Table of content
Legal noticeCopyright noticeDMCA noticeCookie policyPrivacy policyGood SamaritanTerms of servicesGitGuardian SAS
registered under French law
with a capital of 2.389,51€
Head office: 54, rue de Seine - 75006 Paris - France
Registration number : 833 611 742 at RCS Paris
SIRET number: 833 611 742 00010
Editing Director: Eric Fourrier
E-mail: contact@gitguardian.com
President: Eric Fourrier
Managing Director: Jérémy Thomas
Amazon Web Services EMAE SARL - 38 av John F. Kennedy, L-1855 Luxemburg
The general structure, software, texts, images, whether or not animated, photographs, sounds, know-how and any other elements composing the website are the exclusive property of the website editor. These elements are subject to the laws protecting copyright.
By accessing this website, by visiting it and/or utilizing it, you agree that you will not engage in any activity that interferes with or disrupts GitGuardian services, or servers or networks connected to GitGuardian services.
Any total or partial representation of this website by any entity or individual without the website operator’s express authorisation is prohibited and would constitute a counterfeit, sanctioned by Articles L.335-2 and subsequent articles of the French Intellectual Property Code.
At GitGuardian, we respect the intellectual property rights of others, and take copyright infringement very seriously.
GitGuardian SAS, a French corporation and its parents, subsidiaries, and affiliates (collectively “GitGuardian”) enables developers, ops, security and compliance professionals to enforce security policies across public and private code (the “SERVICES”).
The SERVICES enable customers and partners of GitGuardian (the “CUSTOMERS”) to publish content. GitGuardian disclaims all liability with respect to any and all allegedly infringing material disseminated by its CUSTOMERS.
Copyright owners and their authorized agent(s) may submit a complaint of alleged copyright infringement to GitGuardian if they have a good-faith belief that their protected works are being infringed. Such complaints may be emailed to legal@gitguardian.com or sent by regular mail or courier to:
GitGuardian
54 rue de Seine
75006 Paris
FRANCE
To be effective, the NOTICE must include:
At GitGuardian, we respect the intellectual property rights of others, and take copyright infringement very seriously.
GitGuardian SAS, a French corporation and its parents, subsidiaries, and affiliates (collectively “GitGuardian”) enables developers, ops, security and compliance professionals to enforce security policies across public and private code. This DMCA Policy (the “POLICY”) applies to all services, products, and components thereof which are offered by GitGuardian (the “SERVICES”).
The SERVICES enable customers and partners of GitGuardian (the “CUSTOMERS”) to publish content. GitGuardian disclaims all liability with respect to any and all allegedly infringing material disseminated by its CUSTOMERS.
Copyright owners and their authorized agent(s) may submit a complaint of alleged copyright infringement to GitGuardian if they have a good-faith belief that their protected works are being infringed. Such complains (each, a “DMCA NOTICE”) may be emailed to legal@gitguardian.com or sent by regular mail or courier to:
GitGuardian
Copyright Agent
54 rue de Seine
75006 Paris
France
To be effective, a DMCA NOTICE must include:
This document informs Users about the technologies that help this Website to achieve the purposes described below. Such technologies allow the Owner to access and store information (for example by using a Cookie) or use resources (for example by running a script) on a User’s device as they interact with this Website.
For simplicity, all such technologies are defined as "Trackers" within this document – unless there is a reason to differentiate.
For example, while Cookies can be used on both web and mobile browsers, it would be inaccurate to talk about Cookies in the context of mobile apps as they are a browser-based Tracker. For this reason, within this document, the term Cookies is only used where it is specifically meant to indicate that particular type of Tracker.
Some of the purposes for which Trackers are used may also require the User's consent. Whenever consent is given, it can be freely withdrawn at any time following the instructions provided in this document.
This Website uses Trackers managed directly by the Owner (so-called “first-party” Trackers) and Trackers that enable services provided by a third-party (so-called “third-party” Trackers). Unless otherwise specified within this document, third-party providers may access the Trackers managed by them.
The validity and expiration periods of Cookies and other similar Trackers may vary depending on the lifetime set by the Owner or the relevant provider. Some of them expire upon termination of the User’s browsing session.
In addition to what’s specified in the descriptions within each of the categories below, Users may find more precise and updated information regarding lifetime specification as well as any other relevant information – such as the presence of other Trackers - in the linked privacy policies of the respective third-party providers or by contacting the Owner to find more information dedicated to Californian consumers and their privacy rights, Users may read the privacy policy.
This Website uses so-called “technical” Cookies and other similar Trackers to carry out activities that are strictly necessary for the operation or delivery of the Service.
Measurement
This Website uses Trackers to measure traffic and analyze User behavior with the goal of improving the Service.
Analytics
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.Google AnalyticsGoogle Analytics is a web analysis service provided by Google LLC or by Google Ireland Limited, depending on the location this Website is accessed from, (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy – Opt Out; Ireland – Privacy Policy – Opt Out. Privacy Shield participant.
Targeting & Advertising
This Website uses Trackers to deliver personalized marketing content based on User behavior and to operate, serve and track ads.
