// Trust & Security Report
Gather Presence Inc.
Virtual workspace platform for remote and hybrid teams (video-based virtual office + AI meeting notes)
Certifications held
2
Maturity
Growth
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.gather.town“Compliance SOC 2 Resources View all 2025 - Gather Presence, Inc. SOC 2 Type 2 Report.pdf”
Verify on support.gather.town“Gather enters into a data processing agreement and agrees to comply with certain terms required by the GDPR (e.g., notifying the customer in the event of a data breach)”
> Show 7 unconfirmed / not-held certifications
source: gather.townNo public evidence found on any gather.town domain page. Third-party profile (Nudge Security) lists it, but no vendor-domain confirmation exists.
source: gather.townNo public evidence found on any gather.town domain page. Third-party profile lists it, but no vendor-domain confirmation exists.
source: gather.townNo public evidence found on any gather.town domain page. Third-party profile lists it, but no vendor-domain confirmation exists.
source: trust.gather.townNo public evidence found on any gather.town domain page. Third-party profile lists CSA Star Level 1, but no vendor-domain confirmation exists.
source: trust.gather.townNo public evidence found on any gather.town domain page.
source: trust.gather.townNo public evidence found on any gather.town domain page.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
US (NYC, San Francisco, Northern Virginia, Northern California), Brazil (Sao Paulo), Japan (Tokyo), Germany (Frankfurt), Singapore, India (Mumbai). No EU-only data residency option; Frankfurt is available but not guaranteed.
The AI Transcriptions and Summaries (Beta) support article explicitly states: 'the text will not be used to train AI models.' Users can opt out per-user (Settings > User > AI Features > Meeting Transcriptions and Summaries) or workspace admins can disable it organization-wide. The older privacy policy (help.gather.app) does not specifically address AI training restrictions, but the current AI feature documentation is unambiguous.
// Security controls
Encryption in transit
Yes - confirmed; audio and video are encrypted in transit and not stored by Gather
gather.townEncryption at rest
Yes - confirmed; 'we encrypt data in transit and at rest and have implemented certain data access controls'
gather.townPenetration testing
Yes - conducted by Doyensec (Q1 2024 and Q4 2025 confirmed); summary reports available in trust center
trust.gather.townVulnerability and system monitoring
Yes - listed as a trust center control: 'Vulnerability and system monitoring procedures established'
trust.gather.townBusiness continuity and DR
Yes - BC/DR plan documented and tested; listed as a trust center resource and control
trust.gather.townAccess control
Yes - 'Unique production database authentication enforced', 'Unique account authentication enforced', 'Access control procedures established'
trust.gather.townData Processing Agreement (DPA)
Available; incorporates Standard Contractual Clauses approved by the European Commission. Also references EU-US Data Privacy Framework and UK-US Data Bridge.
support.gather.townData retention
Personal data retained for as long as user account is open; not more than 12 months after account closure
help.gather.app// Products & data scope
data: User identity, audio/video streams (encrypted, not stored), meeting transcripts and summaries (if AI feature enabled), chat messages, workspace configuration. Audio/video is not stored by Gather.
Current platform rebuilt from scratch. Includes AI meeting notes (transcription and summary) feature in beta. Explicitly does not train AI models on customer meeting data. SSO not yet available.
data: Same data types as 2.0 for user identity and audio/video. Users can continue to use existing 1.0 spaces.
Legacy platform still accessible. New 1.0 event spaces can be created. Migration to Gather 2.0 supported. Same SOC 2 Type 2 certification and security posture applies.
// What to watch
- SOC 2 Type 2 is the only certification confirmed on Gather's own domain. A third-party security profiler (Nudge Security) lists ISO 27001, HIPAA, PCI, FedRAMP, and CSA STAR Level 1, but none of these are substantiated on any gather.town, support.gather.town, or trust.gather.town page. Treat those third-party listings as unverified until Gather publishes evidence on their own domain.
- AI training posture: The AI Transcriptions and Summaries beta article explicitly denies using customer conversation data to train AI models. However, the older/legacy privacy policy on help.gather.app does not contain an equivalent explicit prohibition. The current AI feature documentation should be considered the authoritative statement for the AI feature specifically.
- No SSO available for Gather 2.0 at time of assessment. This is a gap for enterprise buyers with SSO requirements.
- The trust center (trust.gather.town) is powered by Vanta. The SOC 2 report listed is for 2025, indicating it is current.
- Data may be processed in the US (a non-EEA country). Gather relies on SCCs and the EU-US Data Privacy Framework for EU/UK transfers. No EU-only data residency commitment found.
- Gather positions itself as US-focused: 'our services are intended for corporate users and are not actively targeted at clients in the UK or EU.' EU/UK customers should negotiate DPA explicitly.
- Guest users (non-members) cannot access or appear in AI transcriptions/summaries, which is a positive privacy design choice.
// At a glance
Pricing model
Free 30-day trial (up to 50 users, all features); paid subscription per seat after trial. Event spaces available as one-time reservation or subscription.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Gather Presence Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.gather.town