MyGet Privacy Policy

Thanks for entrusting MyGet with your software packages, and your personal information. Holding onto your private information is a serious responsibility, and we want you to know how we're handling it. If you have questions about deleting or correcting your personal data, please contact our support team.

Your privacy is critically important to us!

    The short version

    We collect your information only with your consent; we only collect the minimum amount of personal information that is necessary to fulfill the purpose of your interaction with us; we don't sell it to third parties; and we only use it as this Privacy Policy describes. If you're visiting from the EU: we are EU-based and comply with the EU General Data Protection Regulation (GDPR).

    Of course, the short version doesn't tell you everything, so please read on for more details!

    What information MyGet collects and why

    Information from website browsers

    If you're just browsing the website, we collect the same basic information that most websites collect. We use common internet technologies, such as cookies and web server logs. This is stuff we collect from everybody, whether they have an account or not.

    The information we collect about all visitors to our website includes the visitor's browser type, language preference, referring site, additional websites requested, and the date and time of each visitor request. We also collect potentially personally-identifying information like Internet Protocol (IP) addresses.

    Why do we collect this?

    We collect this information to better understand how our website visitors use MyGet, and to monitor and protect the security of the website.

    Information from users with accounts

    If you create an account, we require some basic information at the time of account creation. You will create your own user name and password, and we will ask you for a valid email account. You also have the option to give us more information if you want to, and this may include "User Personal Information".

    "User Personal Information" is any information about one of our users which could, alone or together with other information, personally identify him or her. Information such as a user name and password, an email address, and a real name are examples of "User Personal Information".

    User Personal Information does not include aggregated, non-personally identifying information. We may use aggregated, non-personally identifying information to operate, improve, and optimize our website and service.

    Why do we collect this?
    • We need your User Personal Information to create your account, and to provide the services you request.
    • We use your User Personal Information, specifically your user name, to identify you on MyGet.
    • We use it to fill out your profile and share that profile with other users if you ask us to.
    • We will only use your email address to communicate with you, in reply to your support requests, or to send you our newsletter if you decided to subscribe. Each newsletter contains an unsubscribe link, so you can subscribe or unsubscribe as you see fit. In addition, MyGet may send you important notifications related to your account or subscription.
    • We limit our use of your User Personal Information to the purposes listed in this Privacy Policy. If we need to use your User Personal Information for other purposes, we will ask your permission first. You can always see what information you have given us in your user profile.

    What information MyGet does not collect

    We do not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information. Although MyGet does not request or intentionally collect any sensitive personal information, we realize that you might store this kind of information in your account, such as in a package repository. If you store any sensitive personal information on our servers, you are consenting to our storage of that information on our servers, which are in Europe.

    We do not intentionally collect information that is stored in your package repositories or other free-form content inputs. Information in your repositories belongs to you, and you are responsible for it, as well as for making sure that your content complies with our Terms of Service. MyGet employees do not access private repositories unless required to for security or maintenance, or for support reasons, with the consent of the repository owner.

    If your repository is public, anyone (including us) may view its contents. If you have included private or sensitive information in your public repository, such as email addresses, that information may be indexed by search engines or used by third parties. In addition, while we do not generally search for content in your repositories, we may scan our servers for certain tokens or security signatures.

    If you're a child under the age of 13, you may not have an account on MyGet. MyGet does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will unfortunately have to close your account. We don't want to discourage you from learning to code, but those are the rules. Please see our Terms of Service for information about account termination.

    How we share the information we collect

    We do not share, sell, rent, or trade User Personal Information with third parties for their commercial purposes.

    We do not disclose User Personal Information outside MyGet, except in the situations listed in this section or in the section below on compelled disclosure.

    We do share certain aggregated, non-personally identifying information with others about how our users, collectively, use MyGet. For example, we may compile statistics on the usage of bandwidth and storage across MyGet. However, we do not sell this information to advertisers or marketers.

    We do not host advertising on MyGet.

    We may share User Personal Information with your permission, so we can perform services you have requested.

