Do you pull and/or ingest the full email or just the metadata?
Initially, we ingest just the metadata. Once the email is deemed to be relevant to customers (i.e. a company domain record exists in your CRM), the full body is ingested.
How can I make sure only relevant emails are imported?
Gong provides multiple controls over what emails to import:
Gong only imports emails from or to team members explicitly set by administrators.
Gong cross-references the email recipients with the CRM and only imports emails when the recipients or senders are in an organization that appears in the CRM.
Administrators can exclude emails based on subject line, domain, or individual addresses.
Team members can delete individual emails from Gong.
Note that inbound emails coming from an address that is not identified as a CRM contact or from a company that is a CRM contact, and that has more than 15 recipients is considered spam and won't be imported.
Who in Gong has access to our data?
Authorized Gong users would have access to the emails under the relevant account (i.e., when selling to Company A, the email would appear in the timeline of Company A).
Access to Gong employees is provided on a need-to-know basis to relevant support, customer success, and engineering teams. We don’t yet have a method to request explicit authorization on a case-by-case basis.
Can we manage the retention of our data?
We don't currently have an admin UI for this purpose, but data can be deleted upon demand, and we can set a custom retention policy for you if you request this.
Where are emails stored in Gong?
Emails are stored in Gong's database and S3 storage, both on the N. Virginia AWS data center, encrypted in transit and at rest. Our security page has our general security and compliance information: https://www.gong.io/security/.
What is your “Data Retention Policy” for the scoped data?
Our default data retention policy is keeping recordings, emails, and transcripts for three years.
Do you have an “Access Control Policy / Procedure”?
We define user roles. We also have permission profiles and credentials assigned to roles. These are defined by business need and are audited annually and when changed.