk about Cookies in the context of mobile apps as they are a browser-based Tracker. For this reason, within this document, the term Cookies is only used where it is specifically meant to indicate that particular type of Tracker.

Some of the purposes for which Trackers are used may also require the User's consent. Whenever consent is given, it can be freely withdrawn at any time following the instructions provided in this document.

This Website uses Trackers managed directly by the Owner (so-called “first-party” Trackers) and Trackers that enable services provided by a third-party (so-called “third-party” Trackers). Unless otherwise specified within this document, third-party providers may access the Trackers managed by them.
The validity and expiration periods of Cookies and other similar Trackers may vary depending on the lifetime set by the Owner or the relevant provider. Some of them expire upon termination of the User’s browsing session.
In addition to what’s specified in the descriptions within each of the categories below, Users may find more precise and updated information regarding lifetime specification as well as any other relevant information – such as the presence of other Trackers - in the linked privacy policies of the respective third-party providers or by contacting the Owner to find more information dedicated to Californian consumers and their privacy rights, Users may read the privacy policy.

Activities strictly necessary for the operation of this Website and delivery of the Service

This Website uses so-called “technical” Cookies and other similar Trackers to carry out activities that are strictly necessary for the operation or delivery of the Service.

Other activities involving the use of Trackers

This Website uses Trackers to measure traffic and analyze User behavior with the goal of improving the Service.

The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.Google AnalyticsGoogle Analytics is a web analysis service provided by Google LLC or by Google Ireland Limited, depending on the location this Website is accessed from, (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data processed: Cookies and Usage Data.

Place of processing: United States – Privacy Policy – Opt Out; Ireland – Privacy Policy – Opt Out. Privacy Shield participant.

Targeting & Advertising

This Website uses Trackers to deliver personalized marketing content based on User behavior and to operate, serve and track ads.

Some of the advertising services used by the Owner adhere to the IAB Transparency and Consent Framework, an initiative that facilitates responsible privacy practices across the digital advertising industry - providing Users with enhanced transparency and control over how their data are used for advertising tracking purposes. Users can customize their advertising preferences at any time by accessing the advertising preferences panel from within the cookie notice or via the relevant link on this Website.This Website participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies.

This Website uses iubenda (identification number 123) as a Consent Management Platform.

Remarketing and behavioral targeting

This type of service allows this Website and its partners to inform, optimize and serve advertising based on past use of this Website by the User.
This activity is facilitated by tracking Usage Data and by using Cookies and other Identifiers to collect information which is then transferred to the partners that manage the remarketing and behavioral targeting activity.
Some services offer a remarketing option based on email address lists.
In addition to any opt-out feature provided by any of the services below, Users may opt out by visiting the Network Advertising Initiative opt-out page.

Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.

LinkedIn Website Retargeting (LinkedIn Corporation)

LinkedIn Website Retargeting is a remarketing and behavioral targeting service provided by LinkedIn Corporation that connects the activity of this Website with the LinkedIn advertising network.Personal Data processed: Cookies and Usage Data.Place of processing: United States – Privacy PolicyOpt Out. Privacy Shield participant.

How to manage preferences and provide or withdraw consent

There are various ways to manage Tracker related preferences and to provide and withdraw consent, where relevant:

Users can manage preferences related to Trackers from directly within their own device settings, for example, by preventing the use or storage of Trackers.

Additionally, whenever the use of Trackers is based on consent, Users can provide or withdraw such consent by setting their preferences within the cookie notice or by updating such preferences accordingly via the relevant consent-preferences widget, if available.

It is also possible, via relevant browser or device features, to delete previously stored Trackers, including those used to remember the User’s initial consent.

Other Trackers in the browser’s local memory may be cleared by deleting the browsing history.

With regard to any third-party Trackers, Users can manage their preferences and withdraw their consent via the related opt-out link (where provided), by using the means indicated in the third party's privacy policy, or by contacting the third party.

Locating Tracker Settings

Users can, for example, find information about how to manage Cookies in the most commonly used browsers at the following addresses:

Users may also manage certain categories of Trackers used on mobile apps by opting out through relevant device settings, such as the device advertising settings for mobile devices, or tracking settings in general (Users may open the device settings, view and look for the relevant setting).

Advertising industry specific opt-outs

Notwithstanding the above, Users may follow the instructions provided by YourOnlineChoices (EU), the Network Advertising Initiative (US) and the Digital Advertising Alliance (US), DAAC (Canada), DDAI (Japan) or other similar services. Such initiatives allow Users to select their tracking preferences for most of the advertising tools. The Owner thus recommends that Users make use of these resources in addition to the information provided in this document.

The Digital Advertising Alliance offers an application called AppChoices that helps Users to control interest-based advertising on mobile apps.

Owner and Data Controller

54 rue de Seine
75006 Paris

Owner contact email: contact@gitguardian.com

Since the use of third-party Trackers through this Website cannot be fully controlled by the Owner, any specific references to third-party Trackers are to be considered indicative. In order to obtain complete information, Users are kindly requested to consult the privacy policies of the respective third-party services listed in this document.

Given the objective complexity surrounding tracking technologies, Users are encouraged to contact the Owner should they wish to receive any further information on the use of such technologies by this Website.

Definitions and legal references:

• Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

• Usage Data
Information collected automatically through this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

• User
The individual using this Website who, unless otherwise specified, coincides with the Data Subject.

• Data Subject
The natural person to whom the Personal Data refers.

• Data Processor (or Data Supervisor)
The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

• Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is the Owner of this Website.

• This Website (or this Application)
The means by which the Personal Data of the User is collected and processed.

• Service
The service provided by this Website as described in the relative terms (if available) and on this site/application.

