// Trust & Security Report

    Gamma Tech, Inc. logo

    Gamma Tech, Inc.

    AI-powered presentation, website, and document creation platform

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Compliance: SOC 2 Type II [Gamma Trust Center compliance row]; Resources: 'SOC 2 Type II Report (2025)' and 'Penetration Test (2025)' listed as downloadable documents.

    Verify on trust.gamma.app
    GDPR (DPA available)
    HELD

    Gamma Tech, Inc. Data Processing Addendum (published at gamma.app/dpa) incorporates the EU Standard Contractual Clauses approved by the European Commission under Implementing Decision (EU) 2021/914, and the UK Transfer Addendum, for EU GDPR and UK Restricted Transfers. GDPR is not listed as a certification chip on the Vanta-powered trust center; the DPA is the governing GDPR document.

    Verify on gamma.app
    > Show 9 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence on gamma.app or trust.gamma.app. An ISO 27001 cert exists for Gamma Communications plc (gammagroup.co), a separate UK telecom company sharing the Gamma name -- that cert does not apply to Gamma Tech, Inc.

    source: trust.gamma.app
    HIPAA
    NOT CONFIRMED

    No HIPAA BAA offered. Per vendor DPA, customers are prohibited from submitting protected health information subject to HIPAA. No BAA or HIPAA compliance documentation found on gamma.app or trust.gamma.app.

    source: gamma.app
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS compliance on gamma.app or trust.gamma.app.

    source: trust.gamma.app
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP authorization on gamma.app or trust.gamma.app.

    source: trust.gamma.app
    ISO 27017
    NOT CONFIRMED

    No public evidence of ISO 27017 certification on gamma.app or trust.gamma.app.

    source: trust.gamma.app
    ISO 27018
    NOT CONFIRMED

    No public evidence of ISO 27018 certification on gamma.app or trust.gamma.app.

    source: trust.gamma.app
    ISO 27701
    NOT CONFIRMED

    No public evidence of ISO 27701 certification on gamma.app or trust.gamma.app.

    source: trust.gamma.app
    ISO/IEC 42001 (AI Management System)
    NOT CONFIRMED

    No public evidence of ISO/IEC 42001 certification on gamma.app or trust.gamma.app.

    source: trust.gamma.app
    CSA STAR
    NOT CONFIRMED

    No public evidence of CSA STAR registration or certification on gamma.app or trust.gamma.app.

    source: trust.gamma.app

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    United States (Gamma Tech, Inc., San Francisco CA 94114); Standard Contractual Clauses (SCCs) available via DPA for EU cross-border transfers; no EU data residency option currently available

    Tier-dependent. Free, Plus, Pro, and Ultra (individual workspaces): data is used to train Gamma AI features by default; users may opt out at any time via account settings. Per terms of service: 'if your plan does not include privacy controls for AI training or if you do not have such privacy controls for AI training turned on, you agree that Gamma may use your content to train, improve and refine their models, machine learning systems, products and services.' Team and Business workspaces: automatically and permanently excluded from AI training; setting is locked and cannot be changed. Per help center: 'data is automatically excluded from being used for training' and 'Your data will never be used to train Gamma AI features.' Sources: help.gamma.app/en/articles/12281928, gamma.app/terms.

    // Security controls

    Encryption in transit

    HTTPS / TLS enforced; help center states: 'All requests and interactions with Gamma are encrypted using HTTPS and secure communication protocols'

    help.gamma.app

    Encryption at rest

    AES-256 (self-attested in third-party review sources); trust center controls list 'Data encryption utilized' under Product security

    trust.gamma.app

    Penetration testing

    Annual external penetration test; trust center Resources lists 'Penetration Test (2025)' as available report

    trust.gamma.app

    Infrastructure security controls

    Trust center lists: 'Unique production database authentication enforced', 'Encryption key access restricted', 'Unique account authentication enforced', plus 17 additional infrastructure security controls

    trust.gamma.app

    Business continuity

    Trust center lists: 'Continuity and Disaster Recovery plans established', 'Continuity and Disaster Recovery plans tested', 'Cybersecurity insurance maintained'

