We understand the importance of your privacy and fully respect it. If you have any questions about how we process your personal data, please feel free to contact us at the email address provided in this statement. Unless otherwise specified, "we" in this statement refers to the provider of the CLA Sign service.
Personal data refers to the information that relates to an identified or identifiable individual. When you use the Contributor License Agreement Signing and Management ("CLA Sign") service, we will collect your personal data accordingly in the following circumstances. You may also obtain a quick understanding of how we collect and use personal data by reviewing the Personal Data Collection Overview.
- Corporate CLA Signing When you sign a corporate CLA, we collect the name of the authorized representative, position, company name, email address, email verification code, phone number (optional), address (optional), fax number (optional), and signed CLA document.
- Corporate Contributor Registration When you register as a corporate contributor, we collect your name, email address, corporation, and email verification code.
- Individual CLA Signing When you sign an individual CLA, we collect your name, email address, and email verification code
- Enterprise Administrator Login When you log in as an enterprise administrator, we collect your account, password, and email address.
- Community Administrator Login When you log in as a community administrator, we collect your Gitee ID, Gitee organization name, GitHub ID, and GitHub organization name.
We will collect your personal data accordingly in the following circumstances:
(1) Providing you with the CLA Sign service, for example, to ensure that you have signed the CLA when you submit code on the source code hosting platform.
(2) Contacting you.
(3) Optimizing our services by means of internal audit and statistical analysis.
(4) Optimizing experience on our website and providing better service.
We may disclose your personal data to third parties in the following circumstances:
(1) Disclosure pursuant to applicable laws and regulations.
(2) Disclosure necessary to protect the rights or property of us and/or the public. For example, we may disclose your personal data, when we believe disclosure is necessary or appropriate to prevent or defend cyber threat, fraud, physical harm, or financial loss, or when it is in connection with an investigation of suspected or actual illegal activity.
(3) Disclosure in the circumstances described in Article 4 of this statement.
To ensure our website works properly, we may at times place cookies on your computers or mobile devices. Please refer to for details about how we use cookies and similar technologies and how they process your personal data.
We may disclose your personal data to the following entities for further processing:
(1) Corporations or individuals that use the CLA Sign service in their open source projects. Such corporations or individuals will manage your signed CLA and may contact you.
(2) Your corporation. If you sign a corporation CLA through the CLA Sign service, your personal data will be used to verify your identity with your corporation.
(3) Affiliates. We may expose your personal data to our affiliates, for the purposes of service support or security support.
(4) Government agencies or judicial authorities. We may provide your personal data to relevant government agencies or judicial authorities in accordance with applicable laws and regulations.
We take the security of your personal data seriously. We take appropriate physical, organizational, and technical measures to protect your personal data from unauthorized access, disclosure, use, modification, damage, or loss, and in accordance with applicable laws and regulations.
In a word, we are committed to protecting your personal data. Nevertheless, no security measure is perfect and no product, service, website, data transfer, computing system, or network connection is absolutely secure. To deal with possible risks such as leakage, destruction, and loss of personal data, we have established a special emergency response team for security incidents. In accordance with the requirements of security incident handling specifications, the team will initiate security plans for different security incidents, carry out loss reduction, analysis, positioning, and develop remedial measures.
We will retain your personal data for the purpose of providing you with the CLA Sign service. The retention period of your personal data depends on the specific purpose of use and applicable laws or service agreements.
If you request us to delete the data (including your name and email address) collected for the purpose of signing the CLA, we will no longer be able to provide you with the corresponding services.
You should understand that the CLA is a legally binding document signed by you or the corporation you represent. It serves as a proof of your permanent grants of rights over your contributions. Therefore, we will not delete your personal data upon your request, unless deleting the data does not affect the legal effect of the CLA you have signed.
In accordance with applicable laws and regulations, you may have the following rights regarding your personal data:
(1) Access the personal data we hold about you.
(2) Request us to update or correct your personal data.
(3) Request us to erase your personal data.
(4) Object to or restrict our use of your personal data.
(5) Request us to provide you with a copy of the personal data you provided to us, provided that the processing of such personal data is based on your consent or the contract with you and is automated.
(6) Lodge a complaint with the competent data protection authority.
Generally, we will respond to your request within one month, unless otherwise required by applicable laws and regulations. Depending on the complexity of your request, we may extend the period by two further months. In this case, we will inform you of the extension and its reasons within one month of receiving your request. Please note that under some circumstances, for example where we cannot verify your identity, or your claim exceeds your rights under applicable laws, we may refuse your request. In this case, we will inform you in written form that your request is refused together with the reasons for our refusal. If you need our assistance in exercising the requests or rights above, please contact us as set out in the "How to Contact Us" section below.
You can change the scope of your authorization for us to collect your personal data or withdraw your authorization. However, your decision to withdraw your consent or authorization does not affect any previous processing of personal data based on your authorization.
Your personal data will be stored on servers in the People's Republic of China. Based on specific scenarios, your data may also be accessed and processed by our affiliates in other countries or regions. This means that your personal data may be transferred to other jurisdictions. In this case, we will ensure that the transfer complies with this statement and applicable data protection laws.
This website, including its content and services, is primarily intended for adults. Individuals under the age of 14 may not use the services we provide without the consent of a parent or guardian. If personal data of minors is collected with prior consent of their parents or guardians, we will only use or disclose such data if permitted by law, explicitly consented to by their parents or guardians, or necessary for the protection of the minors. If we inadvertently collect personal data of an individual under the age of 14 without verified prior consent from the individual's parent or guardian, we will attempt to delete the data as soon as possible.
We may update this statement from time to time according to changes of our services or data processing methods. If we update this statement, we will publish the latest version of the statement on this website, and it will take effect immediately upon its release. You are advised to review this statement periodically for any changes. If we make any substantial changes to this statement, we will notify you through appropriate channels and obtain your consent.
If you have any questions, comments, or suggestions about your personal data or any matters related to this agreement, or exercise your rights related to personal data, please contact us at [email protected].
Last updated: February 2025