Data retention policy
Gong employs data protection and privacy by design, combining enterprise-grade security features with comprehensive audits of our policies, applications, systems, and networks. Our certifications include SOC 2 Type II, ISO 27001, and EU/Swiss-US Privacy Shield, to name a few. Gong Customers may configure a data retention duration (3 years by default), and Customer data is purged from Gong systems subsequent to contract termination.
Data archiving and removal policy
Gong Customers may configure a data retention duration (3 years by default), and Customer data is purged from Gong systems subsequent to contract termination.
Data storage policy
All customer data (including call recordings and transcripts) is encrypted at rest and in transit. System passwords are encrypted using AWS KMS with restricted access to specific production systems. Stored data is encrypted on a disk using a 256-bit AES cipher. We use industry-standard PostgreSQL, Elastic Search and Mongo DB data storage systems hosted at AWS and/or by the respective vendors.
Data access and authorizations are provided on a need-to-know basis, and based on the principle of least privilege. Access to the AWS production system is restricted to authorized personnel, and is carried out using VPN with Active Directory authentication.
Data center location(s)
Data hosting details
App/service has sub-processors