Privacy Policy
Effective February 28, 2026. GitGov captures operational metadata only. Source code never leaves your workstation.
No source code
Only metadata: SHA, branch, author, timestamp, file count.
Advisory signals
Signals are observations, not legal or HR determinations.
Org controls the data
Your employer is the data controller, not GitGov.
1. Scope and Controller
This Privacy Policy applies to the GitGov Desktop application and the GitGov Control Plane server. It governs the collection, processing, and storage of operational metadata generated by developer workstations.
The data controller is the organization that deploys GitGov (your employer or the entity that licensed the software). GitGov (the software and its operators) acts as a data processor on behalf of the deploying organization.
Individual developers whose Git activity is monitored are data subjects under applicable data protection law (including GDPR where applicable).
2. Data Collected
GitGov captures operational metadata only. The following fields are collected per Git event:
| Field | Example | Purpose |
|---|---|---|
| event_type | commit, push | Identifies the Git operation |
| commit_sha | a3f8c2e… | Links event to a specific commit |
| branch | feat/auth | Identifies target branch |
| user_login | alice | Git author identifier |
| timestamp | ISO 8601 | When the operation occurred |
| file_count | 12 | Number of files staged (no names) |
| repo_name | org/repo | Repository identifier |
| client_version | 0.1.0 | Desktop app version for compatibility |
What is never collected
Source code content, file contents, diff contents, commit messages longer than metadata, passwords, secrets, or any file data. No source code ever leaves the developer workstation.
3. Signals and Advisory Findings — Liability Limits
GitGov may generate non-compliance signals — automated observations that flag potential deviations from configured governance policies (e.g., a direct push to a protected branch, a commit outside configured working hours).
Important — Advisory Nature
- Signals are computational observations, not legal conclusions, HR decisions, or determinations of misconduct.
- A signal indicates that a configured policy rule may have been triggered. It does not establish intent, negligence, or fault.
- Signals may contain false positives due to configuration errors, clock skew, or incomplete context available to the system.
- GitGov provides no warranty — express or implied — as to the accuracy, completeness, or fitness of signals for any employment, disciplinary, or legal purpose.
- The deploying organization assumes full responsibility for any decision made on the basis of a signal, including HR actions, performance reviews, or contractual enforcement.
GitGov operators expressly disclaim liability for damages arising from decisions made on the basis of signal data, including but not limited to wrongful termination claims, reputational harm, or regulatory action resulting from misuse of signal output.
Organizations deploying GitGov are responsible for ensuring their use of signal data complies with applicable labor law, employment contracts, works council agreements, and data protection regulations in their jurisdiction.
4. Legal Basis for Processing
The deploying organization processes event metadata under one or more of the following legal bases:
- Legitimate interests: Monitoring development operations for security, compliance, and traceability purposes constitutes a legitimate organizational interest under Art. 6(1)(f) GDPR, provided it is proportionate and employees are informed.
- Legal obligation: Where applicable regulatory frameworks (SOC 2, ISO 27001, PCI-DSS) require demonstrable audit trails, processing may be necessary to comply with a legal obligation under Art. 6(1)(c) GDPR.
- Contract performance: Where the developer's employment contract includes provisions for system activity monitoring, processing may be grounded in Art. 6(1)(b) GDPR.
The deploying organization is responsible for establishing and documenting the applicable legal basis, notifying employees, and complying with any works council or collective bargaining requirements before deployment.
5. Data Retention and Security
Retention: Event records are stored for the duration configured by the deploying organization. GitGov does not impose a maximum retention period; the deploying organization is responsible for defining and enforcing data minimization policies consistent with their legal obligations.
Immutability: Audit event records are append-only. Records cannot be modified or deleted through the standard API. This design supports regulatory requirements for tamper-evident audit trails.
Encryption in transit: All communication between GitGov Desktop and the Control Plane must be secured with TLS in production environments. HTTP is supported for local evaluation only.
API key security: API keys are stored as SHA-256 hashes. The plain-text key is never persisted after initial issuance.
Access control: The Control Plane enforces role-based access. Developers can only access their own event records. Administrative data is restricted to Admin-role keys.
6. Data Subject Rights
Where GDPR or equivalent data protection law applies, individuals have the right to:
- Access — Request a copy of event records associated with their user login.
- Rectification — Request correction of inaccurate metadata (e.g., incorrect user_login attribution).
- Erasure — Request deletion of event records, subject to the deploying organization's legal obligations to maintain audit trails.
- Restriction — Request that processing be restricted pending resolution of an accuracy dispute.
- Portability — Request event data in machine-readable format via the
POST /exportendpoint. - Objection — Object to processing based on legitimate interests grounds.
Requests should be directed to the deploying organization's Data Protection Officer or HR department. GitGov operators can only fulfill data requests upon written instruction from the deploying organization acting as data controller.
7. Contact
For privacy-related inquiries regarding GitGov as software product, contact:
For requests relating to your personal data held by your employer via GitGov, contact your organization directly. GitGov operators cannot act on individual data requests without authorization from the deploying organization.
This policy may be updated periodically. Material changes will be communicated via the GitGov website. Continued use of the platform after changes are posted constitutes acceptance of the revised policy.