How does Gong uphold GDPR, CCPA, and other data protection regulations?
Check out our website for a general overview on our security solutions:
How is data used in Gong?
Your organization owns the data ("controller" in GDPR parlance), and Gong processes it ("processor" in GDPR parlance) to provide the service.
Who has access to my data?
Your customer data is available to team members within Gong. Note that your customer data may be accessed by a number of authorized Gong employees on occasion. This is strictly on a need-to-know basis, and only in the need to provide service, for example, by our support or customer success teams.
Where is our data stored?
Gong’s stores data in Amazon Web Service's North Virginia data center, and uses an additional AWS data center for data recovery purposes. Gong uses a small number of sub-processors (for example, MongoDB) to help deliver its service.
How is our data protected?
Data is encrypted at rest and in transit. The data is protected by Gong enterprise-class security setup, described online at https://www.gong.io/security/.
Gong security practices are ISO 27001 certified, and audited as part of Gong’s SOC2 process.
Is our data deleted upon contract termination?
Yes. Upon contract termination, we delete your company's data within 30 days.
What type of regulatory compliance does Gong conform to?
Gong is SOC2 Type II compliant (report available under NDA).
Gong complies with the EU/Swiss-U.S. Privacy Shield Framework (online), and has been audited by Ernst & Young to ensure adherence to GDPR, CCPA, and HIPAA.
Gong is ISO 27001 certified and in the process of ensuring PCI compliance.