diff --git a/content/site-policy/privacy-policies/github-copilot-for-business-privacy-statement.md b/content/site-policy/privacy-policies/github-copilot-for-business-privacy-statement.md index acdd0fca25c4..e882fc168a4a 100644 --- a/content/site-policy/privacy-policies/github-copilot-for-business-privacy-statement.md +++ b/content/site-policy/privacy-policies/github-copilot-for-business-privacy-statement.md @@ -7,27 +7,55 @@ topics: - Legal --- -Effective Date: December 7, 2022 +Effective Date: August 31, 2023 Use of GitHub Copilot for Business is also subject to the [GitHub Privacy Statement](/site-policy/privacy-policies/github-privacy-statement), the [Acceptable Use Policies](/site-policy/acceptable-use-policies/github-acceptable-use-policies) and the [GitHub Copilot for Business license terms](https://github.com/customer-terms/github-copilot-product-specific-terms). -## What data does Copilot for Business collect? +## What personal data does Copilot for Business collect? -Copilot for Business relies on file content and additional data to work. It collects data to provide the service, some of which is then saved for further analysis and product improvements. Copilot for Business collects data as described below: +GitHub Copilot for Business collects personal data from three categories of data: User Engagement Data, Prompts and Suggestions. -## User Engagement Data +### User engagement data -When you use Copilot for Business it will collect usage information about events generated when interacting with the IDE or editor. These events include user edit actions like completions accepted and dismissed, and error and general usage data to identify metrics like latency and features engagement. This information may include personal data, such as pseudonymous identifiers. +User engagement data is usage information about events generated when interacting with a code editor. These events include user edit actions (for example completions accepted and dismissed), error messages, and general usage data to identify user metrics such as latency and feature engagement. This information may include personal data, such as pseudonymous identifiers. -## Code Snippets Data +### Prompts -GitHub Copilot transmits snippets of your code from your IDE to GitHub to provide Suggestions to you. Code snippets data is only transmitted in real-time to return Suggestions, and is discarded once a Suggestion is returned. Copilot for Business does not retain any Code Snippets Data. +A prompt is the collection of code and supporting contextual information that the GitHub Copilot extension sends to GitHub to generate suggestions. The extension sends a prompt when a user working on a file pauses typing, or uses a designated keyboard shortcut to request a suggestion. -## How is data in Copilot for Business used and shared? +### Suggestions -User Engagement Data is used by GitHub, and Microsoft to provide the service and to enable improvements. +A suggestion is one or more lines of proposed code and other output returned to the Copilot extension after a prompt is received and processed by the AI models that power Copilot. -Such uses may include: +## How long does GitHub Copilot for Business retain personal data? + +### User engagement data + +User engagement data is retained by GitHub for 24 months. + +### Prompts + +Prompts are discarded once a suggestion is returned. + +### Suggestions + +Suggestions are not retained by GitHub. + +## What processing role does GitHub play with respect to personal data collected by GitHub Copilot for Business? + +For purposes of this section, we use “processor" in the meaning of the EU’s General Data Protection Regulation. + +For enterprises using Copilot for Business, GitHub acts primarily as a processor for personal data. + +GitHub’s data protection commitments to our enterprise customers are laid out in [GitHub’s Data Protection Agreement](https://github.com/customer-terms/github-data-protection-agreement) (“GitHub DPA”). Per the GitHub DPA, GitHub acts primarily as a processor (or subprocessor to enterprise customers who are processors) whenever it processes personal data to provide Copilot. “Providing” Copilot includes processing activities, such as delivering functional capabilities, troubleshooting, and making ongoing improvements. + +GitHub processes personal data as a controller in limited, contractually agreed circumstances including billing and account management, and to produce aggregated reports for capacity planning, product development and regulatory financial reports. + +## How does Copilot for Business use and share personal data? + +Prompts and Suggestions are used only to provide the service and are not retained. + +User Engagement Data is used by GitHub, and Microsoft to provide the service and to enable improvements. Such uses may include: - Evaluating GitHub Copilot, for example, by measuring the positive impact it has on the user - Fine tuning ranking and sorting algorithms and prompt crafting - Detecting potential abuse of GitHub Copilot or violation of [Acceptable Use Policies](/site-policy/acceptable-use-policies/github-acceptable-use-policies). @@ -37,4 +65,4 @@ Such uses may include: User engagement data (which includes pseudonymous identifiers and general usage data), is required for the use of GitHub Copilot and will continue to be collected, processed, and shared with Microsoft when you use GitHub Copilot. -For more information on how GitHub processes and uses personal data, please see the [GitHub Privacy Statement](/site-policy/privacy-policies/github-privacy-statement). +For more information on how GitHub processes and uses personal data, please see the [GitHub Privacy Statement](/site-policy/privacy-policies/github-privacy-statement). \ No newline at end of file