Gitlab is FOSS, as long as their code stays that way, and trustworthy, and you avoid their 3rd party US-based servers by self-hosting you should be fine.
Avoiding anything and everything that even exists in countries like the US and China or Russia even if completely transparent & FOSS or non-profiting is kind of crazy imo
In general you should aim to self-host & use FOSS as much as possible, regardless of where it's developed. This gives me similar vibes to when Linus Torvalds banned Russian people or people with Russian names or email addresses from Kernel development.
The amount of data Windows and microsoft in general collect is worth billions and going straight to the hands of the US govt. for a price obviously, so yes they are profiting from your use regardless of whether you pay for it or not.