• European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

• Cookie
Cookies are Trackers consisting of small sets of data stored in the User's browser.

• Tracker
Tracker indicates any technology - e.g Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of Users, for example by accessing or storing information on the User’s device.

Legal information

This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).This privacy policy relates solely to this Website, if not stated otherwise within this document.

Privacy policy

This Privacy Policy explains how information about you is collected, used and disclosed by GitGuardian (collectively, “GitGuardian”, “we” or “us”) when you use our website https://gitguardian.com (“Website”), online products and monitoring services at https://dashboard.gitguardian.com (“Platform”) (collectively, “Services”). This Privacy Policy also describes your choices regarding use, access and correction of personal information collected about you through our Services. Please read this Privacy Policy carefully and ensure that you understand it before you start to use our Services.

This Website is owned and operated by, or on behalf of, GitGuardian (“we”, “our” or “us”).

By accessing and using the Services, you acknowledge that you have read and understood the content of this Privacy Policy. We reserve the right to update this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the Privacy Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Privacy Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy.

Information You Provide to Us through the Services

We collect and process information you provide directly to us via the Services. Personal data submitted through the Services include the details you submit when you create an account, participate in any interactive features of the Services, fill out a form, pay for subscriptions, apply for a job, communicate with us via third party social media sites, request customer support or otherwise communicate with us. The types of information we may collect include your name, email address, company name, postal address, phone number and any other information you choose to provide.

Information We Collect Automatically When You Use the Services

When you access or use the Services we automatically collect information about you, including:

Log Files: We gather certain information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to the Services, and store it in log files. We do not monitor or log data collected from your servers when using the Services, but we may log or monitor information about your access to our Services.
Information Collected by Cookies and Other Tracking Technologies: We use various technologies to collect information, including cookies and web beacons. For more information about cookies, and how to disable them, please see our Cookie Policy page and Your Choices below.

Use of information

We may use information about you to:

Enable you to have full access to the Services;
Provide, maintain and improve the Services;
Provide and deliver the products and services you request, process transactions and send you related information, including confirmations and invoices;
Send you technical notices, updates, security alerts, and support and administrative messages;
Respond to your comments, questions and requests, and provide customer support;
Create your GitGuardian account and identify you when you sign-in to your account in accordance with your agreement with us;
Communicate with you about products, services, offers, promotions, rewards, and events offered by GitGuardian and others, and provide news and information we think will be of interest to you;
Monitor and analyze trends, usage and activities in connection with the Services;
Detect, investigate and prevent fraud and other illegal activities and protect the rights and property of GitGuardian and others;
Personalize and improve the Services and provide advertisements, content or features that match user profiles or interests;
Notify you about important changes to the Services, including changes or updates to this Privacy Policy;
Link or combine with information we get from others to help understand your needs and provide you with better service;
Consider you for possible employment at GitGuardian in connection with an application that you submit; and
Carry out any other purpose described to you at the time the information was collected.

Sharing of information

We may share your personal information as follows or as otherwise described in this Privacy Policy:

With vendors, consultants and other service providers we have vetted and approved who need access to such information to carry out work on our behalf only to the extent necessary for the performance of any agreement we enter into with you. This includes companies providing the following services for our Website and/or Platform: hosting services, authentication services, cyber security and anti-fraud services, and advertising;
In response to a request for information if we believe disclosure is permitted by, in accordance with, or required by, any applicable law, regulation or legal process such as to comply with a subpoena or applicable court order;
With any person to whom disclosure is necessary to enable us to enforce our rights under this Privacy Policy or under any agreement we enter into with you or to protect the rights, property and safety of GitGuardian or third parties;
In connection with, or during negotiations of, any merger, sale of GitGuardian assets, financing or acquisition of all or a portion of our business by another company;
Between and among GitGuardian and all companies affiliated with GitGuardian who may act for us for any of the purposes set out in this Privacy Policy, including our current and future parents, affiliates, subsidiaries and other companies under common control and ownership;
With analytics and search engine providers that assist us in the improvement and optimization of our Website, subject to our Cookies Policy; and
With your consent or at your direction.

We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.

Lawful Basis For Processing Your Information

We are required to state the lawful basis under which we process the personal data of our users from the European Union. Accordingly, the lawful bases upon which we process your personal information are as follows:

Where it is necessary to obtain your prior consent to the processing concerned in order for us to be allowed to do it, for instance in relation to direct marketing, we will obtain and rely on your consent in relation to the processing concerned.
Otherwise, we will process your personal data only where the processing is necessary for compliance with a legal obligation to which we are a subject; or
For the purposes of the legitimate interests pursued by us in promoting our business, providing the Platform to our business customers pursuant to our legal agreements with them, and in ensuring the security, accessibility and improvement of our Website and Platform and the development of new technology and services.

External Links

The Website may, from time to time, contain links to external sites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. We are not responsible for the privacy policies or the content of such sites.

Social Sharing Features

The Website may offer social sharing features and other integrated tools (“Third-Party”), which lets you share information you find on our website with other media, and vice versa. When you visit one of our pages the plugin establishes a direct connection between your browser and the third-party server. Thus, the Third-Party receives information from your browser as set out in the Third-Party's privacy policy. Please note that we, as provider of the pages, have no knowledge as to the contents of the submitted data or its use by the Third-Party. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.

Log-in Features

We may allow you to sign up and log in using your Google account. If you sign up using your Google email account, Google will ask your permission to share certain information from your Google account with us. This may include your first name, last name, gender, general location, your timezone and birthday. This information is collected by Google and is provided to us under the terms of Google’s privacy policy.. You can control the information that we receive from Google using the privacy settings in your Google account.