    trust.gamma.app

    SSO / Authentication

    Single Sign-On (SSO) available on Business plan; supports Okta, Google Workspace, Microsoft Entra ID, and OneLogin; not available on Free, Plus, Pro, Ultra, or Team plans

    help.gamma.app

    Data deletion

    Trust center states: 'Customer data deleted upon leaving'; permanent account deletion removes all content and data

    trust.gamma.app

    Sub-processors

    Sub-processor list published at gamma.app/subprocessors; AI inference sub-processors include OpenAI, Anthropic, and Google

    gamma.app

    Data retention

    Trust center states: 'Data retention procedures established'; 'Data classification policy established'

    trust.gamma.app

    // Products & data scope

    Gamma FreeAI presentation and content creation (individual)

    data: User-generated content (presentations, websites, documents, graphics); usage analytics; 400 non-renewing AI credits

    AI training enabled by default; opt-out available via account settings. No SSO. No DPA. No SOC 2 documentation access.

    Gamma Plus / Pro / UltraAI presentation and content creation (individual, paid)

    data: User-generated content plus analytics; custom branding and domain features on Pro/Ultra

    AI training enabled by default; opt-out available. No SSO. No DPA. API access on Pro tier.

    Gamma TeamAI creation platform (small teams, 2+ seats)

    data: User-generated content plus workspace collaboration data; shared folders

    AI training excluded and locked (cannot be re-enabled). No SSO. Admin controls and centralized billing included.

    Gamma BusinessAI creation platform (enterprise teams, 10+ seats)

    data: User-generated content plus workspace collaboration data; governed by DPA on request

    AI training excluded and locked. SSO available. SOC 2 Type II report available on request (under NDA). DPA available. Minimum 10 seats at $480/seat/yr.

    Gamma APIProgrammatic AI content creation (developer / B2B integration)

    data: Content submitted programmatically via API; governed by developer/API terms

    Available on Pro plan and above. AI training terms follow the underlying workspace plan or API contract.

    // What to watch

    • AI TRAINING SPLIT: Free, Plus, Pro, and Ultra individual plans train on customer content by default -- opt-out is available but not the default. Team and Business workspaces never train (locked setting). Organizations on paid individual plans must actively opt out.
    • SOC 2 REPORT GATED: SOC 2 Type II report (2025) is available only upon request to Business and enterprise prospects -- not publicly downloadable. Free and individual plan users cannot access it.
    • NO HIPAA: DPA prohibits PHI. No Business Associate Agreement offered. Not suitable for healthcare or regulated health data workloads.
    • NO ISO 27001: Gamma Tech, Inc. (gamma.app) does not hold ISO 27001. Note: the unrelated UK company Gamma Communications plc (gammagroup.co) does hold ISO 27001 -- these are different entities; do not conflate.
    • US DATA ONLY: All data processed in the United States. No EU data residency option. EU customers rely on SCCs in the DPA for lawful cross-border transfers.
    • NO FEDRAMP / NO CSA STAR / NO ISO 42001: No evidence of FedRAMP, CSA STAR, or ISO/IEC 42001 on any vendor-domain page.
    • TRUST CENTER IS JS-RENDERED: trust.gamma.app is powered by Vanta and requires JavaScript to render full content; the evidence scrape captured the compliance section and controls summary but not every sub-page.
    • OVER-CLAIM RISK: Third-party marketing sites sometimes attribute the SOC 2 or ISO certs of Gamma Communications plc (the UK telecom) to Gamma Tech, Inc. (the AI tool). Verify directly at trust.gamma.app before citing.
    • ENTERPRISE TIER: For 100+ seat deployments, Gamma moves to custom enterprise contracts; additional security commitments (audit logs, dedicated CSM, SLAs) may be negotiable but are not publicly documented.

    // At a glance

    Pricing model

    Freemium: Free ($0), Plus (~$8-9/seat/mo billed annually), Pro (~$15-18/seat/mo), Ultra (~$90/seat/mo), Team ($240/seat/yr, 2-seat min), Business ($480/seat/yr, 10-seat min); 100+ seat custom enterprise contracts available

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Gamma Tech, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.gamma.app

    > Browse all vendor trust reports