Welcome to GitBook's Guide to the Digital Millennium Copyright Act, commonly known as the "DMCA." This page is not meant as a comprehensive primer to the statute. However, if you've received a DMCA takedown notice targeting content you've posted on GitBook or if you're a rights-holder looking to issue such a notice, this page will hopefully help to demystify the law a bit as well as our policies for complying with it.

(If you just want to submit a notice, you can skip to the end.)

As with all legal matters, it is always best to consult with a professional about your specific questions or situation. We strongly encourage you to do so before taking any action that might impact your rights. This guide isn't legal advice and shouldn't be taken as such.

What Is the DMCA?

In order to understand the DMCA and some of the policy lines it draws, it's perhaps helpful to consider life before it was enacted.

Before the DMCA, an Internet-based service provider like GitBook could be liable for copyright infringement in the United States just for hosting its users' pictures, music, videos or code. This was true even if it had no actual knowledge of any infringing content. This was a problem, since even a single claim of copyright infringement can carry statutory damages of up to $150,000. With potential damages that high multiplied across millions of users, cloud-computing and user-generated content sites like YouTube, Facebook or GitBook probably (or at least not without passing some of that cost downstream to their users).

The DMCA attempted to fix this problem by creating a so-called copyright liability "safe harbor" for internet service providers hosting allegedly infringing user-generated content. (See .) Essentially, so long as a service provider follows the DMCA's notice-and-takedown rules, it won't be liable for copyright infringement based on user-generated content. Because of this it is important for GitBook to maintain its DMCA safe-harbor status.

DMCA Notices In a Nutshell

The DMCA provides two simple, straightforward procedures that all GitBook users should know about: (i) a procedure for copyright holders to request that content be removed; and (ii) a procedure for users to get content reenabled when content is taken down by mistake.

DMCA are used by copyright owners to ask GitBook to take down infringing content. If you are a software designer or developer, you create copyrighted content every day. If someone else is using your copyrighted content in an unauthorized manner on GitBook you can send us a DMCA takedown notice to request that the infringing content be changed or removed.

On the other hand, can be used to correct mistakes. Maybe the person sending the takedown notice does not hold the copyright or did not realize that you have a license or made some other mistake in their takedown notice. Since GitBook usually cannot know if there has been a mistake, the DMCA counter notice allows you to let us know and ask that we put the content back up.

A. How Does This Actually Work?

The DMCA framework is a bit like passing notes in class. The copyright owner hands GitBook a complaint about a user. If it's written correctly, we pass the complaint along to the user. If the user disputes the complaint, they can pass a note back saying so. GitBook exercises little discretion in the process other than determining whether the notices meet the minimum requirements of the DMCA. It is up to the parties (and their lawyers) to evaluate the merit of their claims, bearing in mind that notices must be made under penalty of perjury.

Here are the basic steps in the process.

1. Copyright Owner Investigates. A copyright owner should always conduct an initial investigation to confirm both (a) that they own the copyright to an original work and (b) that the content on GitBook is unauthorized and infringing.

   Example: An employee of Acme Web Company finds some of the company's documentation in a GitBook space. Acme Web Company licenses its documentation out to several trusted partners. Before sending in a take-down notice, Acme should review those licenses and its agreements to confirm that the documentation on GitBook is not authorized under any of them.

2. Copyright Owner Sends A Notice. After conducting an investigation, a copyright owner prepares and sends a to GitBook. Assuming the takedown notice is sufficiently detailed according to the statutory requirements (as explained in the ), we will pass the notice along to the affected user.

C. What If I Inadvertently Missed the Window to Make Changes?

We recognize that there are many valid reasons that you may not be able to make changes within the approximate 24-hour window we provide before your space gets disabled. Maybe our message got flagged as spam, maybe you were on vacation, maybe you don't check that email account regularly, or maybe you were just busy. We get it. If you respond to let us know that you would have liked to make the changes, but somehow missed the first opportunity, we will re-enable the space one additional time for approximately 24 hours to allow you to make the changes. Again, you must notify us that you have made the changes in order to keep the space enabled after that 24-hour window, as noted above in . Please note that we will only provide this one additional chance.

D. Repeated Infringement

It is the policy of GitBook, in appropriate circumstances and in its sole discretion, to disable and/or terminate the accounts of users who may infringe upon the copyrights or other intellectual property rights of GitBook and/or others.

E. Submitting Notices

If you are ready to submit a notice or a counter notice:

At GitBook, we leverage artificial intelligence to enhance our product with features powered by OpenAI. We are committed to maintaining the highest standards of data security and privacy.

Customer data is never shared with OpenAI or used to train any AI models. Our approach ensures that your data remains secure while benefiting from cutting-edge AI capabilities. As we continue to expand our AI feature set, we will uphold these principles to prioritize your trust and security.

The universe of policies and procedures that govern the use of GitBook.

GitBook account names are provided on a first-come, first-served basis, and are intended for immediate and active use. Account names may not be inactively held for future use. GitBook account name squatting is prohibited. Inactive accounts may be renamed or removed by GitBook staff at their discretion. Keep in mind that not all activity on GitBook is publicly visible. Staff will not remove or rename any active account.

Attempts to sell, buy, or solicit other forms of payment in exchange for account names are prohibited and may result in permanent account suspension.

If you believe someone's account is violating your trademark rights, you can find more information about making a trademark complaint on our Trademark Policy page.

What is a GitBook Trademark Policy Violation?

Using a company or business name, logo, or other trademark-protected materials in a manner that may mislead or confuse others with regard to its brand or business affiliation may be considered a trademark policy violation.

GitBook provides a great deal of transparency regarding how we use your data, how we collect your data, and with whom we share your data. To that end, we provide this page, which details our subprocessors, how we use cookies, and where and how we perform any tracking on GitBook.

GitBook Subprocessors

Cookies on GitBook

GitBook uses cookies to make interactions with our service easy and meaningful. We use cookies (and similar technologies, like HTML5 localStorage) to keep you logged in, remember your preferences, and provide information for future development of GitBook.

A cookie is a small piece of text that our web server stores on your computer or mobile device, which your browser sends to us when you return to our site. Cookies do not necessarily identify you if you are merely visiting GitBook; however, a cookie may store a unique identifier for each logged in user. The cookies GitBook sets are essential for the operation of the website, or are used for performance or functionality. By using our website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept cookies, you will not be able to log in or use GitBook’s services.

GitBook sets the following cookies on our users for the following reasons:

Certain pages on our site may set other third party cookies. For example, we may embed content, such as videos, from another site that sets a cookie. While we try to minimize these third party cookies, we can’t always control what cookies this third party content sets.

