Privacy Policy
Last updated: July 12, 2026
Introduction
GGenesis Strategic Solutions LLC ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.ggsso.com (the "Site") and use our services, including strategic consulting, change management, AI transformation advisory, CaliberSuite™ AI executive advisor, Talvori™ SMB operations platform, The Discipline Lab Method™ cohort program, workshops, and the AI Community subscription program.
Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Site or services.
1. Information We Collect
1.1 Contact Form Data
When you fill out and submit our contact form on the Site, we collect the following information:
- Full name
- Email address
- Company name
- Message content
This information is voluntarily provided by you and is used to respond to your inquiries, provide information about our services, and facilitate business communications.
1.2 Third-Party Services Data Collection
Google Sheets Integration: Contact form submissions are stored in Google Sheets for our internal records and customer relationship management. Google may collect and process this data according to their privacy policies. Your data is stored securely in our Google Sheets workspace and is only accessed by authorized company personnel.
EmailJS: We use EmailJS to send email notifications for form submissions. EmailJS may collect technical information about your submission. Please review EmailJS's privacy policy at https://www.emailjs.com/legal/privacy-policy/ for more details.
Google Fonts: Our Site uses Google Fonts to display custom typography. When Google Fonts are loaded, Google may collect information about your visit. Learn more at https://policies.google.com/privacy.
1.3 Cookies and Tracking
Our Site does not use cookies for tracking, analytics, or advertising purposes. We do not use cookies to collect personal information about you. However, third-party services we integrate with (such as Google Fonts and EmailJS) may use cookies. You can control cookies through your browser settings.
1.4 Analytics and Monitoring
Our Site uses Google Analytics 4 to collect anonymous usage data and understand how visitors interact with our Site. This helps us improve the user experience and optimize our content. Google Analytics uses cookies to track page views, user engagement, and other metrics. The data collected is aggregated and does not personally identify you. You can opt out of Google Analytics tracking by adjusting your browser settings or by installing the Google Analytics opt-out add-on available at https://tools.google.com/dlpage/gaoptout.
2. How We Use Your Information
We use the information we collect for the following purposes:
- To respond to your inquiries and provide customer service
- To deliver consulting, training, and subscription services you request
- To send you service-related announcements and updates
- To improve our Site, services, and customer experience
- To comply with legal obligations and enforce our terms
- To detect, prevent, and address fraud and security issues
We will not use your information for marketing purposes without your explicit consent, except for transactional communications related to services you have requested.
3. Data Security
3.1 Security Measures
We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, secure data storage, and restricted access controls. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
3.2 Data Breach Notification
If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will:
- Notify affected users without undue delay, and within 72 hours of becoming aware of the breach where feasible, as required by GDPR Article 33 for EU/UK residents.
- Notify affected users in accordance with applicable US state breach notification laws, including:
- Louisiana Database Security Breach Notification Law (LSA-R.S. 51:3071 through 51:3077), including notification to the Louisiana Attorney General for breaches affecting 250 or more Louisiana residents.
- California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including California Civil Code Section 1798.82 for private-sector notification requirements.
- Comparable statutes in other states that impose notification requirements based on the residency of affected individuals.
- Notify the appropriate supervisory authority (EU Data Protection Authority, state Attorneys General including Louisiana AG, and any other authority as required by applicable law).
- Provide affected users with a description of the nature of the breach, the categories and approximate number of records affected, the likely consequences, and the measures we have taken or propose to take to address the breach, along with recommended steps you can take to protect yourself (such as credit monitoring or a credit freeze).
For healthcare-related breaches involving Protected Health Information (PHI), we follow the HIPAA Breach Notification Rule (45 CFR Sections 164.400 through 164.414), including:
- Notification to affected individuals within 60 days of discovery
- Notification to the U.S. Department of Health and Human Services Office for Civil Rights within 60 days for breaches affecting 500 or more individuals
- Notification to prominent media outlets in the state or jurisdiction where the breach occurred, if the breach affects 500 or more individuals
For the purposes of this section, a "personal data breach" is a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed, consistent with GDPR Article 4(12).
To report a suspected data security incident involving your information, email ggcarrabbia@ggsso.com immediately with the subject line "SECURITY INCIDENT."
