We may update this policy from time to time. Please check this page regularly for notification of any significant changes in the way we treat your personal information. We will provide you with reasonable advance notice of any material proposed changes.
Where the words 'Dependabot', 'we', 'us' or 'our' are used in this document, they are all references to Dependabot Limited. Dependabot Limited is the controller for the limited purposes stated below, including for the provision of the service.
Your privacy is very important to us. We have put in place measures to ensure that any personal information that we obtain from you is processed in accordance with the accepted principles of good information handling.
This policy gives you information about how we handle personal information received from visitors to our website at https://dependabot.com (“Website”) and customers.
What is personal information?
Personal information is any information which could, alone or together with other information, personally identify an individual. Information such as a user name and password, an email address, a real name, and a photograph are examples of personal information. Personal information includes “personal data” as defined in the General Data Protection Regulation.
We collect personal information in the following ways:
- If you link Dependabot to your GitHub account (via the log in page on the Website), we will use your details to conduct automated dependency management for your GitHub repositories.
- If you call us or send us an enquiry or details via email or contact us via another method, we will handle any personal details you have provided to us in order to respond to any request/comment you have. We may also keep these details for the purpose of evaluating and assessing applications, performing contracts and technical administration.
- When you visit our Website, we may automatically collect certain system-related information about your visit, and we also use 'cookies' to provide you with access to certain private areas of the Website. See the 'Cookies' section below for further information.
Purposes for handling your personal information
We may process any personal information you provide to us to enable us to perform the contract entered into between you and us, to ensure compliance with local legal and regulatory requirements and for the purposes of our legitimate business interests, including the following:
- to enable us to carry out our obligations arising from any contracts and to provide you with the information and services that you request from us;
- to enable us to respond to an enquiry or other request you make when you contact us including for customer services support;
- to notify you about changes to our service; and
- to better understand how you interact with our Website, including its functionality and features, and ensure that content is presented in the most effective manner.
Sharing your personal information
We may share your personal information with third party service providers to enable them to provide services for us but for no other purpose. Where we provide your personal information to third party services providers, they are required to keep your personal information confidential and secure, and must only use your personal information as instructed by us. We may also disclose your personal information to third parties where required by law or third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.
Storing your personal information
We will only store your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Whenever we transfer your personal information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal information outside of the EEA.
Residents of the EEA: You may have the right to: request (a) access the to your personal information we hold about you; (b) request we correct any inaccurate personal information we hold about you; (c) request we delete any personal information we hold about you; (d) restrict the processing of personal information we hold about you; (e) object to the processing of personal information we hold about you; and/or (f) receive any personal information we hold about you in a structured and commonly used machine-readable format or have such personal information transmitted to another company.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing information requested to you.
To exercise any of your rights in connection with your personal information, contact GitHub using the support form. We will process any request in line with any local laws and our policies and procedures. If you are located in the EEA, you have the right to lodge a complaint about how we process your personal information with the supervisory authority in your country.
If you have any questions about the handling of your personal information, contact GitHub using the support form. If you contact us, we will do our utmost best to address any concerns you may have about our processing of your personal information.
The first is to collect system-related information, such as the type of internet browser and operating system you use, the website from which you have come to our website, the duration of individual page views, paths taken by visitors through the website, and other general information and your IP address (the unique address which identifies your computer on the internet) which is automatically recognised by our web server. This information is collected for system administration and to report aggregate information to our subcontractors and partners to enable them to provide services to us. It is statistical data about our users' browsing actions and does not, of itself, contain any personally identifiable information. It is often not possible to identify a specific individual from this information, although for example we may be able to identify it relates to a specific individual in conjunction with other information in our control.
The second is that Cookies are also used when registered users access the private sections of our website. Cookies are used to facilitate the log in process. In this case, we may be able to identify that your login details have been used.
Most web browsers offer users controls, to give you the option to delete or disable cookies. You can usually find out how to do so by referring to the ‘Help’ option on the menu bar of your browser, or by visiting the browser developer's website. This will usually tell you how to prevent your browser from accepting new cookies; notify you when you receive new cookies; and disable cookies altogether. Please note that disabling cookies will stop you accessing private areas of the website.