Introduction

GGenesis Strategic Solutions LLC ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.ggsso.com (the "Site") and use our services, including strategic consulting, change management, AI transformation advisory, CaliberSuite™ AI executive advisor, Talvori™ SMB operations platform, The Discipline Lab Method™ cohort program, workshops, and the AI Community subscription program.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Site or services.

1. Information We Collect

1.1 Contact Form Data

When you fill out and submit our contact form on the Site, we collect the following information:

This information is voluntarily provided by you and is used to respond to your inquiries, provide information about our services, and facilitate business communications.

1.2 Third-Party Services Data Collection

Google Sheets Integration: Contact form submissions are stored in Google Sheets for our internal records and customer relationship management. Google may collect and process this data according to their privacy policies. Your data is stored securely in our Google Sheets workspace and is only accessed by authorized company personnel.

EmailJS: We use EmailJS to send email notifications for form submissions. EmailJS may collect technical information about your submission. Please review EmailJS's privacy policy at https://www.emailjs.com/legal/privacy-policy/ for more details.

Google Fonts: Our Site uses Google Fonts to display custom typography. When Google Fonts are loaded, Google may collect information about your visit. Learn more at https://policies.google.com/privacy.

1.3 Cookies and Tracking

Our Site does not use cookies for tracking, analytics, or advertising purposes. We do not use cookies to collect personal information about you. However, third-party services we integrate with (such as Google Fonts and EmailJS) may use cookies. You can control cookies through your browser settings.

1.4 Analytics and Monitoring

Our Site uses Google Analytics 4 to collect anonymous usage data and understand how visitors interact with our Site. This helps us improve the user experience and optimize our content. Google Analytics uses cookies to track page views, user engagement, and other metrics. The data collected is aggregated and does not personally identify you. You can opt out of Google Analytics tracking by adjusting your browser settings or by installing the Google Analytics opt-out add-on available at https://tools.google.com/dlpage/gaoptout.

2. How We Use Your Information

We use the information we collect for the following purposes:

We will not use your information for marketing purposes without your explicit consent, except for transactional communications related to services you have requested.

3. Data Security

3.1 Security Measures

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, secure data storage, and restricted access controls. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

3.2 Data Breach Notification

If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will:

For healthcare-related breaches involving Protected Health Information (PHI), we follow the HIPAA Breach Notification Rule (45 CFR Sections 164.400 through 164.414), including:

For the purposes of this section, a "personal data breach" is a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed, consistent with GDPR Article 4(12).

To report a suspected data security incident involving your information, email ggcarrabbia@ggsso.com immediately with the subject line "SECURITY INCIDENT."

4. Artificial Intelligence (AI) Use and Governance

4.1 How We Use AI

GGenesis Strategic Solutions uses artificial intelligence tools to support content creation, product development (including CaliberSuite™ and Talvori™), training development, operational workflows, and marketing communications. We maintain a formal AI Use Policy that governs how AI is deployed across our organization.

4.2 Healthcare Compliance Standards

We hold ourselves to the same compliance standards as regulated healthcare organizations. Our AI governance practices align with HIPAA Privacy and Security Rule requirements, CMS regulatory guidelines, and HHS risk management frameworks. This includes maintaining a Technology Asset Inventory of all AI tools in use, requiring a Business Associate Agreement (BAA) with any third-party AI vendor before any protected health information (PHI) is processed through that vendor on GGenesis's behalf, and following minimum necessary access principles for all data handling. GGenesis does not currently offer or extend BAAs to its customers; CaliberSuite™ does not process PHI and is not a BAA-eligible service.

4.3 Protected Health Information (PHI) Safeguards

We do not use real Protected Health Information (PHI) in our AI systems or training environments. All training scenarios, mock claims, and educational simulations are built using synthetic data. Our staff are trained on HIPAA-compliant data handling practices, and we prohibit the entry of any individually identifiable health information into consumer-grade or non-BAA-covered AI tools.

4.4 AI Transparency and Disclosure

In accordance with applicable federal and state AI disclosure laws, we disclose when content, communications, or training materials have been created or assisted by artificial intelligence. We do not use AI in a manner that implies human authorship where AI was involved, and we do not deploy AI tools that could mislead students, clients, or the public about the nature of the interaction.

4.5 AI Data Processing

When AI tools are used in our operations, we ensure that:

4.6 Compliance Mindset in Training

Our training programs and consulting engagements operate under these same regulatory safeguards. Clients and program participants engage with GGenesis inside a compliance-first environment that reflects the operational discipline healthcare and financial services employers require.

5. Data Retention

We retain your contact form information for as long as necessary to fulfill the purposes for which it was collected, typically for the duration of our business relationship. If you request deletion of your information, we will remove it from our active systems within 30 days, except where we are required to retain it by law.

6. Third-Party Services and Links

Our Site may contain links to third-party websites and services. This Privacy Policy applies only to our Site and services. When you click on links to third-party sites, we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services before providing your information.

7. Your Rights and Choices

7.1 Access and Deletion

You have the right to request access to, or deletion of, any personal information we have collected about you. To exercise these rights, please contact us at ggcarrabbia@ggsso.com with your request.

7.2 California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

To exercise any of these rights, please submit a request to ggcarrabbia@ggsso.com. We will verify your request and respond within 45 days as required by law.

