GitLab for Open Source Program Agreement

Open Source Program Agreement

Date of last revision: 2022/08/19

This Open Source Program Agreement (“Agreement”) is between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (“GitLab”), and the Open Source Project on behalf of which this Agreement is executed. This Agreement is entered into on the earlier of, (a) Member clicking “Agree” or “Yes” to the terms of this Agreement to gain initial access to, or use of, the Software or (b) Member being given access to the Software pursuant to the requirements of the GitLab for Open Source Program (“Effective Date”). GitLab and the Open Source Project each shall be referred to as a “Party” and collectively as the “Parties”.

If a Member is executing this Agreement on behalf of the Open Source Project, that Member represents that they have the authority to bind the Open Source Project to the terms of this Agreement and accept notice under this Agreement on behalf of the Open Source Project.

1. DEFINITIONS

“Affiliates” means, with respect to a Party, any entity that directly or indirectly controls, is controlled by, or is under common control with such Party, where “control” means at least fifty percent (50%) ownership of the outstanding shares of the entity or the ability to direct the management of the entity by contract or otherwise.

“Commercial Terms” means the GitLab Subscription Agreement located at https://about.gitlab.com/terms.

“Community Edition Software” means the publicly available, community-developed open-source software and components which may be provided with the GitLab Software.

“Confidential Information” shall have the meaning ascribed in Section 6 (Confidentiality).

“GitLab for Open Source Program” means the program guidelines and overview as found at https://about.gitlab.com/handbook/marketing/developer-relations/community-programs/opensource-program as updated from time to time, which include directions, rules, and requirements for participation in the GitLab for Open Source Program.

“GitLab Software” means software, and other branded offerings made available by GitLab and its Affiliates, including, but not limited to, GitLab’s “DevOps Lifecycle Application Platform”.

“Intellectual Property Rights” means all intellectual property rights throughout the world, including, without limitation, patents, copyrights, Trademarks, trade secrets and contractual or other rights in confidential information, moral rights, rights of privacy and publicity, and any other intellectual and industrial property and proprietary rights including registrations, applications, renewals and extensions of such rights worldwide.

“Open Source Project” means an organization or entity other than a federal or state governmental department which develops and manages Open Source Software.

“Open Source Software” means software licensed subject to an Open Source Initiative approved open source software license, such approved licenses being listed at https://opensource.org/licenses/alphabetical.

“Member” means an individual maintainer of, or contributor to, the Open Source Project having authority to bind the Open Source Project to the terms of this Agreement.

“Project Content” is all software, information, content, and data provided by or on behalf of the Open Source Project or made available or otherwise distributed through the use of the GitLab Software pursuant to this Agreement.

“Trademarks” means a Party’s corporate name, primary logo, and primary “button” or “icon” for use within others’ software to indicate an available integration, and any other logos, service marks, trademarks and certification marks that one Party expressly authorizes the other Party to use under this Agreement in writing.

2. PURPOSE & ELIGIBILITY

2.1 Subject to the terms of this Agreement and the GitLab for Open Source Program, GitLab grants the Open Source Project a non-exclusive, limited, revocable, worldwide, non-sublicensable, and non-transferable right to use the GitLab Software for the purposes of developing and managing Open Source Software provided that at all times:

     2.1.1 the Open Source Project does not, and does not seek to, generate profit from the sale or licensing of the Open Source Software to which the Open Source Project relates, or the sale of any services related to such Open Source Software;

     2.1.2 all projects and groups, and their contents, hosted by the Open Source Project on the GitLab Software are publicly visible as described in the documentation at https://docs.gitlab.com/ee/user/public_access.html; and

     2.1.3 all software hosted by the Open Source Project on the GitLab Software is licensed subject to an Open Source Initiative approved open source software license, such approved licenses being listed at https://opensource.org/licenses/alphabetical, 2.1.1, 2.1.2, and 2.1.3 taken together, the “Eligibility Requirements”.

2.2 If, at GitLab’s sole discretion, the Open Source Project fails to meet the Eligibility Requirements, GitLab shall give the Open Source Project written notice of such failure (email being sufficient). If the Open Source Project has not cured such failure within thirty (30) days of GitLab providing written notice (the “Cure Period”), this Agreement and the Open Source Project’s ability to participate in the GitLab for Open Source Program shall terminate unless the Open Source Project elects to pay for the GitLab Software in accordance with the Commercial Terms from the expiry of the Cure Period.

2.3 The GitLab Software shall be provided without support and GitLab shall have no obligation to render any “Support” as such term is defined in the Commercial Terms.

