code-of-conduct.rst 65.8 KB
Newer Older
Boris Budini's avatar
Boris Budini committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370
.. note::
  **This page was uploaded from GitLab's Handbook**

Code of Business Conduct & Ethics

GitLab is committed to serving our customers and employing individuals
with personal standards consistent with that of our
`values </handbook/values/>`__. This Code is designed to deter
wrongdoing and to promote:

-  Honest and ethical conduct, including the ethical handling of actual
   or apparent conflicts of interest between personal and professional
-  Full, fair, accurate, timely, and understandable disclosure in
   reports and documents we file with regulatory agencies and in our
   other public communications;
-  Compliance with applicable laws, rules, and regulations;
-  The prompt internal reporting of violations of this Code; and
-  Accountability for adherence to this Code.

Our Code applies to all directors, officers, employees, and contractors
of GitLab and its affiliates and subsidiaries. Agents and vendors of
GitLab are also expected to read, understand, and abide by this Code.

This Code should help guide your conduct in the course of our business.
Many of the principles described in this Code are general in nature, and
the Code does not cover every situation that may arise. Use common sense
and good judgment in applying this Code. If you have any questions about
applying the Code, please seek guidance. Not all information regarding
the conduct of our business is found in this Code. Please review the
applicable policies and procedures in specific areas as they apply as
found in our `Team Handbook </handbook/>`__.

Complying with the Code

To maintain the highest standards of integrity, we must dedicate
ourselves to complying with this Code, company policies and procedures,
and applicable laws and regulations. Violations of this Code not only
damage our company’s standing in the communities we serve--they may also
be illegal. Team members involved in violating this Code will likely
face negative consequences. GitLab will take the appropriate
disciplinary action in response to each case, up to and including
termination. In addition, team members involved may be subject to
government fines or criminal or civil liability.

Reporting Violations

If you think this Code or any GitLab policy is being violated, or if you
have an ethics question, you have several reporting options:

-  Discuss the issue with your supervisor
-  Discuss the issue with another supervisor or manager
-  Contact People Operations or Legal department.
-  Contact GitLab’s 24-hour hotline

All reports (formal or informal) made to a GitLab supervisor, manager or
executive should be promptly escalated to People Operations and the
Legal team. GitLab will then review the report promptly and thoroughly
to determine if an investigation is warranted.

**Investigation Process** If Legal has determined it appropriate, GitLab
will promptly initiate an appropriate investigation into all possible
violations of law and GitLab policy. The Senior Director of Legal
Affairs will engage the HR Business Partner assigned to the business
department to investigate the report(s), unless the complaint is against
a member of the People Operations team, in which case the investigation
will be conducted by the Legal team. If the report is made against a
member of the executive team or if there are multiple complainants
regarding the same individual and/or issue, outside counsel will be
retained by Legal to conduct the investigation. If the complaint is made
against a member of the Legal team, the Chief Culture Officer will lead
the investigation.

GitLab expects all employees and contractors to cooperate in
investigations fully and candidly.

**Investigation Timeline** GitLab will make all reasonable efforts to
initiate an investigation into the allegation(s) and conclude the
investigation in a timely fashion. Depending on the type of
investigation the steps and timeline for each investigation will vary.

**Investigation Findings**

The investigation findings will be reported back to the Senior Director
of Legal Affairs. Based on the investigation findings, Legal will make a
determination as to whether the allegation(s) were founded, unfounded or
inconclusive. This determination will be documented in writing and made
part of the investigation report. The determinations are as follows:

-  Violation Found. Where a violation of GitLab policies, workplace
   rules or law is found to have occurred, Legal will review the
   findings and make a recommendation for corrective action to the Chief
   Culture Officer and the executive leader of the accused's reporting
   line. Together the CCO, the business unit and Legal will determine
   the proper corrective action. If the accused is a member of the
   executive team then Legal will confer with the CEO, and where
   necessary, the Board of Directors. Once a corrective action has been
   determined, the accused will be notified of the finding and of the
   specific corrective actions to be taken. The accused employee's
   manager will also be notified if appropriate. No details about the
   nature or extent of disciplinary or corrective actions will be
   disclosed to the complainant(s) or witness(es) unless there is as
   compelling reason to do so (e.g., personal safety)
-  No Violation Found. In this situation, the complainant (if known) and
   the accused should be notified that GitLab investigated the
   allegation(s) and found that the evidence did not support the claim.
-  Inconclusive investigation. In some cases, the evidence may not
   conclusively indicate whether the allegation(s) was founded or
   unfounded. If such a situation occurs, the complainant (if known) and
   the accused will be notified that a thorough investigation has been
   conducted, but GitLab has been unable to establish the truth or
   falsity of the allegation(s). GitLab will take appropriate steps to
   ensure that the persons involved understand the requirements of
   GitLab's policies and applicable law, and that GitLab will monitor
   the situation to ensure compliance in the future.

**How to Contact GitLab's 24-hour hotline:**

GitLab has engaged Lighthouse Services to provide an anonymous ethics
and compliance hotline for all team members. The purpose of the service
is to insure that any team member wishing to submit a report anonymously
can do so without the fear of
`retribution <#commitment-to-non-retaliation>`__.

Reports may cover but are not limited to the following topics: Ethical
violations, Wrongful Discharge, Unsafe Working Conditions, Internal
Controls, Quality of Service, Vandalism and Sabotage, `Sexual
Harassment </handbook/anti-harassment/#sts=Sexual%20Harassment>`__,
Theft, Discrimination, Conduct Violations, Alcohol and Substance Abuse,
Threats, Fraud, Bribery and Kickbacks, Conflict of Interest, Improper
Conduct, Theft and Embezzlement, Violation of Company Policy, Violation
of the Law, Misuse of Company Property, Falsification of Contract,
Reports or Records.

Please note that the information provided by you may be the basis of an
internal and/or external investigation into the issue you are reporting
and your anonymity will be protected to the extent possible by law by
Lighthouse. However, your identity may become known during the course of
the investigation because of the information you have provided. Reports
are submitted by Lighthouse to a company designee for investigation
according to our company policies.

Lighthouse Services toll free number and other methods of reporting are
available 24 hours a day, 7 days a week for use by team members.

