01Trust Score

Gemini

Week 2026-W17 · 26 Apr 2026 Vendor-Neutral
75 /100 Mostly Positive
↑ 42 vs 2026-W16
4.0/5 (4028)
↓ PDF Report
AUDITOR SUMMARY
Strength: Gemini offers cutting-edge multimodal AI capabilities and is backed by Google's robust infrastructure, providing advanced reasoning and content generation.
Trust Score 75/100 CONDITIONAL
Est. Annual Cost $170,000/year for 100 users (estimated) 100 users / yr
Top Risk MED Reliability Overall: High
Priority Action AI Training Data Policy Not Explicitly Disclosed in ToS ↓ PDF  · TCO  · Hardening

Enterprise Verdict

! Conditional Approval
Risk: High 50 sources
Key Strength

Detailed community analysis available in report body

Priority Action

AI Training Data Policy Not Explicitly Disclosed in ToS

This report updates every week. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
02Top Risks

Risk Assessment

Seven-category enterprise risk analysis derived from community and vendor signals. Each card shows the evidence tier and the underlying finding.

Medium Reliability Community Data

Vendor viability score: 95/100. No community-reported outages or reliability incidents found in recent data.

Medium Cost Predictability Community Data

Vendor financial stability score: 95/100. Total funding raised: unknown. Enterprises should negotiate fixed-rate contracts and monitor pricing changes.

High Vendor Lock-in Community Data

Data export status unclear. Integration score: 0/100. Webhooks available, reducing lock-in risk.

Source
Medium Data Privacy Community Data

Compliance score: 94/100. GDPR: dpa_available. Encryption at rest: yes.

Low Compliance Posture Community Data

SOC 2: type_ii. ISO 27001: certified. Overall compliance score: 94/100.

Medium AI Transparency Verified

No training on user data detected. Code ownership terms unclear. Legal/ToS risk score: 65/100.

Source
Verified — Confirmed by vendor documentation Community — Derived from community reports

Due Diligence Alerts

Priority reviews, recommended inquiries, and verified strengths — based on 108+ community data points

Recommended Inquiry Critical AI Training Data Policy Not Explicitly Disclosed in ToS

The vendor's public documentation does not explicitly state whether customer data is excluded from model training. Per enterprise security policy, this must be treated as implicit consent unless a written opt-out DPA is provided.

Sources: Web Community Evidence
Recommended Inquiry High Lack of Core Enterprise Security Features

Absence of SSO providers, API key rotation, and audit logs creates significant security and compliance gaps for enterprise deployment, requiring manual compensating controls.

Sources: Web Community Evidence ×3
Recommended Inquiry High Undisclosed Data Lifecycle and Export Terms

The policy buyers may want to verify availability of specific retention timeframes and automated deletion commitments, and data export terms are opaque, posing a compliance risk for GDPR/CCPA regulated entities.

Sources: Web Community Evidence ×2
Recommended Inquiry High Unpatched Medium Severity Vulnerability in Vertex Gemini API

CVE-2024-12236 indicates potential data exfiltration for VPC-SC users in the Vertex Gemini API, despite Google implementing a fix to return an 'error message'. The CVE status remains 'unpatched'.

Sources: Web Community Evidence
03Security & Compliance

Security & Compliance

SOC 2 ✓ Certified
ISO 27001 ✓ Certified
GDPR ✓ DPA
HIPAA ✓ BAA

Data Security

Encryption (At Rest): AES-256
Encryption (In Transit): TLS 1.3

Security Features

Audit Logs

IT Hardening Guide

Critical Settings

API Key Management
medium Implement a robust internal process for API key rotation and secure storage, as automated rotation is not supported by the vendor.
Access Control
medium Enforce access to Gemini APIs and applications via Identity Provider (IdP) controls, as native SSO is not available. Restrict access to authorized personnel only.
Data Input Sanitization
medium Implement strict input sanitization and validation for all data fed into Gemini models to mitigate prompt injection and data leakage risks.
Output Validation
medium Establish human-in-the-loop review for critical AI-generated outputs to verify accuracy, safety, and compliance, especially given community reports of inconsistencies and safety filter issues.

Deployment Checklist

Last verified: 10 May 2026

Enterprise Contract Intelligence

DPA availability, data residency, and contract risk signals for procurement teams

📄 Data Processing Agreement Not Public

A specific Data Processing Addendum (DPA) for Gemini AI is not publicly available. Procurement teams must request a signed DPA directly from Google DeepMind before contract execution to ensure compliance with data protection regulations.

🌐 Data Residency Vendor-Controlled
Default: US (Google Cloud Platform)

Data residency options for Gemini AI are not publicly documented. While Google Cloud Platform offers global regions, the default data location for Gemini is likely within the US. The absence of customer-controlled data residency options and explicit EU hosting availability is a procurement blocker for EU-based or regulated customers, requiring specific contractual agreements.

⚠️ Contract Risk High Lock-in (75/100)
Data export on exit: No ⚠
⚠ 5 contract risk flags — click to review
⚠ Vendor right to use submitted content for training without explicit opt-out
⚠ Unclear IP Ownership for Generated Outputs
⚠ No Data Portability Guarantee on Exit
⚠ Opaque Data Retention and Deletion Policies
⚠ Undisclosed Indemnification and Liability Caps

The contract risk for Gemini is high due to numerous undisclosed or unfavorable terms. The lack of explicit IP ownership, data training opt-out, and data portability guarantees creates significant vendor lock-in and legal exposure. Undisclosed indemnification and liability caps further increase unquantified risks. Procurement must negotiate a custom DPA addressing these critical points.