Some of the advertising services used by the Owner adhere to the IAB Transparency and Consent Framework, an initiative that facilitates responsible privacy practices across the digital advertising industry - providing Users with enhanced transparency and control over how their data are used for advertising tracking purposes. Users can customize their advertising preferences at any time by accessing the advertising preferences panel from within the cookie notice or via the relevant link on this Website.This Website participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies.
This Website uses iubenda (identification number 123) as a Consent Management Platform.
Remarketing and behavioral targeting
This type of service allows this Website and its partners to inform, optimize and serve advertising based on past use of this Website by the User.
This activity is facilitated by tracking Usage Data and by using Cookies and other Identifiers to collect information which is then transferred to the partners that manage the remarketing and behavioral targeting activity.
Some services offer a remarketing option based on email address lists.
In addition to any opt-out feature provided by any of the services below, Users may opt out by visiting the Network Advertising Initiative opt-out page.
Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.
LinkedIn Website Retargeting (LinkedIn Corporation)
LinkedIn Website Retargeting is a remarketing and behavioral targeting service provided by LinkedIn Corporation that connects the activity of this Website with the LinkedIn advertising network.Personal Data processed: Cookies and Usage Data.Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.
There are various ways to manage Tracker related preferences and to provide and withdraw consent, where relevant:
Users can manage preferences related to Trackers from directly within their own device settings, for example, by preventing the use or storage of Trackers.
Additionally, whenever the use of Trackers is based on consent, Users can provide or withdraw such consent by setting their preferences within the cookie notice or by updating such preferences accordingly via the relevant consent-preferences widget, if available.
It is also possible, via relevant browser or device features, to delete previously stored Trackers, including those used to remember the User’s initial consent.
Other Trackers in the browser’s local memory may be cleared by deleting the browsing history.
With regard to any third-party Trackers, Users can manage their preferences and withdraw their consent via the related opt-out link (where provided), by using the means indicated in the third party's privacy policy, or by contacting the third party.
Locating Tracker Settings
Users can, for example, find information about how to manage Cookies in the most commonly used browsers at the following addresses:
Users may also manage certain categories of Trackers used on mobile apps by opting out through relevant device settings, such as the device advertising settings for mobile devices, or tracking settings in general (Users may open the device settings, view and look for the relevant setting).
Advertising industry specific opt-outs
Notwithstanding the above, Users may follow the instructions provided by YourOnlineChoices (EU), the Network Advertising Initiative (US) and the Digital Advertising Alliance (US), DAAC (Canada), DDAI (Japan) or other similar services. Such initiatives allow Users to select their tracking preferences for most of the advertising tools. The Owner thus recommends that Users make use of these resources in addition to the information provided in this document.
The Digital Advertising Alliance offers an application called AppChoices that helps Users to control interest-based advertising on mobile apps.
GitGuardian
54 rue de Seine
75006 Paris
Owner contact email: contact@gitguardian.com
Since the use of third-party Trackers through this Website cannot be fully controlled by the Owner, any specific references to third-party Trackers are to be considered indicative. In order to obtain complete information, Users are kindly requested to consult the privacy policies of the respective third-party services listed in this document.
Given the objective complexity surrounding tracking technologies, Users are encouraged to contact the Owner should they wish to receive any further information on the use of such technologies by this Website.
Definitions and legal references:
• Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
• Usage Data
Information collected automatically through this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
• User
The individual using this Website who, unless otherwise specified, coincides with the Data Subject.
• Data Subject
The natural person to whom the Personal Data refers.
• Data Processor (or Data Supervisor)
The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.
• Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is the Owner of this Website.
• This Website (or this Application)
The means by which the Personal Data of the User is collected and processed.
• Service
The service provided by this Website as described in the relative terms (if available) and on this site/application.
• European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
• Cookie
Cookies are Trackers consisting of small sets of data stored in the User's browser.
• Tracker
Tracker indicates any technology - e.g Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of Users, for example by accessing or storing information on the User’s device.
Legal information
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).This privacy policy relates solely to this Website, if not stated otherwise within this document.
This Privacy Policy explains how information about you is collected, used and disclosed by GitGuardian (collectively, “GitGuardian”, “we” or “us”) when you use our website https://gitguardian.com (“Website”), online products and monitoring services at https://dashboard.gitguardian.com (“Platform”) (collectively, “Services”). This Privacy Policy also describes your choices regarding use, access and correction of personal information collected about you through our Services. Please read this Privacy Policy carefully and ensure that you understand it before you start to use our Services.
This Website is owned and operated by, or on behalf of, GitGuardian (“we”, “our” or “us”).
By accessing and using the Services, you acknowledge that you have read and understood the content of this Privacy Policy. We reserve the right to update this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the Privacy Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Privacy Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy.
We collect and process information you provide directly to us via the Services. Personal data submitted through the Services include the details you submit when you create an account, participate in any interactive features of the Services, fill out a form, pay for subscriptions, apply for a job, communicate with us via third party social media sites, request customer support or otherwise communicate with us. The types of information we may collect include your name, email address, company name, postal address, phone number and any other information you choose to provide.
When you access or use the Services we automatically collect information about you, including:
We may use information about you to:
We may share your personal information as follows or as otherwise described in this Privacy Policy:
We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
We are required to state the lawful basis under which we process the personal data of our users from the European Union. Accordingly, the lawful bases upon which we process your personal information are as follows:
The Website may, from time to time, contain links to external sites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. We are not responsible for the privacy policies or the content of such sites.