Advertising and Analytics Services Provided by Others

We mays allow the following companies to serve advertisements on our behalf across the Internet and in applications: Google AdWords, Google analytics, Marketo, Twitter, Facebook, Adroll, Quora, Bing ads, Linkedin, Terminus, Demand base, Instagram, and Reddit using email address and cookies that are collected. These entities use technologies including cookies, web beacons, device identifiers and other tools to collect information about your use of the Services and other websites and applications, including your IP address, web browser, pages viewed, time spent on pages or in apps, links clicked and conversion information. This information may be used by GitGuardian and GitGuardian service providers to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites and better understand your online activity. For more information about cookies, please see below and for further information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please see GitGuardian’s Cookie Policy.

Information Collected on Behalf of Customers in providing our Platform

In the case of personal information we handle or receive on behalf of a customer in connection with their access to, and use of, our Platform (“Customer PI”), we have no direct relationship with the customer’s employees or other individuals with whom that customer may interact with respect to the Platform. If you are such an employee or individual and are seeking access to, or would like to correct, amend or delete, Customer PI, you should direct your query to the applicable customer. We will respond within a reasonable timeframe to a customer’s request to remove Customer PI. Please note that the foregoing will not limit EU individuals from making certain requests relating to their personal data as provided in Your Rights below.We will not use Customer PI except for the purpose of providing and supporting the Services for the applicable customer. Customer PI will be retained for as long as needed for that purpose and as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.


Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal information for marketing and to provide you with promotional update communications by email about our products/services. You can object to further marketing at any time by selecting the “unsubscribe” link at the end of all our marketing and promotional electronic communications to you, or by contacting us using the contact details set out in the Your Choices and Your Rights sections of this Privacy Policy.

As part of the registration process for events hosted by GitGuardian which you register to attend, we may request personal data such as: your name, address, email address and telephone number, and details relevant to your occupation or employer. This information is required to process your registration for the event and to provide you with relevant event materials. This data may be shared with third party service providers engaged by us as more fully explained in the Sharing of Information section of this Privacy Policy. If you show an interest in an exhibitor at an event hosted by GitGuardian, such as by consenting to have your attendee badge scanned, we will provide your data to such exhibitors who may contact you for their own direct advertising and marketing purposes. In that case, the exhibitors’ use of your information would be subject to the exhibitors’ privacy policies. For events sponsored by GitGuardian, the event host may provide your personal data to GitGuardian, subject to your consent. GitGuardian will use the data as set forth in the Use of Information section of this Privacy Policy.


We take reasonable steps, including physical, technical and organizational measures, to protect your personal information from unauthorised access and against unlawful processing, accidental loss, destruction and damage. Unfortunately, transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information submitted to us.Your personal information will be retained by GitGuardian for the duration of your account and may be retained for a period after this time as necessary and relevant to our legitimate interests, our terms of agreement with you and in accordance with applicable legal obligations. This may include retention necessary to meet our tax reporting requirements as well as time required to enforce the relevant terms of agreement or to identify, issue or resolve legal proceedings.We may retain a record of your stated objection to the processing of your data, including in respect of an objection to receiving marketing communications, for the sole legitimate purpose of ensuring that we can continue to respect your wishes and not contact you further, during the term of your objection.

Transfer of Information to the U.S. and Other Countries

GitGuardian is based in France but its servers are hosted in the United States, in Canada and in France. By accessing or using the Services or otherwise providing information to us, you understand that your information will be subject to processing, transfer and storage in and to the U.S., France and Canada, where you may not have the same rights and protections as you do under local law.

Your Rights

EU individuals have rights in relation to their personal data which is processed by GitGuardian. If you are an EU data subject, you may, by emailing us at legal@gitguardian.com :

Request access to the personal data concerned.
Request that any incorrect personal data about you that we are processing be rectified.
Request that we erase the personal data concerned.
Withdraw your consent at any time where we are processing personal data relating to you on the basis of your prior consent to that processing, after which we shall stop the processing concerned.
Lodge a formal complaint with the CNIL in France (or your local EU supervisory authority if you live outside France) if you have a complaint about any processing of your personal data being conducted by us.

If the requested EU Data is Customer PI, please include the name of the applicable customer in your request; we will refer the request to that customer to respond directly to you and will support them as needed to respond to your request.

Your Choices

Account Information

‍Our customers may access, update or change personal information they have provided by logging into the Services or emailing us at support@gitguardian.com.
Subject to the terms of their agreements with us, Customers may deactivate their accounts by emailing us at support@gitguardian.com, but note that we may retain certain personal information as necessary to comply with our legal obligations or for legitimate business purposes, such as to resolve disputes or enforce our agreements. We may also retain cached or archived copies of personal information for a certain period of time.

If you are an individual with whom one of our customers interacts with respect to the Services (e.g., an employee of a customer), as noted above, you should direct any requests regarding access, modification or deletion of personal information to the applicable customer.


‍Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services. For more information, please see GitGuardian’s Cookie Policy.

Promotional Communications

You may opt out of receiving promotional emails from GitGuardian by following the instructions in those emails or by emailing legal@gitguardian.com. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.

Contact us

In case of questions or concerns about this Privacy Policy, you can contact GitGuardian at legal@gitguardian.com or by letter at GitGuardian, 54 rue de Seine 75006 Paris, France.

Good Samaritan Developer Alerting Service

1. About the Good Samaritan Developer Alerting Service

In the course of our business, based on a responsible approach and for ethical reasons, we collect the business email addresses of developers who have inadvertently published identifiers or secrets on the GitHub public code repository at https://github.com/ and alert them by email.

The email sent to professional developers includes a link to the service offered by GitGuardian and all the information necessary to allow developers to independently remediate the incident if they do not wish to use the GitGuardian services. 

