Privacy policy

This Privacy Policy describes how Gong.io Ltd. and its affiliated companies (collectively, “Gong”, “we”, “our” or “us”) collects, stores, uses and discloses the following categories of personal data:

• Customer Data: personal data that we collect, process and manage on behalf of our business customers (each, a “Customer”; collectively, “Customers”), as part of the Gong products and services described on one or more applicable order forms (“Platform”).
  We process such Customer Data on behalf of and under the instruction of the respective Customer, in accordance with our Data Processing Addendum with them. Accordingly, this Privacy Policy (which describes Gong’s privacy and data processing practices) does not apply to the privacy and data processing practices of our Customers.
• User Data: personal data concerning individuals acting on behalf of our Customers in respect of their engagement with Gong, and users of the Platform on behalf of such Customers (e.g., account administrators, users, billing contacts, authorized signatories), as well as the Customer’s business needs and preferences.
• Prospect Data: data relating to visitors of our website (www.gong.io), participants at our events, and any other prospective customer, user or partner (collectively, “Prospects”) who interacts with our Sites or Services.

Specifically, this Privacy Policy describes our practices regarding:

• Data Collection & Processing
• Data Uses
• Data Location
• Data Retention
• Data Disclosure
• Cookies and Data Collection Technologies
• Communications
• Data Security
• Data Subject Rights
• Data Controller/Processor
• Opt‑Out of Sale/Sharing
• Additional Notice & Contact Details

If you are a Customer, User or Prospect, please read this Privacy Policy carefully and make sure that you fully understand it.

Our Services are designed for businesses and are not intended for personal or household use. Accordingly, we treat all personal data covered by this Privacy Policy, including information about any visitors to our Sites, as pertaining to individuals acting as business representatives, rather than in their personal capacity.

You are not legally required to provide us with any personal data. If you do not wish to provide us with your personal data, please do not provide it or use our Services.

1. Data Collection & Processing

“Personal data” or “personal information” means information that identifies, relates to, describes, or could reasonably be linked to an individual. It does not include aggregated or deidentified information.

We may collect or generate the following types of personal data through the Services:

• Usage, login credentials, device and network information (e.g., user agent, IP addresses, device type, OS, session logs, cookies and pixels, session recordings).
• Contact and business details (e.g., name, email, phone, position), communications (e.g., call/video recordings, transcriptions), feedback, billing details, preferences and insights.
• Customer Data provided by our Customers under their instruction and our Data Processing Addendum.

For CCPA purposes, in the last 12 months we may have collected: identifiers; customer records; internet activity; employment-related information; geolocation; commercial information; inferences; audio, electronic, and visual information.

2. Data Uses

We use personal data to:

• Perform our Services and improve user experience (“Performance of Contract”, “Legitimate Interests”).
• Comply with legal and contractual obligations (“Legal Obligation”).
• Support marketing, analytics, security, support, and legitimate business interests.
• Obtain consent where required for specific processing activities.

3. Data Location

We store and process data in the USA, Europe, Israel and other locations. Gong.io Ltd. in Israel is recognized as providing adequate protection by the EU, UK and Switzerland. Gong.io Inc. complies with the EU‑US, UK‑US and Swiss‑US Data Privacy Frameworks.

4. Data Retention

We retain personal data as necessary for business, legal compliance, and dispute resolution. Retention periods depend on data type, sensitivity, purpose and legal requirements.

5. Data Disclosure

We may disclose personal data to:

• Service Providers (e.g., hosting, analytics, billing, security).
• Business partners, resellers, integrators and event sponsors.
• Government or law enforcement when required by law.
• Affiliates and in connection with corporate transactions.

6. Cookies and Data Collection Technologies

We use session and persistent cookies, pixels and similar technologies for functionality, analytics, performance and marketing. You can manage optional cookies via our “Your Privacy Choices” feature or browser settings.

7. Communications

We send service messages (e.g., security, billing) and promotional messages. You may opt out of promotional communications via email at privacy@gong.io or unsubscribe links.

8. Data Security

We implement measures to protect personal data but cannot guarantee complete immunity from risks. See Gong Security.

9. Data Subject Rights

You have rights under GDPR, CCPA, LGPD, FADP, etc.: access, correction, deletion, objection, portability. Submit requests to privacy@gong.io or dpo@gong.io.

10. Data Controller/Processor

Gong is controller of Prospect Data, processor of Customer Data (on behalf of Customers), and both controller and processor of User Data.

11. Opt‑Out of Sale/Sharing

Under CCPA, you may opt out of sale/sharing of personal information via our “Your Privacy Choices” feature or Global Privacy Control.

12. Additional Notice & Contact Details

We may update this policy and will notify you of material changes. For questions or complaints, contact privacy@gong.io or dpo@gong.io.

Last updated: March 2024.