Trust Center

Your pipeline is your company. We treat it that way.

Gangly handles call audio, CRM records, and every conversation that touches a deal. This page is the full answer to the security, privacy, compliance, and reliability questions procurement will ask you.

Security details Email security team

Our commitments

The things we will never do with your data.

Every SaaS writes "we take security seriously." This is what we actually commit to — in plain language.

Never sell your data

Not to ad networks, data brokers, or aggregators. Your pipeline doesn't leave your tenant.

Never train on your calls

Your transcripts, emails, and CRM data are never used to train models that other customers benefit from.

Never send without approval

Gangly drafts. The rep reviews and sends. There is no autonomous outreach mode — and we won't build one.

Never retain audio by default

Audio is transcribed and discarded. Retention is configurable. You own the data lifecycle.

The four pillars

Trust isn't a page. It's four separate disciplines.

Security

Encryption at rest and in transit. OAuth-first auth. Tenant isolation. Access controls. Incident response.

View details →

Privacy

What data enters Gangly, why each piece is necessary, and what your rights are around access, export, and deletion.

View details →

Status

Live system status, component-level uptime, and historical incident reports. Transparency, not perfection.

View details →

GDPR

SOC 2 Type II (in progress), GDPR-ready, CCPA-aligned. DPA and subprocessor list available on request.

View details →

Where we stand today

Honest status on every framework.

SOC 2 Type II

Letter of engagement on request.

In progress

GDPR

DPA available. EU data residency on Growth + Scale.

Ready

CCPA

Deletion requests processed within 30 days.

Ready

TLS 1.3

All traffic to and from Gangly.

Active

AES-256 at rest

All customer data encrypted at rest.

Active

OAuth 2.0

No API keys stored on Gangly servers.

Active

Data handling

What we process. What we don't.

What Gangly processes

CRM records

Deals, contacts, companies — via OAuth

Call audio

Via Zoom/Meet — for live coaching + notes

Email metadata

For workflow triggers

LinkedIn profile data

Via extension — for signal detection

What Gangly never does

Sell to third parties

Never sold to any third party

Send without approval

Rep reviews every message before it sends

Train shared models

Private content never used for shared training

Retain call audio

Transcribed and discarded by default

Procurement review

Need a security questionnaire filled out?

We respond to DPA requests, SOC 2 letters, and custom security questionnaires within one business day. Email with your timeline and we'll coordinate.

Email security team View security details GDPR & data rights