-  Website:
-  USA Telephone:

   -  English speaking USA and Canada: 833-480-0010
   -  Spanish speaking USA and Canada: 800-216-1288
   -  French speaking Canada: 855-725-0002
   -  Spanish speaking Mexico: 01-800-681-5340

-  All other countries telephone: +1-800-603-2869
-  E-mail: (must include company name
   with report)
-  Fax: (215) 689-3885 (must include company name with report)

Commitment to Non-Retaliation

Any employee or contractor who reports a violation will be treated with
dignity and respect and will not be subjected to any form of discipline
or retaliation for reporting in good faith. Retaliation against anyone
who provides information or otherwise assists in an investigation or
proceeding will be treated as a violation of this Code.


Having a diverse workforce--made up of team members who bring a wide
variety of skills, abilities, experiences and perspectives--is essential
to our success. We are committed to the principles of equal opportunity,
inclusion, and respect. All employment-related decisions must be based
on company needs, job requirements, and individual qualifications.
Always take full advantage of what our team members have to offer;
listen and be inclusive.

-  We do not tolerate discrimination against anyone--team members,
   customers, business partners, or other stakeholders--on the basis of
   race, color, religion, national origin, sex (including pregnancy),
   age, disability, HIV status, sexual orientation, gender identity,
   marital status, past or present military service ,or any other status
   protected by the laws or regulations in the locations where we
-  We comply with laws regarding employment of immigrants and
   non-citizens and provide equal employment opportunity to everyone who
   is legally authorized to work in the applicable country.
-  We provide reasonable accommodations to individuals with disabilities
   and remove any artificial barriers to success.

Report suspected discrimination right away and never retaliate against
anyone who raises a good faith belief that unlawful discrimination has
occurred. Employees and contractors should refer to the `GitLab
Anti-Harassment Policy </handbook/anti-harassment/>`__ for more


Every employee or contractor has a right to a work environment free from
harassment, regardless of whether the harasser is a co-worker,
supervisor, manager, customer, vendor, or visitor. Please refer to the
`GitLab Anti-Harassment Policy </handbook/anti-harassment/>`__ for more
information. As is the case with any violation of the Code, you have a
responsibility to report any harassing behavior or condition regardless
of if you are directly involved or just a witness.

Fair Wages

Our company is committed to following all applicable wage and hour laws
and regulations. To help ensure that all work performed for GitLab is
compensated correctly, team members compensated on the basis of hours
worked must `report and record
time </handbook/finance/#sts=Timesheets>`__ accurately. For more
information on compensation, please refer to our `Compensation
Principles </handbook/people-operations/global-compensation/>`__.

Substance Abuse

GitLab strives to maintain a workplace that is free from illegal use,
possession, sale, or distribution of alcohol or controlled substances.
Legal or illegal substances shall not be used in a manner that impairs a
person’s performance of assigned tasks. This will help to maintain the
efficient and effective operation of the business, and to ensure
customers receive the proper service. GitLab team members must also
adhere the local laws of where they reside and where they travel to,
including the `GitLab Summit </company/culture/contribute/>`__.

Employee Information Privacy

GitLab respects the confidentiality of the personal information of
employees and contractors. This includes employee and contractor medical
and personnel records. All team members records are kept in
`BambooHR </handbook/people-operations/#sts=Using%20BambooHR>`__. Team
members have self service access to their profile. Where available,
documents and information are shared with the team member within the
platform. If the team member would like to view their entire profile
from the admin view, please schedule a call with People Operations to
walk through a screen share or request screenshots to be sent to your
personal email address. Access to personal information is only
authorized when there is a legitimate and lawful reason, and access is
only granted to appropriate personnel. Requests for confidential
employee or contractor information from anyone outside our company under
any circumstances must be approved in accordance with applicable laws.
It is important to remember, however, that employees and contractors
should have no expectation of privacy with regard to normal course
workplace communication or any personal property used for GitLab

If there is no requirement within someone's job description to be
public-facing, then team members can opt-out of any public exposure.
Team members can opt-out of being added to the `team
page <>`__ or what content about
them is shown on the team page and can use either only their initials or
an alias if desired. Since GitLab publishes much of our content,
including video calls and meetings, the only way to ensure no unwanted
exposure from these videos is to have video turned off and initials or
an alias added to the Zoom profile name whenever a call is being
recorded. Zoom shows whether a call is being recorded at the top right
of the video screen, and team members are always encouraged to ask if a
video will be shared or not. For any GitLab livestreams through YouTube,
a team member can watch and comment through YouTube instead of through
the internal video call. Any questions can be sent directly to our
People Ops and Legal teams.

Proprietary and Confidential Information

In carrying out GitLab’s business, team members often learn confidential
or proprietary information about our company, its customers, prospective
customers, or other third parties. Team members must maintain the
confidentiality of all information entrusted to them, except when
disclosure is authorized or legally mandated.

Confidential or proprietary information includes: \* Any non-public
information concerning GitLab, including its businesses, financial
performance, results or prospects \* Any non-public information provided
by a third party - With the expectation that the information will be
kept confidential and used solely for the business purpose for which it
was conveyed

GitLab’s confidentiality provisions can be found in the `employee and
templates </handbook/contracts/#employee-contractor-agreements>`__, but
these may vary from what you agreed to at the time of your contract. For
specific information about your obligations regarding confidentiality,
please reference your contract.

Physical Assets and Resources

All employees and contractors must protect our `company
assets </handbook/spending-company-money/>`__, such as equipment,
inventory, supplies, cash, and information. Treat company assets with
the same care you would if they were your own. No employee or contractor
may commit theft, fraud or embezzlement, or misuse company property.

GitLab Internal Acceptable Use Policy

The `Gitlab Internal Acceptable Use
Policy <>`__
specifies requirements related to the use of GitLab computing resources
and data assets by GitLab team members so as to protect our customers,
team members, contractors, company, and other partners from harm caused
by both deliberate and inadvertent misuse. Our intention in publishing
`policy <>`__
is not to impose restrictions but outline information security
guidelines intended to protect GitLab assets.

