Trust and privacy
Build on a foundation you can trust
To earn your trust, we build security, audit, and compliance solutions with the customer in mind.
Data privacy and protection
is our highest priority
SaaS and on-premise solutions
Find a plan for your business that meets the unique needs of your engineers—and your information security professionals.Compare plans for business
Because GitHub encrypts all data in transit, all login information and credentials are always protected. GitHub stores a one-way hash of all user passwords using bcrypt. Your account login is protected from brute force attack with rate limiting.
Auditing controls and certifications
GitHub offers the risk management information customers need to assess our commitments to security and compliance. We’ve shipped our SOC 1 and SOC 2 Type 2 audit reports—and as of 2018, GitHub Enterprise Cloud is authorized via the FedRAMP Tailored baseline of security controls.
Cloud security self-assessment
Learn how we support industry-leading control considerations with the Cloud Security Alliance CSA-CAIQ Assessment.Download our self assessment from CSA
We partner with PCI-compliant credit card processors to keep your payment information secure. Our payment processing is compliant with PCI DSS c3.2.
External security testing
We’ve engaged independent security firms for in-depth application security assessment, source code audit, and penetration testing since 2011. Ask your customer service team for more information on third-party application security testing.
GitHub Enterprise SOC 3 report available to the public
In an effort to continue serving the open source community and the general public, we are pleased to be able to make GitHub’s Service Organization Controls (SOC) 3 report for Enterprise Cloud available to the general public.Learn more about Service Organization Controls reporting at GitHub
partners and vendors
We assess third-party partners and vendors for fit and security risk based on the services they provide. We also make sure the right technical and contractual commitments are in place.
Production data centers
We use N+1, Tier 3 data center vendors with your availability and security in mind—and with physical security and environmental controls that meet our high standards.