GitHub Subprocessors and Cookies

In this article

Effective date: January 6, 2021

GitHub provides a great deal of transparency regarding how we use your data, how we collect your data, and with whom we share your data. To that end, we provide this page, which details our subprocessors, and how we use cookies.

GitHub Subprocessors

When we share your information with third party subprocessors, such as our vendors and service providers, we remain responsible for it. We work very hard to maintain your trust when we bring on new vendors, and we require all vendors to enter into data protection agreements with us that restrict their processing of Users' Personal Information (as defined in the Privacy Statement).

Name of SubprocessorDescription of ProcessingLocation of ProcessingCorporate Location
AutomatticBlogging serviceUnited StatesUnited States
AWS AmazonData hostingUnited StatesUnited States
Braintree (PayPal)Subscription credit card payment processorUnited StatesUnited States
ClearbitMarketing data enrichment serviceUnited StatesUnited States
DiscourseCommunity forum software providerUnited StatesUnited States
EloquaMarketing campaign automationUnited StatesUnited States
Google AppsInternal company infrastructureUnited StatesUnited States
Google AnalyticsAnalytics and performanceUnited StatesUnited States
MailChimpCustomer ticketing mail services providerUnited StatesUnited States
MailgunTransactional mail services providerUnited StatesUnited States
MicrosoftMicrosoft ServicesUnited StatesUnited States
Monday.comTeam collaboration and project management platformUnited StatesIsrael
NexmoSMS notification providerUnited StatesUnited States
Salesforce.comCustomer relations managementUnited StatesUnited States
SendgridTransactional mail services providerUnited StatesUnited States
Sentry.ioApplication monitoring providerUnited StatesUnited States
StripePayment providerUnited StatesUnited States
TwilioSMS notification providerUnited StatesUnited States
ZendeskCustomer support ticketing systemUnited StatesUnited States
ZuoraCorporate billing systemUnited StatesUnited States

When we bring on a new subprocessor who handles our Users' Personal Information, or remove a subprocessor, or we change how we use a subprocessor, we will update this page. If you have questions or concerns about a new subprocessor, we'd be happy to help. Please contact us via Privacy contact form.

Cookies on GitHub

GitHub uses cookies to provide and secure our websites, as well as to analyze the usage of our websites, in order to offer you a great user experience. Please take a look at our Privacy Statement if you’d like more information about cookies, and on how and why we use them.

Since the number and names of cookies may change,the table below may be updated from time to time.

Service ProviderCookie NameDescriptionExpiration*
GitHubapp_manifest_tokenThis cookie is used during the App Manifest flow to maintain the state of the flow during the redirect to fetch a user session.five minutes
GitHub_device_idThis cookie is used to track recognized devices for security purposes.one year
GitHubdotcom_userThis cookie is used to signal to us that the user is already logged in.one year
GitHub_gh_entThis cookie is used for temporary application and framework state between pages like what step the customer is on in a multiple step form.two weeks
GitHub_gh_sessThis cookie is used for temporary application and framework state between pages like what step the user is on in a multiple step form.session
GitHubgist_oauth_csrfThis cookie is set by Gist to ensure the user that started the oauth flow is the same user that completes it.deleted when oauth state is validated
GitHubgist_user_sessionThis cookie is used by Gist when running on a separate host.two weeks
GitHubhas_recent_activityThis cookie is used to prevent showing the security interstitial to users that have visited the app recently.one hour
GitHub__Host-gist_user_session_same_siteThis cookie is set to ensure that browsers that support SameSite cookies can check to see if a request originates from GitHub.two weeks
GitHub__Host-user_session_same_siteThis cookie is set to ensure that browsers that support SameSite cookies can check to see if a request originates from GitHub.two weeks
GitHublogged_inThis cookie is used to signal to us that the user is already logged in.one year
GitHubmarketplace_repository_idsThis cookie is used for the marketplace installation flow.one hour
GitHubmarketplace_suggested_target_idThis cookie is used for the marketplace installation flow.one hour
GitHub_octoThis cookie is used for session management including caching of dynamic content, conditional feature access, support request metadata, and first party analytics.one year
GitHuborg_transform_noticeThis cookie is used to provide notice during organization transforms.one hour
GitHubprivate_mode_user_sessionThis cookie is used for Enterprise authentication requests.two weeks
GitHubsaml_csrf_tokenThis cookie is set by SAML auth path method to associate a token with the client.until user closes browser or completes authentication request
GitHubsaml_csrf_token_legacyThis cookie is set by SAML auth path method to associate a token with the client.until user closes browser or completes authentication request
GitHubsaml_return_toThis cookie is set by the SAML auth path method to maintain state during the SAML authentication loop.until user closes browser or completes authentication request
GitHubsaml_return_to_legacyThis cookie is set by the SAML auth path method to maintain state during the SAML authentication loop.until user closes browser or completes authentication request
GitHubtzThis cookie allows us to customize timestamps to your time zone.session
GitHubuser_sessionThis cookie is used to log you in.two weeks

* The expiration dates for the cookies listed below generally apply on a rolling basis.

(!) Please note while we limit our use of third party cookies to those necessary to provide external functionality when rendering external content, certain pages on our website may set other third party cookies. For example, we may embed content, such as videos, from another site that sets a cookie. While we try to minimize these third party cookies, we can’t always control what cookies this third party content sets.

Did this doc help you?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.