Proper Use of Electronic Media

Our company uses global electronic communications and resources as
routine parts of our business activities. It is essential that
electronic resources used to perform company business are protected to
ensure that these resources are accessible for business purposes and
operated in a cost-effective manner, that our company’s reputation is
protected, and that we minimize the potential for legal risk.

In addition to following the `Social Media
Guidelines </handbook/marketing/social-media-guidelines/>`__, when
utilizing social media think about the effect of statements that you
make. Keep in mind that these transmissions are permanent and easily
transferable, and can affect our company’s reputation and relationships
with team members and customers. When using social media tools like
blogs, Facebook, Twitter or wikis, ensure that you do not make comments
on behalf of GitLab without proper authorization. Also, you must not
disclose our company’s confidential or proprietary information about our
business, our suppliers, or our customers.

Protecting Customer/Third Party Information Privacy

We take the protection of privacy for our customer’s, consumer’s, and
other third parties that have entrusted us with information very
seriously. Customer or third party information includes any information
about a specific customer/third party, including such things as name,
address, phone numbers, financial information, etc.

-  We follow all applicable laws and regulations directed toward privacy
   and information security. Keeping customer information secure and
   using it appropriately is a top priority for our company.
-  We must safeguard any confidential information customers or third
   parties share with us.
-  We must also ensure that such information is used only for the
   reasons for which the information was gathered, unless further use is
   allowed by law.
-  We do not disclose any information about a third party without the
   written approval unless legally required to do so (for example, under
   a court-issued subpoena).

If you do not have a business reason to access this information, you
should not do so. If you do, you must also take steps to protect the
information against unauthorized use or release in line with our
`Security Best Practices </handbook/security/>`__.

Intellectual Property and Protecting IP

Our `intellectual property </handbook/contracts/#piaa-agreements>`__ is
among our most valuable assets. Intellectual property refers to
creations of the human mind that are protected by various national laws
and international treaties. Intellectual property includes copyrights,
patents, trademarks, trade secrets, design rights, logos, expertise, and
other intangible industrial or commercial property. We must protect and,
when appropriate, enforce our intellectual property rights. We also
respect the intellectual property belonging to third parties. It is our
policy to not knowingly infringe upon the intellectual property rights
of others.

1. Take proper care of any **confidential** information you get from our
2. As an employee or contractor, the things you create for GitLab belong
   to our company.

-  This work product includes inventions, discoveries, ideas,
   improvements, software programs, artwork, and works of authorship.
   This work product is our company’s property (it does not belong to
   individuals) if it is created or developed, in whole or in part, on
   company time, as part of your duties or through the use of company
   resources or information.

1. If you copy code always **check** the license and attribute when
   needed or appropriate.
2. Check community **contributions** and do not merge it when there can
   be doubt about the ownership.
3. Only the CEO of the company **signs** legal documents such as NDAs.
   Sales people and the business office manager can upload them via
4. View our `DMCA policy </handbook/dmca>`__ in regards to copyright /
   intellectual property violations

Assignment of intellectual property is addressed in the `employee and
templates </handbook/contracts/#employee-contractor-agreements>`__, but
these may vary from what you agreed to at the time of your contract. For
specific information about your obligations regarding intellectual
property rights and obligations, please reference your contract.

Antitrust and Fair Competition

All directors, officers, employees, and contractors must comply with
antitrust and competition laws which prohibit collusive or unfair
business behavior that restricts free competition. These laws are quite
complicated, and failure to adhere to these laws could result in
significant penalties imposed on both GitLab and the employees and/or
contractors who violated the law.

Unlawful behavior examples: enter agreements with competitors to fix
prices, bid rigging, terms of sale, production output, divide markets or
customers, attempts to discriminate in prices or terms of sale among our
customers, otherwise restrict the freedom of our customers to compete,
and refusing to deal with certain customers or competitors.

Such laws prohibit efforts and actions to restrain or limit competition
between companies that otherwise would be competing for business in the
marketplace. You must be particularly careful when you interact with any
employees or contractors or representatives of GitLab’s competitors,
especially at trade association meetings or other industry or trade
events where competitors may interact. Under no circumstances should you
discuss customers, prospects, pricing, or other business terms with any
employees or contractors or representatives of our competitors. If you
are not careful, you could find that you have violated antitrust and
competition laws if you discuss or make an agreement with a competitor

-  Prices or pricing strategy,
-  Discounts,
-  Terms of our customer relationships,
-  Sales policies,
-  Marketing plans,
-  Customer selection,
-  Allocating customers or market areas, or
-  Contract terms and contracting strategies.

Depending on business justification and effect on competition, other
practices not involving competitors may also result in civil violations
of the antitrust and competition laws. These practices include:

-  Exclusive dealing,
-  Bundling/package offerings,
-  Resale restrictions, and
-  Selective discounting.

We engage in open and fair procurement activities regardless of
nationality or the size of the transaction. Suppliers are selected on a
competitive basis based on total value, which includes quality,
suitability, performance, service, technology, and price. We strive
toward establishing mutually beneficial relationships with our suppliers
based on close cooperation and open communication. Terms and conditions
defining our relationship with suppliers are communicated early in the
supplier selection process. Any agreements to such terms and conditions,
or any acceptable modifications, are reached before work begins.

Honest Advertising and Marketing

It is our responsibility to accurately represent GitLab and our products
in our marketing, advertising, and sales materials. Deliberately
misleading messages, omissions of important facts or false claims about
our products, individuals, competitors or their products, services, or
employees or contractors are inconsistent with our values. Sometimes it
is necessary to make comparisons between our products and our
competitors. When we do, we will make factual and accurate statements
that can be easily verified or reasonably relied upon.

Obtain Competitive Information Fairly

Gathering information about our competitors, often called competitive
intelligence, is a legitimate business practice. Doing so helps us stay
competitive in the marketplace; however, we must never use any illegal
or unethical means to get information about other companies.

Legitimate sources of competitive information include: \* publicly
available information such as news accounts \* industry surveys \*
competitors' displays at conferences and trade shows \* information
publicly available on the Internet \* from customers and suppliers
(unless they are prohibited from sharing the information) \* by
obtaining a license to use the information or actually purchasing the
ownership of the information

When working with consultants, vendors, and other partners, ensure that
they understand and follow GitLab policy on gathering competitive

Anti-Money Laundering

Money laundering is a global problem with far-reaching and serious
consequences. Money laundering is defined as the process of converting
illegal proceeds so that funds are made to appear legitimate, and it is
not limited to cash transactions.

