Trust and Privacy

Build on a foundation you can trust

To earn your trust, we build security, audit, and compliance solutions with the customer in mind.

Trust and privacy - two people build a castle together

Data privacy and protection

Your data
is our highest priority

Data privacy

We’re GDPR compliant and adhere to the Privacy Shield Framework, certified January 26, 2017.

Read our Privacy Policy 

SaaS and on-premise solutions

Find a plan for your business that meets the unique needs of your engineers—and your information security professionals.

Compare plans for business 

Account security

Because GitHub encrypts all data in transit, all login information and credentials are always protected. GitHub stores a one-way hash of all user passwords using bcrypt. Your account login is protected from brute force attack with rate limiting.

Stay informed

Stay up to date on outages and availability statistics at our Status Page, Blog, and Transparency Report.

decorative shapes

Auditing controls and certifications

builds trust

External audits

GitHub Enterprise is now authorized via the FedRAMP Tailored baseline of security controls. We are closing out our SOC 2 Audit project and will be publishing an update soon.

Cloud security self-assessment

Learn how we support industry-leading control considerations with the Cloud Security Alliance CSA-CAIQ Assessment.

Download our self assessment from CSA

PCI compliance

We partner with PCI-compliant credit card processors to keep your payment information secure. Our payment processing is compliant with PCI DSS c3.2.

External security testing

We’ve engaged independent security firms for in-depth application security assessment, source code audit, and penetration testing since 2011. Ask your customer service team for more information on 3rd party Application Security Testing.

Third-party security

partners and vendors

Third-party partners

We assess third-party partners and vendors for fit and security risk based on the services they provide. We also make sure the right technical and contractual commitments are in place.

Production data centers

We use N+1, Tier 3 data center vendors with your availability and security in mind—and with physical security and environmental controls that meet our high standards.