Security at Gather

Create a secure virtual space where your team can confidently hold private conversations, interact with guests, and create a great work environment.

Hold private conversations

Gather makes it easy to create areas for private conversations, with additional tools to always ensure you’re talking with the right people.

Lock meeting areas

Restrict access to Private Areas in your space and require permission to enter. This prevents people from walking in on important conversations.

Control access with password doors

Require a password before someone enters a certain area in your space. This can help restrict guest access or limit the digital foot traffic.

Chat history disappears

When all users leave a private area, the chat history will be erased so the next group won’t see your notes.

Waiting rooms for guests

External guests won’t be able to join a meeting in Gather until a Member of your space is in the area first.

Control who's in your space

Easily keep track of Members, Guests, and the permissions of each person in your office. You can also Mute, Block, or Ban someone if needed.

Password protect your domain

Require users to enter a password before accessing your space.

SSO

Bring secure authentication to your Gather space with single sign-on.

Guest management tools

Non-members of your space will be labeled as a “Guest” and you can mute, remove, or block them if needed.

Permissions

Control who has access to certain features, including the option to place objects. Learn more about user permissions here.

Frequently asked questions

Is Gather SOC 2 certified?

Yes, Gather is SOC 2 Type II certified. To request a copy of our report, please visit our Trust Center.

Where are your servers located?

We have servers in the United States (NYC, San Francisco, Northern Virginia, Northern California), Brazil (Sao Paulo), Japan (Tokyo), Germany (Frankfurt), Singapore, and India (Mumbai).

Do you support SSO?

Yes. We currently support SP and IdP initiated SAML SSO. Contact us to learn more.

Can I read your data and security policies?

You bet! Follow these links to read our Data Processing Agreement, Privacy Policy, and Terms of Service.

Do you comply with GDPR?

Gather is a US company and most of our processing of personal data does not fall directly within the territorial scope of the UK or EU GDPR.

Our services are intended for corporate users and are not actively targeted at clients in the UK or EU. We therefore do not process personal data in connection with the offer of goods and services to data subjects in the UK or EU.

We do, however, use advertising cookies and similar technologies on our marketing website, which would involve monitoring the behaviour of individuals in the UK or EU. When we process personal data in this way, we are subject to GDPR and are implementing measures to comply (including updating our cookie consent mechanism and transparency notice to meet the requirements of the GDPR).
The GDPR indirectly applies to Gather where Gather’s customers are subject to the GDPR and Gather acts as a “data processor”. Where this is the case, Gather enters into a data processing agreement and agrees to comply with certain terms required by the GDPR (e.g., notifying the customer in the event of a data breach, notifying the customer in the event of an individual rights request etc).

If you are a US company, can European and UK companies use your platform?

Yes. If your processing of personal data is subject to the GDPR, you will need to enter into our Data Processing Agreement, which incorporates standard contractual clauses approved by the European Commission for transfers of personal data to third countries.

Although the European Court of Justice has previously called into question the legitimacy of transfers of personal data to recipients in the US, the European Commission's adequacy decision in relation to the EU-U.S. Data Privacy Framework has acknowledged that the measures taken by the US under Executive Order 14086 adequately address the risks flagged in the CJEU's decision in Schrems II. The relevant restrictions in EO 14086 on the collection of data by national security authorities in the US apply to all data originating in the EU, regardless of whether the US recipient is certified under the DPF or not.
The same applies to data originating in the UK, following the UK Secretary of State's approval of the UK-U.S. Data Bridge.

What do you do to comply with the Standard Contractual Clauses?

Gather has included the SCCs as part of its data processing agreement. In addition, Gather has implemented a number of technical and organizational security measures to help safeguard personal data transferred to us from the EU/UK. For example, we encrypt data in transit and at rest and have implemented certain data access controls. We have also completed a transfer impact assessment which evaluates the potential risks associated with cross border data transfers.

Build a culture your remote team loves