3. REGISTRATION & USE RIGHTS

3.1 The Open Source Project shall follow the registration and credentialing requirements established by GitLab in this Agreement and the GitLab for Open Source Program, and a prospective open source project’s eligibility to participate in the GitLab for Open Source Program shall be determined by GitLab in its sole discretion.

3.2 In accessing and using the GitLab Software and the GitLab for Open Source Program materials, the Open Source Project agrees to comply with the terms of this Agreement and the GitLab for Open Source Program. The Open Source Project agrees not to (nor to authorize any third party to): (a) use the GitLab Software and GitLab for Open Source Program materials except for the purpose expressly provided in Section 2.1; (b) modify or create any derivative works of the GitLab Software and the GitLab for Open Source Program materials; (c) take any action that would subject the GitLab Software and the GitLab for Open Source Program materials to any third party terms; (d) copy, distribute, sell, sublicense, rent or lease the GitLab Software and GitLab for Open Source Program materials, including any access key provided by GitLab, or use such items for hosting, service provider, or similar purposes; or (e) access the GitLab Software and GitLab for Open Source Program materials for competitive analysis or disseminate performance information (including uptime, response time and/or benchmarks) relating to the GitLab Software.

3.3 Portions of the GitLab Software are governed by underlying open source licenses as described at https://gitlab-org.gitlab.io/omnibus-gitlab/licenses.html, including but not limited to the Community Edition Software. This Agreement establishes the rights and obligations associated with the GitLab Software pursuant to the GitLab for Open Source Program and is not intended to limit rights to software under the terms of any open source license.

4. OWNERSHIP RIGHTS & TRADEMARKS

4.1 Except as expressly set forth herein, GitLab (and its licensors, where applicable) will retain all Intellectual Property Rights relating to the GitLab for Open Source Program, GitLab Software and any suggestions, ideas, enhancement requests, feedback, or other recommendations provided by the Open Source Project, its Affiliates, students, users or any third party relating to the GitLab for Open Source Program and GitLab Software (herein referred to as “Feedback Materials”), which are hereby assigned to GitLab. For the avoidance of doubt, Feedback Materials shall not include Open Source Project Confidential Information or Intellectual Property Rights owned by the Open Source Project. This Agreement does not constitute a sale of the GitLab for Open Source Program nor the GitLab Software and does not convey to the Open Source Project any rights of ownership in or related to the GitLab for Open Source Program nor to the GitLab Software nor any other Intellectual Property Rights.

4.2 The Open Source Project shall not remove, alter or obscure any of GitLab’s (or its licensors’) copyright notices, proprietary legends, trademark or service mark attributions, patent markings or other indicia of GitLab’s (or its licensors’) ownership or contribution from the GitLab Software.

5. TERM & TERMINATION

5.1 The initial term of this Agreement shall commence on the Effective Date and shall expire one (1) year later (the “Initial Term”). After the Initial Term, this Agreement shall automatically renew for successive one (1) year renewal periods (each a “Renewal Term”) unless terminated as set out herein. The Initial Term and any Renewal Terms (if any) shall be the “Term.”

5.2 Following the Initial Term, either Party may terminate this Agreement upon sixty (60) days’ prior written notice to the other Party. Either Party may immediately terminate this Agreement upon written notice if the other Party breaches its obligations under this Agreement and fails to cure such breach within thirty (30) days following receipt of notice from the non-breaching Party. A Party that provides notice of breach must include in the notice a description of the alleged breach in reasonable detail. In addition, either Party may immediately terminate this Agreement upon written notice to the other Party in the event that the other Party becomes the subject of a petition in bankruptcy or any proceeding related to its insolvency or any assignment for the benefit of creditors.

5.3 Subject to Section 2.2, GitLab may suspend the Open Source Project’s use of GitLab Software and GitLab for Open Source Program materials or terminate this Agreement if GitLab determines in its sole discretion that: (a) GitLab is required to do so by law; (b) the Open Source Project no longer meets the Eligibility Requirements; or (c) continuing under this Agreement could result in legal or business liability or cause harm to GitLab’s products, services, reputation, or users.

5.4 Upon any termination of this Agreement, the Open Source Project’s rights to use GitLab Software and GitLab for Open Source Program materials (including related access keys and credentials) will immediately terminate and the Open Source Project will cease all such use, but all other provisions of this Agreement will survive. GitLab will have no obligation or liability resulting from termination or suspension of this Agreement.

