GitHub’s Guidelines for Legal Requests of User Data explain how we handle legally authorized requests, including law enforcement requests, subpoenas, court orders, and search warrants, as well as national security letters and orders.
In short, we follow the law while requiring adherence to the highest legal standards for user requests for data. We carefully review all requests to disclose user data to ensure they adhere to our policies and satisfy all appropriate legal requirements, and we push back where they do not. When we do disclose information, we never share private content data, except in response to a search warrant, and we notify users when we disclose their information in response to a legal request, unless a law or court order prevents us from doing so.
Access the complete data set on our GitHub repo or download the individual CSV files.
Governments outside the US can make cross-border data requests for user information through the DOJ via a mutual legal assistance treaty (MLAT) or similar form of international legal process. Our Guidelines for Legal Requests of User Data explain how we handle user information requests from foreign law enforcement. Essentially, when a foreign government seeks user information from GitHub, we direct the government to the DOJ so that the DOJ can determine whether the request complies with US legal protections, and if it does, the DOJ would send us a subpoena, court order, or search warrant, which we would then process like any other request we receive from the US government.