// Trust & Security Report
Gamma Tech, Inc.
AI-powered presentation, website, and document creation platform
Certifications held
2
Maturity
Growth
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.gamma.app“Compliance: SOC 2 Type II [Gamma Trust Center compliance row]; Resources: 'SOC 2 Type II Report (2025)' and 'Penetration Test (2025)' listed as downloadable documents.”
Verify on gamma.app“Gamma Tech, Inc. Data Processing Addendum (published at gamma.app/dpa) incorporates the EU Standard Contractual Clauses approved by the European Commission under Implementing Decision (EU) 2021/914, and the UK Transfer Addendum, for EU GDPR and UK Restricted Transfers. GDPR is not listed as a certification chip on the Vanta-powered trust center; the DPA is the governing GDPR document.”
> Show 9 unconfirmed / not-held certifications
source: trust.gamma.appNo public evidence on gamma.app or trust.gamma.app. An ISO 27001 cert exists for Gamma Communications plc (gammagroup.co), a separate UK telecom company sharing the Gamma name -- that cert does not apply to Gamma Tech, Inc.
source: gamma.appNo HIPAA BAA offered. Per vendor DPA, customers are prohibited from submitting protected health information subject to HIPAA. No BAA or HIPAA compliance documentation found on gamma.app or trust.gamma.app.
source: trust.gamma.appNo public evidence of PCI DSS compliance on gamma.app or trust.gamma.app.
source: trust.gamma.appNo public evidence of FedRAMP authorization on gamma.app or trust.gamma.app.
source: trust.gamma.appNo public evidence of ISO 27017 certification on gamma.app or trust.gamma.app.
source: trust.gamma.appNo public evidence of ISO 27018 certification on gamma.app or trust.gamma.app.
source: trust.gamma.appNo public evidence of ISO 27701 certification on gamma.app or trust.gamma.app.
source: trust.gamma.appNo public evidence of ISO/IEC 42001 certification on gamma.app or trust.gamma.app.
source: trust.gamma.appNo public evidence of CSA STAR registration or certification on gamma.app or trust.gamma.app.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
United States (Gamma Tech, Inc., San Francisco CA 94114); Standard Contractual Clauses (SCCs) available via DPA for EU cross-border transfers; no EU data residency option currently available
Tier-dependent. Free, Plus, Pro, and Ultra (individual workspaces): data is used to train Gamma AI features by default; users may opt out at any time via account settings. Per terms of service: 'if your plan does not include privacy controls for AI training or if you do not have such privacy controls for AI training turned on, you agree that Gamma may use your content to train, improve and refine their models, machine learning systems, products and services.' Team and Business workspaces: automatically and permanently excluded from AI training; setting is locked and cannot be changed. Per help center: 'data is automatically excluded from being used for training' and 'Your data will never be used to train Gamma AI features.' Sources: help.gamma.app/en/articles/12281928, gamma.app/terms.
// Security controls
Encryption in transit
HTTPS / TLS enforced; help center states: 'All requests and interactions with Gamma are encrypted using HTTPS and secure communication protocols'
help.gamma.appEncryption at rest
AES-256 (self-attested in third-party review sources); trust center controls list 'Data encryption utilized' under Product security
trust.gamma.appPenetration testing
Annual external penetration test; trust center Resources lists 'Penetration Test (2025)' as available report
trust.gamma.appInfrastructure security controls
Trust center lists: 'Unique production database authentication enforced', 'Encryption key access restricted', 'Unique account authentication enforced', plus 17 additional infrastructure security controls
trust.gamma.appBusiness continuity
Trust center lists: 'Continuity and Disaster Recovery plans established', 'Continuity and Disaster Recovery plans tested', 'Cybersecurity insurance maintained'
trust.gamma.appSSO / Authentication
Single Sign-On (SSO) available on Business plan; supports Okta, Google Workspace, Microsoft Entra ID, and OneLogin; not available on Free, Plus, Pro, Ultra, or Team plans
help.gamma.appData deletion
Trust center states: 'Customer data deleted upon leaving'; permanent account deletion removes all content and data
trust.gamma.appSub-processors
Sub-processor list published at gamma.app/subprocessors; AI inference sub-processors include OpenAI, Anthropic, and Google
gamma.appData retention
Trust center states: 'Data retention procedures established'; 'Data classification policy established'
trust.gamma.app// Products & data scope
data: User-generated content (presentations, websites, documents, graphics); usage analytics; 400 non-renewing AI credits
AI training enabled by default; opt-out available via account settings. No SSO. No DPA. No SOC 2 documentation access.
data: User-generated content plus analytics; custom branding and domain features on Pro/Ultra
AI training enabled by default; opt-out available. No SSO. No DPA. API access on Pro tier.
data: User-generated content plus workspace collaboration data; shared folders
AI training excluded and locked (cannot be re-enabled). No SSO. Admin controls and centralized billing included.
data: User-generated content plus workspace collaboration data; governed by DPA on request
AI training excluded and locked. SSO available. SOC 2 Type II report available on request (under NDA). DPA available. Minimum 10 seats at $480/seat/yr.
data: Content submitted programmatically via API; governed by developer/API terms
Available on Pro plan and above. AI training terms follow the underlying workspace plan or API contract.
// What to watch
- AI TRAINING SPLIT: Free, Plus, Pro, and Ultra individual plans train on customer content by default -- opt-out is available but not the default. Team and Business workspaces never train (locked setting). Organizations on paid individual plans must actively opt out.
- SOC 2 REPORT GATED: SOC 2 Type II report (2025) is available only upon request to Business and enterprise prospects -- not publicly downloadable. Free and individual plan users cannot access it.
- NO HIPAA: DPA prohibits PHI. No Business Associate Agreement offered. Not suitable for healthcare or regulated health data workloads.
- NO ISO 27001: Gamma Tech, Inc. (gamma.app) does not hold ISO 27001. Note: the unrelated UK company Gamma Communications plc (gammagroup.co) does hold ISO 27001 -- these are different entities; do not conflate.
- US DATA ONLY: All data processed in the United States. No EU data residency option. EU customers rely on SCCs in the DPA for lawful cross-border transfers.
- NO FEDRAMP / NO CSA STAR / NO ISO 42001: No evidence of FedRAMP, CSA STAR, or ISO/IEC 42001 on any vendor-domain page.
- TRUST CENTER IS JS-RENDERED: trust.gamma.app is powered by Vanta and requires JavaScript to render full content; the evidence scrape captured the compliance section and controls summary but not every sub-page.
- OVER-CLAIM RISK: Third-party marketing sites sometimes attribute the SOC 2 or ISO certs of Gamma Communications plc (the UK telecom) to Gamma Tech, Inc. (the AI tool). Verify directly at trust.gamma.app before citing.
- ENTERPRISE TIER: For 100+ seat deployments, Gamma moves to custom enterprise contracts; additional security commitments (audit logs, dedicated CSM, SLAs) may be negotiable but are not publicly documented.
// At a glance
Pricing model
Freemium: Free ($0), Plus (~$8-9/seat/mo billed annually), Pro (~$15-18/seat/mo), Ultra (~$90/seat/mo), Team ($240/seat/yr, 2-seat min), Business ($480/seat/yr, 10-seat min); 100+ seat custom enterprise contracts available
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Gamma Tech, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.gamma.app