Tracking on GitBook

"" is a privacy preference you can set in your browser if you do not want online services — specifically ad networks — to collect and share certain kinds of information about your online activity from third party tracking services. GitBook does not currently respond differently to an individual browser's Do Not Track setting. If you would like to set your browser to signal that you would not like to be tracked, please check your browser's documentation for how to enable that signal. There are also good applications that block online tracking, such as .

We do not track your online browsing activity on other online services over time and we do not host third-party advertising on GitBook that might track your activity on our site. We do have agreements with certain vendors, such as analytics providers, who help us track visitors' movements on certain pages on our site. Only our vendors, who are collecting data on our behalf, may collect data on our pages, and we have signed data protection agreements with every vendor who collects this data on our behalf. We use the data we receive from these vendors to better understand our visitors' interests, to understand our website's performance, and to improve our content. Any analytics vendor will be listed in our Subprocessor List above, and you may see a list of every page where we collect this kind of data below.

Google Analytics

We use Google Analytics as a third party analytics service, but we don’t use it for advertising purposes. We use Google Analytics to collect information about how our website performs and how our users, in general, navigate through and use GitBook. This helps us evaluate our users' use of GitBook; compile statistical reports on activity; and improve our content and website performance. Google provides further information about its own privacy practices and .

Pages on GitBook where analytics is enabled

Analytics or other tracking code are enabled on our mai website (www.gitbook.com) and domains served and hosted by GitBook (*.gitbook.io and custom-domains). If you would like to prevent us from collecting information about your browsing activity on GitBook, you may use a tracking blocker such as Privacy Badgeror opt out of Google Analytics tracking.

When we share your information with third party subprocessors, such as our vendors and service providers, we remain responsible for it. We work very hard to maintain your trust when we bring on new vendors, and we require all vendors to enter into data protection agreements with us that restrict their processing of Users' Personal Information (as defined in the ).

This guide describes the information that GitBook needs in order to process a counter notice to a DMCA takedown request. If you have more general questions about what the DMCA is or how GitBook processes DMCA takedown requests, please review our .

If you believe your content on GitBook was mistakenly disabled by a DMCA takedown request, you have the right to contest the takedown by submitting a counter notice. If you do, we will wait 10-14 days and then re-enable your content unless the copyright owner initiates a legal action against you before then. Our counter-notice form, set forth below, is consistent with the form suggested by the DMCA statute, which can be found at the U.S. Copyright Office's official website: .

As with all legal matters, it is always best to consult with a professional about your specific questions or situation. We strongly encourage you to do so before taking any action that might impact your rights. This guide isn't legal advice and shouldn't be taken as such.

GitBook Inc.’s security & compliance principles guide how we deliver our products and services, enabling our users to simply and securely access, edit, and share their documentation and knowledge with their teams or the entire world with peace of mind.

Secure Personnel

GitBook Inc. takes the security of its data and that of its users and customers seriously and ensures that only vetted personnel are given access to their resources.

1. Control of Private Spaces.

Some accounts, such as paid accounts, may have private spaces, which allow the User to control access to Content.

2. Confidentiality of Private Spaces.

Thank you for using GitBook! We're happy you're here. Please read this Terms of Service agreement carefully before accessing or using GitBook. Because it is such an important contract between us and our users, we have tried to make it as clear as possible.

These GitBook Terms of Service (the “Agreement”) are made between GitBook Inc., a Delaware corporation (“GitBook”) and each party (a “Customer”) that executes an Order Form for the Service defined below. This Agreement consists of these terms, each Order Form (defined below) and all exhibits and amendment of any of the foregoing. By executing an initial Order Form or completing GitBook’s online account setup process, Customer agrees to all the terms set forth below.

1. Definitions

1.1. “Affiliate” means an entity controlling, controlled by or under common control with a party to this Agreement at any time during the term of this Agreement, for so long as such ownership and control exists, provided such entity is not a competitor to GitBook or in the business of developing and offering products or technologies that are substantially similar to the Service.

1.2. “Applicable Law” means each federal, state, or local statute, law, ordinance, rule, administrative interpretation, regulation, order, writ, injunction, directive, judgment, decree, or other requirement of any international, federal, state, or local court, administrative agency, or commission or other governmental or regulatory authority or instrumentality, domestic or foreign, applicable to a party.

1.3. “Beta Features” means pre-production Service features or functionalities.

1.4. “Customer Data” means: (a) content that Customers publish using the Service, and (b) other data that Customers provide to GitBook when they use the Service.

1.5. “Documentation” means GitBook’s Service documentation at docs.gitbook.com or any successor site.

1.6. “Order Form” means as applicable: (a) GitBook’s online account setup and payment system, or (b) a document executed by both parties that identifies Customer’s Service subscription terms.

1.7. “Prohibited Content” means content that: (a) violates Applicable Law; (b) violates any third party’s intellectual property rights, including, without limitation, copyrights, trademarks, patents, and trade secrets; (c) contains indecent or obscene material; (d) contains libelous, slanderous, or defamatory material, or material constituting an invasion of privacy or misappropriation of publicity rights; (e) promotes unlawful or illegal goods, services, or activities; (f) contains false, misleading, or deceptive statements; (g) contains any harmful, malicious, or hidden code, programs, procedures, routines, or mechanisms that would: (i) cause the Service to cease functioning; (ii) in any way damage or corrupt data, storage media, programs, equipment, or communications; or (iii) otherwise interfere with the operations of the Service, including, without limitation, trojan horses, viruses, worms, time bombs, time locks, devices, traps, access codes, or drop dead or trap door devices.

1.8. The “Service(s)” consists of GitBook’s software-as-a-service product to help businesses manage technical documentation as described in more detail at .

1.9. “User(s)” means employees, contractors, or agents authorized by Customer to access and use the Services under Customer’s account.

2. GitBook Service Overview.

2.1. Provision of the Service. During each subscription term, GitBook will provide the Service to Customer as identified on each Order Form.

2.2. Subscription Term. Customer’s Service subscription will run for the time period specified in the Order Form. If no term is stated, no-charge accounts continue month-to-month and paid accounts will run for the prepaid period. As of the end of each prepaid period Customer’s subscription will automatically renew for an additional period of the same duration and GitBook will charge Customer’s credit card for the applicable fees. GitBook may increase fees for each renewal period. Customer may terminate its subscription at any time. On termination, Customer may continue to use the Service through the end of the prepaid subscription period. GitBook will not refund any prepaid fees on such termination. GitBook may terminate Customer’s subscription as of the end of Customer’s prepaid subscription period, or at any time in the case of no-charge accounts.

