Legal & Corporate Affairs
Information regarding the Legal & Corporate Affairs Team
Welcome to the Legal and Corporate Affairs Handbook! Use this page to learn more about our team, GitLab policies, and shared processes. Visit the sub-team pages linked below for more detailed information and procedures.
How to Reach Us
For quick questions that do not require legal advice, deliverables, or any discussion of confidential information, you can reach out to the GitLab Legal and Corporate Affairs Team in Slack at #legal. We find this channel best for questions regarding process, who handles what, or how to find certain things if the handbook has not yielded the right result for you after searching. #legal is not a private channel, so your inquiry will be visible to the entire company. One of our Team Members will do their best to answer your question in a timely fashion.
To open a general Legal Issue for questions related to deliverables and non-sensitive information, use this template. See the Legal Issue Tracker Workflow for more information.
For sensitive, private, or confidential requests, email legal_internal@gitlab.com.
Anonymous Internal Ethics and Compliance Reporting
We take employee concerns very seriously and encourage all GitLab Team Members to report any ethics and/or compliance violations by using EthicsPoint. Further details can be found in the People Group Handbook under How to Report Violations and in our Code of Business Conduct and Ethics.
Legal and Corporate Affairs Team Functional Groups
Commercial
The Commercial Legal Team works with our Sales and Partnership Team Members to deliver GitLab software and services. In addition, this team is responsible for reviewing and approving all agreements with regards to the procurement of goods and services. Resources include the Sales Guide: Collaborating with GitLab Legal, Procurement Guide, and other resources which provide how best to engage the Commercial Team, as well as assist in efficiently reaching terms with our vendors, customers and partners, including negotiating terms, and providing business and legal recommendations.
For all questions or requests related to a specific Partner and/or Customer, including non-standard NDA requests, contract review / negotiations and general legal questions, please open a Legal Request in SFDC.
For matters opened in GitLab Issues that require the Commercial Legal Team’s attention, follow the GitLab Commercial Legal labeling instructions to notify the team.
Corporate & Compliance
The Corporate & Compliance Team supports the compliance and corporate functions of GitLab, which includes regulatory filings with the U.S. Securities and Exchange Commission, review of internal and external communications with respect to GitLab’s SAFE Framework, review and preparation of board and committee materials, general corporate and governance matters, as well as compliance and corporate governance matters for GitLab’s direct and indirect wholly owned international and domestic subsidiaries and trade compliance.
Corporate Development
The Corporate Development Team prospects, pursues and integrates acquisitions to accelerate GitLab’s roadmap and offer better tools to customers more quickly. For information about GitLab’s acquisition strategy and approach, visit the Acquisitions Handbook.
Employment
The Employment Legal Team collaborates with GitLab People Group on a broad range of matters across the entire arc of the employment relationship, from recruiting to onboarding, compensation, performance management, leave management, separation, and where necessary, litigation.
Environment, Social, and Governance (ESG)
The ESG Team creates and maintains GitLab’s Corporate Sustainability strategy and programs. This includes ESG disclosures and public ESG reporting, identifying and prioritizing key issues to advance GitLab’s social and environmental goals, and creating partnerships with non-profit organizations that support GitLab’s values and mission.
Operations
Legal Operations supports Legal & Corporate Affairs processes with a focus on defining and driving initiatives that improve the team’s efficiency and effectiveness. Operations also includes Legal’s Procurement function, which reviews purchases made to ensure adequate terms are present for GitLab.
Privacy, Product and IP
The Privacy, Product and IP Team collaborates with all GitLab teams including engineering, security, product, and marketing to provide guidance and direction in a broad range of matters relating to data privacy, open source licensing, intellectual property protection and export compliance.
Risk Management and Dispute Resolution
The Risk Management and Dispute Resolution team addresses dispute resolution across a wide range of topics, including active claims and disputes, external and internal investigations, subpoenas, and third-party discovery requests. RMDR also coordinates and collaborates cross-functionally with various GitLab teams to address, manage and mitigate company risk.
GitLab Policies
*Only available to GitLab Team Members.
Authorization Matrix
The Authorization Matrix designates who is authorized to sign legal documents. Only GitLab Team Members with signature authority can execute agreements on behalf of GitLab.
Non-Disclosure Agreements
Follow the Non-Disclosure Agreement Process to learn how to send an NDA in DocuSign or request an NDA if you do not have DocuSign access.
Note that this process is only for standard GitLab NDAs. In the event a non-standard NDA is needed, follow the steps here.
General Legal FAQs
Legal Holds
What is a legal hold?
