Privacy Policy — OpenCommit#

Effective Date: 2026-01-31
Last Updated: 2026-04-04

The OpenCommit Foundation (Stichting OpenGit, a foundation (stichting)) (“OpenCommit”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our git hosting service at opencommit.eu (the “Service”).

OpenCommit is a foundation established in the Netherlands and is subject to the General Data Protection Regulation (GDPR).

1. Data Controller#

The data controller responsible for your personal data is:

Stichting OpenGit (operating as OpenCommit)
Registered in: Leiden, the Netherlands
KvK Number: 95808930
RSIN Number: 867313328
Email: support@opencommit.eu

2. Information We Collect#

We collect information that you provide directly to us and information generated by your use of the Service.

  • Account Information: Username, email address, and password.
  • Profile Information: Name, bio, location, and profile picture (if provided).
  • Subscription Data: For closed-source projects, we collect billing information (processed via a third-party payment provider). We do not store full credit card numbers on our servers.
  • Technical Data: IP address, browser type, operating system, and access times (collected via server logs for security and performance monitoring).
  • Content: Code, commit messages, issues, and comments you upload to the Service.

Under the GDPR, we process your data based on the following legal grounds:

  • Performance of a Contract: To provide the hosting services you signed up for.
  • Legitimate Interests: To maintain the security of our platform, prevent abuse, and improve our Service.
  • Legal Obligation: To comply with tax, accounting, or law enforcement requirements.
  • Consent: Where you have explicitly given us permission (e.g., for optional marketing communications).

Our data processing is aligned with our non-profit statutory goal of “promoting and hosting open-source collaboration.”

4. How We Use Your Information#

We use your data to:

  • Provide, operate, and maintain the Service.
  • Manage your account and process subscriptions.
  • Communicate with you about updates, security alerts, and support.
  • Detect and prevent fraud, spam, or security incidents.
  • Comply with legal obligations under Dutch and EU law.

5. Data Sharing and Disclosure#

We do not sell your personal data. We only share data in the following circumstances:

  • Public Repositories: Any data in a public repository is visible to the world.
  • Private repositories: Are only accessible to the account holder and authorized collaborators. OpenCommit staff members do not access them except for specific support or security reasons and only with permission or legal necessity.
  • Service Providers: We use trusted third-party providers for hosting (infrastructure), email delivery, and payment processing. These providers are bound by Data Processing Agreements (DPAs).
  • Legal Requirements: If required by a court order or valid legal process from Dutch or EU authorities.

A list of our current third-party service providers (sub-processors) can be found at https://docs.opencommit.eu/trust/subprocessors.

6. Data Transfers (Outside the EEA)#

We host our infrastructure within the European Economic Area (EEA). No data is transferred outside the EEA unless initiated by a user or if a user is located outside the EEA.

7. Data Retention#

  • Active Accounts: We retain your data as long as your account is active.
  • Deleted Accounts: Upon account deletion, we remove your personal data within 30 days, except where we are legally required to retain it (e.g., for tax records or to prevent re-registration of a banned user).
  • Public Contributions: Please note that git is a distributed system. Your name/email in commit history may persist in forks or clones made by other users.
  • Server logs: Server logs containing IP addresses are typically rotated and deleted after 30-90 days unless flagged for a security investigation.

8. Your Rights (GDPR)#

As an EU resident, you have the following rights:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request that we delete your data (“Right to be Forgotten”).
  • Restriction: Limit how we process your data.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.

To exercise these rights, contact us at support@opencommit.eu. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

9. Cookies#

We use essential cookies to keep you logged in and to remember your preferences. We do not use third-party tracking or advertising cookies. We do use optional analytics hosted on our own servers which use cookies. This system is based on Offen and allows you to opt-in & opt-out as well as review or delete your data.

10. Security#

We implement appropriate technical and organizational measures (such as encryption and access controls) to protect your data. However, no method of transmission over the internet is 100% secure.

11. Changes to this Policy#

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last Updated” date.

Edit Edit this page
OpenCommit Documentation - © 2025-2026, OpenCommit Foundation. This work is licensed under CC BY-SA 4.0

Fair web analytics Access your usage data