6. CONFIDENTIALITY

6.1 “Confidential Information” means the terms and conditions of this Agreement, and any other non-public technical or business information of a Party, whether provided orally or in writing, that is designated in writing as “Confidential” or “Proprietary” at the time of disclosure or that due to the nature of the information the receiving Party would reasonably understand it to be confidential information of the disclosing Party, including information relating to a Party’s techniques, ideas, concepts, algorithms, source code, methodologies, workflows, implementation processes, current and future products and services, research, engineering, designs, financial information, procurement requirements, customer lists, business forecasts, roadmaps, marketing plans, pricing, discounts and proposals.

6.2 Confidential Information shall not include any information that: (a) is or becomes generally available to the public through no fault of or breach of this Agreement by the receiving Party; (b) was rightfully in the receiving Party’s possession at the time of disclosure without an obligation of confidentiality on the receiving Party; (c) is independently developed by the receiving Party without use of the disclosing Party’s Confidential Information; (d) is rightfully obtained by the receiving Party from a third party not under a duty of confidentiality to the disclosing Party and without restriction on use or disclosure; or (e) the receiving Party is permitted to publicly disclose under another provision of this Agreement.

6.3 Neither Party shall disclose Confidential Information of the other Party to anyone or shall use Confidential Information of the other Party for any purpose, except in either case as necessary to exercise its rights or obligations under this Agreement (“Permitted Purposes”). Each Party shall use at least the same degree of care (but no less than reasonable care) to prevent the unauthorized use, dissemination and copying of the other party’s Confidential Information as it uses to protect its own Confidential Information of a like nature. Each Party shall limit the disclosure of such Confidential Information to those of its employees, consultants, Affiliates, advisors and contractors with a bona fide need to access such Confidential Information solely for the Permitted Purposes, and all such employees and contractors must be subject to binding disclosure and use restrictions at least as protective as those set forth herein. Each Party shall be responsible for any breach of this Section 6 by its employees, consultants, Affiliates’ employees, advisors and contractors, as if they were that Party’s own employees.

6.4 The obligations of confidentiality under this Section 6 shall expire three (3) years after that Confidential Information is disclosed hereunder. The receiving Party shall promptly return or destroy (or in the case of electronic data, use commercially reasonable efforts to delete or render practicably inaccessible by receiving Party) Confidential Information disclosed by the other Party upon its written request.

6.5 This Agreement shall not be construed to prevent the receiving Party from disclosing the disclosing Party’s Confidential Information to a court or governmental body pursuant to a valid court order, law, subpoena or regulation, provided that the receiving Party: (a) gives reasonable notice (or such shorter period as is the maximum notice permitted under applicable law) before making the disclosure, unless prohibited by law; (b) provides reasonable assistance to the disclosing Party, at disclosing Party’s expense, in any lawful efforts by the disclosing Party to resist or limit the disclosure of such Confidential Information; and (c) discloses only that portion of the disclosing Party’s Confidential Information which is legally required to be disclosed.

6.6 The Parties agree that the receiving Party’s disclosure of Confidential Information, except as provided herein, may result in irreparable injury for which a remedy in money damages would be inadequate. The Parties further agree that in the event of such disclosure or threatened disclosure: (a) the disclosing Party shall be entitled to seek an injunction to prevent the breach or threatened breach in addition to any other remedies available to the disclosing Party at law or in equity; and (b) each Party hereby acknowledges that such an injunction is appropriate and warranted in such case. All Confidential Information disclosed under this Agreement will remain the property of the disclosing Party. No license or right under any intellectual property right is granted under this Agreement or by any disclosure of Confidential Information except as expressly stated in this Agreement.

7. WARRANTY & INDEMNIFICATION

7.1 Both Parties hereby represent and warrant that they are legally entitled to enter into this Agreement.

7.2 EXCEPT AS EXPRESSLY STATED HEREIN, ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT IS PROVIDED “AS-IS”, WITHOUT ANY WARRANTIES OF ANY KIND. EACH PARTY DISCLAIMS ANY IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

7.3 The Open Source Project will indemnify, defend (at GitLab’s request) and hold harmless GitLab and its Affiliates and their respective directors, officers, employees, agents, contractors, end users and licensees from and against any claims, losses, costs, expenses (including reasonable attorneys’ fees), damages or liabilities based on or arising from: (a) the Open Source Project’s use of the GitLab Software and/or GitLab for Open Source Program materials, and (b) Open Source Project’s relationships or interactions with any end users. GitLab may at its own expense participate in the defense and settlement of any claim with its own counsel, and the Open Source Project may not settle a claim without GitLab’s prior written consent (not to be unreasonably withheld).