Complex commercial transactions may hide financing for criminal activity
such as terrorism, illegal narcotics trade, bribery, and fraud.
Involvement in such activities undermines our integrity, damages our
reputation and can expose GitLab and individuals to severe sanctions.

Our company forbids knowingly engaging in transactions that facilitate
money laundering or result in unlawful diversion. Anti-money laundering
laws require transparency of payments and the identity of all parties to
transactions. We are committed to full compliance with anti-money
laundering laws throughout the world and will conduct business only with
reputable customers involved in legitimate business activities and

Selection and Use of Third Parties/Procurement (Fair Purchasing)

We believe in doing business with third parties that embrace and
demonstrate high principles of ethical business behavior. We rely on
suppliers, contractors, and consultants to help us accomplish our goals.
They are part of the GitLab team and should be treated according to our
values. To create an environment where our suppliers and consultants
have an incentive to work with GitLab, they must be confident that they
will be treated in an ethical manner. We offer fair opportunities for
prospective third parties to compete for our business. The manner in
which we select our suppliers and the character of the suppliers we
select reflect on the way we conduct business.

Anti-corruption / Anti-bribery

Globally, many countries have laws that prohibit bribery, kickbacks, and
other improper payments. No GitLab employee, contractor, officer, agent,
or vendor acting on our behalf may offer or provide bribes or other
improper benefits in order to obtain business or an unfair advantage.
You must avoid participating in commercial bribery and kickbacks, or
even the appearance of it, in all of our business dealings. Even in
locations where such activity may not, technically speaking, be illegal,
it is absolutely prohibited by our company policy.


1. Commercial bribery involves a situation where something of value is
   given to a current or prospective business partner with the intent to
   obtain business or influence a business decision.
2. Kickbacks are agreements to return a sum of money to another party in
   exchange for making or arranging a business transaction.
3. A bribe is defined as directly or indirectly offering anything of
   value to influence or induce action, or to secure an improper
4. Anything of value is very broadly defined and can include such things

-  Cash
-  Gifts
-  Meals
-  Entertainment
-  Travel and lodging
-  Personal services
-  Charitable donations
-  Business opportunities
-  Favors
-  Offers of employment


1. No employee or contractor shall make or promise to make, directly or
   indirectly, any payment of money or object of value to any foreign
   official of a government, political party, or a candidate for
   political office for the purpose of inducing or influencing actions
   in any way to assist our company in obtaining or retaining business
   for or with GitLab.
2. The exchange of appropriate gifts and entertainment is often a way to
   build our business relationships. However, you must conduct business
   with customers, suppliers, and government agencies (including U.S.
   and non-U.S. governments) without giving or accepting bribes
   including (but not limited to) commercial bribery and kickbacks.

Gifts and Entertainment

Modest gifts, favors, and entertainment are often used to strengthen
business relationships. However, no gift, favor, or entertainment should
be accepted or given if it obligates, or appears to obligate, the
recipient, or if it might be perceived as an attempt to influence fair

In general, unless you have supervisory approval you should not provide
any gift or entertainment to customers, suppliers, or others that you
would not be able to accept from a customer, supplier, or other
applicable parties.

All directors, executives, and anyone else in the company participating
in vendor selection, must disclose all gifts and entertainment valuing
over US$250 for the six months prior to the vendor selection and during
the term of the services and for a period of twelve months after
services have been completed. The disclosure shall be made to the Legal
department, and shall include the value of the gift or entertainment,
the individual or company providing the gift, favor, or entertainment,
and the date on which it was received. If you have any questions
relating to this section, feel free to contact the Legal department.

Trade Compliance (Export/Import Control)

We comply with all import and export laws and regulations in countries
in which we operate. These laws restrict transfers, exports, and sales
of products or technical data to certain prescribed countries and
persons as well as re-export of certain such items from one location to

If you are involved in importing and exporting goods and data, you are
responsible for knowing and following these laws. We do not cooperate
with foreign boycotts that are not approved by the respective
government. If you receive a request related to any boycott, contact the
Legal department and do not respond to the request.

Certain laws prohibit transactions with persons or entities that have
violated export-related laws or are believed to pose a threat to
national security. Additionally, doing business with certain countries
may result in imposed economic sanctions. We must perform due diligence
before any transaction that has an international element to determine
whether such parties are on a restricted list.

Government Customers/Contracting

We must ensure all statements and representation to government
procurement officials are accurate and truthful, including costs and
other financial data. If your assignment directly involves the
government or if you are responsible for someone working with the
government on behalf of GitLab, be alert to the special rules and
regulations applicable to our government customers. Additional steps
should be taken to understand and comply with these requirements.

Any conduct that could appear improper should be avoided when dealing
with government officials and employees or contractors. Payments, gifts,
or other favors given to a government official or employee are strictly
prohibited as it may appear to be a means of influence or a bribe.
Failure to avoid these activities may expose the government agency, the
government employee, our company, and you to substantial fines and

Maintain Accurate Financial Records / Internal Accounting Controls

Accurate and reliable records are crucial to our business. Records will
be maintained accurately to: \* ensure legal and ethical business
practices \* prevent fraudulent activities \* ensure that the
information we record, process, and analyze is accurate, and recorded in
accordance with applicable legal or accounting principles \* ensure that
it is made secure and readily available to those with a need to know the
information on a timely basis.

GitLab records include: \* booking information \* payroll \* timecards
\* travel and expense reports \* e-mails \* accounting and financial
data \* measurement and performance records \* electronic data files \*
all other records maintained in the ordinary course of our business

There is never a reason to make false or misleading entries. Undisclosed
or unrecorded funds, payments, or receipts are inconsistent with our
business practices and are prohibited.

Manage Records Properly

Our records are our corporate memory, providing evidence of actions and
decisions and containing data and information critical to the continuity
of our business.

