Published on: March 4, 2021
1 min read
GitLab solicits input on its plans to de-identify service usage data
To better protect our users' data, we are building our own internal system that de-identifies userIDs and other personal information prior to being moved into our internal analytics environment.
What isn’t changing
No changes are being made to the policy on service usage data collection from SaaS or Self-Managed customers at this time.
What is changing
- Further limit access levels to a smaller number of individuals with access to identifiable information.
- Introduction of a new system to de-identify users and other personal information from multi-user instances before the information lands in GitLab’s analytics environment. This will allow GitLab to roll up more aggregated, de-identified user-level activity at the account level.
De-identification isn’t perfect
While we will be de-identifying userID and PI, there is a gap for single user namespaces. If a namespace only has a single user, there is potential for them to be linked to that account directly, even after de-identification. We will continue to investigate a solution to this.
Timeline and implementation
We will collect input on design and implementation over the next 30 days in the GitLab Community Forum. We plan to implement these changes starting in June 2021.
More information
Please find more information about our privacy policy. Further details on how service usage data is used for product improvement can be found on our Product Direction page. Also see GitLab’s analytics environment.