8. LIMITATIONS OF LIABILITY

8.1 WITH THE EXCEPTION OF THE OPEN SOURCE PROJECT’S: (A) INDEMNIFICATION OBLIGATIONS UNDER SECTION 7.3, OR (B) OBLIGATIONS UNDER SECTION 9 (EXPORT), TO THE EXTENT PERMITTED BY LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR LOST PROFITS OR REVENUE OR LOSS OF USE OR DATA, COSTS OF COVER OR SUBSTITUTE GOODS OR SERVICES, OR FOR INCIDENTAL, CONSEQUENTIAL, PUNITIVE, SPECIAL OR EXEMPLARY DAMAGES, OR INDIRECT DAMAGES OF ANY TYPE OR KIND, HOWEVER CAUSED, RELATED TO OR ARISING OUT OF THIS AGREEMENT OR THE RIGHTS, LICENSES, PRODUCTS OR SERVICES PROVIDED UNDER THIS AGREEMENT, WHETHER BY BREACH OF WARRANTY, BREACH OF CONTRACT, NEGLIGENCE, TORT, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

8.2 WITH THE EXCEPTION OF THE OPEN SOURCE PROJECT’S: (A) INDEMNIFICATION OBLIGATIONS UNDER SECTION 7.3, OR (B) OBLIGATIONS UNDER SECTION 9 (EXPORT), TO THE EXTENT PERMITTED BY LAW, THE TOTAL, CUMULATIVE LIABILITY OF EACH PARTY ARISING OUT OF OR RELATED TO THIS AGREEMENT OR THE RIGHTS, LICENSES, PRODUCTS OR SERVICES PROVIDED UNDER THIS AGREEMENT, WHETHER BASED ON CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL THEORY, SHALL BE LIMITED TO FIVE HUNDRED U.S. DOLLARS ($500.00).

9. EXPORT

9.1 The GitLab Software is subject to export restrictions by the United States government and import restrictions by certain foreign governments. The Open Source Project agrees to comply with all applicable export and import laws and regulations in its use of the GitLab Software and the GitLab for Open Source Program materials. The Open Source Project shall not (and shall not allow any third-party to) remove or export from the United States or allow the export or re-export of any part of the GitLab Software or the GitLab for Open Source Program materials: (a) into (or to a national or resident of) any embargoed or terrorist-supporting country; (b) to anyone on the U.S. Commerce Department’s Table of Denial Orders or U.S. Treasury Department’s list of Specially Designated Nationals; (c) to any country to which such export or re-export is restricted or prohibited, or as to which the United States government or any agency thereof requires an export license or other governmental approval at the time of export or re-export without first obtaining such license or approval; or (d) otherwise in violation of any export or import restrictions, laws or regulations of any United States or foreign agency or authority. The Open Source Project represents and warrants that it is not located in, under the control of, or a national or resident of any such prohibited country or on any such prohibited party list.

10. SECURITY AND DATA PROTECTION

10.1 With respect to the Open Source Project’s use of GitLab Software provided as “Software-as-a-Service”, GitLab shall be responsible for establishing and maintaining a commercially reasonable information security program that is designed to: (i) ensure the security and confidentiality of the Project Content; (ii) protect against any anticipated threats or hazards to the security or integrity of the Project Content; (iii) protect against unauthorized access to, or use of, the Project Content; and (iv) ensure that all subcontractors of GitLab, if any, comply with all of the foregoing. In no case shall the safeguards of GitLab’s information security program be less stringent than the information security safeguards used by GitLab to protect its own commercially sensitive data. The Open Source Project shall use commercially reasonable security and anti-virus measures when accessing and using the GitLab Software and/or the GitLab for Open Source Program materials and to prevent unauthorized access to, or use of the GitLab Software and/or the GitLab for Open Source Program materials, and notify GitLab promptly of any such unauthorized access or use of which it becomes aware.

10.2 The terms of the data processing addendum located at https://about.gitlab.com/handbook/legal/data-processing-agreement (“DPA”) are hereby incorporated by reference and shall apply to the extent Project Content includes Personal Data, as defined in the DPA. To the extent Personal Data from the European Economic Area (EEA), the United Kingdom and Switzerland are processed by GitLab, the Standard Contractual Clauses shall apply, as further set forth in the DPA. For the purposes of the Standard Contractual Clauses, the Open Source Project and its applicable Affiliates are each the data exporter, and the Open Source Projects acceptance of this Agreement shall be treated as its execution of the Standard Contractual Clauses.