    We may share User Personal Information with a limited number of third-party vendors who process it on our behalf to provide or improve our service, and who have agreed to privacy restrictions similar to our own Privacy Policy. Our vendors perform services such as payment processing, customer support ticketing, network data transmission, and other similar services. When we transfer your data to our vendors under EU General Data Protection Regulation, we remain responsible for it.

    We may share User Personal Information if we are involved in a merger, sale, or acquisition. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our website or by email before any transfer of your User Personal Information. The organization receiving any User Personal Information will have to honor any promises we have made in our Privacy Policy or in our Terms of Service.

    Public Information on MyGet

    Much of MyGet is public-facing. If your content is public-facing, third parties may access and use it in compliance with our Terms of Service. We do not sell that content; it is yours. However, we do allow third parties, such as research organizations or archives, to compile public-facing MyGet information.

    Your Personal Information, associated with your content, may be gathered by third parties in these compilations of MyGet data. If you do not want your Personal Information to appear in third parties' compilations of MyGet data, please do not make your Personal Information publicly available, e.g. in your user profile.

    If you would like to compile MyGet data, you may only use any public-facing Personal Information you gather for the purpose for which our user has authorized it. For example, where a MyGet user has made his or her real name public-facing for the purpose of identification or attribution, do not use that real name for commercial advertising. We expect you to reasonably secure any Personal Information you have gathered from MyGet, and to respond promptly to complaints, removal requests, and "do not contact" requests from MyGet or MyGet users.

    Similarly, repositories on MyGet may include publicly available Personal Information collected as part of the collaborative process. In the event that a MyGet repository contains publicly available Personal Information that does not belong to MyGet users, we will only use that Personal Information for the limited purpose for which it was collected, and we will secure that Personal Information as we would secure any User Personal Information. If you have a complaint about any Personal Information on MyGet, please see our section on resolving complaints.

    Our use of cookies and tracking

    MyGet uses cookies to make interactions with our service easy and meaningful. We use cookies (and may use similar technologies, like HTML5 localStorage) to keep you logged in, remember your preferences, and provide information for future development of MyGet.

    A cookie is a small piece of text that our web server stores on your computer or mobile device, which your browser sends to us when you return to our site. Cookies do not necessarily identify you if you are merely visiting MyGet; however, a cookie may store a unique identifier for each logged in user. The cookies MyGet sets are essential for the operation of the website, or are used for performance or functionality. By using our website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device's ability to accept cookies, you will not be able to log in or use MyGet's services.

    Application Insights

    We use Application Insights as a third-party tracking service, but we don't use it to track you individually or collect your User Personal Information. We use Application Insights to collect information about how our website performs and how our users, in general, navigate through and use MyGet. This helps us evaluate our user's use of MyGet; compile statistical reports on activity; and improve our content and website performance.

    Application Insights gathers certain simple, non-personally identifying information over time, such as your IP address, browser type, internet service provider, referring and exit pages, time stamp, and similar data about your use of MyGet. We do not link this information to any of your personal information such as your user name.

    MyGet will not, nor will we allow any third party to, use the Application Insights tool to track our users individually; collect any User Personal Information other than IP address; or correlate your IP address with your identity. Microsoft provides further information about what Application Insights is, and describes security policies in its Azure Security, Privacy, and Compliance white paper.

    Tracking

    "Do Not Track" is a privacy preference you can set in your browser if you do not want online services to collect and share certain kinds of information about your online activity from third party tracking services. We do not track your online browsing activity on other online services over time and we do not permit third-party services to track your activity on our site beyond our basic Application Insights tracking, which you may opt out of here. Because we do not share this kind of data with third party services or permit this kind of third party data collection on MyGet for any of our users, and we do not track our users on third-party websites ourselves, we do not need to respond differently to an individual browser's Do Not Track setting.

    If you are interested in turning on your browser's privacy and Do Not Track settings, the Do Not Track website has browser-specific instructions.

    Please see our section on email communication to learn about our use of pixel tags in marketing emails.