The Website may offer social sharing features and other integrated tools (“Third-Party”), which lets you share information you find on our website with other media, and vice versa. When you visit one of our pages the plugin establishes a direct connection between your browser and the third-party server. Thus, the Third-Party receives information from your browser as set out in the Third-Party's privacy policy. Please note that we, as provider of the pages, have no knowledge as to the contents of the submitted data or its use by the Third-Party. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.
We may allow you to sign up and log in using your Google account. If you sign up using your Google email account, Google will ask your permission to share certain information from your Google account with us. This may include your first name, last name, gender, general location, your timezone and birthday. This information is collected by Google and is provided to us under the terms of Google’s privacy policy.. You can control the information that we receive from Google using the privacy settings in your Google account.
We mays allow the following companies to serve advertisements on our behalf across the Internet and in applications: Google AdWords, Google analytics, Marketo, Twitter, Facebook, Adroll, Quora, Bing ads, Linkedin, Terminus, Demand base, Instagram, and Reddit using email address and cookies that are collected. These entities use technologies including cookies, web beacons, device identifiers and other tools to collect information about your use of the Services and other websites and applications, including your IP address, web browser, pages viewed, time spent on pages or in apps, links clicked and conversion information. This information may be used by GitGuardian and GitGuardian service providers to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites and better understand your online activity. For more information about cookies, please see below and for further information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please see GitGuardian’s Cookie Policy.
In the case of personal information we handle or receive on behalf of a customer in connection with their access to, and use of, our Platform (“Customer PI”), we have no direct relationship with the customer’s employees or other individuals with whom that customer may interact with respect to the Platform. If you are such an employee or individual and are seeking access to, or would like to correct, amend or delete, Customer PI, you should direct your query to the applicable customer. We will respond within a reasonable timeframe to a customer’s request to remove Customer PI. Please note that the foregoing will not limit EU individuals from making certain requests relating to their personal data as provided in Your Rights below.We will not use Customer PI except for the purpose of providing and supporting the Services for the applicable customer. Customer PI will be retained for as long as needed for that purpose and as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal information for marketing and to provide you with promotional update communications by email about our products/services. You can object to further marketing at any time by selecting the “unsubscribe” link at the end of all our marketing and promotional electronic communications to you, or by contacting us using the contact details set out in the Your Choices and Your Rights sections of this Privacy Policy.
As part of the registration process for events hosted by GitGuardian which you register to attend, we may request personal data such as: your name, address, email address and telephone number, and details relevant to your occupation or employer. This information is required to process your registration for the event and to provide you with relevant event materials. This data may be shared with third party service providers engaged by us as more fully explained in the Sharing of Information section of this Privacy Policy. If you show an interest in an exhibitor at an event hosted by GitGuardian, such as by consenting to have your attendee badge scanned, we will provide your data to such exhibitors who may contact you for their own direct advertising and marketing purposes. In that case, the exhibitors’ use of your information would be subject to the exhibitors’ privacy policies. For events sponsored by GitGuardian, the event host may provide your personal data to GitGuardian, subject to your consent. GitGuardian will use the data as set forth in the Use of Information section of this Privacy Policy.
We take reasonable steps, including physical, technical and organizational measures, to protect your personal information from unauthorised access and against unlawful processing, accidental loss, destruction and damage. Unfortunately, transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information submitted to us.Your personal information will be retained by GitGuardian for the duration of your account and may be retained for a period after this time as necessary and relevant to our legitimate interests, our terms of agreement with you and in accordance with applicable legal obligations. This may include retention necessary to meet our tax reporting requirements as well as time required to enforce the relevant terms of agreement or to identify, issue or resolve legal proceedings.We may retain a record of your stated objection to the processing of your data, including in respect of an objection to receiving marketing communications, for the sole legitimate purpose of ensuring that we can continue to respect your wishes and not contact you further, during the term of your objection.
GitGuardian is based in France but its servers are hosted in the United States, in Canada and in France. By accessing or using the Services or otherwise providing information to us, you understand that your information will be subject to processing, transfer and storage in and to the U.S., France and Canada, where you may not have the same rights and protections as you do under local law.
EU individuals have rights in relation to their personal data which is processed by GitGuardian. If you are an EU data subject, you may, by emailing us at legal@gitguardian.com :
If the requested EU Data is Customer PI, please include the name of the applicable customer in your request; we will refer the request to that customer to respond directly to you and will support them as needed to respond to your request.
Account Information
Our customers may access, update or change personal information they have provided by logging into the Services or emailing us at support@gitguardian.com.
Subject to the terms of their agreements with us, Customers may deactivate their accounts by emailing us at support@gitguardian.com, but note that we may retain certain personal information as necessary to comply with our legal obligations or for legitimate business purposes, such as to resolve disputes or enforce our agreements. We may also retain cached or archived copies of personal information for a certain period of time.
If you are an individual with whom one of our customers interacts with respect to the Services (e.g., an employee of a customer), as noted above, you should direct any requests regarding access, modification or deletion of personal information to the applicable customer.
Cookies
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services. For more information, please see GitGuardian’s Cookie Policy.
