Privacy
At Gitpod, we prioritize your security and privacy in every aspect of our development solution. Our commitment is unwavering—we believe in empowering you with a secure and reliable environment while safeguarding the confidentiality of your sensitive information.
This commitment is reflected in our practices, which include minimal processing of personal information, stringent access controls, and the flexibility to choose your own processing regions.
All data stays within your infrastructure
With Gitpod, your data remains within your infrastructure at all times. Even our staff cannot access your data, ensuring unparalleled confidentiality and protection for your assets.
Processing region of your choice
Maintain control and compliance by choosing your own processing region, aligning with privacy laws, regulations, and other requirements. Supported AWS regions include us-east, us-west, eu-west, eu-central, ap-northeast, ap-southeast and sa-east.
Secure & isolated development environments
Enhance the security of your development processes with Gitpod’s isolated, single-tenant environments running within your own AWS account, leveraging your customized security controls. This not only reduces your attack surface and safeguards against external threats but also empowers you to align seamlessly with your specific requirements.
German-Based Entity
Being based in Germany, Gitpod benefits from one of the world’s most robust legal frameworks for data protection, making us a preferred partner for enterprises that prioritize the security of their development processes and the integrity of their data.
Organizational compliance
Gitpod has appointed a Data Protection Officer and conducts periodic reviews on processing of personal data, transfer impact assessments, and subprocessor reviews. These measures ensure continuous compliance with privacy laws and regulations.
Security compliance
Gitpod proudly adheres to SOC 2 Type II compliance standards. Access security certificates, reports, and other relevant information at our Trust Center.
Your privacy is our priority at Gitpod. We are dedicated to providing a development environment that not only meets your technical needs but also ensures the utmost confidentiality and protection of your data. If you have any questions or concerns, please feel free to contact our Privacy Team.
Frequently asked questions (FAQ)
Can the Gitpod team access any of our repositories/code in our AWS environment?
No. The Gitpod team does not have access to your SCM system, resources within your VPC that contain code, or resources in your VPC that contain related SCM secrets.
What infrastructure can the Gitpod team access within the customers VPC (Virtual Private Cloud)?
Gitpod cannot access resources within the customer VPC. The customer controls all AWS resources using CloudFormation templates provided by the Gitpod team.
What infrastructure can Gitpod scale, create or delete within the customers installation?
The Gitpod cannot create, update, or delete AWS resources in your AWS account.
What level of visibility does Gitpod have over our infrastructure and code?
Gitpod has no visibility into your code (SCM, organizations, user info, or repositories). See data observability for more information.
Gitpod has limited visibility to AWS infrastructure for your Gitpod installation. See ongoing operations for more information.