2.3. Orders by Affiliates. Customer’s Affiliates may subscribe to use the Service on execution of additional Order Forms referencing this Agreement. On execution of an Order Form by GitBook and the Affiliate, the Affiliate will be bound by the provisions of this Agreement as if it were an original party hereto.

2.4. Free Trials. GitBook may provide all or part of the Service on a free trial basis. If Customer registers for a free trial, GitBook will make one or more Services available to Customer on a trial basis until the earlier of: (a) the end of the trial period for which Customer registered to use the applicable Service, and (b) the start date of any Service subscription ordered by Customer.

2.5. Beta Features. From time to time, GitBook may invite Customer to try Beta Features. Customer may accept or decline any such trial in its sole discretion. Beta Features are for evaluation purposes only and not for production use, are not considered part of the Service under this Agreement, are not supported, and may be subject to additional terms. GitBook may discontinue Beta Features at any time in its sole discretion and may never make them generally available.

2.6. Compliance. Customer is solely responsible for: (a) the accuracy, content and legality of all Customer Data, and (b) any consents and notices required to permit: (i) Customer’s use and receipt of the Services, and (ii) GitBook’s access to and processing of Customer Data pursuant to this Agreement. GitBook does not pre-screen Customer Data published using the Service, but has the right (but not the obligation) to refuse or remove any Customer Data that, in its sole discretion, violates any GitBook terms or policies. Between GitBook and each Customer and User, GitBook disclaims any responsibility or liability for Customer Data published by Customer or its Users.

2.7. Customer Account Deletion. Customer must delete its account when it no longer wants to use the Service. When Customer deletes its account, all associated Customer Data will be deleted permanently and cannot be retrieved. GitBook reserves the right to expunge data from inactive accounts that have not been formally closed or terminated, but has no obligation to do so.

3. Payment Terms.

3.1. Invoicing; Payments. Customer will pay GitBook the fees set forth in each Order Form. Fees for self-serve accounts must be paid by credit card or bank debit via the Service. Fees for other accounts will be invoiced and must be paid within 30 days after Customer’s receipt of the invoice, which may be sent by email. If Customer pays via card or another payment method, Customer: (a) represents and warrants that it has the right to provide the payment information to GitBook, and (b) authorizes GitBook to process payments using that information. GitBook reserves the right to charge a 3% surcharge for any card payments. Except as otherwise provided herein all fees are noncancelable and nonrefundable. If Customer believes that GitBook has billed Customer incorrectly, Customer must contact GitBook no later than 60 days after the date of the first billing statement in which the error or problem appeared, in order to receive an adjustment or credit. Inquiries should be directed to GitBook’s customer support department.

3.2. Taxes. Customer is responsible for any sales, use, value added, excise, property, withholding or similar tax and any related tariffs, and similar charges, except taxes based on GitBook’s net income. If Customer is required to pay any such taxes, Customer shall pay such taxes with no reduction or offset in the amounts payable to GitBook hereunder. If an applicable tax authority requires GitBook to pay any taxes that should have been payable by Customer, GitBook will advise Customer in writing, and Customer will promptly reimburse GitBook for the amounts paid.

3.3. Delinquent Accounts. GitBook may suspend or terminate access to the Service if overdue fees are not paid promptly following notice from GitBook. Unpaid amounts are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection.

4. Use Rights and Restrictions

4.1. Limited License. GitBook grants Customer the right to access and use the Service in accordance with the terms of this Agreement.

4.2 License Restrictions. Except and solely to the extent such a restriction is impermissible under Applicable Law, Customer may not: (a) reproduce, distribute, publicly display, publicly perform, or create derivative works of the Service; (b) make modifications to the Service; or (c) interfere with or circumvent any feature of the Service, including any security or access control mechanism.

4.3. Use Restrictions. Customer will not and will not authorize, permit, or encourage any User or any third party to: (a) allow anyone other than its Users to access and use the Service; (b) reverse engineer, decompile, disassemble, download, access or otherwise attempt to discern the source code or interface protocols of the Service; (c) modify, adapt, or translate the Service; (d) make any copies of the Service; (e) resell, distribute, or sublicense the Service, or use any of the foregoing for the benefit of anyone other than Customer and its Users; (vi) remove or modify any proprietary markings or restrictive legends placed on the Service; (vii) use the Service in violation of any Applicable Law (including anti-spam laws); (viii) use the Service in order to build a competitive product or service, or for any purpose not specifically permitted in this Agreement; or (ix) introduce, post, or upload to the Service any Prohibited Content.

4.4. Scraping. Customer will not and will not authorize, permit, or encourage any User or any third party to extract data from the Service via an automated process, such as a bot or webcrawler, except: (a) that Customer may archive its own Customer Data using automated means, or (b) for legitimate research or archival purposes or otherwise to the minimum extent permitted by Applicable Law.

4.5. API Usage. GitBook may provide APIs to help Customer import and export content from the Service. API usage is subject to the following limitations:

a. if GitBook determines that API calls to the Services are abusive or excessively frequent, GitBook may suspend or terminate access to APIss or require an upgrade to fee-based accounts.

b. Customers may not share API tokens to exceed GitBook's rate limitations. GitBook may offer subscription-based access to our API for those Users who require high-throughput access or access that would result in resale of GitBook's Service.

4.6. Bandwidth Usage. If bandwidth usage for no-fee accounts is significantly excessive in relation to other GitBook customers, GitBook reserves the right to suspend the account or throttle file hosting until Customer reduces bandwidth consumption. Fee-based accounts may be asked to pay more in case of excessive bandwidth usage.

4.7. Subdomains. Each account includes an optional gitbook.io subdomain. GitBook reserves the right to rename or remove gitbook.io subdomains for inactive accounts as well as to prevent namesquatting. This policy applies only to gitbook.io subdomains, not to Customer-hosted domains.

5. Ownership; Proprietary Rights.

5.1. No Ownership Assignment. This Agreement is for SaaS use rights. Neither party will assign ownership rights in any of its assets to the other pursuant to this Agreement, and neither party grants the other any rights or licenses not expressly set out in this Agreement.

5.2. What Customer Owns. Customer owns all right, title and interest in and to the Customer Data, and all intellectual property rights related to any of the foregoing.

5.3. What GitBook Owns. GitBook owns or has and retains all appropriate rights, title and interest in and to the Services, underlying software and all intellectual property rights related thereto. There are no implied licenses in this Agreement and GitBook reserves all rights not granted expressly in this Agreement.

