For Gitlab.com groups, does Internal user mean any Gitlab.com user?

Bitbucket refugee here, new to Gitlab.com and struggling to set the correct privacy settings for my Gitlab.com groups. Ultimately what I want is projects for this particular group default to being shown to any member of the group, but hidden from the public.

I know Gitlab.com runs as a single large Gitlab EE instance. So I’m unclear when I set the group visibility level whether “internal user” refers to any gitlab.com user, or only to users who are part of this specific group… ? I definitely want the latter and not the former.

The explanations for the group visibility levels are also a bit ambiguous between “Public” and “Internal”:

1. Public says that any public projects are viewable by anyone. What about non-public projects?
2. Internal says that the “internal projects are only viewed by logged in users”. What about public projects belonging to the group?

I’m probably just misunderstanding things here–I searched for a bit, but not finding much.

Public - All the internets can see your project
Internal - Only registered users can see your project. That’s per instance, so for GitLab.com, any user that has an account on GitLab.com can see your project.
Private - Only you and selected members can see the project.

What you want is private, and then select your members.

Does that make sense? I’d be happy to refactor the docs if something is not clear.