4. Artificial Intelligence (AI) Use and Governance
4.1 How We Use AI
GGenesis Strategic Solutions uses artificial intelligence tools to support content creation, product development (including CaliberSuite™ and Talvori™), training development, operational workflows, and marketing communications. We maintain a formal AI Use Policy that governs how AI is deployed across our organization.
4.2 Healthcare Compliance Standards
We hold ourselves to the same compliance standards as regulated healthcare organizations. Our AI governance practices align with HIPAA Privacy and Security Rule requirements, CMS regulatory guidelines, and HHS risk management frameworks. This includes maintaining a Technology Asset Inventory of all AI tools in use, requiring a Business Associate Agreement (BAA) with any third-party AI vendor before any protected health information (PHI) is processed through that vendor on GGenesis's behalf, and following minimum necessary access principles for all data handling. GGenesis does not currently offer or extend BAAs to its customers; CaliberSuite™ does not process PHI and is not a BAA-eligible service.
4.3 Protected Health Information (PHI) Safeguards
We do not use real Protected Health Information (PHI) in our AI systems or training environments. All training scenarios, mock claims, and educational simulations are built using synthetic data. Our staff are trained on HIPAA-compliant data handling practices, and we prohibit the entry of any individually identifiable health information into consumer-grade or non-BAA-covered AI tools.
4.4 AI Transparency and Disclosure
In accordance with applicable federal and state AI disclosure laws, we disclose when content, communications, or training materials have been created or assisted by artificial intelligence. We do not use AI in a manner that implies human authorship where AI was involved, and we do not deploy AI tools that could mislead students, clients, or the public about the nature of the interaction.
4.5 AI Data Processing
When AI tools are used in our operations, we ensure that:
- No personally identifiable information (PII) or PHI is used to train third-party AI models
- All AI-generated outputs involving healthcare information are reviewed by qualified personnel before publication or distribution
- AI vendor relationships are governed by contractual agreements that include data protection, breach notification, and data deletion provisions
- We conduct regular audits of AI tool usage and maintain compliance logs
4.6 Compliance Mindset in Training
Our training programs and consulting engagements operate under these same regulatory safeguards. Clients and program participants engage with GGenesis inside a compliance-first environment that reflects the operational discipline healthcare and financial services employers require.
5. Data Retention
We retain your contact form information for as long as necessary to fulfill the purposes for which it was collected, typically for the duration of our business relationship. If you request deletion of your information, we will remove it from our active systems within 30 days, except where we are required to retain it by law.
6. Third-Party Services and Links
Our Site may contain links to third-party websites and services. This Privacy Policy applies only to our Site and services. When you click on links to third-party sites, we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services before providing your information.
7. Your Rights and Choices
7.1 Access and Deletion
You have the right to request access to, or deletion of, any personal information we have collected about you. To exercise these rights, please contact us at ggcarrabbia@ggsso.com with your request.
7.2 California Privacy Rights (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- The right to know what personal information is collected, used, shared, or sold
- The right to delete personal information collected from you
- The right to opt-out of the sale or sharing of your personal information
- The right to non-discrimination for exercising your CCPA rights
To exercise any of these rights, please submit a request to ggcarrabbia@ggsso.com. We will verify your request and respond within 45 days as required by law.
7.3 Email Communications
If you receive marketing or promotional emails from us, you can opt-out by clicking the "unsubscribe" link at the bottom of the email or by contacting us directly.
7.4 European Union and United Kingdom Privacy Rights (GDPR + UK GDPR)
If you are a resident of the European Union, the European Economic Area, Switzerland, or the United Kingdom, the General Data Protection Regulation (GDPR) and the UK GDPR (as supplemented by the UK Data Protection Act 2018) grant you the following rights regarding your personal data:
- Right of access. Confirmation of processing and a copy of the personal data we hold about you.
- Right to rectification. Correction of inaccurate or incomplete personal data.
- Right to erasure ("right to be forgotten"). Deletion where the GDPR grounds under Article 17 apply.
- Right to restrict processing. Limitation on how we use your data in defined circumstances (Article 18).
- Right to data portability. Receipt of your data in a structured, commonly used, machine-readable format, and transmission to another controller (Article 20).
- Right to object. Objection to processing based on legitimate interests and to direct marketing (Article 21).