In doing this, GitGuardian acts only as a Good Samaritan, in a pro bono manner, for the sole purpose of protecting developers from serious and imminent danger.  

GitGuardian’s purpose in providing this service is compelling. We cannot witness such security breaches, some of which are estimated to be worth tens of thousands of dollars in potential damage, without making our best efforts to assist those who may be harmed. 

This information notice aims at providing you with information about the processing of data carried out by us in the context of our Good Samaritan developer alerting service, so that you can understand why and how your data are processed, where applicable.

2. Personal data we process

The only personal data collected and processed by GitGuardian as part of the Good Samaritan developer alerting service is: 

the developers’ business email address listed on their public GitHub profile.

3. Legitimate purposes pursued by GitGuardian 

The data processing carried out in the context of the developer alerting service has the legitimate purpose of:  

alerting, free of charge, via their business email address, developers who have inadvertently published identifiers on the GitHub public code repository platform;
assisting them.

4. Legal basis of our processing

Pursuant to Article 6(1)(f) of the General Data Protection Regulation, the processing is based on the legitimate interests pursued by GitGuardian.

As a cybersecurity firm, we are aware of our responsibility and role in protecting personal data. We therefore offer our developer alerting service out of a purely ethical concern. 

Although we have no general duty to monitor public code repositories and are not commissioned by clients to do so, we have voluntarily set up this developer alerting service to combat leaked identifiers and other secrets hidden in source code, thereby fighting against cyber attacks.

This service, which is free of charge for developers, is intended solely to: 

protect professional developers against leaked identifiers and other secrets hidden in source code;
assist them while leaving them free to remedy the leak on their own or to choose to use the services of GitGuardian;
establish our reputation as a ‘White Hat’, a term used in cybersecurity to designate those with a deeply ethical approach.

In our “The State of Secrets Sprawl 2022” report published on our website, we note an alarming growth in the number of corporate secrets found in source code exposed to the public via GitHub.

In 2021, we detected more than 6 million secrets over the year. This high percentage reflects poor control processes, bad practices, old habits that need to be eradicated and sometimes a lack of awareness among developers of Security by Design. These inattentions can then be used as a basis for cyber-attacks or information leaks.

Thanks to these emails, we have built a very strong community of developers who are grateful for the service we provide and have gained a reputation, including internationally (our customers include large American corporations). In France, GitGuardian was rewarded at the International Cyber Security Forum 2021 (FIC) by Mr. Cédric O (winner of the FIC Start-up of the Year Award).

5. Data recipients

Access to your data is limited to the developers of the GitGuardian’s Good Samaritan alerting service.

We ensure that only authorized persons have access to your data.

6. Data transfers 

We may transfer personal data outside the European Union as part of the IT tools we use for our business.

These transfers can only be made after we have taken steps to secure them, for example by ensuring that we have concluded the standard clauses adopted by the European Commission to provide a framework for flows.

7. How long we will keep developers’ business email addresses 

We have a data purge policy in place to ensure that developers’ email addresses are kept for no longer than is necessary for the purposes for which we collect them. 

Under this purge policy, a developer’s email address is kept for five (5) years and then automatically deleted. 

We allow alerted developers the option of using our free service for five (5) years. 

Developers will not be contacted by GitGuardian while their email address is kept.

8. Data security

The security of your personal data is very important to us.

We have implemented appropriate technical and organizational measures to ensure the security and confidentiality of the data processed in the context of the developer alerting service, with a view to protecting such data from malicious intrusion, loss, alteration or disclosure to unauthorized third parties.

We are committed to a SOC 2 approach to the security of our information system. 

We also have an internal information security policy, which is reviewed annually.

9. Processors

When we use a service provider, we will only disclose personal data to them after we have obtained an undertaking and guarantees from them that they will meet the security and confidentiality requirements laid down by data protection regulations. 

In compliance with our statutory and regulatory obligations, we enter into contracts with our processors, which precisely define the terms and conditions under which they process personal data, in accordance with personal data protection laws.

We use several processors for processing data in the context of the developer alerting service. 

For data hosting, we use:

For sending emails, we use: 

10. Rights of data subjects

We are very committed to respecting your rights in the context of the data processing that we carry out, in order to ensure fair and transparent processing. 

In accordance with the applicable regulations, you have the right to access, rectify and delete your personal data. You may also object at any time to the processing of your personal data or request the restriction of such processing. 

You further have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

You may also give instructions concerning the fate of your data after your death.

Where necessary, you should know that you have the right to file a complaint with the CNIL or a right to a judicial remedy.

The rights you have and how to exercise them are described in more detail below.

10.1 Right of access to data 

In the interests of transparency, GitGuardian undertakes to provide you on request with a copy of the personal data that it processes concerning you, including in electronic format.

Exercising the right of access to your data allows you to verify their accuracy and, where necessary, to have them rectified or erased.

You may have access to the following information:

the purposes of the processing;
the categories of personal data processed;
the recipients or categories of recipient to whom your personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from us rectification or erasure of your personal data, and the existence of the right to request from us restriction of processing of your personal data or to object to such processing;
details on the right to file a complaint with a supervisory authority;
where the personal data are not collected from you, any available information as to their source;
the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the consequences of such processing for you;
information on how any data transfers to countries outside the European Union are framed.

For any further paper copies requested by you, we may charge a reasonable fee based on administrative costs.

10.2 Right to rectification of data

If the data about you held by GitGuardian are inaccurate, incomplete or out of date, you may request that they be rectified at any time.

10.3 Right to erasure of data

You may request the erasure of your personal data in the cases provided for by laws and regulations.

However, we would like to draw your attention to the fact that this right cannot be exercised in respect of data that must be retained to enable us to comply with legal obligations, or to enable us to establish, exercise or defend our legal claims.

