Materials Legal Review Process

Follow this process to obtain legal review of materials for internal and external use

Self-serve materials compliance resources

When creating materials:

When to use this process

For materials listed in the Mandatory Review section, a review by the Legal & Corporate Affairs Team is always required.

For all other materials, a review is not required provided the materials comply with:

  1. the SAFE Framework; and
  2. the Guidelines for Use of Third-party IP in External Materials.

The DRI is responsible for ensuring materials are compliant. If you’re unsure whether certain materials need to be reviewed, or have a question about compliance with the SAFE Framework, the IP Guidelines, or the Checklist, reach out in the #safe Slack channel.

Mandatory review

Review is always required for:

  • Internal and external materials requiring review as determined by the SAFE Framework Flowchart;
  • External materials which quote, or are written in the name of, the CEO; CFO; CLO; CRO; CTO; VP, Investor Relations; or a member of the Board of Directors;
  • Quarterly and year-end earnings reports, and materials which include financial data that has not been publicly disclosed, or a variation previously disclosed financial data;
  • Materials relating to:
    • Mergers and acquisitions, including spin outs, investments, or acqui-hires;
    • Executive or other material organizational or management changes; or
    • The announcement or release of new products material to GitLab.
  • Social media posts that include earnings reports, financial data not yet publicly disclosed, a variation of previously disclosed financial data, or items relating to mergers and acquisitions (including spin outs, investments, or acqui-hires), and disclosing material nonpublic informations (e.g., material management changes, material product releases etc.).

Excluded from review

This process should never be used for:

  • NDAs, contracts, or other commercial agreements which should instead be routed through the Commercial Legal Team.
  • AMAs, Key Review meetings, and Group Conversations streamed or published publicly to GitLab Unfiltered. However, these recordings should not be streamed or published if they contain material non-public information, confidential information, or are required to be kept SAFE;
  • External or internal handbook updates;
  • GitLab issues or merge requests; nor
  • Internal or external communications prepared in relation to a contentious issue that undermines a critical attribute of our company’s brand and challenges its reputation or impacts, or has the potential to impact, the safety or well-being of our team-members which should instead follow the GitLab Incident Communications Plan.

The Legal & Corporate Affairs Team will not review materials sent in Slack because Slack should not be used for obtaining approval; follow this Materials Legal Review Process instead.

External vs Internal use

External use means materials made available to any company or individual who is not a GitLab team member, including media, marketing audiences, prospects, customers, partners, vendors, community members, and conference attendees. Materials published with public visibility on the GitLab Unfiltered YouTube channel or on any GitLab social media channel are external.

Internal use means materials made available solely to GitLab team members.

Sometimes, legal review entails two separate reviews:

  • Materials for external use are reviewed (i) against the SAFE Framework, and (ii) for compliance with third-party intellectual property (IP) rights; and
  • Materials for internal use are reviewed solely against the SAFE Framework; an IP review is not required unless it is contemplated that such materials will be used externally.

Turnaround time

The Legal & Corporate Affairs Team aims to complete single material reviews within two business days of submission (note: business days used here and elsewhere in the Materials Legal Review Process means United States business days). The time to complete a review is subject to (i) the submission being complete (i.e., no missing materials and all other approvals are in place before legal review), and (ii) the volume of the material submitted for review. The turnaround time for multiple materials reviews will depend on the volume of material submitted for review.

Two-track process

This process is divided into two tracks - follow the track which applies to your situation:


Follow this process to obtain legal review of a single piece of material. A slide deck, script, and video for one presentation are considered a single piece of material.

  1. If a confidential working issue for the material already exists, make a comment in that issue using the following template. The template is written in markdown - paste it into a new comment and fill in the blanks.

    ## Materials to be reviewed
    <!-- Link (for Google Docs) or upload (for other file types) the material for review here. -->
    
    ## Is this material for internal or external use?
    <!-- Delete as appropriate, and refer to the definitions of `external use` and `internal use` in the Materials Legal Review Process. If there are plans to use the material, or any part of it, externally in the future, chose `external`. -->
    - external @sfriss @LeeFalc
    - internal @sfriss
    
    ## Will the materials be made available on GitLab Unfiltered, Edcast, or anywhere else?
    <!-- Delete as appropriate to state whether some or all of the materials being submitted for review will be made available anywhere. If they will, give details of the visibility the materials will have. -->
    - yes <!-- if yes, give details -->
    - no
    
    ## Is the material subject to mandatory review?
    <!-- Delete as appropriate and refer to the definition of mandatory review: https://handbook.gitlab.com/handbook/legal/materials-legal-review-process/#mandatory-review -->
    - yes <!-- if yes, identify the type of material from the list of materials subject to mandatory review -->
    - no
    
    ## Does the material comply with the [SAFE Framework](/handbook/legal/safe-framework/) and the [Guidelines for Use of Third-party IP in External Materials](/handbook/legal/ip-public-materials-guidelines/)?
    <!-- Delete as appropriate -->
    - yes
    - no
    - I'm not sure
    
    ## If the material is not subject to mandatory review and complies with the SAFE Framework and IP Guidelines, legal review is not mandatory. However, if you have specific questions regarding the material, set those out here, identifying the aspect(s) of the material to which the questions relate.
    <!-- if the materials are subject to mandatory review, or do not comply with the SAFE Framework or IP Guidelines, skip to the next question -->
    
    ## Due date for review
    <!-- State the due date for review, noting that the Legal & Corporate Affairs Team requires at least two business days to complete a review. See note above under Turnaround Time regarding the two business day review cycle. -->
    
  2. If no working issue already exists, complete the single material legal review issue template, following the instructions in the template.