7.3 Email Communications

If you receive marketing or promotional emails from us, you can opt-out by clicking the "unsubscribe" link at the bottom of the email or by contacting us directly.

7.4 European Union and United Kingdom Privacy Rights (GDPR + UK GDPR)

If you are a resident of the European Union, the European Economic Area, Switzerland, or the United Kingdom, the General Data Protection Regulation (GDPR) and the UK GDPR (as supplemented by the UK Data Protection Act 2018) grant you the following rights regarding your personal data:

Children. GDPR sets 16 as the minimum age for consent, subject to member state variation between 13 and 16. We do not knowingly collect personal data from children under 16 in EU/EEA jurisdictions.

Legal basis for processing. We rely on the following GDPR legal bases: consent (Article 6(1)(a)), contract performance (Article 6(1)(b)), legitimate interest (Article 6(1)(f)) for business operations and communications, and legal obligation (Article 6(1)(c)).

International data transfers. Personal data collected from EU, EEA, and UK visitors may be transferred to the United States, where GGenesis Strategic Solutions LLC operates. We rely on the EU-US Data Privacy Framework (DPF) where applicable, and on Standard Contractual Clauses (SCCs) as an alternative or additional safeguard.

Data Protection Point of Contact. GGenesis is not required to designate a formal Data Protection Officer under GDPR Article 37, and this contact should not be construed as one. To exercise the rights above, email ggcarrabbia@ggsso.com with the subject line "GDPR Request." We will respond within 30 days as required by GDPR Article 12(3), with a possible 60-day extension for complex requests as permitted.

Supervisory Authority. If you believe your rights have been infringed, you have the right to lodge a complaint with the data protection authority in your EU member state, or with the UK Information Commissioner's Office (ICO) for UK residents.

8. Children's Privacy

Our Site and services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without parental consent, we will delete such information immediately. If you believe we have collected information from a child under 13, please contact us at ggcarrabbia@ggsso.com.

9. International Users

Our Site and services are based in the United States. If you are accessing our Site from outside the United States, please note that your information will be transferred to, stored in, and processed in the United States, which may have different data protection laws than your country of residence. By using our Site, you consent to this transfer and processing.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by updating the "Last updated" date at the top of this policy. Your continued use of our Site after changes become effective constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

GGenesis Strategic Solutions LLC
Email: ggcarrabbia@ggsso.com
Location: Broussard, Louisiana

We will respond to your inquiry within 10 business days.

12. CaliberSuite™ Platform Provisions

This Section 12 applies specifically to your use of CaliberSuite™, GGenesis Strategic Solutions' AI-enabled executive advisory platform. To the extent of any conflict between this Section 12 and the foregoing sections of this Privacy Policy, this Section 12 controls with respect to CaliberSuite™.

12.1 About CaliberSuite™

CaliberSuite™ is a personal AI advisor for senior HR leaders, delivered as an individual direct subscription. It is built for CHROs, Chief People Officers, VPs of People, and other senior HR leadership roles, and is currently in private beta with a Founding Member program.

12.2 Architectural Privacy Model

CaliberSuite™ is built on a principle of architectural separation: your organization's sensitive data does not enter the platform. The most sensitive context inputs — your organizational context, stakeholder map, and prior conversation history — are persisted in your web browser's local storage, on your own device, under your direct control. GGenesis does not maintain server-side copies of this context data. Clearing your browser's site data for CaliberSuite™ removes your context from your device.

12.3 Third-Party Processors

CaliberSuite™ relies on the following third-party service providers in delivering the platform:

CaliberSuite™ itself is not currently independently SOC 2 or HIPAA certified. The architecture is intentionally designed so that those certifications are not required for individual-only access.

12.4 AI Prompt and Output Handling

Your inputs (prompts) and the advisor's responses (outputs) for a given session are processed for that session only. GGenesis does not store CaliberSuite™ conversation content on GGenesis servers. The advisor's continuity across sessions is provided by reading your context from your browser's local storage at the start of each new session — not by retaining conversation history on GGenesis infrastructure.

12.5 Data Export and Import

You have the right to export your CaliberSuite™ context as a portable backup file at any time, and to import that file back into the platform later. This functionality is provided so that you may save a copy of your context before clearing browser data, restore your context when you change devices, or maintain a portable record under your direct control.

12.6 Subscriber Administrative Data

For paying subscribers, certain administrative data — including your account information, billing details, subscription status, and platform access logs — is collected and handled exclusively by GGenesis Strategic Solutions LLC for operational and billing purposes. This administrative data does not include your CaliberSuite™ session content, your conversations with the advisor, or any context data persisted on your device.

12.7 Availability and Tiers

CaliberSuite™ is currently delivered as individual access only. GGenesis does not currently offer team or enterprise deployment of CaliberSuite™. When team or enterprise deployment becomes available, it will be subject to the relevant compliance certifications (including, where applicable, SOC 2 Type II and HIPAA Business Associate Agreement availability) and to a separate set of terms specific to that deployment tier.

12.8 Onboarding Consent

Before first use of the CaliberSuite™ platform, you will be presented with an onboarding consent screen that defines what categories of data are appropriate to provide and what categories must not be provided (including PHI, PII of employees, MNPI, and other regulated data). Your acknowledgment of this consent screen is recorded with a timestamp and the version of the consent language displayed.

Effective Date: This Privacy Policy is effective as of May 18, 2026, and applies to all information collected through our Site and services.