10.4 Right to restriction of processing

You may request the restriction of processing of your personal data in the cases provided for by laws and regulations.

10.5 Right to object to processing

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data where the legal basis is the legitimate interest pursued by the controller. 

If you exercise such a right to object, we will ensure that we no longer process your personal data in connection with the processing concerned unless we can demonstrate compelling legitimate grounds for continuing such processing. These grounds must override your interests, rights and freedoms, or the processing must be justified for the establishment, exercise or defense of legal claims.

10.6 Right to file a complaint

You have the right to file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) (3 place de Fontenoy 75007 Paris) in French territory, without prejudice to any other administrative or judicial remedy.

10.7 Right to given post-mortem instructions

You have the possibility of defining specific instructions on how your personal data should be stored, deleted and shared after your death. These special instructions will only apply to the processing carried out by us and will be limited to that scope.

You also have the right to define general instructions concerning all your personal data. They may be registered with a third party digitally certified by the Commission Nationale de l’Informatique et des Libertés (CNIL).

You may revoke your instructions at any time.

10.8 How to exercise your rights 

You can send us your requests to exercise your rights either:

by email to the address: legal@gitguardian.com; or
by mail to the following address: GitGuardian 54 rue de Seine 75006 Paris

A reply will be sent to you within one month of receipt of your request. That period may be extended by two further months where necessary. In such a case, you will be informed of any such extension, together with the reasons for the delay.

11. Change to this information notice 

We invite you to consult this policy regularly on our website. It may be updated from time to time.

GitGuardian terms of services

Welcome to GitGuardian!
GitGuardian is the leader of automated secrets detection in public and private repositories.
The services outlined herein are provided by GitGuardian SAS, a French corporation, and its parents, subsidiaries, and affiliates (collectively “GitGuardian”).
These Terms of Services (“Terms” or “this Agreement”) cover Customer’s use and access to the products and services provided by GitGuardian.


The purpose of these Terms is to set forth the conditions under which Customers may use the Services. These Terms along with the Privacy Policy set forth the entire understanding of the parties with respect to use of the Services and supersede all prior or contemporaneous agreements, understandings, representations, and warranties with respect to use of the Services.

These Terms may be amended by GitGuardian from time to time in accordance with the terms below. Customer should review the Terms prior to using the Services. By using the Services, Customer acknowledges that the Services fulfill its requirements and needs and that it has received all necessary advice and information from GitGuardian when purchasing or registering to the Services.

If Customer has entered into a separate Services Agreement with GitGuardian for itself and its employees, contractors and agents use of the Services, then that agreement will supersede these Terms of Services in case of contradiction.

Please read these Terms of Services carefully before you start to use the Services. We recommend that you print a copy of this for future reference.
By using the Services, you are confirming that you accept these Terms of Services and that you agree to comply with them. If you do not agree to these Terms of Services, you must not use the Services.


“Customer” means GitGuardian customers who receive a license to use the Services.
“Customer Content” means all non-public works and non-public materials including Customer Data uploaded to, stored on, processed using or transmitted via the Platform by or on behalf of the Customer or by any person or application or automated system using the Customer’s account; and otherwise provided by the Customer to GitGuardian in connection with this Agreement.
“Customer Data” means any non-public electronic data and non-public information uploaded by or for the Customer via the Services or collected and processed by or for the Customer using the Services.
“Documentation” means the documents, presentations, websites, notes, notices, brochures, emails, comments, social media publications, recordings, questions & answers, customer support publications or discussions, edited or published by GitGuardian about GitGuardian’ Services.
“GitGuardian” means GitGuardian SAS, French registered corporation, and its parents, subsidiaries, and affiliates (collectively “GitGuardian” or “we”, “us”, “our”), the provider of the Services and operator of the Platform.
“Platform” means Gitguardian for Internal Repositories Monitoring Platform, composed of different elements of software and services (e.g.  algorithms, code etc.). They allow collecting, storing and analyzing data from repositories and other data sources.
“Secrets” means anything used to authenticate or authorize access to any system, most common are API keys, database credentials or security certificates.
“Services” means all services, products, and components thereof offered by GitGuardian. GitGuardian's Internal Repositories Monitoring solution integrates directly into Customer’s DevOps pipeline. It empowers the Customer to detect Secrets in his source code, and to collaborate to revoke them as soon as possible. The Services are provided through the Platform accessible here: https://dashboard.gitguardian.com.
“Service Data” means all information and data made available to you in connection with the Services.

Change of these terms

GitGuardian may revise these Terms of Services at any time by amending this page. Where appropriate (for example, where the changes limit Customer’s rights or increase its obligations), GitGuardian will also give notice of the changes by sending an email – where possible, a reasonable time in advance.
Please check this page from time to time and give careful consideration to any emails GitGuardian sends, as the changes to the Terms of Services will be binding on you.

GitGuardian's obligations

GitGuardian shall use good faith effort to deliver the Services.


Provided Customer has not materially breached these Terms, GitGuardian grants Customer a non-transferable, non-exclusive, worldwide, royalty free, and revocable license to Customers to use the Services, subject to the restrictions set forth in the Acceptable Use Policy, below, as well as any other restrictions set forth in these Terms.
Free Tier plan: Under the Free Tier plan, Customer is granted a free-of-charge monthly renewable license to use a restricted range of the Services. The Free Tier plan license is non-transferable, non-exclusive, worldwide, royalty free, and revocable.
Free Trial plan: Under the Free Trial plan, Customer is granted a free-of-charge 30-day license to use the full extent of the Services. The Free Trial plan license is non-transferable, non-exclusive, worldwide, royalty free, and revocable.