  3. Note that:

    • To obtain the review appropriate to your proposed use, you must tag the correct Legal & Corporate Affairs Team members in the issue description (@sfriss for internal materials, and @sfriss and @LeeFalc for external materials). IP review is not required for materials created for internal use, only SAFE review is required. Internal use and external use are defined here.
    • The Legal & Corporate Affairs Team aims to review materials within two business days of submission; clearly state the due date when creating the issue as the template requires. The time to complete a review is subject to (i) the submission being complete (i.e., no missing materials and all other approvals are in place before legal review), and (ii) the volume of the material submitted for review.
  4. Put a link in the material being reviewed to the legal review issue or comment you created:

    • Google Docs: add the link at the top of the first page of the doc.
    • Google Slides: add the link to the first slide.
    • PDFs: no link required.
  5. If the review request is subject to mandatory review for a video not yet produced, review is required in respect of both (i) the slide deck, storyboard, and script (as appropriate, and in final form) before recording, and (ii) the final cut. Request review at each stage as set out in this process.

  6. The Legal & Corporate Affairs Team will review the material, making comments and requests for changes in the document, or an issue comment thread, and provide context for any requested changes in accordance with the say why, not just what operating principle.

  7. Once legal review is complete, a Legal & Corporate Affairs Team member will tag the issue creator and comment Legal review complete. Review is complete only once Legal review complete has been commented; comments like SAFE review complete and IP review complete do not indicate review is complete.

  8. If any changes are made to the material after legal review, another legal review is required. Tag the appropriate reviewers (@sfriss for internal materials, and @sfriss and @LeeFalc for external materials) in the issue, or issue comment, created in step 1, requesting review of the amended material. As repeat reviews are inefficient, ensure materials are finalized before submitting for legal review.

  9. Once legal review of the amended material is complete, a Legal & Corporate Affairs Team member will once again tag the issue creator and comment Legal review complete.


Follow this process to obtain legal review of multiple pieces of material with a related purpose, like several slide decks being prepared for one event.

  1. Complete the multiple materials review issue template, following the instructions in the template. Note that:
    • IP review is not required for materials created for internal use, only SAFE review is required;
    • For a given related purpose (like an event), only one multiple materials review issue needs to be created;
    • For multiple materials legal review requests involving five or fewer pieces of material, legal aims to complete the review within 5 business days of submission; as noted above, the time to complete a review is subject to (i) the submission being complete (i.e., no missing materials and all other approvals are in place before legal review), and (ii) the volume of the material submitted for review; and
    • For multiple materials legal review requests involving more than five pieces of material, the DRI must, no less than 5 business days before the materials will be ready for review, (i) notify the Legal & Corporate Affairs Team in #legal of the upcoming event, and (ii) arrange a sync with the Team to agree a timeline for the completion of the review.
  2. As each of piece of material is ready for review, make a comment in the issue which:
    • Tags the appropriate reviewers (@sfriss for internal materials, and @sfriss and @LeeFalc requesting review);
    • Links (for Google Docs) or uploads (for other files) the material to the comment for review; and
    • States the due date for the review.
  3. Put a link to the comment thread you created in the material being reviewed as follows:
    • Google Docs: add the link at the top of the doc.
    • Google Slides: add the link to the first slide.
    • PDFs: no link required.
  4. The Legal & Corporate Affairs team will review the material, making comments and requests for changes in the document, or the applicable comment thread in the issue, and provide context for any requested changes in accordance with the say why, not just what operating principle. Ensure that all discussion relating to a given piece of material takes place in replies to the relevant comment thread; do not create a new comment thread each time you comment.
  5. Once legal review is complete, a Legal & Corporate Affairs Team member will tag the creator of the comment thread and comment Legal review complete in the relevant comment thread. Legal review is complete only once Legal review complete has been commented; comments like SAFE review complete and IP review complete do not indicate review is complete.
  6. If any changes are made to the material after legal review, another legal review is required. Tag the appropriate reviewers (@sfriss for internal materials, and @sfriss and @LeeFalc for external materials) in the issue comment created in step 2, requesting review of the amended material. As repeat reviews are inefficient, ensure materials are finalized before submitting for legal review.
  7. Once legal review of the amended material is complete, a Legal & Corporate Affairs Team member will once again tag the issue creator and comment Legal review complete in the relevant comment thread.
  8. If the review request is subject to mandatory review for a video not yet produced, review is required in respect of both the slide deck, storyboard and script (as appropriate) prior to recording and the final cut. Request review at each stage as set out in this process.