Promotional Communications
You may opt out of receiving promotional emails from GitGuardian by following the instructions in those emails or by emailing legal@gitguardian.com. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
In case of questions or concerns about this Privacy Policy, you can contact GitGuardian at legal@gitguardian.com or by letter at GitGuardian, 54 rue de Seine 75006 Paris, France.
In the course of our business, based on a responsible approach and for ethical reasons, we collect the business email addresses of developers who have inadvertently published identifiers or secrets on the GitHub public code repository at https://github.com/ and alert them by email.
The email sent to professional developers includes a link to the service offered by GitGuardian and all the information necessary to allow developers to independently remediate the incident if they do not wish to use the GitGuardian services.
In doing this, GitGuardian acts only as a Good Samaritan, in a pro bono manner, for the sole purpose of protecting developers from serious and imminent danger.
GitGuardian’s purpose in providing this service is compelling. We cannot witness such security breaches, some of which are estimated to be worth tens of thousands of dollars in potential damage, without making our best efforts to assist those who may be harmed.
This information notice aims at providing you with information about the processing of data carried out by us in the context of our Good Samaritan developer alerting service, so that you can understand why and how your data are processed, where applicable.
The only personal data collected and processed by GitGuardian as part of the Good Samaritan developer alerting service is:
The data processing carried out in the context of the developer alerting service has the legitimate purpose of:
Pursuant to Article 6(1)(f) of the General Data Protection Regulation, the processing is based on the legitimate interests pursued by GitGuardian.
As a cybersecurity firm, we are aware of our responsibility and role in protecting personal data. We therefore offer our developer alerting service out of a purely ethical concern.
Although we have no general duty to monitor public code repositories and are not commissioned by clients to do so, we have voluntarily set up this developer alerting service to combat leaked identifiers and other secrets hidden in source code, thereby fighting against cyber attacks.
This service, which is free of charge for developers, is intended solely to:
In our “The State of Secrets Sprawl 2022” report published on our website, we note an alarming growth in the number of corporate secrets found in source code exposed to the public via GitHub.
In 2021, we detected more than 6 million secrets over the year. This high percentage reflects poor control processes, bad practices, old habits that need to be eradicated and sometimes a lack of awareness among developers of Security by Design. These inattentions can then be used as a basis for cyber-attacks or information leaks.
Thanks to these emails, we have built a very strong community of developers who are grateful for the service we provide and have gained a reputation, including internationally (our customers include large American corporations). In France, GitGuardian was rewarded at the International Cyber Security Forum 2021 (FIC) by Mr. Cédric O (winner of the FIC Start-up of the Year Award).
Access to your data is limited to the developers of the GitGuardian’s Good Samaritan alerting service.
We ensure that only authorized persons have access to your data.
We may transfer personal data outside the European Union as part of the IT tools we use for our business.
These transfers can only be made after we have taken steps to secure them, for example by ensuring that we have concluded the standard clauses adopted by the European Commission to provide a framework for flows.
We have a data purge policy in place to ensure that developers’ email addresses are kept for no longer than is necessary for the purposes for which we collect them.
Under this purge policy, a developer’s email address is kept for five (5) years and then automatically deleted.
We allow alerted developers the option of using our free service for five (5) years.
Developers will not be contacted by GitGuardian while their email address is kept.
The security of your personal data is very important to us.
We have implemented appropriate technical and organizational measures to ensure the security and confidentiality of the data processed in the context of the developer alerting service, with a view to protecting such data from malicious intrusion, loss, alteration or disclosure to unauthorized third parties.
We are committed to a SOC 2 approach to the security of our information system.
We also have an internal information security policy, which is reviewed annually.
When we use a service provider, we will only disclose personal data to them after we have obtained an undertaking and guarantees from them that they will meet the security and confidentiality requirements laid down by data protection regulations.
In compliance with our statutory and regulatory obligations, we enter into contracts with our processors, which precisely define the terms and conditions under which they process personal data, in accordance with personal data protection laws.
We use several processors for processing data in the context of the developer alerting service.
For data hosting, we use:
For sending emails, we use:
We are very committed to respecting your rights in the context of the data processing that we carry out, in order to ensure fair and transparent processing.
In accordance with the applicable regulations, you have the right to access, rectify and delete your personal data. You may also object at any time to the processing of your personal data or request the restriction of such processing.
You further have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
You may also give instructions concerning the fate of your data after your death.
Where necessary, you should know that you have the right to file a complaint with the CNIL or a right to a judicial remedy.
The rights you have and how to exercise them are described in more detail below.
10.1 Right of access to data
In the interests of transparency, GitGuardian undertakes to provide you on request with a copy of the personal data that it processes concerning you, including in electronic format.
Exercising the right of access to your data allows you to verify their accuracy and, where necessary, to have them rectified or erased.
You may have access to the following information:
For any further paper copies requested by you, we may charge a reasonable fee based on administrative costs.
10.2 Right to rectification of data
If the data about you held by GitGuardian are inaccurate, incomplete or out of date, you may request that they be rectified at any time.
10.3 Right to erasure of data
You may request the erasure of your personal data in the cases provided for by laws and regulations.
However, we would like to draw your attention to the fact that this right cannot be exercised in respect of data that must be retained to enable us to comply with legal obligations, or to enable us to establish, exercise or defend our legal claims.
