**Summary** On Monday September 23, 2019 we were granted final approval to move forward with the implementation plan below that accounts for the data & privacy regulations around the globe. GitLab needs to finalize policy privacy recommendations for a number of use cases that balances business needs with GDPR and CCPA (California Consumer Privacy Act) compliance risk. CCPA goes into effect Jan 1, 2020, and has similar requirements to GDPR. The law applies to people using IP addresses in the state of California. The list below is a high-level view of what we we'll be working on. These will be broken out into multiple issues: 1. Legal to Update Terms of Service, Privacy Policy, and Cookie Policy 1. Blog post explaining policy 1. Privacy Plan Documentation with use cases 1. Implement User stories for privacy requirements (table below) | **Properties** | **Use Cases Served** | **Proposed Tracking Technologies** | **GDPR + CCPA +Brazil (legal checking on Mexico)** | **Everywhere else** | | ---- | ---- | ---- | ---- | ---- | |https://about.gitlab.com/<br/><br/>https://customers.gitlab.com/plans<br/><br/>https://docs.gitlab.com/<br/><br/>https://packages.gitlab.com/gitlab/<br/><br/>https://gitlab.com/explore(GitLab SaaS in not-logged-in state) | Website visitors<br/>Product Usage Tracking | Google Analytics Cookies<br/>Pendo Cookies and Javascript<br/>Snowplow XX (future) | *All visitors:<br/>Pop up at first visit with opt in check box agreeing to new Privacy Policy and Cookie Policy* | *New visitors:prominently display links to cookie policy and privacy policy on the site.<br/><br/>Returning visitors for whom the privacy or cookie policy has changed:One time pop up (no opt in required)<br/>with notification highlighting updates to Privacy Policy and Cookie Policy* | | **Proprietary**<br/><br/>Gitlab.com logged-in state as free user<br/><br/>GitLab.com logged-in state as paid user in a paid account<br/><br/>Self Managed GitLab EE logged-in state | Product Usage Tracking<br/>In-App Messaging<br/>Sales Enablement<br/>Support(paid only) | Pendo Cookies and Javascript<br/>Snowplow XX (future) | *Current customers:Pop up at login with required opt in check box agreeing to new ToS, Privacy Policy, and Cookie Policy<br/><br/>New customers:Required check box opt in to terms during signup flow.* | *Current customers:Email Update of ToS, Privacy Policy, and Cookie Policy, plus blog post explaining usage of Pendo<br/><br/>New customers:Required check box opt in to terms during signup flow.* | | **Open Source**<br/><br/>Self Managed GitLab CE logged-in state | Product Usage Tracking<br/>In-App Messaging<br/>Sales Enablement<br/>Support | Snowplow XX (future) | *Current customers:<br/>No change at this time as we will not instrument tracking for open source customers at this time.<br/><br/>New customers:Required check box opt in to terms during signup flow.* | *Current customers:<br/>No change at this time as we will not instrument tracking for open source customers at this time.<br/><br/>New customers:Required check box opt in to terms during signup flow.* | **This epic unblocks** * [Pendo Implementation](https://gitlab.com/groups/gitlab-org/-/epics/1706) * [User Id in snowplow](https://gitlab.com/gitlab-org/gitlab/merge_requests/14182) (user enriched usage data) * [Stage PMF Survey](https://gitlab.com/gitlab-com/Product/issues/400) * And others... cc: @sfwgitlab @bmarnane