Effective date: April 2, 2021
GitHub provides a great deal of transparency regarding how we use your data, how we collect your data, and with whom we share your data. To that end, we provide this page, which details our subprocessors, and how we use cookies.
GitHub Subprocessors
When we share your information with third party subprocessors, such as our vendors and service providers, we remain responsible for it. We work very hard to maintain your trust when we bring on new vendors, and we require all vendors to enter into data protection agreements with us that restrict their processing of Users' Personal Information (as defined in the Privacy Statement).
| Name of Subprocessor | Description of Processing | Location of Processing | Corporate Location |
|---|---|---|---|
| Automattic | Blogging service | United States | United States |
| AWS Amazon | Data hosting | United States | United States |
| Braintree (PayPal) | Subscription credit card payment processor | United States | United States |
| Clearbit | Marketing data enrichment service | United States | United States |
| Discourse | Community forum software provider | United States | United States |
| Eloqua | Marketing campaign automation | United States | United States |
| Google Apps | Internal company infrastructure | United States | United States |
| MailChimp | Customer ticketing mail services provider | United States | United States |
| Mailgun | Transactional mail services provider | United States | United States |
| Microsoft | Microsoft Services | United States | United States |
| Nexmo | SMS notification provider | United States | United States |
| Salesforce.com | Customer relations management | United States | United States |
| Sentry.io | Application monitoring provider | United States | United States |
| Stripe | Payment provider | United States | United States |
| Twilio & Twilio Sendgrid | SMS notification provider & transactional mail service provider | United States | United States |
| Zendesk | Customer support ticketing system | United States | United States |
| Zuora | Corporate billing system | United States | United States |
When we bring on a new subprocessor who handles our Users' Personal Information, or remove a subprocessor, or we change how we use a subprocessor, we will update this page. If you have questions or concerns about a new subprocessor, we'd be happy to help. Please contact us via Privacy contact form.
Cookies on GitHub
GitHub uses cookies to provide and secure our websites, as well as to analyze the usage of our websites, in order to offer you a great user experience. Please take a look at our Privacy Statement if you’d like more information about cookies, and on how and why we use them.
Since the number and names of cookies may change, the table below may be updated from time to time.
| Service Provider | Cookie Name | Description | Expiration* |
|---|---|---|---|
| GitHub | app_manifest_token | This cookie is used during the App Manifest flow to maintain the state of the flow during the redirect to fetch a user session. | five minutes |
| GitHub | color_mode | This cookie is used to indicate the user selected theme preference. | session |
| GitHub | _device_id | This cookie is used to track recognized devices for security purposes. | one year |
| GitHub | dotcom_user | This cookie is used to signal to us that the user is already logged in. | one year |
| GitHub | _gh_ent | This cookie is used for temporary application and framework state between pages like what step the customer is on in a multiple step form. | two weeks |
| GitHub | _gh_sess | This cookie is used for temporary application and framework state between pages like what step the user is on in a multiple step form. | session |
| GitHub | gist_oauth_csrf | This cookie is set by Gist to ensure the user that started the oauth flow is the same user that completes it. | deleted when oauth state is validated |
| GitHub | gist_user_session | This cookie is used by Gist when running on a separate host. | two weeks |
| GitHub | has_recent_activity | This cookie is used to prevent showing the security interstitial to users that have visited the app recently. | one hour |
| GitHub | __Host-gist_user_session_same_site | This cookie is set to ensure that browsers that support SameSite cookies can check to see if a request originates from GitHub. | two weeks |
| GitHub | __Host-user_session_same_site | This cookie is set to ensure that browsers that support SameSite cookies can check to see if a request originates from GitHub. | two weeks |
| GitHub | logged_in | This cookie is used to signal to us that the user is already logged in. | one year |
| GitHub | marketplace_repository_ids | This cookie is used for the marketplace installation flow. | one hour |
| GitHub | marketplace_suggested_target_id | This cookie is used for the marketplace installation flow. | one hour |
| GitHub | _octo | This cookie is used for session management including caching of dynamic content, conditional feature access, support request metadata, and first party analytics. | one year |
| GitHub | org_transform_notice | This cookie is used to provide notice during organization transforms. | one hour |
| GitHub | private_mode_user_session | This cookie is used for Enterprise authentication requests. | two weeks |
| GitHub | saml_csrf_token | This cookie is set by SAML auth path method to associate a token with the client. | until user closes browser or completes authentication request |
| GitHub | saml_csrf_token_legacy | This cookie is set by SAML auth path method to associate a token with the client. | until user closes browser or completes authentication request |
| GitHub | saml_return_to | This cookie is set by the SAML auth path method to maintain state during the SAML authentication loop. | until user closes browser or completes authentication request |
| GitHub | saml_return_to_legacy | This cookie is set by the SAML auth path method to maintain state during the SAML authentication loop. | until user closes browser or completes authentication request |
| GitHub | tz | This cookie allows us to customize timestamps to your time zone. | session |
| GitHub | user_session | This cookie is used to log you in. | two weeks |
* The expiration dates for the cookies listed below generally apply on a rolling basis.
(!) Please note while we limit our use of third party cookies to those necessary to provide external functionality when rendering external content, certain pages on our website may set other third party cookies. For example, we may embed content, such as videos, from another site that sets a cookie. While we try to minimize these third party cookies, we can’t always control what cookies this third party content sets.