Gangly
Start free trial
Trust Center

Your pipeline is your company. We treat it that way.

Gangly handles call audio, CRM records, and every conversation that touches a deal. This page is the full answer to the security, privacy, compliance, and reliability questions procurement will ask you.

Our commitments

The things we will never do with your data.

Every SaaS writes "we take security seriously." This is what we actually commit to — in plain language, not lawyer-speak.

We will never

Sell your customer data. To anyone. Ever.

Not to ad networks. Not to data brokers. Not to aggregators. Your pipeline doesn't leave your tenant.

We will never

Train shared models on your conversations.

Your call transcripts, emails, and CRM data are not used to train models that other customers benefit from.

We will never

Send a message on the rep's behalf without approval.

Gangly drafts. The rep reviews and sends. There is no autonomous outreach mode and we won't build one.

We will never

Retain call audio by default.

Audio is transcribed and discarded. Retention is configurable by customer. You own the data lifecycle.

The four pillars

Trust isn't a page. It's four separate disciplines.

How we protect the data

Encryption at rest and in transit. OAuth-first auth. Tenant isolation. Access controls. Incident response.

Security details →

What we collect and why

What data enters Gangly, why each piece is necessary, and what your rights are around access, export, and deletion.

Privacy policy →

Uptime and incident transparency

Live system status, component-level uptime, and historical incident reports. Transparency, not perfection.

System status →

Frameworks, DPAs, and data rights

SOC 2 Type II (in progress), GDPR-ready, CCPA-aligned. DPA and subprocessor list available on request.

GDPR & data rights →

Where we stand today

Honest status on every framework.

Status · In progress

SOC 2 Type II

Audit in progress. Letter of engagement on request.

Status · Ready

GDPR

DPA available. EU data residency on Growth + Scale.

Status · Aligned

CCPA

Deletion requests processed within 30 days.

Status · In use

TLS 1.3

All traffic to and from Gangly.

Status · In use

AES-256 at rest

All customer data encrypted at rest.

Status · In use

OAuth 2.0

No API keys stored on Gangly servers.

Data handling

What we process. What we don't.

What Gangly processes

What Gangly never does

  • → CRM records via OAuth — deals, contacts, companies
  • → Call audio via Zoom / Meet integration — for live coaching + notes
  • → Email metadata for workflow triggers
  • → LinkedIn profile data via extension — for signal detection
  • ✕ Sell data to any third party
  • ✕ Send messages on the rep's behalf without approval
  • ✕ Train shared models on private customer content
  • ✕ Retain call audio past transcription (configurable)

Procurement review

Need a security questionnaire filled out?

We respond to DPA requests, SOC 2 letters, and custom security questionnaires within one business day.

Run the full workflow in one tool.

Start free trial Book a demo