5.4. License Grant Regarding Publication of Customer Data. Customer Data that Users post publicly, including documentation, comments, and contributions to other Users’ spaces, may be viewed by others. Customer, for itself and on behalf of each User who creates Customer Data within Customer’s account, grants GitBook a nonexclusive, worldwide license to use, display, and perform that Customer Data through the Service.

5.5. Moral Rights. Customer retains all moral rights in Customer Data, including the rights of integrity and attribution. The license grant above includes a waiver of moral rights solely and to the limited extent required so that GitBook can publish Customer Data via the Service.

6. Confidentiality.

6.1. Confidential Information. Subject to the limitations in the following paragraph, all information disclosed by one party to the other party during the term of this Agreement, whether in oral, written, graphic or electronic form, shall be deemed to be “Confidential Information”. GitBook’s Confidential Information includes non-public information regarding features, functionality and performance of the Services. Confidential Information of Customer includes all non-public Customer Data.

6.2. Exceptions. Confidential Information does not include information which: (a) is part of the public domain at the time of disclosure; (b) becomes a part of the public domain through no fault of the receiving party or persons or entities to whom the receiving party has disclosed, transferred or permitted access to such information; (c) becomes available to the receiving party on a non-confidential basis from a source legally entitled to share the information without confidential treatment; (d) is independently developed by the receiving party without use of or access to the disclosing party’s Confidential Information; or (e) is released from the confidentiality obligations herein by written consent of the disclosing party.

6.3. Nondisclosure. Each party covenants that it will not disclose any Confidential Information of the other party to any person or entity except: (a) to agents of the receiving party who have a need to know such information, who are subject to confidentiality agreements with the receiving party at least as protective of the disclosing party’s Confidential Information as this Agreement, or (b) pursuant to the terms of a valid and effective subpoena or court order, provided that the receiving party immediately notifies the disclosing party (to the extent permitted) of the existence, terms and circumstances surrounding such a request so that the disclosing party may seek appropriate protective action. Neither party may use the other party’s Confidential Information in any directly competitive manner or for any purpose other than to exercise its rights and comply with its obligations under this Agreement.

6.4. Return; Destroy; Protect. On the disclosing party’s request, the receiving party must return or destroy all Confidential Information of the disclosing party which has been supplied to or acquired by the receiving party other than: (a) records the receiving party has a separate legal right or obligation to retain; and (b) copies of Confidential Information created in the ordinary course of the receiving party’s business and retained in accordance with its internal document retention and information technology policies. To the extent the receiving party retains information disclosed by the disclosing party, the receiving party will continue to protect such information in accordance with Section 6.3: (x) for so long as it meets the definition of Confidential Information above; (y) if it constitutes a trade secret or personal data for so long as required under Applicable Law.

6.5. Customer Identification. GitBook may identify Customer as a user of the Services and may use Customer’s name and logo in GitBook’s customer list, press releases, blog posts, advertisements, and website.

7. Term, Termination, and Modification of the Service

7.1. Term. This Agreement will continue from the Effective Date through the end of Customer’s subscription term, unless terminated earlier according to Section 7.2.

7.2. Termination for Cause. In addition to any other remedies it may have, either party may terminate this Agreement upon written notice, if the other party: (a) materially breaches any of the terms or conditions of this Agreement and fails to cure such breach within 30 days after written notice describing the breach; or (b) files for bankruptcy or is the subject of an involuntary filing in bankruptcy (in the latter case, which filing is not discharged within 60 days) or makes an assignment for the benefit of creditors or a trustee is appointed over all or a substantial portion of its assets.

7.3. Effect of Termination. Upon termination of this Agreement: (a) Customer’s license rights will terminate and Customer must immediately cease all use of the Service; (b) Customer may request an export of Customer Data for up to 60 days following termination of this Agreement; (c) Customer must pay GitBook any unpaid amount that was due prior to termination; and (d) all payment obligations accrued prior to termination and Sections 5, 6 and 10- 11 will survive termination.

8. Warranties and Covenants.

8.1. Authority. Each of GitBook and Customer represents and warrants that: (a) it has the full right, power and authority to enter into and fully perform this Agreement; (b) the person signing this Agreement on its behalf is a duly authorized representative of such party who has in fact been authorized to execute this Agreement; (c) its entry herein does not violate any other agreement by which it is bound; and (d) it is a legal entity in good standing in the jurisdiction of its formation.

8.2. Limited Warranty. The Service, when used by Customer in accordance with the provisions of this Agreement and in compliance with the applicable specifications will perform, in all material respects in accordance with the Documentation. Free trials and pre-release features are provided on an as-is basis without warranties other than the support terms in the following paragraph.

8.3. Support. Support consists of problem diagnosis and resolution of errors in the Service within a time reasonable under the circumstances and considering the impact of the problem on Customer. Support is available between 9:00 AM and 6:00 PM CET, Monday through Friday, not including US and European holidays.

8.4. Protection of Customer Data. GitBook will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Customer Data in accordance with its security documentation at https://policies.gitbook.com/privacy-and-security/security and GitBook’s Data Processing Addendum located at which is incorporated herein by reference. Those safeguards will include measures for preventing access, use, modification or disclosure of Customer Data by GitBook personnel except: (a) to provide the Service and to prevent or address service or technical problems, or (b) as Customer expressly permits in writing.

8.5. Compliance with Laws. Customer will comply with all laws applicable to its use of the Service. Without limiting the foregoing, Customer represents and warrants that it is not: (a) listed or identified on any U.S. government list of sanctioned parties, or (b) located in a country where it would be prohibited from using the Service due to economic sanctions or trade embargoes. Customer further covenants that it will comply fully with all United States and other export and sanctions laws applicable to Customer’s use of the Service, which include restrictions on destinations, end users, and end use. GitBook reserves the right to terminate Customer’s access to the Service if Customer engages in activities that violate these laws.

8.6. EXCEPT AS SET FORTH ABOVE THE SERVICE AND ALL MATERIALS AND CONTENT AVAILABLE THROUGH THE SERVICE ARE PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS. GITBOOK DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, RELATING TO THE SERVICE AND ALL MATERIALS AND CONTENT AVAILABLE THROUGH THE SERVICE, INCLUDING: (a) ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET ENJOYMENT, OR NON-INFRINGEMENT; AND (b) ANY WARRANTY ARISING OUT OF COURSE OF DEALING, USAGE, OR TRADE. GITBOOK DOES NOT WARRANT THAT THE SERVICE OR ANY PORTION OF THE SERVICE, OR ANY MATERIALS OR CONTENT OFFERED THROUGH THE SERVICE, WILL BE UNINTERRUPTED, SECURE, OR FREE OF ERRORS, VIRUSES, OR OTHER HARMFUL COMPONENTS, AND GITBOOK DOES NOT WARRANT THAT ANY OF THOSE ISSUES WILL BE CORRECTED.

