Before requesting a Takedown, it is important to review the identified content to confirm whether it truly violates GitHub’s policies on trademarks, copyrights, or sensitive data.
GitHub requires clear evidence of a violation in order to process reports — without this information, it is not possible to proceed.
1. Trademarks
What is a trademark violation on GitHub?
Any use of a company name, trade name, logo, or other protected material that may mislead or confuse users about a brand or commercial affiliation can be considered a violation of GitHub’s trademark policy.
What is not a violation?
Using a trademark in a way that is unrelated to the original product or service is generally not considered a violation.
Additionally, GitHub usernames cannot be reserved, so having a username that matches a trademark does not, by itself, constitute a violation.
Analysis required before a Takedown
Verify whether the content actually attempts to mislead or confuse others about a brand or affiliation.
Confirm that the case is not allowed under the platform’s policies.
Once you validate that a violation exists, the Takedown request can proceed — no detailed explanation is required for this type of infringement.
How does GitHub respond?
Clear intent to deceive: the account may be suspended, and the owner will be notified.
Possible unintentional confusion: the user is given an opportunity to adjust the content to remove any ambiguity.
2. Copyright (DMCA)
What is copyright?
Copyright refers to legal rights that protect original works such as software, written content, music, and more. Protection begins at the moment the work is created.
What is not considered infringement?
Certain uses are permitted by law, such as:
criticism and commentary
parody and satire
news reporting
teaching, education, and research
These uses may qualify as fair use.
Analysis required before a Takedown
The copyright owner must confirm that:
They own the rights to the original content.
The material on GitHub is unauthorized.
The use does not qualify as fair use (e.g., small excerpt, transformative use, educational purpose).
If a violation is confirmed, send the following to [email protected]:
A detailed description of what was infringed
The infringing line of code or the exact location of the material
A link to the original protected content
Example description:
“The line of code ‘XX’ violates the company’s copyright by reproducing proprietary code. The original material can be found at ‘URL of the original content’.
How does GitHub respond?
If the report indicates the entire repository violates copyright, the repository may be disabled quickly.
If the violation is limited to specific files, GitHub notifies the user responsible and gives approximately one business day to correct the issue.
Once changes are made, GitHub verifies them and notifies the copyright owner.
The copyright owner reviews the modifications and decides whether to uphold or retract the notice.
3. Sensitive Data
What is sensitive data?
Sensitive data refers to information that must remain confidential and that, if exposed, could pose security risks to a company or organization. Examples include:
Credentials (username + password, tokens, access secrets)
AWS tokens or similar access credentials (ownership must be proven)
Documentation that poses security risks (network diagrams, internal access details, etc.)
Note: internal server names, IPs, and URLs alone are not considered sensitive data.
What is not a violation?
Internal server names, IP addresses, or URLs by themselves do not constitute a violation without evidence of security risk.
Analysis required before a Takedown
Send to [email protected]:
Evidence that the file or code line presents a real security risk
A clear explanation of how the exposure compromises the organization
Examples:
“The line of code ‘XX’ represents a security threat because [describe impact].”
“The reported file compromises the company’s security because [describe impact].”
After receiving this information, AXUR will be able to submit the removal request to the platform.
If you have any questions, feel free to reach out at [email protected] 😊