    How MyGet secures your information

    MyGet takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it.

    No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. For more information, see our Security Policy.

    MyGet's global privacy practices

    Information that we collect will be stored and processed in Europe in accordance with this Privacy Policy and in compliance with the EU General Data Protection Regulation (GDPR). However, we understand that we have users from different countries and regions with different privacy expectations, and we try to meet those needs.

    We provide the same standard of privacy protection to all our users around the world, regardless of their country of origin or location, and we are proud of the levels of notice, choice, accountability, security, data integrity, access, and recourse we provide. We work hard to comply with the applicable data privacy laws wherever we do business. Additionally, we require that if our vendors or affiliates have access to User Personal Information, they must comply with our privacy policies and with applicable data privacy laws.

    • MyGet provides clear methods of unambiguous, informed consent at the time of data collection, when we do collect your personal data.
    • We collect only the minimum amount of personal data necessary, unless you choose to provide more. We encourage you to only give us the amount of data you are comfortable sharing.
    • We offer you simple methods of accessing, correcting or deleting the data we have collected.
    • We provide our users notice, choice, accountability, security, and access, and we limit the purpose for processing. We also provide our users a method of recourse and enforcement. These are known Privacy Shield Principles, but they are also good practices.
    • MyGet adheres to the EU General Data Protection Regulation (GDPR).

    Resolving Complaints

    If you have concerns about the way MyGet is handling your User Personal Information, please let us know immediately. We want to help. You may contact us by filling out the contact form. You may also email us directly at support@myget.org with the subject line "Privacy concerns". We will respond within 45 days at the latest.

    How we respond to compelled disclosure

    MyGet may disclose personally-identifying information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar government order, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.

    In complying with court orders and similar legal processes, MyGet strives for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.

    How you can access and control the information we collect

    If you're already a MyGet user, you may access, update, alter, or delete your basic user profile information by editing your user profile or contacting MyGet Support.

    Data Retention and Deletion

    MyGet will retain User Personal Information for as long as your account is active or as needed to provide you services.

    We may retain certain User Personal Information indefinitely, unless you delete it or request its deletion. For example, we don't automatically delete inactive user accounts, so unless you choose to delete your account, we will retain your account information indefinitely.

    If you would like to cancel your account or delete your User Personal Information, you may do so by contacting MyGet Support. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 30 days.

    How we communicate with you

    We will use your email address to communicate with you, only in response to your requests, or to send you our MyGet newsletter in the event you chose to subscribe. There's an unsubscribe link located at the bottom of each of the newsletters we send you. Your email address as configured in your user profile is private and only visible to you.

    MyGet may occasionally send notification emails about changes in your package repositories or build services, as configured, or to notify you about important events related to your MyGet account or subscription.

    Changes to our Privacy Policy

    Although most changes are likely to be minor, MyGet may change its Privacy Policy from time to time. We will provide notification to Users of material changes to this Privacy Policy through our website at least 30 days prior to the change taking effect by posting a notice on our home page or sending to the email address specified in your MyGet account. For changes to this Privacy Policy that do not affect your rights, we encourage visitors to check this Privacy Policy frequently.

    License

    This Privacy Policy is a derivative of GitHub's Privacy Statement, used and licensed under the Creative Commons Attribution License.

    As MyGet is a company based in the European Union, it has been modified to accommodate for MyGet's legal requirements in terms of privacy compliance as defined by EU regulations and legislation, including the EU General Data Protection Regulation (GDPR).

    You may use it freely under the terms of the Creative Commons license.

    Contacting MyGet

    Questions regarding MyGet's Privacy Policy or information practices should be directed to our contact form, or via email to support@myget.org.

    Download documents:


    Terms of Service (Adobe PDF, 334 KB)


    Acceptable Use Policy (Adobe PDF, 300 KB)


    Privacy Policy (Adobe PDF, 399 KB)


    Security Policy (Adobe PDF, 535 KB)


    Responsible Disclosure of Security Vulnerabilities (Adobe PDF, 598 KB)