Records consist of all forms of information created or received by
GitLab, whether originals or copies, regardless of media. Examples of
company records include: \* paper documents \* e-mail \* electronic
files stored on disk \* tape or any other medium (CD, DVD, USB data
storage devices, etc.) that contains information about our company or
our business activities

We are responsible for properly labeling and carefully handling
confidential, sensitive, and proprietary information and securing it
when not in use. We do not destroy official company documents or records
before the retention time expires, but do destroy documents when they no
longer have useful business purpose.

Avoiding Conflicts of Interest

We have an obligation to make sound business decisions in the best
interests of GitLab without the influence of personal interests or gain.
Our company requires you to avoid any conflict, or even the appearance
of a conflict, between your personal interests and the interests of our

A conflict exists when your interests, duties, obligations or
activities, or those of a family member are, or may be, in conflict or
incompatible with the interests of GitLab. Conflicts of interest expose
our personal judgment and that of our company to increased scrutiny and
criticism and can undermine our credibility and the trust that others
place in us.

Should any business or personal conflict of interest arise, or even
appear to arise, you should `disclose it immediately to leadership for
review </handbook/contracts/#approval-for-outside-projects>`__. In some
instances, disclosure may not be sufficient and we may require that the
conduct be stopped or that actions taken be reversed where possible. As
it is impossible to describe every potential conflict, we rely on you to
exercise sound judgment, to seek advice when appropriate, and to adhere
to the highest standards of integrity.

Communicating with External Parties

GitLab employees and contractors are not authorized to speak with the
media, investors, and analysts on behalf of our company unless
authorized by our Marketing department. Unless authorized, do not give
the impression that you are speaking on behalf of GitLab in any
communication that may become public. This includes posts to online
forums, social media sites, blogs, chat rooms, and bulletin boards. This
policy also applies to comments to journalists about specific matters
that relate to our businesses, as well as letters to the editor and
endorsements of products or services.

Social Responsibility

We pride ourselves on being a company that operates with integrity,
makes good choices, and does the right thing in every aspect of our
business. We will continually challenge ourselves to define what being a
responsible company means to us, and work to translate our definition
into behavior and improvements at GitLab. We seek to align our social
and environmental efforts with our business goals and continue to
develop both qualitative and quantitative metrics to assess our

Political Activities and Contributions

You may support the political process through personal contributions or
by volunteering your personal time to the candidates or organizations of
your choice. These activities, however, must not be conducted on company
time or involve the use of any company resources. You may not make or
commit to political contributions on behalf of GitLab.

Charitable Contributions

We support community development throughout the world. GitLab employees
or contractors may contribute to these efforts, or may choose to
contribute to organizations of their own choice. However, as with
political activities, you may not use company resources to personally
support charitable or other non-profit institutions not specifically
sanctioned or supported by our company. You should consult the Legal
department if you have questions about permissible use of company

Human Rights

We are committed to upholding fundamental human rights and believe that
all human beings around the world should be treated with dignity,
fairness, and respect. Our company will only engage suppliers and direct
contractors who demonstrate a serious commitment to the health and
safety of their workers, and operate in compliance with human rights
laws. GitLab does not use or condone the use of slave labor or human
trafficking, denounces any degrading treatment of individuals or unsafe
working condition, and supports our products being free of conflict

Code of Business Conduct & Ethics Acknowledgment Form

Team members will review and sign the `Code of Business Conduct & Ethics
Form <>`__
during onboarding as well as annually during the `Global Compensation
Review </handbook/people-operations/global-compensation/#annual-compensation-review>`__

GitLab People Policy Directory

All of the policies listed below are important for GitLabbers to read
and understand as they deal with people benefits, procedures, and
requirements of the company. If you have any questions around the
internal policies, please reach out to People Operations.

Sick Time - Taking and Reporting

In keeping with our `values </handbook/values>`__ of freedom,
efficiency, transparency, kindness, and boring solutions, we have

**All GitLabbers**

-  If you or a loved one is ill, we want you to take care of yourself or
   your loved one(s). To facilitate this, you should take sick leave
   when you need it. Sick leave is meant to be used when you are ill, or
   to care for family members including your parent(s), child(ren),
   spouse, registered domestic partner, grandparent(s), grandchild(ren),
   and sibling(s).
-  You do need to report when you take sick leave, either by emailing
   your manager and People Ops, or by using the "Request time off"
   function in BambooHR. This way, it can be tracked in BambooHR and
   related payroll systems.
-  If you need sick leave for more than 8 consecutive calendar days,
   notify your manager and People Ops to accommodate an extended leave
   request. What can (or must) be accommodated varies from location to
   location: GitLab will comply with the applicable laws in your
   specific location.
-  Upon request, you should be able to provide proper documentation of
   the reason for your sick leave (doctor's note).

**Details for specific groups of GitLabbers**

-  Employees of GitLab Inc. who receive a pay stub from TriNet will see
   sick time accrue on their pay stub at the rate of 0.0346 hrs per hour
   worked (3 hours of sick leave per semi-monthly pay-period) for a
   maximum accrual and carry-over of 72 hours per year. GitLab's policy
   is more generous than this, in the sense that you can take off
   non-accrued sick time as written above (a negative balance may show
   on your pay stub). Sick time does not get paid out in case of
   termination, nor does it reduce your final paycheck in case of a
   negative balance. Related to the topic of extended leave requests,
   see information about `short term
   disability </handbook/benefits/#std-ltd>`__ through TriNet / your
-  Employees of GitLab B.V. have further rights and responsibilities
   regarding sick time based on Dutch law, as written into their
   `contracts </handbook/contracts/#employee-contractor-agreements>`__.
-  Once People Operations has been notified of the sickness they will
   also inform HRSavvy.
-  GitLab has engaged with an occupational health and safety centre,
   Zorg van de Zaak, to assist employees of GitLab B.V. who may need
   support whilst being on long-term sick leave.
-  If an employee is sick People Operations will inform HRSavvy and they
   will be registered in their HR portal from the first day of sickness.
-  If the employee is then on long-term sick leave (1 working week or
   more) depending on the situation and agreement with the employee,
   People Operations will instruct HRSavvy to register the employee at
   the occupational health and safety service.
-  Zorg van de Zaak's contact details can be found in the People
   Operations 1Password vault.