9. Indemnity.

9.1. Indemnification by Customer. To the fullest extent permitted by law, Customer is responsible for its use of the Service, and Customer will defend, indemnify and hold harmless GitBook, its affiliates and their respective shareholders, directors, managers, members, officers, employees, consultants, and agents (together the “ Related Parties”) from and against all liability, damage, loss, and expense, including attorneys’ fees and costs ("Losses”), arising out of or related to claims, demands, suits, actions or proceedings made or brought by third parties (collectively, “Claims”) against GitBook or its Related Parties arising from or related to the Customer Data.

9.2. Indemnification by GitBook. GitBook will defend, indemnify and hold harmless Customer and its Related Parties from and against all Losses arising from Claims alleging that the Service infringes or misappropriates a third party’s patent, copyright or other intellectual property rights. However, GitBook will have no such obligations to the extent Claims arise from: (a) modifications to the Service by anyone other than GitBook (provided that GitBook shall not be liable if GitBook made the modifications using requirements, documents, written specifications or other written materials submitted by Customer or its agents or representatives); (b) use of the Service in violation of this Agreement or the Documentation; (c) Customer’s use of the Service during a free trial period; (d) third party software or services or Customer Data.

9.3. Indemnification Procedure.

a. Promptly after a party seeking indemnification learns of the existence or commencement of a Claim, the indemnified party must notify the other party of the Claim in writing. The indemnifying party’s indemnity obligations will be waived only if and to the extent that its ability to conduct the defense are materially prejudiced by the indemnified party’s failure to give notice.

b. The indemnifying party will at its own expense assume the defense and settlement of the Claim with counsel reasonably satisfactory to the indemnified party. The indemnified party: (i) may join in the defense and settlement of the Claim and employ counsel at its own expense, and (ii) will reasonably cooperate with the indemnifying party in the defense and settlement of the Claim.

c. The indemnifying party may not settle any Claim without the indemnified party’s written consent unless the settlement: (i) includes a release of all Claims; (ii) contains no admission of liability or wrongdoing by the indemnified party; and (iii) imposes no obligations upon the indemnified party other than an obligation to stop using any infringing items.

d. The indemnified party must mitigate the damages or other losses that would otherwise be recoverable from the indemnifying party, including by taking actions to reduce or limit the amount of damages and/or other losses incurred.

10. Limitations of Liability

10.1. In no event will either party or its Related Parties be liable to the other party for any indirect, incidental, special, consequential or punitive damages (including damages for loss of profits, goodwill, or any other intangible loss) arising out of or relating to this Agreement, the Service or Customer’s use of the Service, whether such claims are based on warranty, contract, tort (including negligence), statute, or any other legal theory, and whether or not any party has been informed of the possibility of damage.

10.2. The aggregate liability of each party and its Related Parties to the other for all claims arising out of or relating to this Agreement, the Service or Customer’s use of the Service, whether in contract, tort, or otherwise, is limited to the greater of: (a) the amount Customer has paid to GitBook for access to and use of the Service in the 12 months prior to the event or circumstance giving rise to the claim and (b) US$100.

10.3. The foregoing paragraphs will not limit Customer’s payment obligations or either party’s liability for misappropriation of intellectual property rights in the other party’s products or services. Each provision of this Agreement that provides for a limitation of liability, disclaimer of warranties, or exclusion of damages is intended to and does allocate the risks between the parties under this Agreement. This allocation is an essential element of the basis of the bargain between the parties. Each of these provisions is severable and independent of all other provisions of this Agreement. The limitations in this section 10 will apply even if any limited remedy fails of its essential purpose.

11. Miscellaneous

11.1. Amendments. No modification of or amendment to this Agreement, nor any waiver of any rights under this Agreement, shall be effective unless in writing signed by GitBook and Customer; provided that from time to time GitBook may modify this Agreement and changes will become effective as of the effective date identified by GitBook. GitBook will notify Customer of material changes by email, via the Service or other appropriate means. If Customer objects to an amendment its subscription will continue to be governed by the prior version of this Agreement until the end of Customer’s then-current subscription term. As of the renewal date Customer may accept the updated Agreement (which it will be deemed to do if Customer continues to use the Service or end its subscription and close its account. The failure by either party to enforce any rights under this Agreement shall not be construed as a waiver of any rights of such party.

11.2. Notices. All notices must be in writing and sent by email, postal mail or other recognized delivery method to the other party’s primary point of contact for this Agreement.

11.3. Integration. This Agreement, including any Order Forms, exhibits and any other agreements expressly incorporated by reference into this Agreement, is the entire and exclusive understanding and agreement between Customer and GitBook regarding Customer’s use of the Service. This Agreement expressly supersedes any nondisclosure agreements between the parties whether entered prior to subsequent to the Effective Date.

11.4. Assignment. This Agreement may not be assigned by either party without the other party’s written consent, whether by operation of law or otherwise; provided that either party may assign this Agreement without consent to its successor in the event of a merger, acquisition or sale of all or substantially all of the assets of such party. Any other purported assignment shall be void.

11.5. Construction; Interpretation. This Agreement shall supersede the terms of any purchase order or other business form. If accepted by GitBook in lieu of or in addition to its Order Form, Customer’s purchase order shall be binding only as to the following terms: (a) the Services ordered and (b) the appropriately calculated fees due. Other terms shall be void. This Agreement is the result of negotiations between and has been reviewed by each of the parties hereto and their respective counsel, if any; accordingly, this Agreement shall be deemed to be the product of all of the parties hereto, and no ambiguity shall be construed in favor of or against any one of the parties hereto. Headings contained in this Agreement are for convenience of reference only and do not form part of this Agreement. A word importing the singular includes the plural and vice versa. Gendered pronouns are used for convenience and are intended to refer the masculine or feminine, as applicable. The word “including” shall be interpreted to mean “including without limitation”.

11.6. Severability. If any provision of this Agreement is adjudicated invalid or unenforceable, this Agreement will be amended to the minimum extent necessary to achieve, to the maximum extent possible, the same legal and commercial effect originally intended by the parties. To the extent permitted by Applicable Law, the parties waive any provision of law that would render any clause of this Agreement prohibited or unenforceable in any respect.

