Перейти к содержимому

Privacy Policy (GDPR)

E
ffective Date: April 20, 2026

Нужна политика на русском языке для пользователей из РФ и СНГ?

Нажмите сюда

1. Introduction & Controller Identity

1.1. This Privacy Policy explains how GIT2LOG LLC / JSC Git2Log Kazakhstan ("Controller", "we", "us") processes and protects the data of visitors to git2log.com (the "Website") in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").
1.2. Zero PII Principle: Our Website operates strictly as an informational resource. We do not offer user registration, accounts, newsletters, or payment processing. We will never ask you for your name, email address, phone number, or payment details.

2. Processing Which Does Not Require Identification (GDPR Article 11 Exemption)

Because we only collect technical network data (such as IP addresses) for security purposes, we cannot directly identify you as a specific natural person. In accordance with Article 11 of the GDPR, we are not obliged to maintain, acquire, or process additional information in order to identify a data subject solely to comply with the GDPR. Consequently, Articles 15 to 20 (Rights of access, rectification, erasure, and portability) do not apply unless you provide additional information enabling your identification.

3. What Data We Collect, Why, and Lawful Basis

We collect data strictly on a need-to-know basis, divided into two categories:

3.1. Technical Security Logs (Passive Collection)

  • What is collected: IP addresses, User-Agent strings, request timestamps, and requested URLs.
  • Purpose: To ensure the security, stability, and integrity of our server infrastructure, prevent DDoS attacks, and investigate malicious network anomalies.
  • Lawful Basis: Processing is necessary for our Legitimate Interests (Art. 6(1)(f) GDPR). As explicitly stated in Recital 49 of the GDPR, processing strictly necessary for the purposes of ensuring network and information security constitutes a legitimate interest.
  • Retention: Security logs are retained for a maximum of 30 days and are automatically overwritten, unless an IP address is flagged for malicious activity.

3.2. Third-Party Widgets (Active Collection via Consent)

  • What happens: The Website features a GitHub widget to display repository and organizational data.
  • How it works: By default, this widget is strictly disabled. Your IP address will only be processed and transmitted to GitHub Inc. if you voluntarily click "Accept" on our Cookie Consent banner.
  • Lawful Basis: Explicit Consent (Art. 6(1)(a) GDPR). If consent is withheld, the widget remains inactive, and zero data is transmitted.

4. International Data Transfers (US Transfers)

4.1. The Controller utilizes global CDN infrastructure. Technical logs are stored on secure servers with strict access controls and Full Disk Encryption (LUKS).
4.2. GitHub Widget: If you consent to the GitHub widget, your IP address is transmitted to GitHub API servers in the United States. This transfer relies on your explicit consent and GitHub's certification under the EU-US Data Privacy Framework (DPF), providing an adequate level of protection pursuant to Art. 45 GDPR.

5. Prevention of Traffic Spoofing and Network Abuse

5.1. Network activity identified by our Intrusion Detection/Prevention Systems (IDS/IPS) as automated scanning, brute-force attempts, DDoS attacks, Server Name Indication (SNI) spoofing, or attempts to use the Website's domain as a front to route illegal traffic, is deemed malicious.
5.2. IP addresses engaged in such malicious activities lose the standard protections afforded to legitimate users. We reserve the right to retain these IP addresses in quarantine databases indefinitely and share them with global Threat Intelligence centers and relevant law enforcement authorities to protect our infrastructure.

6. Your Rights under the GDPR

Despite the limitations of Article 11, you maintain core rights regarding your privacy:

  • Right to Withdraw Consent: You can easily withdraw your consent for the GitHub widget at any time by clearing your browser cookies.
  • Right to Object: You have the right to object to processing based on legitimate interests, though this may be overridden by our compelling need to maintain server security.
  • Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory data protection authority in your country of habitual residence, place of work, or place of the alleged infringement.

7. Do Not Track (DNT) & Global Privacy Control (GPC)

We respect your automated privacy choices. If your browser sends a "Do Not Track" (DNT) or "Global Privacy Control" (GPC) signal, our Website automatically suppresses the initialization of all third-party widgets (including the GitHub API), seamlessly overriding any prior banner consent.

For detailed information regarding how we deploy strictly necessary cookies, integrate third-party widgets, and how you can granularly manage your preferences, please refer to our dedicated Cookie Policy, which forms an integral part of this Privacy Policy.

8. Children's Privacy

The Website is strictly informational and technical. We do not knowingly collect or solicit data from anyone under the age of 16.

9. Contact Us

For any privacy-related inquiries, please contact our Data Protection team at: privacy-en@git2log.com.