 Hello, it's 10 o'clock. I'm going to start the functional group update for legal. Today we have a couple of issues that I want to talk about. So for the first issue, let's see. We'll talk about the accomplishments that we've achieved so far in legal. I know that a hot topic has been global hiring, specifically our no hire list that we've been challenged with. And so Abby and I have been working very hard to get countries off of that hiring list. And so I wanted to announce that first and foremost, Canada is good to go. That is no longer on the no hire list. We do have a new process that Abby has published in the handbook on how to hire in Canada, which will include the team member forming a corporation. And we would be contracting with the corporation. There's more details listed in the handbook for that. Also, we are just finalizing the contract for Australia to use a third party for hiring. So as soon as that is signed, which it's done, we just have final paperwork to look at. Then Australia will also be removed from the no hire list. So that's two countries down. I know there's still a couple more to go. We've been tirelessly looking at vendors, global vendors that we could use that are similar to the one that we're using in Australia who we can hire through so that team members would be employees in their country and no longer needing to be independent contractors. And we're looking for a global solution so that we can speed up our recruiting process. The current process has been really slow and clunky and it takes a really long time to try to figure out what we need to do in order to hire in new countries. So we are looking at vendors who would have all of this already managed and would speed up the process and open up even more hiring countries for us. So we're really excited about that. We've got about four vendors that we're looking at right now that we're going to be comparing and looking how to best move forward. So that should be completed within the next, our analysis should be done in the next two weeks. Then after that, obviously the contracting process entering into a contract with them that will take a little bit longer. The next issue that I want to talk about is GDPR. The new regulations are to be coming out in May is a deadline for compliance. I've been working with Kathy towards implementing a plan to ensure compliance with GDPR. We have some new requirements that weren't typically, weren't in place before. One of them is a 72 hour turnaround time for breach notification. Another issue is certain record keeping and also in addition, we need to make sure that we have the proper consents. We're working on all of that now to on compliance and we'll be completed by May. However, I know there's been a lot of issues that have come up with GDPR and it's a hot topic right now. So I wanted to point out some distinctions that the company should know when talking to our customers or individuals regarding GDPR. First, GDPR is a compliance program that applies to companies. So it is the company must protect the data, the personal information of the EU residents. There's been a little bit of confusion regarding our product. So our product is not a compliance tool. Our product is not going to make a customer compliant. So that's an important distinction to understand that how you use the data is the company's issue to determine. So the one thing that we can discuss with our customers is how our tool and use of our tool in different ways that we use the tool could help them comply, but it won't in itself make them compliant. So some of the new requirements are, you must have a legal basis for having the information, the personal information, and that can be done by either consent, getting consent for it or that you need it for processing. With our tool, it can be discussed that the personal data isn't necessarily needed. There's not that much personal information required with the exception of possibly email address. So talking to customers about limiting the amount of personal information put into the GitLab tool will help lower the risk of any breaches or issues with compliance. Transparency is another requirement under the GDPR and of course as a company, we're transparent but the tool itself due to the nature of the Git product and the transparency and the visibility, that's another speaking point on our product and how you're able to see where that information lies within the personal information lies within the tool. Another speaking point could be data protection by design. With regards to our tool, by default, it's private. So we wanna make sure that we're protecting the customer's personal information. They have the ability to change the privacy settings and control access. And then finally, record keeping is a big one because they wanna be able to audit to make sure that you're complying with GDPR and so being able to run reports and look for when the data was created which is really obviously a key function of Git is also another speaking point to GDPR for our customers. And so just to clarify that we show different ways that GDPR impacts our tool and what our customers can do to help comply but it's not going to make our customers compliant. So that was all I wanted to say on GDPR. We're really doing well on our own compliance so we're happy to have discussions about that with customers if they're interested. And we have some, I believe that there was a blog post that's going to be, I think it was already put in place but are going to be put in place by marketing. Finally, the code of conduct and ethics, that title might be changing, it hasn't been finalized yet but I know that it was, the page was released by Kivo Ops, I believe it was last week and the code itself is finalized and just going through final review. Just keep an eye out for that. These are the codes of conduct that lay out what the legal obligations are for the company under law and ways that as team members you can help the company comply with the law. And so these are really legal based policies that are required by law as a US company. And so we're going to be passing that on for you to review just so that you have an understanding of what the laws are that apply to us. Examples would be anti bribery, anti kickback, anti trust issues, it's not going to be painful but it is important that everyone knows what those requirements are so that you can make sure that you're complying with them. So expect that coming out in the next week. Concerns, global hiring, we still have countries on the do not hire list. We're looking to the third party vendor to try to help us get those but there may still be some countries that we may not be able to remove from that hiring list just because of the magnitude of the risks and the costs incurred in order to do business in those countries. So that is something that we're concerned about and want to look into. And then the GDPR I had spoke to our concern is that we're not relaying the proper message that we're letting customers believe that our tool is compliant. Tools do not go through a compliance analysis. It's the company