11.7. Governing Law. This Agreement is governed by the laws of the State of California without regard to conflict of law principles. Customer and GitBook submit to the personal and exclusive jurisdiction of the state courts and federal courts in California for resolution of any lawsuit or court proceeding permitted under this Agreement.

If you have any questions, feel free to contact us at [email protected].

What is GitBook?

GitBook is a tech startup, incorporated in the U.S as GitBook Inc , with a French subsidiary GitBook SAS

Where is GitBook hosted?

We are hosted on , which is backed by the same infrastructure and security that Google uses for its own services.

Customer data is stored in U.S. data centers. Some data (HTML pages & assets) may be cached in other geographies by our CDN. Access to private content through our CDN is always validated through our application servers using a complex permissions system.

Google follows or even leads most of the industry's best-practices and is compliant with most major security .

Is customer data encrypted?

Yes, all customer data is encrypted at rest and in-transit:

• In transit, we use HTTPS to encrypt all traffic served to end-users.

  • Even user-provided custom domains are covered, thanks to and Cloudflare.

• At rest on Google Cloud Platform, using .

How are users authenticated?

By default, all customer data, unless explicitly public, can only be accessed by authenticated users with valid permissions.

You can control and restrict access through our , allowing you to invite external members to join your organization and collaborate, whilst restricting their access to a chosen subset of your projects.

Which user/company data is required to operate on GitBook?

The only required piece of information to sign up and start using GitBook is an email address.

Depending on the risk evaluation performed using the , a phone number may be necessary for new users. The risk evaluation is based on a combination of the provided email address and the visitor's IP address.

When subscribing to a plan, the user will be asked for credit card informations. These informations never reach our servers and are processed by only.

gives us access to the expiration date, the brand and the last 4 digits of the credit card only, which are stored in our database for convenience. The user can opt-in to provide us with a billing address, which is also stored in our database. As for the credit card partial informations, the billing address is private and only accessible by the GitBook organization's and the application's administrators.

What other 3rd-party services process data?

GitBook leverages the following 3rd-party services and APIs:

• for Search

• for Payments

• for Support

• for Sign up risk evaluation

Since these services provide the highest standards and are regularly externally audited, GitBook does not audit them by its own means.

How are role-based permissions applied on GitBook?

Each user on GitBook is assigned a unique identifier when her/his account is created. When creating or joining a GitBook organization, each user is then assigned a role: reader, writer or admin. This role is then used to derivate a set of permissions for each member of the organization.

These permissions are then applied directly at the database level, thanks to the . For each request that reaches our database, the user's unique identifier is sent along. Based on the user's unique identifier and the set of permissions associated with its role at the time of the request, the database will either accept or reject the request.

Thanks to this, the user's access to an organization's content is automatically revoked when she/he is removed from the said organization.

How well is GitBook protected against common web application vulnerabilities?

Google Cloud Functions, that are used to serve our application, live behind the Google Frontend. They are protected against brute force/DDoS attacks the same way that protects itself.

In addition, since Firebase Authentication is the gateway to many of our backend services and security rules, many of our quotas are protected by per-IP limits to give an extra layer of protection against a localized attack.

Is GitBook SOC2 certified?

Yes, we are. You can read more about value and our certification on the next page.

This guide describes the information that GitBook needs in order to process a DMCA takedown request. If you have more general questions about what the DMCA is or how GitBook processes DMCA takedown requests, please review our DMCA Takedown Policy.

Due to the type of content GitBook hosts (mostly software code) and the way that content is managed (with Git), we need complaints to be as specific as possible. These guidelines are designed to make the processing of alleged infringement notices as straightforward as possible. Our form of notice set forth below is consistent with the form suggested by the DMCA statute, which can be found at the U.S. Copyright Office's official website: http://www.copyright.gov.

As with all legal matters, it is always best to consult with a professional about your specific questions or situation. We strongly encourage you to do so before taking any action that might impact your rights. This guide isn't legal advice and shouldn't be taken as such.

Before You Start

Tell the Truth. The DMCA requires that you swear to the facts in your copyright complaint under penalty of perjury. It is a federal crime to intentionally lie in a sworn declaration. (See .) Submitting false information could also result in civil liability—that is, you could get sued for money damages.

Investigate. Millions of users and organizations pour their hearts and souls into the projects they create and contribute to on GitBook. Filing a DMCA complaint against such a project is a serious legal allegation that carries real consequences for real people. Because of that, we ask that you conduct a thorough investigation and consult with an attorney before submitting a takedown to make sure that the use isn't actually permissible.

Ask Nicely First. A great first step before sending us a takedown notice is to try contacting the user directly. They may have listed contact information in their content. This is not strictly required, but it is classy.

No Bots. You should have a trained professional evaluate the facts of every takedown notice you send. If you are outsourcing your efforts to a third party, make sure you know how they operate, and make sure they are not using automated bots to submit complaints in bulk. These complaints are often invalid and processing them results in needlessly taking down projects!

You May Receive a Counter Notice. Any user affected by your takedown notice may decide to submit a . If they do, we will re-enable their content within 10-14 days unless you notify us that you have initiated a legal action seeking to restrain the user from engaging in infringing activity relating to the content on GitBook.

GitBook Isn't The Judge. GitBook exercises little discretion in the process other than determining whether the notices meet the minimum requirements of the DMCA. It is up to the parties (and their lawyers) to evaluate the merit of their claims, bearing in mind that notices must be made under penalty of perjury.

Your Complaint Must ...

1. Include the following statement: "I have read and understand GitBook's Guide to Filing a DMCA Notice." We won't refuse to process an otherwise complete complaint if you don't include this statement. But we'll know that you haven't read these guidelines and may ask you to go back and do so.

2. Identify the copyrighted work you believe has been infringed. This information is important because it helps the affected user evaluate your claim and give them the ability to compare your work to theirs. The specificity of your identification will depend on the nature of the work you believe has been infringed. If you have published your work, you might be able to just link back to a web page where it lives. If it is proprietary and not published, you might describe it and explain that it is proprietary. If you have registered it with the Copyright Office, you should include the registration number. If you are alleging that the hosted content is a direct, literal copy of your work, you can also just explain that fact.

How to Submit Your Complaint

You can contact us by sending an email notification to . You may include an attachment if you like, but please also include a plain-text version of your message in the body of your email.

Occasionally we are contacted about suspected vulnerabilities or security concerns. Please note that we do take those extremely seriously and investigate each report.

How to report suspected vulnerabilities or security concerns?

To report vulnerabilities, please contact us at [email protected] with a title 'Vulnerability Report'. For all other bugs please provide a specific title relating to the are where the bug occured. To help us respond to you faster, please share the steps to reproduce the behaviour. Our team will triage your report and respond to you with next steps.