Worker's Compensation

If you have been injured at work, please contact People Operations to
determine what your benefits are.

Military Leave

GitLab is committed to protecting the position rights of team members
absent on military leave. No team member or prospective team member will
be subjected to any form of discrimination on the basis of membership in
or obligation to perform service for any of the uniformed services of
their country of residency. If any team member believes that he or she
has been subjected to discrimination in violation of this policy,
immediately contact People Operations for assistance. For any questions
about how to initiate a military leave, please contact People

Hiring Significant Others or Family Members

GitLab is committed to a policy of employment and advancement based on
**qualifications and merit** and does not discriminate in favor of or in
opposition to the employment of significant others or relatives. Due to
the potential for perceived or actual conflicts, such as favoritism or
personal conflicts from outside the work environment, which can be
carried into the daily working relationship, GitLab will hire or
consider other employment actions concerning significant others and/or
relatives of persons currently employed or contracted only if: a)
candidates for employment will not be working directly for or
supervising a significant other or relative, b) candidates for
employment will not occupy a position in which they may be privy to
confidential, highly sensitive information that the significant other or
relative **should not** have access to, *and* c) candidates for
employment will not occupy a position in the same line of authority in
which employees can initiate or participate in decisions involving a
direct benefit to the significant other or relative. Such decisions
include hiring, retention, transfer, promotion, wages, and leave

This policy applies to all current employees and candidates for


If your permanent address is changing, notify People Operations of the
new address before the pay cycle of the move. The best way to do this is
by logging in to BambooHR and changing your address under the
**Personal** tab. This triggers a message to the BambooHR admin to
review the change and "accept" it.

If you are going to spend six months or more in one location this will
be considered as a relocation and your compensation will be evaluated
based on the new metro region.

-  If your relocation is to a different metro area, then to stay aligned
   with our `compensation
   principles </handbook/people-operations/global-compensation-calculator/#compensation-principles>`__
   and per the `standard contract agreements </handbook/contracts>`__,
   you should obtain written agreement first from your manager and then
   from People Operations. You must have approval 30 days prior to any
   official move. If you are considering a move it is best to discuss
   this with your manager as soon as possible, not after you have
   actually moved, to understand the impact to compensation or your role
   at GitLab. In almost all situations the compensation may change. In
   some instances a move will not align to your proposed location, (e.g.
   a recruiter hired in EMEA to support EMEA would not be approved to
   move to the US). It is the company's discretion to offer you a
   contract in your new location or to not continue with your contract
   based on a relocation. For an idea about the impact please see our
   `move calculator </job-families/move>`__. The move calculator may not
   always yield accurate results. Run your move past our People
   Operations Analyst and Chief Culture Officer for an accurate salary
   in the new `geographical
   area </handbook/people-operations/global-compensation/#geographical-areas>`__.
-  If the team member is moving to a lower cost of living, the change
   only needs to be approved by their manager and the Chief Culture
   Officer. If the team member is moving to a higher cost of living, the
   People Ops Analyst will escalate to the Chief Culture Officer and the
   CEO for approval.
-  People Ops will check that any necessary changes to payroll and
   benefits administration are processed in time.
-  People Ops will process any changes that are agreed on, and file the
   email in BambooHR.
-  If there are any questions or concerns, please reach out to the Chief
   Culture Officer.

Tuition Reimbursement

GitLab supports team members who wish to continue their education and
growth within their professional career. If you are a full-time
GitLabber and have been employed for more than three months, you are
eligible to participate in this program. To be eligible for
reimbursement, courses must be a requirement of a degree or
certification program and delivered through a credentialed college or

GitLabbers are eligible for a reimbursement of up to `4,000
USD </handbook/people-operations/global-compensation/#exchange-rates>`__
per calendar year (January 1st - December 31st). There is no limit to
the number of years a team member can participate in the program.
Courses eligible for reimbursement include for credit classes resulting
in a grade (not pass/fail), courses providing continuing education
credits, and/or courses taken as part of a certification program. You
must earn a passing grade equivalent to a “B” or obtain a successful
completion certification to submit for reimbursement. The program will
cover only the tuition and enrollment related fees. Additional fees
related to parking, books, supplies, technology, or administrative
charges are not covered as part of the program. Tuition will be
validated by receipt of payment. A description of the course(s) and
degree or certification program along with a final grade report or
satisfactory certificate of completion are required to receive

Tuition Reimbursement Process

To receive tuition reimbursement, GitLabbers should follow the following

1. GitLabber first discusses their interest in professional development
   with their manager.
2. If the manager agrees that the degree or certification program is
   aligned with the business and growth opportunities within GitLab, a
   minimum of three weeks prior to the course start date, the GitLabber
   fills out a `Tuition Reimbursement
   Agreement <>`__
   and forwards it to People Ops to stage for the proper signatures
   (GitLabber, Manager, People Operations) in HelloSign.
3. The People Ops Analyst will confirm there are no additional `tax
   implications </handbook/people-operations/code-of-conduct/#tax-implications-for-tuition-reimbursement-by-country>`__
   for reimbursement in the team member's country.
4. People Ops will file the application and signed agreement in
5. People Ops will also log the tuition reimbursement in the "Tuition
   Reimbursement Log" found on the Google Drive.
6. Once the course is completed, an official grade report or successful
   certification of completion must be submitted to People Operations.
7. After grades are verified, People Operations will ensure the
   reimbursement is processed through the applicable payroll by the
   second pay cycle after submission.

Tax Implications for Tuition Reimbursement by Country

In some countries, tuition reimbursement may be considered as taxable
income. Please reach out to your tax professional for clarification.

Mental Health Awareness

1. What is Mental Health?

-  The World Health Organisation (WHO) `defines
   health <>`__

   -  *"a state of complete physical, mental and social well-being and
      not merely the absence of disease or infirmity. The enjoyment of
      the highest attainable standard of health is one of the
      fundamental rights of every human being without distinction of
      race, religion, political belief, economic or social condition."*

-  The WHO `defines mental
   health <>`__

   -  *“a state of well-being in which the individual realizes his or
      her own abilities, can cope with the normal stresses of life, can
      work productively and fruitfully, and is able to make a
      contribution to his or her community.”*

-  Taking these in turn

   -  *"A state of well-being"* is a self-reported measure of
   -  *"The individual realizes his or her own abilities"* requires
      feedback, positive or negative;
   -  *"Can cope with the normal stresses of life"* i.e. does not find
      normal life overwhelming too much of the time;
   -  *"Can work productively and fruitfully"* here GitLab clearly has a
      role to play as it can provide an opportunity for productive and
      fruitful work;
   -  *"Is able to make a contribution to his or her community"* versus
      the inverse, which is only being able to draw from that community.

