FAQs about emails
  • 2 minute read
  • Contributors

FAQs about emails

Article summary


Do you pull and/or ingest the full email or just the metadata?

Initially, we ingest just the metadata. Once the email is deemed to be relevant to customers (i.e. a company domain record exists in your CRM), the full body is ingested.

How can I make sure only relevant emails are imported?

Gong provides multiple controls over what emails to import:

  • Gong only imports emails from or to team members explicitly set by administrators.

  • Gong cross-references the email recipients with the CRM and only imports emails when the recipients or senders are in an organization that appears in the CRM.

  • Administrators can exclude emails based on subject line, domain, or individual addresses.

  • Team members can delete individual emails from Gong.

Note that inbound emails coming from an address that is not identified as a CRM contact or from a company that is a CRM contact, and that has more than 15 recipients is considered spam and won't be imported.

How does Gong store emails?

Emails are stored in Gong's database and S3 storage.

Who in Gong has access to our data?

Authorized Gong users would have access to the emails under the relevant account (i.e., when selling to Company A, the email would appear in the timeline of Company A).

Access to Gong employees is provided on a need-to-know basis to relevant support, customer success, and engineering teams. We don’t yet have a method to request explicit authorization on a case-by-case basis.

Can we manage the retention of our data?

We don't currently have an admin UI for this purpose, but data can be deleted upon demand, and we can set a custom retention policy for you if you request this.

Can we push emails to Gong sent from external domains

Gong only pulls emails that are sent to or from external domains that are also found in your CRM.


Where are emails stored in Gong?

Emails are stored in Gong's database and S3 storage, both on the N. Virginia AWS data center, encrypted in transit and at rest. Our security page has our general security and compliance information: https://www.gong.io/security/.

Can Gong make its SOC2 report available?

Yes, it can be sent to a customer after they sign an NDA.

What is your “Data Retention Policy” for the scoped data?

Our default data retention policy is keeping recordings, emails, and transcripts for three years.

Do you have an “Access Control Policy / Procedure”?

We define user roles. We also have permission profiles and credentials assigned to roles. These are defined by business need and are audited annually and when changed.

What encryption algorithm do you use?

We use AES 256, both in transit and at rest.

Was this article helpful?


Eddy AI, a genAI helper, will scrub our help center to give you an answer that summarizes our content. Ask a question in plain language and let me do the rest.