Trust and Privacy
Build on a foundation you can trust
To earn your trust, we build security, audit, and compliance solutions with the customer in mind.
Data privacy and protection
is our highest priority
SaaS and on-premise solutions
Find a plan for your business that meets the unique needs of your engineers—and your information security professionals.Compare plans for business
Because GitHub encrypts all data in transit, all login information and credentials are always protected. GitHub stores a one-way hash of all user passwords using bcrypt. Your account login is protected from brute force attack with rate limiting.
Auditing controls and certifications
GitHub Enterprise is now authorized via the FedRAMP Tailored baseline of security controls. We are closing out our SOC 2 Audit project and will be publishing an update soon.
Cloud security self-assessment
Learn how we support industry-leading control considerations with the Cloud Security Alliance CSA-CAIQ Assessment.Download our self assessment from CSA
We partner with PCI-compliant credit card processors to keep your payment information secure. Our payment processing is compliant with PCI DSS c3.2.
External security testing
We’ve engaged independent security firms for in-depth application security assessment, source code audit, and penetration testing since 2011. Ask your customer service team for more information on 3rd party Application Security Testing.
partners and vendors
We assess third-party partners and vendors for fit and security risk based on the services they provide. We also make sure the right technical and contractual commitments are in place.
Production data centers
We use N+1, Tier 3 data center vendors with your availability and security in mind—and with physical security and environmental controls that meet our high standards.