Skip to content

Trust and Privacy

Build on a foundation you can trust

To earn your trust, we build security, audit, and compliance solutions with the customer in mind.

Trust and privacy - two people build a castle together

Data privacy and protection

Your data
is our highest priority

Data privacy

We’re GDPR compliant and adhere to the Privacy Shield Framework, certified January 26, 2017.

Read our Privacy Policy 

SaaS and on-premise solutions

Find a plan for your business that meets the unique needs of your engineers—and your information security professionals.

Compare plans for business 

Account security

Because GitHub encrypts all data in transit, all login information and credentials are always protected. GitHub stores a one-way hash of all user passwords using bcrypt. Your account login is protected from brute force attack with rate limiting.

Stay informed

Stay up to date on outages and availability statistics at our Status Page, Blog, and Transparency Report.

Auditing controls and certifications

Transparency
builds trust

External audits

GitHub offers the risk management information customers need to assess our commitments to security and compliance. We’ve shipped our SOC 1 and SOC 2 audit reports—and as of 2018, GitHub Enterprise Cloud is authorized via the FedRAMP Tailored baseline of security controls.

Cloud security self-assessment

Learn how we support industry-leading control considerations with the Cloud Security Alliance CSA-CAIQ Assessment.

Download our self assessment from CSA

PCI compliance

We partner with PCI-compliant credit card processors to keep your payment information secure. Our payment processing is compliant with PCI DSS c3.2.

External security testing

We’ve engaged independent security firms for in-depth application security assessment, source code audit, and penetration testing since 2011. Ask your customer service team for more information on third-party application security testing.

Third-party security

Security-first
partners and vendors

Third-party partners

We assess third-party partners and vendors for fit and security risk based on the services they provide. We also make sure the right technical and contractual commitments are in place.

Production data centers

We use N+1, Tier 3 data center vendors with your availability and security in mind—and with physical security and environmental controls that meet our high standards.

You can’t perform that action at this time.