Effective date: May 25, 2018

Thanks for entrusting GitBook with your documentation, your projects, and your personal information. Holding onto your private information is a serious responsibility, and we want you to know how we're handling it.

The short version

We only collect the information you choose to give us, and we process it with your consent, or on another legal basis; we only require the minimum amount of personal information that is necessary to fulfill the purpose of your interaction with us; we don't sell it to third parties; and we only use it as this Privacy Statement describes. If you're visiting us from the EU, please see our global privacy practices: we are compliant with the General Data Protection Regulation (GDPR). No matter where you are, where you live, or what your citizenship is, we provide the same standard of privacy protection to all our users around the world, regardless of their country of origin or location.

Of course, the short version doesn't tell you everything, so please read on for more details!

What information GitBook collects and why

Information from website browsers

If you're just browsing the website, we collect the same basic information that most websites collect. We use common internet technologies, such as cookies and web server logs. This is stuff we collect from everybody, whether they have an account or not.

The information we collect about all visitors to our website includes the visitor’s browser type, language preference, referring site, additional websites requested, and the date and time of each visitor request. We also collect potentially personally identifying information like Internet Protocol (IP) addresses.

Why do we collect this

We collect this information to better understand how our website visitors use GitBook and to monitor and protect the security of the website.

Information from users with accounts

If you create an account, we require some basic information at the time of account creation. You will create your own username and password, and we will ask you for a valid email address. You also have the option to give us more information if you want to, and this may include "User Personal Information."

"User Personal Information" is any information about one of our users which could, alone or together with other information, personally identify him or her. Information such as a username and password, an email address, a real name, and a photograph are examples of “User Personal Information.” User Personal Information includes Personal Data as defined in the General Data Protection Regulation.

User Personal Information does not include aggregated, non-personally identifying information. We may use aggregated, non-personally identifying information to operate, improve, and optimize our website and service.

Why we collect this

• We need your User Personal Information to create your account, and provide the services you request, or to respond to support requests.

• We use your User Personal Information, specifically your user name, to identify you on GitBook.

• We use it to fill out your profile and share that profile with other users if you ask us to.

Our legal basis for processing information

Under certain international laws (including GDPR), GitBook is required to notify you about the legal basis on which we process User Personal Information. GitBook processes User Personal Information on the following legal bases:

• When you create a GitBook account, you provide your name and email address. We require those data elements for you to enter into the Terms of Service agreement with us, and we process those elements on the basis of performing that contract. We also process your user name and email address on other bases. If you have a paid account with us, there will be other data elements we must collect and process on the basis of performing that contract. GitBook does not collect or process a credit card number, but our third-party payment processor does.

• When you fill out the information in your , you have the option to provide User Personal Information such as an avatar which may include a photograph or your biography. We process this information on the basis of consent. All of this information is entirely optional, and you have the ability to access, modify, and delete it at any time (while you are not able to delete your email address entirely, this information is private and not shared with other users).

What information GitBook does not collect

We do not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information. Although GitBook does not request or intentionally collect any sensitive personal information, we realize that you might store this kind of information in your account, such as in a space. If you store any sensitive personal information on our servers, you are responsible for complying with any regulatory controls regarding that data.

If you're a child under the age of 13, you may not have an account on GitBook. GitBook does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will, unfortunately, have to close your account. We don't want to discourage you from learning to code, but those are the rules. Please see our for information about account termination. Other countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you may not use GitBook without obtaining your parents' or legal guardians' consent.

We do not intentionally collect User Personal Information that is stored in your spaces or other free-form content inputs. Information in your spaces belongs to you (and your organization), and you are responsible for it, as well as for making sure that your content complies with our . Any personal information within a user's space is the responsibility of the organization owner.

Repository contents

GitBook employees to for security reasons, to assist the space owner with a support matter, or to maintain the integrity of the service. Our Terms of Service provide .

If your space is public or unlisted, anyone (including us and unaffiliated third parties) may view its contents. If you have included private or sensitive information in your public repository, such as email addresses or passwords, that information may be indexed by search engines or used by third parties. In addition, while we do not generally search for content in your spaces, we may scan our servers for certain tokens or security signatures, or for known active malware.

Please see more about .

How do we share the information we collect

We do share User Personal Information with your permission, so we can perform services you have requested or communicate on your behalf. Additionally, you may indicate, through your actions on GitBook, that you are willing to share your User Personal Information. For example, if you join an organization, the owner of the organization will have the ability to view your activity in the organization's access log. We will respect your choices.

We do not share, sell, rent, or trade User Personal Information with third parties for their commercial purposes.

We do not host advertising on GitBook. We may occasionally embed content from third-party sites, such as YouTube, and that content may include ads. While we try to minimize the number of ads our embedded content contains, we can't always control what third parties show. Any advertisements on individual GitBook Pages or in GitBook spaces are not sponsored by, or tracked by, GitBook.

We do not disclose User Personal Information outside GitBook, except in the situations listed in this section or in the section below on .

We do share certain aggregated, non-personally identifying information with others about how our users, collectively, use GitBook, or how our users respond to our other offerings, such as our conferences or events. However, we do not sell this information to advertisers or marketers.

We do share User Personal Information with a limited number of third-party vendors who process it on our behalf to provide or improve our service, and who have agreed to privacy restrictions similar to our own Privacy Statement by signing data protection agreements. Our vendors perform services such as payment processing, customer support ticketing, network data transmission, and other similar services. When we transfer your data to our vendors, we remain responsible for it. While GitBook processes all User Personal Information in the United States, our third-party vendors may process data outside of the United States or the European Union.

We do share aggregated, non-personally identifying information with third parties.

We may share User Personal Information if we are involved in a merger, sale, or acquisition. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our website or by email before any transfer of your User Personal Information. The organization receiving any User Personal Information will have to honor any promises we have made in our Privacy Statement or in our Terms of Service.

Public information on GitBook

Much of GitBook is public-facing. If your content is public-facing, third parties may access and use it in compliance with our Terms of Service, such as by viewing your spaces or pulling data via our API. We do not sell that content; it is yours. However, we do allow third parties, such as research organizations or archives, to compile public-facing GitBook information. Other third parties, such as data brokers, have been known to scrape GitBook and compile data as well.

Your Personal Information, associated with your content, could be gathered by third parties in these compilations of GitBook data. If you do not want your Personal Information to appear in third parties’ compilations of GitBook data, please do not make your Personal Information publicly available and be sure to .