A legal hold is the process GitLab uses to preserve all forms of relevant evidence, whether it be emails, instant messages, physical documents, handwritten or typed notes, voicemails, raw data, backup tapes, and any other type of information that could be relevant to an investigation, pending or imminent litigation or when litigation is reasonably anticipated. Legal holds are imperative in preventing spoliation (destruction, deletion, or alteration) of evidence which can have a severely negative impact on a company’s case, including leading to sanctions. Once GitLab becomes aware of an investigation or potential litigation, a GitLab attorney will provide notice to the impacted team members, instructing them not to delete or destroy any information relating to the subject matter of the investigation or potential litigation. The legal hold applies to paper and electronic documents. During a legal hold, all retention policies must be overridden.
What is a Freedom of Information Act (FOIA) request?
The Freedom of Information Act (“FOIA”) provides public access to all United States federal agency records except for those records (or portions of those records) that are protected from disclosure by any of nine exemptions or three exclusions (reasons for which an agency may withhold records from a requestor). Occasionally the records of a federal agency under a FOIA request may include GitLab records in the possession of the agency (i.e. when the agency is a customer of GitLab). In such an event, the federal agency will notify GitLab of the FOIA request and provide GitLab with the documents that the federal agency intends to release in response to the FOIA request. A GitLab legal team member will review the list and content of the documents identified by the federal agency pursuant to the FOIA request and will provide the appropriate response and/or make redactions to those documents, as necessary, prior to their release.
In the event you receive a notification from a US federal agency pursuant to a FOIA request, indicating that GitLab documents or information have been identified for release by an agency , please immediately forward the request to FOIA@gitlab.com.
Foreign Corrupt Practices Act
What is the Foreign Corrupt Practices Act?
The Foreign Corrupt Practices Act (“FCPA”) is a United States federal law that prohibits U.S. citizens and entities from bribing foreign government officials to benefit their business interests. It is not only an invaluable tool to help fight corruption but one to which we must be compliant. As GitLab Inc. is a U.S. incorporated entity, we need to make sure our operations worldwide are compliant with the provisions of the Foreign Corrupt Practices Act. To that end, GitLab requires Team Members to complete an annual online course relating to anti-bribery and corruption at GitLab. In the training, learners will explore improper payments, including facilitation payments and personal safety payments, as well as policies on commercial bribery. The goal of the course is to ensure our Team Members understand what it takes to avoid corruption, especially in high-risk countries, and to ensure GitLab is compliant with legal and regulatory obligations.
For additional General Legal FAQs, please refer to the Internal Handbook.
(Additional Terms)
These Agile Planning Terms (“Terms’’) are between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (or, if a different GitLab Affiliate as listed as “GitLab” on an Order Form) (“GitLab”), and the entity accepting these Terms (“Customer”). These Terms are effective as of the earlier of (a) Customer’s acceptance of these Terms within the GitLab Software or via an Order Form; or (b) Customer’s use of any Agile Planning Features (as defined below) (“Effective Date”). Capitalized terms not otherwise defined herein shall have the meaning set forth in the Agreement (as defined below).
Deprecated 2024-08-29
(Additional Terms)
These Agile Planning Terms (“Terms’’) are between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (or, if a different GitLab Affiliate as listed as “GitLab” on an Order Form) (“GitLab”), and the entity accepting these Terms (“Customer”). These Terms are effective as of the earlier of (a) Customer’s acceptance of these Terms within the (i) GitLab Software or (ii) via an Order Form, or (b) Customer’s use of any “Agile Planning Features” (“Effective Date”). Capitalized terms not otherwise defined herein shall have the meaning set forth in the Subscription Agreement (defined below).
(Additional Terms)
These AI Functionality Terms (“Terms’’) are between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (or, if a different GitLab Affiliate is listed as “GitLab” on an Order Form) (“GitLab”), and the entity accepting these Terms (“Customer”). These Terms are effective as of the earlier of (a) Customer’s acceptance of these Terms within the (i) GitLab Software or (ii) via an Order Form, or (b) Customer’s use of any AI Functionality (“Effective Date”).
(Additional Terms)
deprecated 2023-10-31
These AI Functionality Terms (“Terms’’) are between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (or, if a different GitLab Affiliate is listed as “GitLab” on an Order Form) (“GitLab”), and the entity accepting these Terms (“Customer”). These Terms are effective as of the earlier of (a) Customer’s acceptance of these Terms within the (i) GitLab Software or (ii) via an Order Form, or (b) Customer’s use of any AI Functionality (“Effective Date”).