Updates to the Services

GitGuardian reserves the right, in its sole discretion, to manage, update, change, modify, suspend, discontinue or upgrade part of or all of the Services at any time, to ensure optimum performance for all Customers, or for any other purpose.
These Terms of Services will apply to such new services, features or functionality, unless they come with separate or additional terms, in which case Customer will be required to agree to such separate or additional terms before being permitted to use the new services, features or functionality.
GitGuardian shall, to the extent possible, inform the Customer within a reasonable timeframe about the nature and the duration of any modification or upgrade, update, or other change made to the Services.


GitGuardian may use Customer Data and Customer Content solely in furtherance of the Services, or to improve the Services. Other than as permitted under these terms, GitGuardian will not disclose Customer Data or Customer Content to any third party.
GitGuardian may disclose Customer Data or Customer Content: (i) as required under applicable securities regulations; or (ii) on a confidential basis, to potential private investors in or acquirers and/or to its legal or financial advisors that need to know such in order to provide business advice; or (iii) to the extent necessary to comply with applicable law or court order.

Customer's rights and obligations

Acceptance of Terms

By using the Services (as such term is defined herein), The Customer agrees to be bound by these Terms. Customer hereby warrants that he is 18 years of age or older or, where he is not, that he has the consent of its parent or guardian to use the Services in accordance with these Terms of Services.If the Customer is using the Services for an organization, or any corporate or government entity, Customer is agreeing to these Terms on behalf of that organization or entity and hereby warrants that he has authority to bind the company (as the contracting party) to these Terms of Services.

Username and Password

When Customer registers for an account on the Platforms (including via third party authentication), Customer is responsible for any use of GitGuardian Services with its account details, and for protecting its account details from unauthorised use. Customer is also responsible for the security of any computer from which he signs into his account. GitGuardian shall not be liable for any illicit or fraudulent use of the Customer’s account.

Customer Data

If GitGuardian processes any Customer Data on the Customer’s behalf when performing its obligations under this Terms, the parties record their intention that the Customer shall be the data controller and GitGuardian shall be a data processor and in any such case:

1. The Customer shall own any and all Customer Data and shall be solely responsible for the accuracy and quality of any and all Customer Data and for establishing all terms and conditions applicable to the Customer’s own customers or employees. The Customer shall ensure that the Customer is entitled to transfer the Customer Data to GitGuardian so that GitGuardian may lawfully use, process and transfer the Customer Data in accordance with this Agreement on the Customer’s behalf. The Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation. GitGuardian shall process the Customer Data only in accordance with the terms of this Agreement and any lawful documented instructions reasonably given by the Customer from time to time including with regard to transfers of Customer Data to a third country or an international organization, unless the laws of the state to which GitGuardian is subject require GitGuardian to process the data; in such a case, GitGuardian shall inform the Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest. GitGuardian and Customer shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. GitGuardian shall ensure that persons authorized to process the Customer Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Customer hereby grants GitGuardian a worldwilde non-exclusive, royalty-free,license during the term to access, use, store, display, reproduce and transmit Customer Data solely for the purpose of providing the Service and any applicable professional services in accordance with this Agreement.

2. The Customer grants to GitGuardian a worldwide, perpetual, irrevocable, royalty-free license to use, copy, modify, distribute, create derivative works of and otherwise exploit anonymous usage data derived from the Customer’s, and Platforms Users’ use of the Service (Usage Data) as aggregated with usage data from GitGuardian’ other customers for its own business purposes such as support, operational planning, product innovation and sales and marketing of GitGuardian’ services. For purposes of clarification, such Usage Data may not include any data that could reasonably identify Customer or any particular customer or end-user of Customer and shall not be deemed Customer Data.

3. GitGuardian shall have the right (but not the obligation) in its sole discretion to refuse or remove any Customer Data.

Customer Content

The Customer grants to GitGuardian during the term of this Agreement, a worldwide non-exclusive license to access, use, store, display, copy and transmit the Customer Content on the Platform for the purposes of operating the Platform, providing the Services, fulfilling its other obligations under this Agreement, and exercising its rights under this Agreement.

All intellectual property rights in the Customer Content will remain, as between the parties, the property of the Customer.
The Customer warrants and represents to GitGuardian that the Customer Content, and their use by GitGuardian in accordance with the terms of this Agreement, will not:

1. Breach any laws, statutes, regulations or legally-binding codes;
2. Infringe any person’s intellectual property rights or other legal rights; or
3. Give rise to any cause of action against GitGuardian or the Customer or any third party, in each case in any jurisdiction and under any applicable law.

Where GitGuardian reasonably suspects that there has been a breach by the Customer of the provisions of this section, GitGuardian may:

1. Delete or amend the relevant Customer Content; and/or,
2. Suspend any or all of the Services and/or the Customer’s access to the Platform while it investigates the matter.

Any breach by the Customer of this section will be deemed to be a material breach of this Agreement.

The Services

Accessing the Services

Customer acknowledges that the extent of its use of the Services will depend on its subscription plan, and he further agrees to only use the Services within the limits of such subscription plan.
Whilst GitGuardian will make reasonable efforts to ensure the Services are operational 24 hours a day, 7 days a week, GitGuardian does not guarantee that the Services will always be available or be uninterrupted. In particular, but without limitation:

Maintenance Services: The Services will not be available to Customer when GitGuardian carries out maintenance services.
Communication networks: The Services may be subject to limitations, delays and other problems inherent in the use of communication networks and facilities.

GitGuardian reserves the right to suspend Customer’s access to or use of the Services without notice in the event he breaches these Terms of Services or if GitGuardian reasonably suspects that Customer has breached these Terms of Services.