10.4 Right to restriction of processing
You may request the restriction of processing of your personal data in the cases provided for by laws and regulations.
10.5 Right to object to processing
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data where the legal basis is the legitimate interest pursued by the controller.
If you exercise such a right to object, we will ensure that we no longer process your personal data in connection with the processing concerned unless we can demonstrate compelling legitimate grounds for continuing such processing. These grounds must override your interests, rights and freedoms, or the processing must be justified for the establishment, exercise or defense of legal claims.
10.6 Right to file a complaint
You have the right to file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) (3 place de Fontenoy 75007 Paris) in French territory, without prejudice to any other administrative or judicial remedy.
10.7 Right to given post-mortem instructions
You have the possibility of defining specific instructions on how your personal data should be stored, deleted and shared after your death. These special instructions will only apply to the processing carried out by us and will be limited to that scope.
You also have the right to define general instructions concerning all your personal data. They may be registered with a third party digitally certified by the Commission Nationale de l’Informatique et des Libertés (CNIL).
You may revoke your instructions at any time.
10.8 How to exercise your rights
You can send us your requests to exercise your rights either:
A reply will be sent to you within one month of receipt of your request. That period may be extended by two further months where necessary. In such a case, you will be informed of any such extension, together with the reasons for the delay.
We invite you to consult this policy regularly on our website. It may be updated from time to time.
Welcome to GitGuardian!
GitGuardian is the leader of automated secrets detection in public and private repositories.
The services outlined herein are provided by GitGuardian SAS, a French corporation, and its parents, subsidiaries, and affiliates (collectively “GitGuardian”).
These Terms of Services (“Terms” or “this Agreement”) cover Customer’s use and access to the products and services provided by GitGuardian.
The purpose of these Terms is to set forth the conditions under which Customers may use the Services. These Terms along with the Privacy Policy set forth the entire understanding of the parties with respect to use of the Services and supersede all prior or contemporaneous agreements, understandings, representations, and warranties with respect to use of the Services.
These Terms may be amended by GitGuardian from time to time in accordance with the terms below. Customer should review the Terms prior to using the Services. By using the Services, Customer acknowledges that the Services fulfill its requirements and needs and that it has received all necessary advice and information from GitGuardian when purchasing or registering to the Services.
If Customer has entered into a separate Services Agreement with GitGuardian for itself and its employees, contractors and agents use of the Services, then that agreement will supersede these Terms of Services in case of contradiction.
Please read these Terms of Services carefully before you start to use the Services. We recommend that you print a copy of this for future reference.
By using the Services, you are confirming that you accept these Terms of Services and that you agree to comply with them. If you do not agree to these Terms of Services, you must not use the Services.
GitGuardian may revise these Terms of Services at any time by amending this page. Where appropriate (for example, where the changes limit Customer’s rights or increase its obligations), GitGuardian will also give notice of the changes by sending an email – where possible, a reasonable time in advance.
Please check this page from time to time and give careful consideration to any emails GitGuardian sends, as the changes to the Terms of Services will be binding on you.
GitGuardian shall use good faith effort to deliver the Services.
License
Provided Customer has not materially breached these Terms, GitGuardian grants Customer a non-transferable, non-exclusive, worldwide, royalty free, and revocable license to Customers to use the Services, subject to the restrictions set forth in the Acceptable Use Policy, below, as well as any other restrictions set forth in these Terms.
Free Tier plan: Under the Free Tier plan, Customer is granted a free-of-charge monthly renewable license to use a restricted range of the Services. The Free Tier plan license is non-transferable, non-exclusive, worldwide, royalty free, and revocable.
Free Trial plan: Under the Free Trial plan, Customer is granted a free-of-charge 30-day license to use the full extent of the Services. The Free Trial plan license is non-transferable, non-exclusive, worldwide, royalty free, and revocable.
Updates to the Services
GitGuardian reserves the right, in its sole discretion, to manage, update, change, modify, suspend, discontinue or upgrade part of or all of the Services at any time, to ensure optimum performance for all Customers, or for any other purpose.
These Terms of Services will apply to such new services, features or functionality, unless they come with separate or additional terms, in which case Customer will be required to agree to such separate or additional terms before being permitted to use the new services, features or functionality.
GitGuardian shall, to the extent possible, inform the Customer within a reasonable timeframe about the nature and the duration of any modification or upgrade, update, or other change made to the Services.
Confidentiality
GitGuardian may use Customer Data and Customer Content solely in furtherance of the Services, or to improve the Services. Other than as permitted under these terms, GitGuardian will not disclose Customer Data or Customer Content to any third party.
GitGuardian may disclose Customer Data or Customer Content: (i) as required under applicable securities regulations; or (ii) on a confidential basis, to potential private investors in or acquirers and/or to its legal or financial advisors that need to know such in order to provide business advice; or (iii) to the extent necessary to comply with applicable law or court order.
Acceptance of Terms
By using the Services (as such term is defined herein), The Customer agrees to be bound by these Terms. Customer hereby warrants that he is 18 years of age or older or, where he is not, that he has the consent of its parent or guardian to use the Services in accordance with these Terms of Services.If the Customer is using the Services for an organization, or any corporate or government entity, Customer is agreeing to these Terms on behalf of that organization or entity and hereby warrants that he has authority to bind the company (as the contracting party) to these Terms of Services.