itself and what they're doing that determines whether a company is GDPR compliance or not. Let's see, help. So one of the steps for GDPR is data mapping and being a dispersed workforce it's hard to know where everyone's information is if we don't keep it all in the same location and there's always the ability for individuals to store information in other places than where we have them centrally stored. So I want to stress the importance that we know where all personal information is being stored. We currently are mapping our data. We have the typical systems that we're looking at as the GitLab, Mercado, Salesforce, et cetera. But please, please, please reach out to Kathy if you have knowledge of any data, personal data that would be named, email addresses, customer information, IP addresses of customers, anything that's stored anywhere outside any of these applications so that we can know that and we can add that to our data map. Does anyone have any questions? Jamie, can you have a look at the chat? Yeah, I'm looking. Yeah, I just pulled it up, looking at the chat. I would be curious, Jamie, when you're as you're engaging in the country guidelines when you say that some countries will still be limited, do you have an idea of what those countries are that we may not be able to become more at ease in hiring in, which ones we should not count on? So we can get to that analysis after we go through the final determination on our third-party vendor because it's really gonna be dependent on the costs associated with those countries. For example, there are some countries that we saw in order to use the services, we would have to pay the vendor 150% of the salary. So that is cost prohibitive if we're gonna be paying. You mean 50% extra or do you mean two and a half times? Two and a half times. Just because of different risks associated with employment, different benefits that need to be paid out so there is that issue. So that'll be, we'll provide a list as soon as we are able to go through all of the vendors and get their pricing information and figure out if we can move forward. But right now we just have, I think two vendors so we're waiting for two more. Okay, Demetri, can you explain why there's a no hire country list? Sure, no hire country list currently is because we set a threshold of five individuals in any country and at that point when we have that amount of individuals then we've decided that's when we need to take a look to see what's our next steps there. It doesn't mean that we're not gonna hire there, it's just giving us a pause to assess what the requirements are. If we have to set up an illegal entity and if it's required then are we going to? So there's a lot of business analysis that determines whether or not or how to proceed in any given country. With the third party vendor, we wouldn't have that anymore. So at that point, we would remove that list except for the ones that I had talked about that might be cost prohibitive. And yes, local tax issues, Kim. Let's see. Do we need things like customizable terms of user? So each set up. Gabrielle, this is regards to the GDPR, is that? Yes, it's regarding the GDPR. Okay, and terms of user for where is that? Sorry, terms of use. If I remember correctly, most of the privacy regulations requires each installation to have specific terms of use, how we use the data, customizable like legal tax that explains how and what is being done with the information. Do we need to bundle that into the get-loved? Not at this time, we're working on consents and updating our terms to cover GDPR, but it will not need to be in the product itself. Ken, do we have an issue per country with a summary of the concerns? People from or familiar with the country specific regulations? Sure. Yeah, again, the question is about the do not hire list. We can address that. Anyone that do remain on the list after the fact, what's we determined? So the goal is to remove the do not hire list so that we can have open recruiting and hiring around the globe with the exceptions of those countries that are barred from the US government and barred or sanctioned. So we will provide more information at the time if we end up having any countries still remain on the list, but right now the goal is to get rid of the list and be able to hire anyone. Does anyone else have any questions? I'll just ask something just so that we can learn from you. You've been at GitLab for a little while now. GitLab is unique in the way that we do business and we manage the company. What do you think is the biggest challenges for us from a legal perspective, whether it be the employee side, the contract side for sales? Where do you think the biggest challenges are for helping a company that is distributed work from a legal perspective? I would definitely say the employment issues is the most challenging issues that I've faced since I've been here. It's really exciting and interesting to hire people around the globe and have that diversity, but with that comes every country has their own employment laws. Even within countries, there are, for instance, Canada and the US have different provinces and different states and each of those have their own hiring laws and requirements. So trying to maneuver the legal system with regards to employment law and making sure that we are handling all of our employees properly has been the biggest challenge. Trying to find resources in each, local resources in those countries, in every single country has been also quite burdensome. It's not impossible, but it takes up a lot of time. So it's going to be really helpful and free up a lot of time when we can find a vendor that helps on a global basis to assist with some of these issues because they've already researched this, they're already supporting in all of the different countries. Some of the vendors have support in over 150 countries. So that is really, it's really challenging and I think that's one of the biggest challenges that I've seen since I've been to GitLab. Anyone else? I have a little question. I hear you say the word fender quite often, like a buzzword, at least me personally, don't exactly, I think I know what you mean, but don't exactly know what you mean. Sure, when I say vendor has been a service provider, someone that we're going to be partnering with and contracting with, they will be the employee of record. So team members will be hired through that partner. They will be an employee, which is a benefit so that no longer will be the independent contracts that they'll have employee benefits as well as they'll have the employer take care of all the tax issues, tax filings and such. We will be contracting with them to have them pass through your services to us and then they would still be receiving the same entitlements and benefits as GitLab employees, but just no longer having to be an independent contractor being an employee of an entity. So the vendor really is just their service provider and they'll be partnering with us. Thank you. You're welcome. Anyone else? All right, well, I will let you go and enjoy the rest of your day. See you at the team call.