1. Why is awareness of Mental Health important at GitLab?

-  It can affect any and all of us. The statistics from the WHO are that
   `1 in
   4 <>`__ of
   us will be affected by mental or neurological disorders at some point
   in our life. That said, we are all subject to periods where we or
   those around us find the "the normal stresses of life" harder than
   usual to deal with.
-  The more aware we are of mental health, the more inclusive we are.
   That will help encourage any colleagues currently experiencing mental
   health issues to talk about it.
-  Our business at its core is a group of people working together
   towards a common goal. With awareness of what might affect our
   colleagues, we are better equipped to help them if they do discuss it
   with us and therefore help our business.
-  Mental health has so much emotional baggage as a topic that it can
   initially seem scary to talk about. Promoting mental health awareness
   helps to remove the stigma and taboo associated with it.
-  GitLab can offer "productive and fruitful" work for all of our
   employees. That should not be
   `underestimated <>`__.
-  In the cold-light of business metrics, the healthier we are, `the
   more productive we
   are <>`__.

1. At GitLab we strive to create a Stigma-Free Workplace. In accordance
   with the National Mental Health Association and the National Council
   for Behavioral Health we would like to:

-  Educate employees about the signs and symptoms of mental health
-  Encourage employees to talk about stress, workload, family
   commitments, and other issues.
-  Communicate that mental illnesses are real, common, and treatable.
-  Discourage stigmatizing language, including hurtful labels such as
   “crazy,” “loony” or “nuts.”
-  Help employees transition back to work after they take leave.
-  Consult with your employee assistance program.

1. What are we doing to get there?

-  Per an open
   `issue <>`__,
   People Operations will be developing training for managers on this
-  Talk about mental health issues and ideas in the
   `#mental\_health\_aware <>`__
   Slack channel.
-  GitLab would also like to encourage GitLabbers to take their `time
   off </handbook/paid-time-off>`__ to properly take care of themselves.
   We encourage the team to go to yoga, take a long lunch, or anything
   else in their day to day life that assists in their mental and
   emotional well-being.
-  In addition to our current EAP programs available for employees, we
   encourage GitLabbers to take a look at `Working Through
   It <>`__
   for insight into reclaiming well-being at work, off work, and return
   to work.
-  We believe that our values and culture lends itself to being able to
   discuss mental health open and honestly without being stigmatized,
   but let's work together to make it even more inclusive.

   -  For example, Finding the right words:
   -  "How can we help you do your job?"
   -  "You’re not your usual self."
   -  "Do you want to talk about it?"
   -  "It's always OK to ask for help."
   -  "It’s hard for me to understand exactly what you’re going through,
      but I can see that it’s distressing for you."

Any questions or concerns? Please feel free to speak with anyone in
People Ops.

Background Checks

GitLab is concerned about the safety of its employees and about
maintaining appropriate controls to ensure that assets of GitLab and our
customer relationships and information are protected. To reduce these
risks, GitLab will obtain and review background information of covered
prospective, and, as applicable, current employees.

All candidates for employment with GitLab to whom conditional offers
have been made must undergo a background screen according to this policy
as part of the employment screening process. All contracts will state
that employment is subject to obtaining results from an approved
background screen that are satisfactory to GitLab.

In the event the background check is not available at the time of hire
(switching vendors or delays in processing), GitLab will run the
background check as soon as possible. The same adjudication guidelines
will apply to current employees as they do with prospective employees.
The results will be reviewed by People Operations and Legal to determine
if the results warrant any adverse action, which could include
termination of employment.

We have contracted with `Sterling Talent
Solutions <>`__ to perform these
background checks, which will cover criminal history for the last 7
years and employment history for the last 5 years and/or the three most
recent employers. GitLab may use the returned background check
information to make decisions regarding employment; therefore, the
employment of team members is contingent upon a successful completion of
the background check, per language in the contract. For certain
positions where the candidates financial history is relevant to the
position, we may also run a check in the federal database for any
financial related offenses.

Disclosure and Authorization

Candidates/employees will receive an email to fill out the background
check application following the completion of their contract. The
application process includes signing a disclosure and a consent form
which explains the rights of an individual undergoing a background
examination. The application process is designed to take less than
fifteen minutes to complete. People Operations will initiate all
background screens.

To prepare for the employment verification, candidates should gather
each previous employer's name and address, position title held,
employment start and end dates, manager’s name and title, their phone
number, and email address. Details for a Human Resources contact can be
entered instead of a manager's contact details.

Occasionally, Sterling will reach out to the candidate to retrieve
additional information, such as backup documentation to act as proof of
previous employment or picture IDs. Proof of employment can typically be
provided in various ways, such as tax returns (e.g. W2s), pay stubs, LLC
documentation, official company registrations, etc.

Background checks will act as an additional mechanism of transparency
and will help to build trust with our clients.

Review Criteria

Once the background check is completed, People Operations will review
the report and determine if any negative information has a direct
connection with an applicant’s ability to fulfill the employee’s duties
with competence and integrity. Matters that might raise a concern
include but are not limited to: criminal history, recent felony
convictions, theft, violent crimes, drug related crimes, and sex
offenses. In addition, the report should be carefully reviewed for any
omissions or inaccuracies contained in the employment application or
made during the interview process.

Fair Credit Reporting Act (FCRA) and Related State Law Compliance

**Step 1: Disclosure and Authorization**

The applicant must give the employer consent to have a third party
service conduct a background check. The Disclosure and Authorization
form can be presented to the applicant at the time he/she completes the
employment application form. The form should grant the employer
permission to conduct an initial background check (and, subject to state
law, subsequent background checks if the applicant is hired) utilizing a
third party service. Also, a “Summary Of Your Rights Under The Fair
Credit Reporting Act” should be enclosed with the consent and disclosure
form. For New York applicants, a copy of Article 23-A of the
Correctional Law also should be enclosed and any other relevant state
summary of rights.

