Skip to content

GitLab

Code host and DevOps platform. An alternative to a GitHub repo, covered under repo alternatives.

Short version: Fine for almost everything you'd share here, and on one point clearer than GitHub: GitLab says plainly it does not train AI models on your code or content — not your public projects, not your private ones. There are three ways to use it, and they differ mostly in where your data sits: gitlab.com (their shared service, hosted in the US), GitLab Dedicated (a paid single-tenant copy you pin to a region of your choice — including the EU or UK), and self-managed (you install GitLab on your own servers, so GitLab the company holds none of it).

Last verified: 2026-06-07.

Does it train AI on what you upload?

No — and that's the platform-wide stance, not a paid perk. GitLab's docs state "GitLab does not train generative AI models," and its AI Transparency Center adds that "No inputs to or outputs from GitLab Duo features are currently used to train any GitLab models." The privacy statement promises GitLab "will not use your AI-inputs to train any language models without your instruction or prior consent." [confirmed]

  • Public or private, same answer. The public/private setting on a project controls who can see it, not whether it's training fuel — GitLab doesn't train on either. [estimate]
  • The AI assistant (GitLab Duo) routes to outside models, but on a tight leash. Duo's vendors — Anthropic, AWS, Fireworks AI, Google — operate under a "zero data retention policy" and "discard model input and output data immediately after the output is provided," and are contractually "restricted from using model input and output to train models." [confirmed]
  • You keep ownership of what you put in. "GitLab makes no claim of ownership in your input." [confirmed]

Duo is on by default — the off switch

GitLab Duo (the AI features) is "on by default." [confirmed] To turn it off, the setting is GitLab Duo availability:

  • A whole group: Settings → General → GitLab Duo features.
  • One project: Settings → General → GitLab Duo (toggle).
  • A self-managed instance: admin panel → GitLab Duo → Change configuration.

Since nothing here is used for training anyway, this is about disabling the assistant, not stopping a data leak. [confirmed]

Keeping and deleting your data

  • While your account is live, GitLab keeps your data "as long as your account is active" — that's the point of a host. Live-chat support transcripts are held 12 months; GitLab Pages access logs roll off after 7 days. [confirmed]
  • You can delete your account from User Settings, or file a "Delete my personal data" request. One catch on its own line: "if your account is under a paid subscription, we may not be able to delete your account." [confirmed]
  • Public contributions can't be fully erased. If you "contribute to a public project," GitLab says that data "will be embedded and publicly displayed" and "we will not be able to delete or erase it." [confirmed]
  • Anything someone already copied is theirs to keep — deleting on GitLab's side doesn't reach copies and forks already pulled onto other people's machines. [estimate]

What a paid or self-hosted tier changes

The no-training stance and ownership terms apply across the board, so paying buys controls, not a different privacy promise.

  • Premium / Ultimate add org governance — admin policies, audit events, compliance controls, support guarantees — the paperwork a review wants. Same stance on training. [estimate]
  • GitLab Dedicated is the big one for sensitive data: a single-tenant copy of GitLab that you pin to a chosen AWS region (next section), so your data isn't sharing the US multi-tenant service. Sold through GitLab, not self-serve. [confirmed]
  • Self-managed flips the question entirely: you install GitLab Community or Enterprise Edition on infrastructure you control, and GitLab the company holds none of your repo content. The residency and access questions become yours to answer. [estimate]

For an individual sharing a study tool or a public toolkit, free gitlab.com is genuinely fine.

Where your data is stored (EU / UK / US)

  • gitlab.com is US-only. "Our Services are hosted in the United States and information we collect will be stored and processed on our servers in the United States." Under GDPR that's a US transfer — usually fine, but name it if a grant or DPA restricts where data may sit. [confirmed]
  • Pinning to the EU or UK is a GitLab Dedicated feature. At onboarding "you select the AWS region for your instance deployment and data storage," and the European choices include Frankfurt, Ireland, Stockholm (EU) and London (UK). [confirmed]
  • Or self-host in-region. Self-managed GitLab runs wherever you put the server, so an EU/UK VPS gives you residency without GitLab the company touching the data at all. [estimate]

Sources