Trust, Legal & Safety on Documentationhttps://docs.opencommit.eu/trust/Recent content in Trust, Legal & Safety on DocumentationHugoen-us&copy; 2025-2026, OpenCommit Foundation. This work is licensed under [CC BY-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/")<img src="https://docs.opencommit.eu/cc.svg" alt="" style="max-width: 1em;max-height:1em;margin-left: .2em;"><img src="https://docs.opencommit.eu/by.svg" alt="" style="max-width: 1em;max-height:1em;margin-left: .2em;"><img src="https://docs.opencommit.eu/nc.svg" alt="" style="max-width: 1em;max-height:1em;margin-left: .2em;"><img src="https://docs.opencommit.eu/static/sa.svg" alt="" style="max-width: 1em;max-height:1em;margin-left: .2em;"><link>https://docs.opencommit.eu/trust/coc/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://docs.opencommit.eu/trust/coc/</guid><description><h1 id="code-of-conduct--opencommit">Code of Conduct — OpenCommit<a class="anchor" href="#code-of-conduct--opencommit">#</a></h1> <p><em>Effective Date: 2026-01-31</em><br/> <em>Last Updated: 2026-03-25</em></p> <h2 id="1-purpose">1. Purpose<a class="anchor" href="#1-purpose">#</a></h2> <p>OpenCommit exists to support open source development and responsible software collaboration. This Code of Conduct defines the standards of behavior expected from all users of the OpenCommit platform (the “Service”).</p> <p>Our goal is to foster a <strong>stable, inclusive, professional, and non-abusive environment</strong> for developers, organizations, and contributors.</p> <p>This Code of Conduct applies to:</p> <ul> <li>All users of the OpenCommit platform</li> <li>All public and private repositories hosted on the Service</li> <li>Issues, pull/merge requests, comments, profiles, and other user-generated content</li> <li>Communications that take place through the platform</li> </ul> <p>Violation of this Code may result in enforcement actions as described below.</p></description></item><item><title/><link>https://docs.opencommit.eu/trust/dpa/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://docs.opencommit.eu/trust/dpa/</guid><description><h1 id="data-processing-addendum-dpa--opencommit">Data Processing Addendum (DPA) — OpenCommit<a class="anchor" href="#data-processing-addendum-dpa--opencommit">#</a></h1> <p><em>Effective Date: 2026-01-31</em><br/> <em>Last Updated: 2026-04-04</em></p> <p>This Data Processing Addendum (“DPA”) forms part of the Terms of Service (“Agreement”) between <strong>Stichting OpenGit</strong>, operating as OpenCommit (OpenCommit Foundation), (“Processor”) and the entity subscribing to the Service (“Controller”).</p> <h2 id="1-definitions">1. Definitions<a class="anchor" href="#1-definitions">#</a></h2> <ul> <li><strong>“Data Protection Laws”</strong> means the EU General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act (UAVG).</li> <li><strong>“Personal Data”</strong> means any information relating to an identified or identifiable natural person processed by Processor on behalf of Controller within the Service.</li> <li><strong>“Sub-processor”</strong> means any third party appointed by Processor to process Personal Data.</li> </ul> <h2 id="2-scope-and-role">2. Scope and Role<a class="anchor" href="#2-scope-and-role">#</a></h2> <p>This DPA applies where OpenCommit processes Personal Data as a <strong>Processor</strong> on behalf of the Controller in the course of providing git hosting services. This typically includes data contained within private repositories, issue trackers, and pull requests.</p></description></item><item><title/><link>https://docs.opencommit.eu/trust/privacy-policy/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://docs.opencommit.eu/trust/privacy-policy/</guid><description><h1 id="privacy-policy--opencommit">Privacy Policy — OpenCommit<a class="anchor" href="#privacy-policy--opencommit">#</a></h1> <p><em>Effective Date: 2026-01-31</em><br/> <em>Last Updated: 2026-04-04</em></p> <p>The <strong>OpenCommit Foundation</strong> (<em>Stichting OpenGit, a foundation (stichting)</em>) (“OpenCommit”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our git hosting service at <a href="https://opencommit.eu">opencommit.eu</a> (the “Service”).</p> <p>OpenCommit is a foundation established in the Netherlands and is subject to the <strong>General Data Protection Regulation (GDPR)</strong>.</p></description></item><item><title/><link>https://docs.opencommit.eu/trust/security-overview/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://docs.opencommit.eu/trust/security-overview/</guid><description><h1 id="security-overview--opencommit">Security Overview — OpenCommit<a class="anchor" href="#security-overview--opencommit">#</a></h1> <p><em>Last Updated: 2026-04-04</em></p> <p>OpenCommit aims to protect the confidentiality, integrity, and availability of the Service and user data. This Security Overview describes the technical and organizational measures we use to secure the platform. It is provided for transparency and does not form part of the Terms of Service.</p> <h2 id="1-infrastructure-and-hosting">1. Infrastructure and Hosting<a class="anchor" href="#1-infrastructure-and-hosting">#</a></h2> <ul> <li><strong>EEA-based hosting</strong>: Core infrastructure is hosted within the European Economic Area (EEA).</li> <li><strong>Hosting provider</strong>: Infrastructure is hosted with <strong>Hetzner Online GmbH</strong> in <strong>Germany and Finland</strong>.</li> <li><strong>Data center security</strong>: We rely on Hetzner’s data center security controls and certifications (including ISO/IEC 27001 where applicable) and industry-standard physical security measures.