Deprecated 2024-08-29
(Additional Terms)
These AI Functionality Terms (“Terms’’) are between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (or, if a different GitLab Affiliate is listed as “GitLab” on an Order Form) (“GitLab”), and the entity accepting these Terms (“Customer”). These Terms are effective as of the earlier of (a) Customer’s acceptance of these Terms within the (i) GitLab Software or (ii) via an Order Form or (b) Customer’s use of any AI Functionality (“Effective Date”).
Overview of Anti-Corruption Policy
GitLab's Anti-Fraud Policy
GitLab's Anti-Retaliation Policy to establish guidance for reporting ethics or compliance concerns or other inappropriate behavior while providing protection against retaliation for reporting in good faith.
Annual Metrics on Data Subject Requests pursuant to CCPA.
Overview of the Code of Conduct and Ethics at GitLab.
Landing page for Commercial Legal handbook information
This page offers a single source related to corporate legal information.
Overview of the Corporate Communication Policy at GitLab.
DMCA (Digital Millennium Copyright Act) takedown request requirements
We take the intellectual property rights of others seriously and require that our Users do the same. The Digital Millennium Copyright Act (DMCA) established a process for addressing claims of copyright infringement. If you own a copyright or have authority to act on behalf of a copyright owner and want to report a claim that a third party is infringing that material on or through GitLab’s services, please send a notice that meets the minimum requirements of the DMCA, to dmca@gitlab.com, and we will take appropriate action.
Employment law refers to the law that governs the relationship between employer and employee, so the Employment section of GitLab Legal interacts with the People Group on a regular basis to provide information and legal advice related to the entire arc of our team members’ relationship with GitLab. So what does that mean?
- It means we work closely with the Finance and People teams to determine scalable employment solutions for the Company as it hires across the globe, using a collaborative process for gathering and assessing relevant information on any particular country.
- It means we support the Talent Acquisition department in meeting its goals and ensuring compliance with all local laws and regulations as they source, recruit, and hire new team members.
- It means we help the People Connect team onboard new team members and get them the information they need that applies both to their location and to their job responsibilities.
- It means we support the Total Rewards team, People Operations team, and People Business Partners in developing policies that meet GitLab’s needs, our team members’ needs, and local requirements.
- It means we support our Team Member Relations team, People Business Partners, and Total Rewards as they manage team member relations, requests for reasonable accommodation or adjustments, performance, promotions, transfers, and any other types of issues that pop up during the course of the relationship.
- It means we support our Diversity, Inclusion, and Belonging team in ensuring that decisions across the entire arc of the relationship match our mission statement.
- And it means we provide support when it comes to end of employment decisions, offboarding, and any follow-up matters that can occur.
Based on the outcome of its global expansion process for gathering and assessing relevant details on any particular country (which include local employment legislation and statutory requirements, potential PEO/EOR service agreements or limitations, branch or entity incorporation options, product and privacy considerations, etc), GitLab’s employment team provides information regarding legal risk and compliance requirements based on particular jurisdictions and particular job types. Often, it is up to the others within the organization whether or not to continue down a certain path once the risks and requirements are known.
Information and processes related to ESG
Checklist for use when developing materials for external use
These Fulfillment Reseller Flow-Through Terms (the “Agreement”) are made as of the date agreed to between the Authorized Partner (as defined below) and the Fulfillment Reseller (as defined below) (the “Effective Date”). Each shall be referred to herein as “Party”, or collectively as the “Parties”. For the avoidance of doubt, as further set forth in Section 10 (MISCELLANEOUS), GitLab Inc. or the applicable GitLab entity which has executed terms with the Authorized Partner (“GitLab”) shall be a third-party beneficiary to this Agreement between the Parties, and shall have the right to enforce any terms and conditions onto the Fulfillment Reseller. In consideration of the mutual agreements contained herein and intending to be legally bound hereby, the Parties agree as follows.
This policy helps us identify unacceptable use of our services, and applies to all users of all GitLab services including those on the Free, Premium, and Ultimate GitLab tiers. We refer to “our services” throughout – this means all services (including related websites) owned or operated by GitLab.
We reserve the right to take any action we feel is appropriate to enforce this policy. We may take action to prevent use of our services which goes against the spirit of this policy, even if that use is not expressly forbidden.
Understand your rights and obligations when using GitLab's publicly-available APIs
Education Program Agreement
Date of last revision: 2022/11/16
This Education Program Agreement (“Agreement”) is between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (“GitLab”), and the Educational Institution (as defined below) electronically accepting this Agreement (“Member”). This Agreement is entered into on the earlier of, (a) Member clicking “Agree” or “Yes” to the terms of this Agreement to gain initial access to, or use of, the Software or (b) Member is given access to the Software pursuant to the requirements of the GitLab for Education Program (“Effective Date”).GitLab and Member each shall be referred to as a “Party” and collectively as the “Parties”.
