Legal Basis for Data Processing
Last updated: October 24, 2025At .git, we process personal data strictly in accordance with applicable data protection laws, including the European Union General Data Protection Regulation (GDPR) and other relevant jurisdictional frameworks. This document outlines the legal grounds under which we process your personal information.
1. Overview of Processing Activities
We collect and process personal data solely for purposes that are necessary to provide, maintain, and improve our developer platform, ensure security, comply with legal obligations, and communicate with users. All processing activities are documented, minimized to what is strictly necessary, and subject to regular compliance audits.
2. Legal Bases for Processing (GDPR Article 6)
Our processing of personal data relies on one or more of the following legal grounds:
| Legal Basis | When Applied | Examples at .git |
|---|---|---|
| Contractual Necessity (Art. 6(1)(b)) | When processing is required to fulfill our service agreement with you | Account creation, authentication, repository hosting, deployment automation, billing, and customer support |
| Legal Obligation (Art. 6(1)(c)) | When required by EU or national law | Tax compliance, financial record-keeping, abuse reporting, and responding to lawful government requests |
| Legitimate Interests (Art. 6(1)(f)) | When necessary for our or a third party's legitimate interests, provided they are not overridden by your rights | Platform security, fraud prevention, service optimization, infrastructure monitoring, and internal analytics |
| Consent (Art. 6(1)(a)) | When you explicitly agree to specific processing activities | Marketing communications, optional feature analytics, beta program participation, and third-party integrations requiring permission |
| Vital Interests (Art. 6(1)(d)) | To protect someone's life in emergency situations | Security incidents requiring immediate intervention to prevent harm to users or infrastructure |
| Public Task (Art. 6(1)(e)) | When carrying out a task in the public interest | Not currently applied to our standard services; may apply to open-source compliance reporting |
3. Data Categories & Processing Purposes
The following table maps the categories of personal data we process to their respective purposes and legal bases:
| Data Category | Purpose | Legal Basis |
|---|---|---|
| Identity & Contact (name, email, username) | Account management, authentication, support | Contract, Consent |
| Technical & Usage (IP address, device info, logs) | Security, performance monitoring, debugging | Legitimate Interest, Contract |
| Repository & Code Metadata | Platform functionality, collaboration features | Contract |
| Payment & Billing Information | Subscription management, invoicing | Contract, Legal Obligation |
| Communication Records | Customer support, service notifications | Contract, Legitimate Interest |
| Marketing Preferences | Newsletter delivery, product updates | Consent |
4. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. Retention periods are determined by:
- The nature of the data and processing activity
- Applicable statutory limitation periods
- Contractual obligations and warranty terms
- Business necessity and operational requirements
When data is no longer required, it is securely deleted or anonymized in accordance with our Data Retention Policy.
5. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data under certain conditions
- Right to Restriction: Limit the processing of your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests or direct marketing
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
To exercise any of these rights, please contact our Data Protection Officer using the details below. We will respond within 30 days, or sooner where required by law.
6. Cross-Border Data Transfers
.git operates globally. Personal data may be transferred to, stored at, and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or adequacy decisions where applicable.
7. Contact & Supervisory Authority
Data Protection Officer
You also have the right to lodge a complaint with a competent supervisory authority in your country of residence, employment, or alleged infringement.