gem.coop privacy notice
Last Updated Jul 3, 2026
This notice describes how the gem.coop team collects and uses personal information. This notice also provides information about the legal rights individuals have concerning their personal information and how you can exercise those rights.
Who is responsible for data collected about me?
gem.coop is the responsible party, or controller, for the data we collect and process for our own purposes. For instance, gem.coop is responsible for data about our users’ representatives and account administrators, open source contributors, and visitors to the gem.coop website.
Importantly, gem.coop sets only its own privacy practices, not the privacy practices of gem.coop customers or others who use our open source software.
Privacy inquiries or notices you send to gem.coop about gems we host at the direction and on behalf of other users will be referred to the appropriate responsible party.
This notice primarily describes gem.coop’s personal data processing for its own purposes as a controller and not as a processor and service provider at the direction and on behalf of our users. We will expressly state where this notice discusses gem.coop’s activities as a processor and service provider.
How does gem.coop collect data about me as a controller?
gem.coop collects data about you as a controller through the gem.coop service:
- when you browse the gem.coop website
- when you use gem.coop as a source in Bundler, rv, or another gem client
- when you download gems from gem.coop using a browser, curl, etc
- when you create and use an account on gem.coop
- when you publish gems on gem.coop
- when you sign up for our newsletter
- when you or your company purchase services from us
- when you contribute to our open source software
gem.coop does not buy or otherwise receive data about you from data brokers.
Does gem.coop sell my personal information or share it to serve behavioral advertising?
No, gem.coop does not sell any personal information. We also do not share any information with third parties for the purpose of advertising.
Does gem.coop use customer data for training AI models?
No, gem.coop does not use customer data to train AI models, or share our data with any other party to train AI models.
What personal information does gem.coop collect as a controller, and why?
gem.coop automatically collects data about visits to the gem.coop website.
When you visit the gem.coop website, whether you have an account or not, we use server logs, and other methods to automatically collect data about what pages you visit and when.
gem.coop uses the data we collect to:
- optimize the website, so that it’s quick and easy to use
- troubleshoot and debug technical errors
- defend the site from abuse and technical attacks
- gather statistics about gem popularity and usage
- gather statistics about the software and computers that visitors use
gem.coop usually stores the data identified above for just a few weeks. In special circumstances, like extended investigations about technical attacks, gem.coop may preserve log data longer for analysis. gem.coop stores aggregate statistics about use of the service for as long as we host the service, but those statistics don’t include data identifiable to you personally.
gem.coop collects account data to run the gem.coop service.
While it is possible to access the gem.coop service without an account, many features require an account. For example, reserving a namespace, publishing gems, installing private gems, or increased rate limits are some of the reasons you might want to have an account. When you sign up, we collect your email address, preferred name, and desired namespace name.
gem.coop uses your email address to:
- notify you when your namespace has been approved
- send you gem push keys so you can publish gems
- contact you if special circumstances arise for your account
- contact you about legal requests, like DMCA takedown requests
gem.coop stores your account data as long as your account remains open.
gem.coop collects data from published gems.
gem.coop collects the full contents of every published gem, including all of the information contained in the gem’s specification file. A gem specification might include names, email addresses, websites, or any other data the author has chosen to include. If you put your name and email address into a gem, we will collect it.
gem.coop stores published gems on our service for as long as the service remains operational.
gem.coop collects data you give to sign up for our newsletter.
When you fill out and submit a web form to sign up for our newsletter, gem.coop collects the information you put in the form, like your email address.
gem.coop does not collect sensitive personal information.
gem.coop does not intentionally collect or process sensitive personal information, such as government identification numbers, information on racial or ethnic origin, political opinions, genetic data, biometric data, health data, or any of the special categories of personal data specified by the GDPR.
gem.coop collects data about open source contributors
Contributors to gem.coop’s open source software may be asked to provide identifying and contact information such as name, email address, telephone number, and mailing address.
gem.coop uses this information to maintain the integrity of our software and software licenses, as well as the integrity of the license agreement between gem.coop and our contributors.
gem.coop stores contributor information for as long as related contributions are incorporated into gem.coop’s open source software.
Does gem.coop use account information for marketing purposes?
No. gem.coop does not use your gem.coop account email address for any type of marketing, ever. We only use your account email address to send transactional emails about your account, and the gem.coop service.
How can I make choices about data collection?
You can delete your account and associated data by submitting a request to gem.coop support.
Gem versions can be deleted by contacting us within 7 days after the gem has been published. After that time, we prioritize the safety and security of our users by ensuring gems cannot be changed or replaced (for example, to add malware) after they are already in active use.
Where does gem.coop store data about me?
gem.coop stores service and account data at data centers in the United States. Individual gem or website files may be copied and cached in data centers around the world to speed up the service for users in those regions.
Emails sent to our support system are routed through systems in the United States and the United Kingdom.
Where can I access data about me?
You can see your account data at any time by visiting your account page. Your account page also lists the gems you have published. If you do not have account with us but have a data access request, please contact us.
How can I change or erase data about me?
You can change your account data at any time by visiting the profile settings page for your account. Closing your account starts a process of erasing or anonymizing gem.coop’s records of data you provided for your account.
We can remove our records of your name, email address, and account activities. When we delete your account, we will not delete any namespaces or public gems belonging to your account, to ensure stability and security for other users of our service.
Does gem.coop make automated decisions based on data about me?
No. Human gem.coop maintainers review all namespace requests and support tickets by hand.
Does gem.coop share data about me with others?
gem.coop shares account data with others as mentioned in the section about account data, and shares published gems as mentioned in the section about service account data.
gem.coop uses the subprocessors listed on our subprocessors page to provide our service.
How can I contact gem.coop about privacy?
You can send questions, requests, and complaints via email to privacy@gem.coop.
How can I find out about changes?
Please refer to gem.coop/privacy for the latest privacy and contact information at any time.