Open Source Program Agreement
Date of last revision: 2022/08/19
This Open Source Program Agreement (“Agreement”) is between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (“GitLab”), and the Open Source Project on behalf of which this Agreement is executed. This Agreement is entered into on the earlier of, (a) Member clicking “Agree” or “Yes” to the terms of this Agreement to gain initial access to, or use of, the Software or (b) Member being given access to the Software pursuant to the requirements of the GitLab for Open Source Program (“Effective Date”). GitLab and the Open Source Project each shall be referred to as a “Party” and collectively as the “Parties”.
View GitLab's Philanthropy Policy
Get to know the Legal Team in our individual README pages
This is the current Modern Slavery Act Transparency Statement
This page helps GitLab Team Members understand the privacy practices at GitLab and to facilitate a culture that respects and prioritizes the privacy of our Team Members and users
(Additional Terms)
These Professional Services Terms (“Terms’’) are between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (or, if a different GitLab Affiliate as listed as “GitLab” on an Order Form) (“GitLab”), and the entity accepting these Terms (“Customer”). These Terms are effective as of the earlier of (a) Customer’s acceptance of these Terms within (i) via an Order Form or (b) via a SOW (“Effective Date”). Capitalized terms not otherwise defined herein will have the meaning set forth in the Subscription Agreement (defined below).
Overview of the Related Party Transactions Policy at GitLab.
Overview of the SAFE Framework at GitLab.
Subscription Agreement
This Subscription Agreement (“Agreement”) is between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (or, if a different corporate entity is listed as “GitLab” on an Order Form [as defined below], (“GitLab”)), and the individual or entity signing or electronically accepting this Agreement, or any Order Form that references this Agreement (“Customer”). This Agreement is entered into on the earlier of, (a) Customer clicking “Agree” or “Yes” to the terms of this Agreement to gain initial access to, or use of, the Software, (b) GitLab and Customer agreeing to an Order Form referencing this Agreement, or (c) Customer is given access to the Software (“Effective Date”).
(Additional Terms)
This Testing Agreement (“Agreement”) is between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (“GitLab”), and either: (i) the entity electronically accepting this Agreement; or (ii) the entity on behalf of which the Testing Features are enabled, as applicable and in either case, “Customer”. This Agreement is effective as of the earlier date on which: (i) Customer clicks to accept this Agreement within the GitLab Software; or (ii) an individual acting on behalf of Customer opts to enable the Testing Features (“Effective Date”). The parties agree to the following terms and conditions related to Customer’s use of the applicable Testing Feature (as defined below).
Deprecated: 2023-05-18
This Testing Agreement (“Agreement”) is between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (“GitLab”), and the entity electronically accepting this Agreement (“Customer”). This Agreement is effective as of the date Customer clicks to accept this Agreement within the GitLab software (“Effective Date”). The parties agree to the following terms and conditions related to Customer’s use of applicable Testing Feature.
Deprecated: 2023-06-29
This Testing Agreement (“Agreement”) is between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (“GitLab”), and either (i) the entity electronically accepting this Agreement; or (ii) the entity on behalf of which the Testing Features are enabled, as applicable and in either case, “Customer”. This Agreement is effective as of the earlier date on which (i) Customer clicks to accept this Agreement within the GitLab software; or (ii) an individual acting on behalf of Customer opts to enable the Testing Features (“Effective Date”). The parties agree to the following terms and conditions related to Customer’s use of the applicable Testing Feature.
Deprecated 2024-08-29
This Testing Agreement (“Agreement”) is between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (“GitLab”), and either (i) the entity electronically accepting this Agreement; or (ii) the entity on behalf of which the Testing Features are enabled, as applicable and in either case, “Customer”. This Agreement is effective as of the earlier date on which (i) Customer clicks to accept this Agreement within the GitLab software; or (ii) an individual acting on behalf of Customer opts to enable the Testing Features (“Effective Date”). The parties agree to the following terms and conditions related to Customer’s use of the applicable Testing Feature.
Mission
GitLab Inc. (collectively with its subsidiaries,“GitLab”, “we”, “our”) is committed to lawful and ethical behavior in all we do and expects members of GitLab’s Board of Directors (“Board”) and officers, employees, and contractors (collectively, “Team Members”) to conduct business ethically, with integrity, and in accordance with all applicable laws and regulations.