New risk signals detected weekly. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
04Community Signals

Community Evidence

Sentiment analysis and recurring issues from developer & enterprise community signals this week.

Recurring Issues

feat(gtm): add Gemini channel outreach exports 🟠 Community 3 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 3 comments.

Sources: GitHub
Fix/5315 agent engine sandbox code executor gemini 2.x incompatibility 🟠 Community 3 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 3 comments.

Sources: GitHub
chore(deps): bump google-github-actions/run-gemini-cli from 0.1.21 to 0.1.22 in the actions-dependencies group across 1 🟠 Community 3 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 3 comments.

Sources: GitHub
codex + gemini: /health/ready route missing — coverage gap from cycle-1 #1608 🟠 Community 3 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 3 comments.

Sources: GitHub
Rapunzel: Tree style tabs for codex, Claude Code and Gemini 🟠 Community low → Stable

Enterprise Impact: Discussed on Hacker News.

Sources: HN
Amateur armed with ChatGPT solves an Erdős problem 🟠 Community low → Stable

Enterprise Impact: Discussed on Hacker News.

Sources: HN

Source Highlights This Week

Specific signals from GitHub, Hacker News, and Reddit — what the community is actually saying

👀

Analysis Pending

Community signals collected this week. Analysis and synthesis will be available in the next report update.

🔗 GitHub Issues & PRs
feat(gtm): add Gemini channel outreach exports
3 comments Discussion 3 comments — high community engagement
Fix/5315 agent engine sandbox code executor gemini 2.x incompatibility
3 comments Bug 3 comments — high community engagement
chore(deps): bump google-github-actions/run-gemini-cli from 0.1.21 to 0.1.22 in the actions-dependencies group across 1 directory
3 comments Bug 3 comments — high community engagement
🔥 Hacker News
Rapunzel: Tree style tabs for codex, Claude Code and Gemini
Story Score 0 — active HN discussion
Amateur armed with ChatGPT solves an Erdős problem
Story Score 0 — active HN discussion
Show HN: I replaced a memory app with two Markdown files and a Git repo
Story Score 0 — active HN discussion
💬 Reddit
Security hold going on three months
r/Gemini
"There was a hold after everything cleared deposits. It showed under cash, but not under crypto which is why i deposited " Gemini showing me its internal thought processes and guidelines unprovoked to do so??
r/Gemini
"wrong sub zawg you're looking for r/GoogleGemini" Difference between Crypto Debit Card and Crypto Credit Card
r/Gemini
"If someone doesn't know the difference , they have no business getting a credit card"
05Financial Impact

Financial Impact Panel

Cost intelligence and pricing signals for enterprise procurement decisions

Pricing Tiers

Free

$0
1 user
  • Basic AI features
  • Limited usage

Pro

$19.99 (estimated)
1 user
  • Enhanced AI features
  • Larger context window
  • Faster models

Ultra

$39.99 (estimated)
1 user
  • Most advanced models
  • Specialized reasoning modes
  • Deep Think mode

Enterprise

Contact Sales
Custom
  • Custom pricing on request
  • Dedicated support
  • VPC-SC compatibility

Pricing Observations

Public pricing for Gemini is primarily consumer-focused or bundled with Google One subscriptions. Enterprise pricing is 'Contact Sales', indicating a lack of transparency and potential for variable costs. cost factors that may not be immediately visible in initial pricing may include API overage charges, data egress fees, and additional costs for dedicated instances or higher-tier models like Deep Think. The absence of clear usage-based pricing for enterprise tiers makes cost predictability challenging.

Pricing data from public sources — enterprise rates differ. Verify with vendor.

TCO Calculator

Calculate the real monthly cost for your team. Adjust seats, usage, and pricing tier below.

Estimated Monthly Cost

Base Subscription $0
AI Credits / Tokens $0
Hidden Costs (onboarding, overages, support) $0
Total Monthly TCO $0
Per User / Month $0
Annual Projection $0

Swanum Independent Estimate (100 users)

Base subscription (monthly × 12) $10000 × 12
Implementation $20000
Training $10000
Integration $20000
Total Annual TCO $170,000/year for 100 users (estimated)

Base $10,000/mo × 12 = $120,000 + Implementation $20,000 + Training $10,000 + Integration $20,000 = $170,000 total (Reported total: Not publicly available for enterprise). This estimate assumes an enterprise-level per-user cost of $100/month for 100 users, plus one-time implementation, training, and integration costs. Actual costs will vary based on negotiated enterprise agreements and specific usage patterns.

Don't evaluate blind next quarter. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
Learn more about our Audit Methodology →

Independent analysis — signals aggregated from GitHub, Reddit, HN, Stack Overflow, Twitter/X, G2 & Capterra. Not affiliated with any vendor. Corrections?

© 2026 Swanum. All rights reserved. This report is provided “as is” for informational purposes only. It does not constitute legal, financial, or technical advice. Community-sourced data may contain inaccuracies. Reproduction or redistribution requires written permission. Vendors seeking corrections may contact us.

Download PDF Report

Create a free account to download the full enterprise audit PDF.

Sign up — it's free →

Already have an account? Log in