10.3 The Parties acknowledge and agree that: (i) the GitLab Software is not designed for the purpose(s) of storing, processing, compiling or transmitting Sensitive Data (as defined herein), and (ii) the Open Source Project shall not use the GitLab Software, or otherwise provide to GitLab without prior written consent, Sensitive Data under this Agreement. “Sensitive Data” means: (i) special categories of data enumerated in European Union Regulation 2016/679, Article 9(1) or any successor legislation; (ii) patient, medical, or other protected health information regulated by the Health Insurance Portability and Accountability Act (as amended and supplemented) (“HIPAA”); (iii) credit, debit, or other payment card data or financial account information, including bank account numbers or other personally identifiable financial information; (iv) social security numbers, driver’s license numbers, or other government identification numbers; (v) other information subject to regulation or protection under specific laws such as the Children’s Online Privacy Protection Act or Gramm-Leach-Bliley Act (“GLBA”) (or related rules or regulations); or (vi) any data similar to the above protected under foreign or domestic laws. The Open Source Project further acknowledges that the GitLab Software and related features are not intended to meet any legal obligations for these uses, including HIPAA and GLBA requirements, and that GitLab is not a Business Associate as defined under HIPAA. Therefore, notwithstanding anything else in this Agreement, GitLab has no liability for Sensitive Data processed in connection with the Open Source Project’s use of the GitLab Software.

10.4 The Open Source Project shall also maintain and handle all Project Content with reasonably adequate privacy and security measures and in compliance with all applicable privacy laws and regulations.

11. GENERAL PROVISIONS

11.1 Each Party shall comply with all laws and regulations applicable to its performance of its obligations under this Agreement, including without limitation data privacy laws and export control laws and regulations.

11.2 Neither Party shall assign, delegate, subcontract or otherwise transfer, directly or by operation of law, any of the rights or obligations of this Agreement nor any part or all of this Agreement without the prior written consent of the other Party. Any attempt to transfer, assign, delegate or subcontract rights or obligations under this Agreement except as set forth in this Section 11.2 shall be void. Subject to the foregoing limitation, this Agreement shall be binding upon, inure to the benefit of and be enforceable by the Parties and their respective successors and permitted assigns.

11.3 A waiver of any right under this Agreement is effective only if it is in writing and signed by the Party against whom the waiver is sought. Any such waiver shall apply only to the circumstances for which it is given. Unless specifically provided otherwise in this Agreement, remedies arising under this Agreement are cumulative and do not exclude any other remedies available at law or in equity.

11.4 This Agreement is not intended to benefit any person or party other than the Parties to this Agreement and, where applicable, the Parties’ successors and permitted assigns. The Parties are independent contractors. Nothing in this Agreement shall be construed to create a membership, joint venture, agency, employment, or fiduciary relationship between the Parties. Neither Party shall have any right or authority to assume or create any obligation of any kind, express or implied, in the name of or on behalf of the other Party, or represent that it has any such authority. Each Party will be responsible for the costs incurred by it in performance of its obligations under this Agreement.

11.5 Except as expressly otherwise provided herein, all notices shall be in writing and deemed delivered the earlier of: (a) actual receipt; (b) upon delivery by a nationally recognized overnight courier (receipt requested) to the receiving Party’s address as specified herein or updated by written notice; or (c) when received via electronic communications as evidenced by either Party’s contemporaneously created computer records.

11.6 Both Parties agree that this Agreement is the complete and exclusive statement of the mutual understanding of the Parties and supersedes and cancels all previous written and oral agreements, communications, and other understandings related to the subject matter of this Agreement.

11.7 This Agreement and all relations, disputes, claims and other matters arising hereunder (including non-contractual disputes or claims) shall be governed exclusively by, and construed exclusively in accordance with, the laws of the State of California, without regard to conflicts of laws provisions. To the extent permitted by law, choice of laws rules and the United Nations Convention on Contracts for the International Sale of Goods shall not apply. For the purposes of adjudicating any action or proceeding to enforce the terms of this Agreement, the Parties hereby irrevocably consent to the exclusive jurisdiction of, and venue in, the courts of San Francisco county, California.

11.8 If any provision of this Agreement is judicially declared to be invalid, unenforceable or void, such decision shall not have the effect of invalidating or voiding any portion of the remainder of this Agreement, it being the intent and agreement of the Parties that this Agreement shall be deemed amended by modifying such provision to the extent necessary to render it valid, legal and enforceable while preserving its intent or, if such modification is not possible, by substituting therefor another provision that is valid, legal and enforceable and that achieves the same objective.