Using the Services

Customer must not use the Services for any commercial use (other than for internal use within its business), and he must not redistribute or transfer the Services, Platforms, Documentation or Service Data to any third party or make any part of the Services, Documentation or Service Data available to be accessed, in whole or in part, by any third party.
The licence granted to Customer to use the Services, the Platform, the Documentation, and Service Data, does not permit to do, and he shall not do nor permit any third party to do, any of the following:

Embed GitGuardian Services, Platform, Documentation, or Service Data into any product of Customers or any third party;
Make available through automated or manual means any part of the Services, the Platform, the Documentation, or the Service Data, by way of crawling, scraping, spidering or otherwise;
Copy or access all or any part of the Services, the Platform, the Documentation, or the Service Data other than via the interface(s) provided to Customer by GitGuardian;
Use web-crawlers, bots, or scripts to copy or access any part of the Services, the Documentation or the Service Data;
Circumvent or attempt to override any security features GitGuardian has installed around the Services, the Platform, the Documentation, or the Service Data;

Customer further agrees to comply with the Acceptable Use Policy below with regards to its use of the Services, Platform, Service Data and Documentation, including any material and data he transmits using the Services. This Acceptable Use Policy is hereby incorporated into these Terms of Services.Customer shall not modify the Services, except as expressly permitted herein.

Customer shall be responsible for the results of any authorized or unauthorized modification of the Services. GitGuardian shall not be liable for any failure of the Services resulting from Customer’s unauthorized modification or use of such Services.

Customer shall comply with all applicable laws, rules and regulations that apply to its use of the Services, and comply with all applicable laws, rules and regulations governing export that apply to the Services.

Acceptable Use Policy

A breach of the Acceptable Use Policy will constitute a breach of these Terms of Services, and may result in termination or suspension of the Customer’s account in accordance with these Terms of Services.
Customer shall use and access the Services responsibly. Accordingly, Customer’s license hereunder shall be conditioned upon Customer not doing, attempting to do, or encouraging any third party to attempt to do any of the following when accessing and using the Services:

Use the Services for any purpose which violates applicable laws.
Reverse engineer, decompile, modify, alter, tamper with, disassemble, copy, translate, convert, apply any process to, or create any modifications, enhancements, or derivative work of any component of the Platform or the Services.
Probe, monitor, or otherwise test for vulnerabilities in any network used to provide the Services.
Introduce to the Services or any instrument thereof, any material, tangible or intangible, that contains software, viruses, or other computer codes, files or programs that are designed to disrupt, damage, limit, or interfere with the Services or any component thereof. For the avoidance of doubt, all activity that may be categorized as a precursor to any violation hereof (i.e. port scan, stealth scan, or other information gathering activity) shall also be prohibited.
Access illegally or without authorization computers, accounts or networks belonging to GitGuardian or to any other party. Any activity that might be used as a precursor to an attempted system penetration (i.e. port scan, stealth scan, or other information gathering activity) is also prohibited.
Breach or otherwise circumvent any security measures put in place by GitGuardian.
Use manual or automated software, devices, or other processes to “crawl” or “spider” the site or any features of the Services.
Modify, integrate, or incorporate any part of the Services into a product manufactured or sold by Customer, except with express written authorization of GitGuardian;
Distribute, disclose, publish, assign, share, lend, or otherwise allow use of the Services by any third party, except as expressly permitted by these Terms.
Transfer, rent, assign, sublicense, or allow the use of the Services.
Disseminate content which:
1. is defamatory, obscene, vulgar, pornographic, sexually explicit, abusive, or otherwise illegal;
2. is intended to threaten or abuse a particular person or class of persons;
3. Discriminates on the basis of, or is or may be offensive to persons of a particular race, religion, nationality, gender (including sexism), sexual preference, age, region, disability, etc.; or
4. Constitutes hate speech.

Ownership and Intellectual Property

Ownership of Services, IP, and Data

The Services, including but not limited to the Platform, API and all documents, data, know-how, methodologies, software, and other materials developed or acquired by GitGuardian for performance of the Services are the sole and exclusive property of GitGuardian, and are protected by copyright, trademark, design and models, trade secret, patent, and other U.S. and foreign laws. These terms do not grant Customer any right, title, and interest in and to the Services (except to the extent Customer is granted a license hereunder), or to any trademarks, logos, or other brand features which are part of the Services.

Ownership of Derivative Works

Customer accepts and agrees that any modifications, enhancements, or derivative works of the Services or any part thereof shall be the sole and exclusive property of GitGuardian (the “Derivatives”).  Customer hereby irrevocably assigns to GitGuardian all right, title, and interest, throughout the universe, in and to the Derivatives, including, without limitation, all intellectual property rights therein that may inure to Customer or that Customer is deemed to obtain pursuant to these Terms.

Ownership of Feedback and Suggestions

It is expressly understood, acknowledged and agreed that Customer may, but is not obliged to, provide GitGuardian with suggestions, comments and feedback regarding its products and services, including, but not limited to, usability, bug reports, new services, new business model and test results (collectively, “Feedback”). The parties agree that the Feedback shall be considered the property of, and may be used by, GitGuardian without any obligation to Customer.  Customer waives any right, title, and interest in and to such Feedback.

Availability of Services and Support


“Authorized User” means an individual employee, agent or contractor of Customer or Customer’s Affiliate for whom subscriptions to Services have been purchased pursuant to the terms of this Agreement, and who has been supplied user credentials for the Services by Customer or the Customer’s Affiliate (or by GitGuardian at Customer’s or a Customer’s Affiliate’s request).

“Available”: The Service will be deemed “available” so long as Authorized Users are able to login to the Service interface and access monitoring data over the internet; “Availability” has a correlative meaning. Availability is assessed from the point where the Services are made available from GitGuardian’s hosting provider and measured in minutes over the course of each calendar month during the Term of this Agreement.