Username and Password
When Customer registers for an account on the Platforms (including via third party authentication), Customer is responsible for any use of GitGuardian Services with its account details, and for protecting its account details from unauthorised use. Customer is also responsible for the security of any computer from which he signs into his account. GitGuardian shall not be liable for any illicit or fraudulent use of the Customer’s account.
If GitGuardian processes any Customer Data on the Customer’s behalf when performing its obligations under this Terms, the parties record their intention that the Customer shall be the data controller and GitGuardian shall be a data processor and in any such case:
1. The Customer shall own any and all Customer Data and shall be solely responsible for the accuracy and quality of any and all Customer Data and for establishing all terms and conditions applicable to the Customer’s own customers or employees. The Customer shall ensure that the Customer is entitled to transfer the Customer Data to GitGuardian so that GitGuardian may lawfully use, process and transfer the Customer Data in accordance with this Agreement on the Customer’s behalf. The Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation. GitGuardian shall process the Customer Data only in accordance with the terms of this Agreement and any lawful documented instructions reasonably given by the Customer from time to time including with regard to transfers of Customer Data to a third country or an international organization, unless the laws of the state to which GitGuardian is subject require GitGuardian to process the data; in such a case, GitGuardian shall inform the Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest. GitGuardian and Customer shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. GitGuardian shall ensure that persons authorized to process the Customer Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Customer hereby grants GitGuardian a worldwilde non-exclusive, royalty-free,license during the term to access, use, store, display, reproduce and transmit Customer Data solely for the purpose of providing the Service and any applicable professional services in accordance with this Agreement.
2. The Customer grants to GitGuardian a worldwide, perpetual, irrevocable, royalty-free license to use, copy, modify, distribute, create derivative works of and otherwise exploit anonymous usage data derived from the Customer’s, and Platforms Users’ use of the Service (Usage Data) as aggregated with usage data from GitGuardian’ other customers for its own business purposes such as support, operational planning, product innovation and sales and marketing of GitGuardian’ services. For purposes of clarification, such Usage Data may not include any data that could reasonably identify Customer or any particular customer or end-user of Customer and shall not be deemed Customer Data.
3. GitGuardian shall have the right (but not the obligation) in its sole discretion to refuse or remove any Customer Data.
The Customer grants to GitGuardian during the term of this Agreement, a worldwide non-exclusive license to access, use, store, display, copy and transmit the Customer Content on the Platform for the purposes of operating the Platform, providing the Services, fulfilling its other obligations under this Agreement, and exercising its rights under this Agreement.
All intellectual property rights in the Customer Content will remain, as between the parties, the property of the Customer.
The Customer warrants and represents to GitGuardian that the Customer Content, and their use by GitGuardian in accordance with the terms of this Agreement, will not:
1. Breach any laws, statutes, regulations or legally-binding codes;
2. Infringe any person’s intellectual property rights or other legal rights; or
3. Give rise to any cause of action against GitGuardian or the Customer or any third party, in each case in any jurisdiction and under any applicable law.
Where GitGuardian reasonably suspects that there has been a breach by the Customer of the provisions of this section, GitGuardian may:
1. Delete or amend the relevant Customer Content; and/or,
2. Suspend any or all of the Services and/or the Customer’s access to the Platform while it investigates the matter.
Any breach by the Customer of this section will be deemed to be a material breach of this Agreement.
Accessing the Services
Customer acknowledges that the extent of its use of the Services will depend on its subscription plan, and he further agrees to only use the Services within the limits of such subscription plan.
Whilst GitGuardian will make reasonable efforts to ensure the Services are operational 24 hours a day, 7 days a week, GitGuardian does not guarantee that the Services will always be available or be uninterrupted. In particular, but without limitation:
GitGuardian reserves the right to suspend Customer’s access to or use of the Services without notice in the event he breaches these Terms of Services or if GitGuardian reasonably suspects that Customer has breached these Terms of Services.
Using the Services
Customer must not use the Services for any commercial use (other than for internal use within its business), and he must not redistribute or transfer the Services, Platforms, Documentation or Service Data to any third party or make any part of the Services, Documentation or Service Data available to be accessed, in whole or in part, by any third party.
The licence granted to Customer to use the Services, the Platform, the Documentation, and Service Data, does not permit to do, and he shall not do nor permit any third party to do, any of the following:
Customer further agrees to comply with the Acceptable Use Policy below with regards to its use of the Services, Platform, Service Data and Documentation, including any material and data he transmits using the Services. This Acceptable Use Policy is hereby incorporated into these Terms of Services.Customer shall not modify the Services, except as expressly permitted herein.
Customer shall be responsible for the results of any authorized or unauthorized modification of the Services. GitGuardian shall not be liable for any failure of the Services resulting from Customer’s unauthorized modification or use of such Services.
Customer shall comply with all applicable laws, rules and regulations that apply to its use of the Services, and comply with all applicable laws, rules and regulations governing export that apply to the Services.
A breach of the Acceptable Use Policy will constitute a breach of these Terms of Services, and may result in termination or suspension of the Customer’s account in accordance with these Terms of Services.
