GDPR Compliance & Data Processing

1. Introduction

This document outlines how .git ("we", "our", or "us") complies with the General Data Protection Regulation (EU) 2016/679 and applicable UK Data Protection Act 2018. We are committed to protecting the privacy and security of all individuals who interact with our platform, services, and support channels.

2. Data Controller

.git acts as the Data Controller for personal data collected directly from users through our website, developer dashboard, APIs, and support interfaces.

• Company: .git Technologies Inc.
• Registered Address: 100 Innovation Drive, Suite 400, Dublin 2, Ireland (EU Representative)
• Support Email: support@git.dev
• Privacy Email: privacy@git.dev

3. Information We Collect

We only collect data necessary to deliver our developer platform, maintain security, and improve user experience. Categories include:

3.1 Identity & Account Data

Name, email address, username, public profile information, and authentication tokens (OAuth/SAML).

3.2 Technical & Usage Data

IP address, browser type, device identifiers, platform logs, CI/CD pipeline execution metadata, repository access patterns, and feature usage telemetry.

3.3 Billing & Payment Data

Invoice address, payment method references (processed securely via PCI-DSS compliant third parties), and subscription tier details.

3.4 Communication Data

Support ticket contents, email correspondence, and feedback submissions.

4. Legal Basis for Processing

Under Article 6 of the GDPR, we rely on the following legal bases:

• Performance of Contract: Processing necessary to provide, maintain, and secure your .git account and services.
• Legitimate Interests: Service improvement, fraud prevention, system security, and analytics (balanced against your privacy rights).
• Consent: Optional features, marketing communications, and non-essential cookies.
• Legal Obligation: Tax compliance, audit retention, and regulatory reporting.

5. How We Use Your Data

Your data is processed exclusively for:

• Provision and management of developer accounts, repositories, and deployment pipelines
• Authentication, authorization, and access control enforcement
• Automated error tracking, performance monitoring, and incident response
• Billing, invoicing, and payment processing
• Customer support, communication, and service notifications
• Aggregated, anonymized analytics to improve platform reliability

6. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy, or as required by law:

• Active Accounts: Retained while your subscription or free tier remains active.
• Deleted Accounts: Personal data is anonymized or securely deleted within 30 days, unless retention is required for legal, tax, or dispute resolution purposes.
• Usage Logs: Retained for 12 months for security and debugging.
• Billing Records: Retained for 7 years per statutory financial requirements.

7. Data Sharing & Third Parties

We do not sell personal data. We may share data only with trusted service providers acting as Data Processors under strict contractual obligations (Article 28 GDPR):

• Cloud infrastructure providers (compute, storage, CDN)
• Payment processors (PCI-DSS compliant)
• Customer support & ticketing platforms
• Security & fraud prevention services
• Legal authorities when required by law or to protect rights/safety

8. International Data Transfers

.git processes data primarily within the European Economic Area. Where transfers outside the EEA occur, we ensure adequate protection via:

• EU Standard Contractual Clauses (SCCs)
• Transfer Impact Assessments (TIAs)
• Encryption in transit and at rest
• Regular compliance audits of subprocessors

9. Your Rights Under GDPR

As a data subject, you have the following enforceable rights:

• Right of Access: Request a copy of your personal data.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request deletion where no legitimate ground for retention exists.
• Right to Restrict Processing: Limit how we process your data under certain conditions.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Opt out of processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: At any time, without affecting prior lawful processing.

To exercise any right, email privacy@git.dev with subject line "GDPR Request". We will respond within 30 days, verifiable ID may be required.

10. Cookies & Tracking Technologies

We use essential cookies for authentication, session management, and security. Analytical and preference cookies are deployed only with explicit consent via our cookie banner. You can manage or withdraw consent at any time in your dashboard settings or by contacting us.

11. Contact & Data Protection Officer

For questions regarding this policy, data processing practices, or to exercise your rights:

• DPO Email: dpo@git.dev
• General Privacy Inquiries: privacy@git.dev
• Postal Address: .git Technologies Inc., 100 Innovation Drive, Suite 400, Dublin 2, Ireland
• Regulatory Complaints: You have the right to lodge a complaint with your local supervisory authority.

12. Policy Updates

We may update this document to reflect changes in services, legal requirements, or operational practices. Material changes will be communicated via email or platform notification. The "Last Updated" date at the top of this page will be revised accordingly.