If you would like to compile GitBook data, you must comply with our Terms of Service regarding scraping and , and you may only use any public-facing Personal Information you gather for the purpose for which our user has authorized it. For example, where a GitBook user has made an email address public-facing for the purpose of identification and attribution, do not use that email address for commercial advertising. We expect you to reasonably secure any Personal Information you have gathered from GitBook, and to respond promptly to complaints, removal requests, and "do not contact" requests from GitBook or GitBook users.

Similarly, projects on GitBook may include publicly available Personal Information collected as part of the collaborative process. In the event that a GitBook project contains publicly available Personal Information that does not belong to GitBook users, we will only use that Personal Information for the limited purpose for which it was collected, and we will secure that Personal Information as we would secure any User Personal Information. If you have a complaint about any Personal Information on GitBook, please see our section on .

Third-party applications

You have the option of enabling or adding third-party applications, known as "Developer Products," to your account. These Developer Products are not necessary for your use of GitBook. We will share your User Personal Information with third parties when you ask us to; however, you are responsible for your use of the third-party Developer Product and for the amount of User Personal Information you choose to share with it. You can check our to see what information is provided when you authenticate into a Developer Product using your GitBook profile.

GitBook applications

You also have the option of adding applications from GitBook, such as a Desktop app, a Mobile app, or other account features, to your account. These applications each have their own terms and may collect different kinds of User Personal Information; however, all GitBook applications are subject to this Privacy Statement, and we will always collect the minimum amount of User Personal Information necessary, and use it only for the purpose for which you have given it to us.

How you can access and control the information we collect

If you're already a GitBook user, you may access, update, alter, or delete your basic user profile information by or contacting . You can control the information we collect about you by limiting what information is in your profile, updating out-of-date information, or by contacting .

Data retention and deletion

Generally, GitBook will retain User Personal Information for as long as your account is active or as needed to provide you services.

We may retain certain User Personal Information indefinitely unless you delete it or request its deletion. For example, we don’t automatically delete inactive user accounts, so unless you choose to delete your account, we will retain your account information indefinitely.

If you would like to cancel your account or delete your User Personal Information, you may do so in your . We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 90 days. You may contact to request the erasure of the data we process on the basis of consent within 30 days.

Our use of cookies and tracking

Cookies

GitBook uses cookies to make interactions with our service easy and meaningful. We use cookies (and similar technologies, like HTML5 localStorage) to keep you logged in, remember your preferences, and provide information for the future development of GitBook. We also use cookies to identify a device, for security reasons. By using our website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept cookies, you will not be able to log in or use GitBook’s services.

We provide a web page on that describes the cookies we set, the needs we have for those cookies, and the types of cookies they are (temporary or permanent). It also lists our third-party analytics and service providers and details exactly which parts of our website we permit them to track.

Tracking and analytics

We use a number of third-party analytics and service providers to help us evaluate our users' use of GitBook; compile statistical reports on activity; and improve our content and website performance. We only use these third-party analytics providers on certain areas of our website, and all of them have signed data protection agreements with us that limit the type of personal information they can collect and the purpose for which they can process the information. In addition, we use our own internal analytics software to provide features and improve our content and performance.

We do not currently respond to your browser's Do Not Track signal, and we do not permit third parties other than our analytics and service providers to track GitBook users' activity over time on GitBook. We do not track your online browsing activity on other online services over time.

How GitBook secures your information

GitBook takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information.

In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected users.

Transmission of data on GitBook is encrypted using HTTPS, and SSL/TLS. Data are stored and encrypted by trusted third-party cloud providers (such as Google Cloud or Amazon AWS).

No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.

GitBook's global privacy practices

We store and process the information that we collect in the United States in accordance with this Privacy Statement (our subprocessors may store and process data outside the United States). However, we understand that we have users from different countries and regions with different privacy expectations, and we try to meet those needs even when the United States does not have the same privacy framework as other countries.

We provide the same standard of privacy protection — as described in this Privacy Statement — to all our users around the world, regardless of their country of origin or location, and we are proud of the levels of notice, choice, accountability, security, data integrity, access, and recourse we provide. We have appointed a Privacy Counsel and we work hard to comply with the applicable data privacy laws wherever we do business, and we also expect to appoint a Data Protection Officer to oversee our compliance efforts. Additionally, if our vendors or affiliates have access to User Personal Information, they must sign agreements that require them to comply with our privacy policies and with applicable data privacy laws.

In particular:

• GitBook provides clear methods of unambiguous, informed consent at the time of data collection when we do collect your personal data using consent as a basis.

• We collect only the minimum amount of personal data necessary for our purposes unless you choose to provide more. We encourage you to only give us the amount of data you are comfortable sharing.

• We offer you simple methods of accessing, correcting, or deleting the User Personal Information we have collected.

Data Processing Addendum (DPA)

GitBook has adopted a data processing addendum with Standard Contractual Clauses to help ensure your protection. You can have it as a PDF:

How we respond to compelled disclosure

GitBook may disclose personally-identifying information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar government order, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.

In complying with court orders and similar legal processes, GitBook strives for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.

How we, and others, communicate with you

We will use your email address to communicate with you if you've said that's okay, and only for the reasons you’ve said that’s okay. For example, if you contact our Support team with a request, we will respond to you via email. You have a lot of control over how your email address is used and shared on and through GitBook. You may manage your communication preferences in your .

Depending on your email settings, GitBook may occasionally send notification emails about changes in a space you’re contributing to, new features, requests for feedback, important policy changes, or offer customer support. We also send marketing emails, but only with your consent, if you opt into our list. There's an unsubscribe link located at the bottom of each of the marketing emails we send you. Please note that you can not opt out of receiving important communications from us, such as emails from our Support team or system emails, but you can configure your notifications settings in your profile.

Our emails might contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted emails.

Resolving complaints

If you have concerns about the way GitBook is handling your User Personal Information, please let us know immediately. We want to help. You can email us directly at [email protected] with the subject line "Privacy Concerns." We will respond promptly — within 45 days at the latest.

Changes to our Privacy Statement

Although most changes are likely to be minor, GitBook may change our Privacy Statement from time to time. We will provide notification to Users of material changes to this Privacy Statement through our Website at least 30 days prior to the change taking effect by posting a notice on our home page or sending an email to the primary email address specified in your GitBook account. We will also update our space, which tracks all changes to this policy. For changes to this Privacy Statement that do not affect your rights, we encourage visitors to check our Site Policy space frequently.

Contacting GitBook

Questions regarding GitBook's Privacy Statement or information practices should be directed to our .