Customer shall use and access the Services responsibly. Accordingly, Customer’s license hereunder shall be conditioned upon Customer not doing, attempting to do, or encouraging any third party to attempt to do any of the following when accessing and using the Services:
Ownership of Services, IP, and Data
The Services, including but not limited to the Platform, API and all documents, data, know-how, methodologies, software, and other materials developed or acquired by GitGuardian for performance of the Services are the sole and exclusive property of GitGuardian, and are protected by copyright, trademark, design and models, trade secret, patent, and other U.S. and foreign laws. These terms do not grant Customer any right, title, and interest in and to the Services (except to the extent Customer is granted a license hereunder), or to any trademarks, logos, or other brand features which are part of the Services.
Ownership of Derivative Works
Customer accepts and agrees that any modifications, enhancements, or derivative works of the Services or any part thereof shall be the sole and exclusive property of GitGuardian (the “Derivatives”). Customer hereby irrevocably assigns to GitGuardian all right, title, and interest, throughout the universe, in and to the Derivatives, including, without limitation, all intellectual property rights therein that may inure to Customer or that Customer is deemed to obtain pursuant to these Terms.
Ownership of Feedback and Suggestions
It is expressly understood, acknowledged and agreed that Customer may, but is not obliged to, provide GitGuardian with suggestions, comments and feedback regarding its products and services, including, but not limited to, usability, bug reports, new services, new business model and test results (collectively, “Feedback”). The parties agree that the Feedback shall be considered the property of, and may be used by, GitGuardian without any obligation to Customer. Customer waives any right, title, and interest in and to such Feedback.
Definitions
“Authorized User” means an individual employee, agent or contractor of Customer or Customer’s Affiliate for whom subscriptions to Services have been purchased pursuant to the terms of this Agreement, and who has been supplied user credentials for the Services by Customer or the Customer’s Affiliate (or by GitGuardian at Customer’s or a Customer’s Affiliate’s request).
“Available”: The Service will be deemed “available” so long as Authorized Users are able to login to the Service interface and access monitoring data over the internet; “Availability” has a correlative meaning. Availability is assessed from the point where the Services are made available from GitGuardian’s hosting provider and measured in minutes over the course of each calendar month during the Term of this Agreement.
“Exceptions” means any of: (a) Customer’s breach of this Agreement; (b) Customer’s failure to configure and use the Services; (c) failures of, or issues with, Customer’s Environment; (d) Force Majeure Events; (e) GitGuardian’s suspension of Authorized Users’ access to the Services; or (f) maintenance during a window for which GitGuardian provides notice by email or through the Services in advance.
Service level commitment
GitGuardian commits to make the Services Available at least 99% of the time, exclusive of any time the Services are not Available as a result of one or more Exceptions (the “Availability Standard”).
Force Majeure Event
Neither Party shall be liable or responsible to the other Party, nor be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement (except for any obligations to make payments), when and to the extent such failure or delay is caused by acts of God; flood, fire or explosion; war, terrorism, invasion, riot or other civil unrest; embargoes or blockades in effect on or after the date of this Agreement; or national or regional emergency (each of the foregoing, a “Force Majeure Event”), in each case, provided the event is outside the reasonable control of the affected Party, the affected Party provides prompt notice to the other Party, stating the period of time the occurrence is expected to continue, and the affected Party uses diligent efforts to end the failure or delay and minimize the effects of such Force Majeure Event.
Customer’s Warranties
The Services allow Customer to deliver Customer Content to their users via the Services. Customer represents and warrants that such Customer Content shall not infringe on the intellectual property rights of others. Additionally, Customer shall comply with the terms of the Acceptable Use Policy.
Customer Content which it posts, disseminates, or otherwise directs via the Services, and for the use of the Customer Data which it gets from the Services and shall fully indemnify, defend and hold GitGuardian harmless from any liability and expenses in connection with any action brought by a third party relating to any Customer Content and Data.
The Customer represents and warrants that the Customer Content contains nothing that is defamatory or indecent.
The Customer represents and warrants that it is not aware of any circumstances likely to give rise to breach of any of the data protection rights of its customers in providing the Customer Content to GitGuardian for the purposes of this Agreement.
Disclaimer of Warranties
GitGuardian PROVIDES THE SERVICES AND ALL FEATURES AND COMPONENTS THEREOF ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTY OR CONDITION OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY LAW, GITGUARDIAN MAKES NO WARRANTIES, EXPRESS OR IMPLIED, THAT THE SERVICES OR ANY COMPONENTS THEREOF WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF HARMFUL COMPONENTS. SUCH DISCLAIMER SHALL INCLUDE WITHOUT LIMITATION, ANY WARRANTY OR REPRESENTATION THAT THE SERVICES WILL PERFORM TO ANY PARTICULAR STANDARD OR BE FREE FROM BUGS, ERRORS OR REMAIN UNAFFECTED BY COMPUTER VIRUSES OR OTHER SIMILAR FEATURES AFFECTING PERFORMANCE OF THE SERVICES. TO THE FULLEST EXTENT PERMITTED BY LAW, AND EXCEPT AS EXPRESSLY SET FORTH IN THESE TERMS, GITGUARDIAN MAKES NO WARRANTY, EXPRESS, IMPLIED, OR STATUTORY REGARDING THE SERVICES AND ANY OTHER SUBJECT MATTER OF THESE TERMS. BOTH CUSTOMER AND GITGUARDIAN HEREBY DISCLAIM WARRANTY OR OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
Money Damages Sufficient
The Customer expressly agrees that money damages are sufficient compensation for any harm suffered in accordance with these Terms. Accordingly, the Customer expressly disclaims any right to non-monetary relief, including, but not limited to, equitable or injunctive relief, in connection with any dispute arising from these Terms. The foregoing shall not in any way limit any rights or remedies, including, but not limited to, equitable or injunctive relief, which GitGuardian may have in connection with any dispute arising under these Terms.
