Privacy Policy

CLA Bot processes GitHub identity and CLA-signature evidence to enforce contributor license agreement requirements for GitHub organizations.

Data We Process

We process GitHub account identifiers, usernames, avatar/name metadata, session identifiers, CLA signature timestamps, signed CLA hashes, and webhook audit metadata.

Purpose

We use this data to determine whether contributors have signed the current CLA and to update PR checks/comments accordingly.

Retention

Signature records and compliance audit logs are retained indefinitely to preserve legal evidence of consent and enforcement decisions.

Your Rights

You may request access to your profile/session data and correction of inaccurate metadata. Legal signature records may be retained when required for compliance and evidentiary purposes.

Self-Hosted Instances

CLA Bot is open-source software. If you are using a self-hosted instance, the operator of that instance is responsible for its own data-handling practices. This privacy policy applies only to instances operated by the original maintainers.

Contact

For privacy requests, contact repository maintainers for the organization where you signed the CLA.

Disclaimer

This privacy policy is provided for informational purposes. The service is provided “as is” without warranties of any kind. See our Terms of Use for full warranty and liability disclaimers.