GitLab’s culture is based on our VALUES, which are reflected in and reinforced by our Code of Business Conduct and Ethics and various supporting policies, such as our Anti-Fraud Policy and Anti-Retaliation Policy (collectively, “Compliance Standards”). Because GitLab is made up of individuals who are aligned with our VALUES and who are accountable to our customers, shareholders, and each other, we have designed this Ethics and Compliance Program (the “Program”) as an operational framework for our team members. This Program is dedicated to (among other things) making sure GitLab’s Compliance Standards are current, complete, and readily accessible. Team Members are educated on these Compliance Standards, through continuous training, awareness campaigns, required annual reviews and acknowledgments, and additional resources, including #compliance-legal.
Guidelines for the use of third-party content in external materials
Guidelines applicable to discussion of, and reference to, competitor product features and sharing of screenshots of competitor products in public issues, GitLab documentation (https://docs.gitlab.com/), and other public-facing media.
These internal instructions will help GitLab Team Members engage with Legal in the Legal and Compliance issue tracker
Information and processes related to Legal Operations
This page provides educational resources and process guides to GitLab Marketing for recurring Legal requests
Follow this process to obtain legal review of materials for internal and external use
How to send or request an NDA
GitLab Partner Code of Ethics and Due Diligence
Learn about Patents and GitLab's Patent Program
Thank you for visiting! The purpose of this resource is to provide GitLab team members with information on how legal assists and interacts with the procurement of products and services at GitLab.
For information on the Procurement Team, policies and process, visit The Procurement Page
For general questions that do not require legal advice, deliverables, or any discussion of confidential information, you can reach out to the GitLab Legal Team at #legal.
Guidelines and process for use of Publicity Waiver and Release agreements
This Records Retention Policy promotes and assists with the implementation of procedures, best practices, and tools to promote consistent life cycle management of GitLab records
Before submitting a Deal Registration, please review the Master Partner Agreement.
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE ACCESSING GITLAB’S PARTNER PORTAL OR OTHERWISE, USING, ACCESSING, CONSUMING, PURCHASING, RESELLING OR OTHERWISE DISTRIBUTING THE SOFTWARE OR SERVICES FROM GITLAB. BY CLICKING YOUR ASSENT BELOW OR USING, ACCESSING OR CONSUMING THE GITLAB SOFTWARE OR SERVICES, YOU SIGNIFY YOUR ASSENT TO AND ACCEPTANCE OF THIS AGREEMENT AND ACKNOWLEDGE YOU HAVE READ AND UNDERSTAND THE TERMS. AN INDIVIDUAL ACTING ON BEHALF OF AN ENTITY REPRESENTS AND WARRANTS THAT HE OR SHE HAS THE AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF THAT ENTITY. IF YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, THEN YOU MUST NOT USE, ACCESS, CONSUME, PURCHASE, RESELL OR OTHERWISE DISTRIBUTE THE GITLAB SOFTWARE OR SERVICES.
RMDR processes, policies, and resources
This resource provides assistance to the GitLab Sales Team on operational and educational elements of working with GitLab Legal for Customer negotiations
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING ACCESSING OR CONSUMING THE SOFTWARE OR SERVICES FROM GITLAB. BY CLICKING YOUR ASSENT BELOW OR USING, ACCESSING OR CONSUMING THE GITLAB SOFTWARE OR SERVICES, YOU SIGNIFY YOUR ASSENT TO AND ACCEPTANCE OF THIS AGREEMENT AND ACKNOWLEDGE YOU HAVE READ AND UNDERSTAND THE TERMS. AN INDIVIDUAL ACTING ON BEHALF OF AN ENTITY REPRESENTS THAT HE OR SHE HAS THE AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF THAT ENTITY. IF YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, THEN YOU MUST NOT USE, ACCESS OR CONSUME THE GITLAB SOFTWARE OR SERVICES
What are trade control laws?
Trade control laws, which often consist of sanctions, export controls, and import laws, govern how and under what circumstances technology, software, and technical assistance may be exported. Trade control laws vary from country to country but usually exist to protect national security and further foreign policy and economic interests.
Under United States law, exports, re-exports, and transfers, can take many forms, including oral, written, and visual disclosure, physical shipment, and electronic transfer or transmission. An export can also occur when technology, software, or technical assistance is transmitted to U.S. nationals abroad, or to non-U.S. nationals located within the United States. The export of certain software, technology, or technical assistance to certain countries, certain end users, or for certain end uses, may require authorization from the United States government prior to export, re-export, or transfer.
Trademarks training materials for GitLab team members
These instructions will walk GitLab Team Members through how to file your contract or other related-vendor documents after they are fully executed.
Pilot Program for Promotional Games
GitLab's Whistleblowing Handbook page, with links to whistleblowing policies.
Last modified October 29, 2024:
Fix broken links (455376ee)