“Exceptions” means any of: (a) Customer’s breach of this Agreement; (b) Customer’s failure to configure and use the Services; (c) failures of, or issues with, Customer’s Environment; (d) Force Majeure Events; (e) GitGuardian’s suspension of Authorized Users’ access to the Services; or (f) maintenance during a window for which GitGuardian provides notice by email or through the Services in advance.

Service level commitment

GitGuardian commits to make the Services Available at least 99% of the time, exclusive of any time the Services are not Available as a result of one or more Exceptions (the “Availability Standard”).

Force Majeure Event

Neither Party shall be liable or responsible to the other Party, nor be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement (except for any obligations to make payments), when and to the extent such failure or delay is caused by acts of God; flood, fire or explosion; war, terrorism, invasion, riot or other civil unrest; embargoes or blockades in effect on or after the date of this Agreement; or national or regional emergency (each of the foregoing, a “Force Majeure Event”), in each case, provided the event is outside the reasonable control of the affected Party, the affected Party provides prompt notice to the other Party, stating the period of time the occurrence is expected to continue, and the affected Party uses diligent efforts to end the failure or delay and minimize the effects of such Force Majeure Event.


Customer’s Warranties

The Services allow Customer to deliver Customer Content to their users via the Services.  Customer represents and warrants that such Customer Content shall not infringe on the intellectual property rights of others. Additionally, Customer shall comply with the terms of the Acceptable Use Policy.

Customer Content which it posts, disseminates, or otherwise directs via the Services, and for the use of the Customer Data which it gets from the Services and shall fully indemnify, defend and hold GitGuardian harmless from any liability and expenses in connection with any action brought by a third party relating to any Customer Content and Data.

The Customer represents and warrants that the Customer Content contains nothing that is defamatory or indecent.

The Customer represents and warrants that it is not aware of any circumstances likely to give rise to breach of any of the data protection rights of its customers in providing the Customer Content to GitGuardian for the purposes of this Agreement.

Disclaimer of Warranties


Money Damages Sufficient

The Customer expressly agrees that money damages are sufficient compensation for any harm suffered in accordance with these Terms.  Accordingly, the Customer expressly disclaims any right to non-monetary relief, including, but not limited to, equitable or injunctive relief, in connection with any dispute arising from these Terms. The foregoing shall not in any way limit any rights or remedies, including, but not limited to, equitable or injunctive relief, which GitGuardian may have in connection with any dispute arising under these Terms.

Limitation of Liability



Customer shall indemnify, defend, and hold harmless GitGuardian from any and all claims, losses, damages, expenses and costs (including all reasonably incurred legal fees) arising out of or in connection with: (i) the Customer’s (or any third party authorized by Customer) misuse of the Services; (ii) fault, negligence, or failure of the Customer (or any third party authorized by Customer) to perform the Customer’s responsibilities hereunder; (iii) claims against the Customer by any other party; (iv) Services processing of the Customer Content under this Agreement or (v) Customer’s uncured material breach of these Terms.

Relief of Obligation to Pay

Customer acknowledges that nothing herein (except for a Force Majeure Event resulting in termination of the Services for a reason other than Customer’s non-payment, or an uncured material breach of these Terms by GitGuardian which results in termination of the Services) shall relieve the Customer for its obligation to pay for the Services executed by GitGuardian.

Relief of Obligation to Pay

Initial Dispute Resolution

GitGuardian aims to address all Customer concerns without the need for formal legal proceedings.  Before filing a claim against GitGuardian, Customer agrees to attempt to resolve the dispute informally by contacting GitGuardian at legal@gitguardian.com. GitGuardian will try to resolve the dispute informally by contacting Customer via email. If a dispute is not resolved within ninety (90) days of submission, either party may begin formal legal action, subject to these Terms.

Choice of Law

The validity, performance, construction, regulation and interpretation of these Terms shall be governed under the laws of France. The parties hereby disclaim from application to these Terms of the United Nations Convention on Contracts for the International Sale of Goods. Information learned or exchanged related to or arising out of the dispute shall be treated as confidential information by both Parties.



Each Party hereby grants the other Party the right to disclose that it is a partner of the other Party and the right to display the other Party’s logo on its materials including, but not limited to, web site and literature; provided that either party may revoke the use of such intellectual property by providing written notice of such a decision at any time.

Waiver, Severability and Assignment

Any failure on the part of GitGuardian to enforce a provision under these Terms does not constitute a waiver of rights hereunder, including the right to take action at a later date. If any provision of these Terms is found unenforceable by any court or administrative body of competent jurisdiction, such provision shall be excluded from these Terms and the balance of this document shall be interpreted and enforced as if such provision were so excluded and shall be enforceable to the fullest extent permitted by law. Except as expressly permitted hereunder, Customer may not assign its rights under these Terms, and any such attempt shall be null and void. GitGuardian may assign any of its rights to its affiliates, subsidiaries, or its successor interest pursuant to any business associated with the Services.


By using the Services, Customer consents to GitGuardian providing it with email notices for any and all notices required under these Terms. Such notices shall be deemed received once they are sent. If Customer no longer consents to receive notification by email, it must stop using the Services.

Relationship of the Parties

GitGuardian is an independent contractor. There is no relationship of agency, partnership, joint venture, employment, or franchise between Customer and GitGuardian. Customer and its agents shall not have the authority to bind GitGuardian in any way, or to incur any obligation on its behalf, except those obligations set forth in these Terms. These terms are for the benefit of the parties and are not intended to confer upon any person or entity any rights or remedies hereunder. Nothing in these Terms shall be deemed to create any agency or partnership.