Git Data

Our Git integration collects metadata about your organization’s activity across repositories, pull requests, and deployments. We never read, transmit, or store source code. Sensitive data, such as branch names and pull request titles, are always encrypted.

We partner with Drata, a continuous compliance platform, to monitor our security posture on an ongoing basis. Our SOC 2 Type 2 report, latest security and policy documents, continuous monitoring status, and list of subprocessors can all be found at our Trust Center.

Organizations, Teams, and Members

We collect basic information about your organization, teams, and members. Member data includes usernames, organization role (e.g. admin), and team memberships, helping you filter data at the team level.

We store minimal personally identifiable information (PII) for organization members, such as name and email address. We also collect basic location information (e.g. city, state, or country) that is publicly available on a user’s GitHub profile.

Repositories, Pull Requests, and Deployments

Repository metadata we collect includes name, visibility (public or private), and branch names. We never read or access code.

We track basic information about pull requests, such as titles, URLs, statuses, labels, branches, authors, and change counts (additions, deletions, modifications). Additionally, we track when a pull request is opened, reviewed, merged, and closed. We also collect basic commit details (SHAs, timestamps, filenames).

Deployment tracking covers events related to workflows/pipelines, check runs, deployments, commit statuses, releases, and tags. The metadata we collect includes run name, status, completion time, and run time.

GitHub Copilot

If your organization purchased GitHub Copilot licenses, we collect data about GitHub Copilot usage — including seat assignments, last activity, and a breakdown of suggestions, acceptances, and usage by editor or language.