</li> </ul> <h2 id="2-network-security">2. Network Security<a class="anchor" href="#2-network-security">#</a></h2> <ul> <li><strong>Segmentation</strong>: We segment services to limit unnecessary access between components.</li> <li><strong>Firewalls</strong>: Inbound access is restricted to required ports and services.</li> <li><strong>Administrative access</strong>: Administrative access is limited and protected using strong authentication and encrypted connections.</li> </ul> <h2 id="3-encryption">3. Encryption<a class="anchor" href="#3-encryption">#</a></h2> <ul> <li><strong>In transit</strong>: Traffic between clients (web browsers and git clients) and OpenCommit is encrypted using modern TLS.</li> <li><strong>At rest</strong>: We use encryption where appropriate for backups and sensitive configuration material.</li> </ul> <h2 id="4-authentication-and-account-security">4. Authentication and Account Security<a class="anchor" href="#4-authentication-and-account-security">#</a></h2> <ul> <li><strong>Passwords</strong>: Passwords are stored using strong, one-way hashing.</li> <li><strong>2FA</strong>: We support and may require two-factor authentication (2FA) for accounts or organizations.</li> <li><strong>SSH</strong>: Git access supports SSH keys; users are encouraged to use modern key types (e.g., Ed25519).</li> </ul> <h2 id="5-application-and-dependency-security">5. Application and Dependency Security<a class="anchor" href="#5-application-and-dependency-security">#</a></h2> <ul> <li><strong>Forge software</strong>: The Service is based on <strong>Forgejo</strong>.</li> <li><strong>Patching</strong>: We monitor upstream security advisories and apply relevant security updates in a timely manner.</li> <li><strong>Hardening</strong>: We aim to minimize the attack surface by disabling or restricting non-essential services and features.</li> </ul> <h2 id="6-monitoring-and-logging">6. Monitoring and Logging<a class="anchor" href="#6-monitoring-and-logging">#</a></h2> <ul> <li><strong>Operational monitoring</strong>: We monitor service health and availability to detect incidents and outages.</li> <li><strong>Status monitoring</strong>: We may use third parties (e.g., <strong>Uptime Robot</strong>) for status/availability checks.</li> <li><strong>Security logging</strong>: We maintain logs relevant to security and abuse prevention. Access to logs is restricted.</li> </ul> <h2 id="7-backups-and-recovery">7. Backups and Recovery<a class="anchor" href="#7-backups-and-recovery">#</a></h2> <ul> <li><strong>Backups</strong>: We perform regular backups of repository and database data.</li> <li><strong>Recovery</strong>: We maintain recovery procedures to restore service after incidents.</li> <li><strong>User responsibility</strong>: Users remain responsible for maintaining independent backups of their repositories.</li> </ul> <h2 id="8-incident-response">8. Incident Response<a class="anchor" href="#8-incident-response">#</a></h2> <ul> <li><strong>Response</strong>: We investigate suspected security incidents and take appropriate steps to contain and remediate issues.</li> <li><strong>Notification</strong>: Where required by law or contract (for example under a DPA), we will notify affected parties of relevant incidents.</li> </ul> <h2 id="9-vulnerability-reporting">9. Vulnerability Reporting<a class="anchor" href="#9-vulnerability-reporting">#</a></h2> <p>If you believe you have found a security vulnerability in OpenCommit, please contact:</p></description></item><item><title/><link>https://docs.opencommit.eu/trust/sub-processors/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://docs.opencommit.eu/trust/sub-processors/</guid><description><h1 id="sub-processors--opencommit">Sub-processors — OpenCommit<a class="anchor" href="#sub-processors--opencommit">#</a></h1> <p><em>Last Updated: 2026-04-04</em></p> <p>To provide our Service, OpenCommit engages the following third-party sub-processors to perform specific processing activities. All sub-processors are bound by Data Processing Agreements (DPAs) to ensure the protection of your personal data.</p> <table> <thead> <tr> <th style="text-align: left">Entity</th> <th style="text-align: left">Activity</th> <th style="text-align: left">Location</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><strong>Hetzner Online GmbH</strong></td> <td style="text-align: left">Cloud Infrastructure &amp; Hosting</td> <td style="text-align: left">Germany / Finland (EEA)</td> </tr> <tr> <td style="text-align: left"><strong>Soverin</strong></td> <td style="text-align: left">Email</td> <td style="text-align: left">The Netherlands (EEA)</td> </tr> <tr> <td style="text-align: left"><strong>Uptime Robot</strong></td> <td style="text-align: left">Status page (if accessed by user)</td> <td style="text-align: left">Slovak Republic (EEA)</td> </tr> </tbody> </table></description></item><item><title/><link>https://docs.opencommit.eu/trust/tos/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://docs.opencommit.eu/trust/tos/</guid><description><h1 id="terms-of-service--opencommit">Terms of Service — OpenCommit<a class="anchor" href="#terms-of-service--opencommit">#</a></h1> <p><em>Effective Date: 2026-01-31</em><br> <em>Last Updated: 2026-04-04</em></p> <p>These Terms of Service (“Terms”) constitute a legally binding agreement between the <strong>OpenCommit Foundation</strong> (<em>Stichting OpenGit, a foundation (stichting)</em>) established under the laws of The Netherlands, with its statutory seat in Leiden, the Netherlands (“OpenCommit”, “we”, “us”, “our”), and you (“User”, “you”).</p> <p>These Terms govern your access to and use of the OpenCommit platform available at <a href="https://opencommit.eu">https://opencommit.eu</a> and related services (the “Service”).</p></description></item></channel></rss>