The background investigation cannot be lawfully conducted without a
signed Disclosure and Authorization form. Applicants can be advised that
they will not be considered for employment without submitting the signed
form. Equally for current team members, they can be advised that their
employment may be impacted if they do not consent to the background

**Step 2: Pre-Adverse Action: Notify the Applicant of Negative Report
BEFORE Adverse Action is taken**

If the consumer reporting agency reports information which may be used,
in whole or in part as a basis for an adverse employment action (e.g.,
rescinding a conditional offer of employment), the applicant must
receive notification before a final decision is made to deny employment.
As a result, the employer must provide a copy of the consumer report, a
pre-adverse action letter, and another copy of the FCRA notice of rights
(and for New York applicants, the Article 23-A notice). The applicant
shall also receive any applicable state rights as required.

If the disqualification decision is not based on a misrepresentation or
omission in the employment application, it is a best practice to discuss
the potentially disqualifying information with the individual prior to
issuing the pre-adverse action notice. This practice supports the
individual job-related nature of any disqualification decision.

**Step 3: Wait for a Reasonable Period of Time to Find Out What, if Any,
Explanation is Offered by the Applicant**

If the applicant does not respond at all to the notification within a
reasonable period of time (5 days), the employer may proceed with its
decision to rescind the conditional offer. If the applicant responds,
the employer should carefully consider the information submitted and
then make a decision. If the explanation is reasonable under the
circumstances, then it may still be possible to go forward with the new
hire (e.g., a case of mistaken identity). However, if the applicant's
explanation is determined to be insufficient, then the employer should
proceed to the next step.

**Step 4: Notify Applicant of Adverse Action**

The employer must provide the applicant with written notice of the
adverse action and the name, address, and telephone number of the
consumer reporting agency. The Adverse Action Notice form should be sent
along with the federal summary of rights and any applicable state
summary of rights. The notice includes a statutorily required statement
that the consumer reporting agency did not make the decision and does
not know why the decision was made should be included as well as a
notice of the applicant's right to obtain the report and dispute the

**Step 5: Maintain Documentation**

For all adverse decisions, document each step taken. Keep copies of all
consent and disclosure forms and other documentation sent to the
applicant in the event the company has to defend its decision at some
later point.

Record Retention

All documents related to the background check process must be retained
for at least five years.

Equal Employment Laws

GitLab will adhere to all equal employment laws. When reviewing any
criminal record information that appears on a background check, the
company shall factor in any known factors relating to:

1. The facts and circumstances surrounding the offense.
2. The number of offenses for which the individual was convicted.
3. The age of the individual at the time of conviction or release from
4. Evidence that the individual has performed the same type of work,
   post-conviction, with the same or a different employer, without
   incidents of criminal conduct.
5. The length and consistency of employment history before and after the
6. Any efforts of the application towards rehabilitation.
7. Employment or character references obtained regarding the
   individual’s fitness for the particular position.
8. Whether the individual will be bonded for the position.

Financial Checks

Finance team members **only** will be required to participate in a
federal check through Sterling, which searches for any tax-related or
financial offenses.

Initiating a Background Check through Greenhouse

**US Candidates Only**

1. Log in to `Greenhouse <>`__ and
   go to the candidate's profile.
2. Click the "Private" tab.
3. Click "Export to TalentWise".
4. Click "Complete Report", which will redirect you to the Sterling
5. Scroll down and click "Add Screening".
6. Next to "Comprehensive Criminal" click on "Ticket". If you need to
   run a financial check as well for Finance team members, after you
   click "Ticket", click "Add Products" on the right and search for and
   include "Federal Criminal District Search".
7. Check off that you agree to your obligations as a user.
8. Under "Disclosure and Authorization Options", select the first option
   to have Sterling send the candidate a disclosure form.
9. Click "Generate Ticket".

Initiating a Background Check through Sterling Talent Solutions

**US Candidates Only**

1. Log in to
   `Sterling <>`__ and
   select "Quick Launch".
2. Click "Launch Screening".
3. Next to "Comprehensive Criminal" click on "Ticket". If you need to
   run a credit check as well, after you click "Ticket" click "Add
   Products" on the right and search for "Federal Criminal Check".
4. Check off that you agree to your obligations as a user.
5. Enter the candidate's name and personal email address.
6. Select the first option to have Sterling send the candidate a
   disclosure form, and click "Generate Ticket".

**Non-US Candidates Only**

1. Repeat the first step from the list above.
2. Next to *Additional Products* click on *Ticket*. In the search box,
   search for the word ``International`` and select both *Employment
   Verification (U.S. & International)* and *International Criminal
   Search*, then click *Add*.
3. Repeat the third step from the list above.

Job Abandonment

When a team member is absent from work for three consecutive workdays,
there is no entry on the availability calendar for time off, and fails
to contact his or her supervisor, they can be
`terminated </handbook/offboarding/#involuntary-terminations>`__ for job
abandonment unless otherwise required by law. If a manager is unable to
reach an employee via email or slack within a 24 hour period they should
contact their HR Business Partner. The HR Business partner will access
the employees information to obtain additional contact methods and
numbers. The manager and HR Business Partner will create an action plan
to make all attempts to contact the employee.

Other People Policies

-  `United States Employment
   Status </handbook/contracts/#united-states-employment-status>`__
-  `PIAA Agreements </handbook/contracts/#piaa-agreements>`__
-  `360 Feedback </handbook/people-operations/360-feedback/>`__
-  `Return of Property </handbook/offboarding/#returning-property>`__
-  `Promotions and
   Transfers </handbook/people-operations/promotions-transfers/>`__
-  `General Benefits </handbook/benefits>`__
-  `Entity Specific
   Benefits </handbook/benefits/#entity-specific-benefits>`__
-  `Parental Leave </handbook/benefits/#parental-leave>`__
-  `Paid Time Off </handbook/paid-time-off/>`__
-  `Probationary
   Period </handbook/contracts/#sts=Probation%20Period%20-%20Confirmation%20Letter>`__