GITGUARDIAN SHALL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH ANY USE OF THE SERVICES OR OTHERWISE, INCLUDING WITHOUT LIMITATION LOST PROFITS OR COST TO PROCURE SIMILAR GOODS OR SERVICES. GITGUARDIAN SHALL NOT BE LIABLE TO ANY PARTY FOR FAILURE TO FULFIL ITS OBLIGATIONS HEREUNDER IF SUCH FAILURE IS IN ANY WAY DUE TO: (I) THE CUSTOMER’S (OR ANY THIRD PARTY AUTHORIZED BY CUSTOMER) MISUSE OF THE SERVICES, OR ANY COMPONENT THEREOF (II) THE CUSTOMER’S (OR ANY THIRD PARTY AUTHORIZED BY CUSTOMER) UNAUTHORIZED MODIFICATION OF IT’S THE SERVICES OR ANY COMPONENTS THEREOF; OR (III) ACTS BEYOND GITGUARDIAN REASONABLE CONTROL, INCLUDING, BUT NOT LIMITED TO, FORCE MAJEURE EVENT. NOTWITHSTANDING THE FOREGOING, GITGUARDIAN SHALL NOT BE LIABLE OR OBLIGATED UNDER ANY BREACH OF ITS OBLIGATIONS HEREUNDER FOR ANY AMOUNT IN EXCESS OF THE AGGREGATE OF THE FEES PAID TO GITGUARDIAN BY THE CUSTOMER.
Customer shall indemnify, defend, and hold harmless GitGuardian from any and all claims, losses, damages, expenses and costs (including all reasonably incurred legal fees) arising out of or in connection with: (i) the Customer’s (or any third party authorized by Customer) misuse of the Services; (ii) fault, negligence, or failure of the Customer (or any third party authorized by Customer) to perform the Customer’s responsibilities hereunder; (iii) claims against the Customer by any other party; (iv) Services processing of the Customer Content under this Agreement or (v) Customer’s uncured material breach of these Terms.
Customer acknowledges that nothing herein (except for a Force Majeure Event resulting in termination of the Services for a reason other than Customer’s non-payment, or an uncured material breach of these Terms by GitGuardian which results in termination of the Services) shall relieve the Customer for its obligation to pay for the Services executed by GitGuardian.
Initial Dispute Resolution
GitGuardian aims to address all Customer concerns without the need for formal legal proceedings. Before filing a claim against GitGuardian, Customer agrees to attempt to resolve the dispute informally by contacting GitGuardian at legal@gitguardian.com. GitGuardian will try to resolve the dispute informally by contacting Customer via email. If a dispute is not resolved within ninety (90) days of submission, either party may begin formal legal action, subject to these Terms.
Choice of Law
The validity, performance, construction, regulation and interpretation of these Terms shall be governed under the laws of France. The parties hereby disclaim from application to these Terms of the United Nations Convention on Contracts for the International Sale of Goods. Information learned or exchanged related to or arising out of the dispute shall be treated as confidential information by both Parties.
Publicity
Each Party hereby grants the other Party the right to disclose that it is a partner of the other Party and the right to display the other Party’s logo on its materials including, but not limited to, web site and literature; provided that either party may revoke the use of such intellectual property by providing written notice of such a decision at any time.
Waiver, Severability and Assignment
Any failure on the part of GitGuardian to enforce a provision under these Terms does not constitute a waiver of rights hereunder, including the right to take action at a later date. If any provision of these Terms is found unenforceable by any court or administrative body of competent jurisdiction, such provision shall be excluded from these Terms and the balance of this document shall be interpreted and enforced as if such provision were so excluded and shall be enforceable to the fullest extent permitted by law. Except as expressly permitted hereunder, Customer may not assign its rights under these Terms, and any such attempt shall be null and void. GitGuardian may assign any of its rights to its affiliates, subsidiaries, or its successor interest pursuant to any business associated with the Services.
Notices
By using the Services, Customer consents to GitGuardian providing it with email notices for any and all notices required under these Terms. Such notices shall be deemed received once they are sent. If Customer no longer consents to receive notification by email, it must stop using the Services.
Relationship of the Parties
GitGuardian is an independent contractor. There is no relationship of agency, partnership, joint venture, employment, or franchise between Customer and GitGuardian. Customer and its agents shall not have the authority to bind GitGuardian in any way, or to incur any obligation on its behalf, except those obligations set forth in these Terms. These terms are for the benefit of the parties and are not intended to confer upon any person or entity any rights or remedies hereunder. Nothing in these Terms shall be deemed to create any agency or partnership.