- Right to withdraw consent. Where processing is based on your consent, you may withdraw it by emailing ggcarrabbia@ggsso.com. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
- Rights related to automated decision-making. Under Article 22, you have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significantly affects you. Where GGenesis uses AI tools (for example, in CaliberSuite™ advisor sessions or in Talvori™ operations analytics), a human reviews any consequential output before it becomes an operative decision affecting you.
Children. GDPR sets 16 as the minimum age for consent, subject to member state variation between 13 and 16. We do not knowingly collect personal data from children under 16 in EU/EEA jurisdictions.
Legal basis for processing. We rely on the following GDPR legal bases: consent (Article 6(1)(a)), contract performance (Article 6(1)(b)), legitimate interest (Article 6(1)(f)) for business operations and communications, and legal obligation (Article 6(1)(c)).
International data transfers. Personal data collected from EU, EEA, and UK visitors may be transferred to the United States, where GGenesis Strategic Solutions LLC operates. We rely on the EU-US Data Privacy Framework (DPF) where applicable, and on Standard Contractual Clauses (SCCs) as an alternative or additional safeguard.
Data Protection Point of Contact. GGenesis is not required to designate a formal Data Protection Officer under GDPR Article 37, and this contact should not be construed as one. To exercise the rights above, email ggcarrabbia@ggsso.com with the subject line "GDPR Request." We will respond within 30 days as required by GDPR Article 12(3), with a possible 60-day extension for complex requests as permitted.
Supervisory Authority. If you believe your rights have been infringed, you have the right to lodge a complaint with the data protection authority in your EU member state, or with the UK Information Commissioner's Office (ICO) for UK residents.
8. Children's Privacy
Our Site and services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without parental consent, we will delete such information immediately. If you believe we have collected information from a child under 13, please contact us at ggcarrabbia@ggsso.com.
9. International Users
Our Site and services are based in the United States. If you are accessing our Site from outside the United States, please note that your information will be transferred to, stored in, and processed in the United States, which may have different data protection laws than your country of residence. By using our Site, you consent to this transfer and processing.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by updating the "Last updated" date at the top of this policy. Your continued use of our Site after changes become effective constitutes your acceptance of the updated Privacy Policy.
11. Contact Us
If you have any questions about this Privacy Policy or our privacy practices, please contact us at:
GGenesis Strategic Solutions LLC
Email: ggcarrabbia@ggsso.com
Location: Broussard, Louisiana
We will respond to your inquiry within 10 business days.
12. CaliberSuite™ Platform Provisions
This Section 12 applies specifically to your use of CaliberSuite™, GGenesis Strategic Solutions' AI-enabled executive advisory platform. To the extent of any conflict between this Section 12 and the foregoing sections of this Privacy Policy, this Section 12 controls with respect to CaliberSuite™.
12.1 About CaliberSuite™
CaliberSuite™ is a personal AI advisor for senior HR leaders, delivered as an individual direct subscription. It is built for CHROs, Chief People Officers, VPs of People, and other senior HR leadership roles, and is currently in private beta with a Founding Member program.
12.2 Architectural Privacy Model
CaliberSuite™ is built on a principle of architectural separation: your organization's sensitive data does not enter the platform. The most sensitive context inputs — your organizational context, stakeholder map, and prior conversation history — are persisted in your web browser's local storage, on your own device, under your direct control. GGenesis does not maintain server-side copies of this context data. Clearing your browser's site data for CaliberSuite™ removes your context from your device.
12.3 Third-Party Processors
CaliberSuite™ relies on the following third-party service providers in delivering the platform:
- Anthropic, Inc. — provides the underlying AI model (Claude) via the Anthropic Claude API. Your conversations with the advisor are transmitted to Anthropic's API for response generation, encrypted in transit. Per Anthropic's commercial terms governing CaliberSuite™'s API usage, your inputs are not used to train Anthropic's AI models.
- Vercel, Inc. — provides web hosting infrastructure for the CaliberSuite™ platform. Vercel's platform operations carry SOC 2 Type II certification. Vercel does not retain conversation content beyond delivery and operational logs required for service.
CaliberSuite™ itself is not currently independently SOC 2 or HIPAA certified. The architecture is intentionally designed so that those certifications are not required for individual-only access.
12.4 AI Prompt and Output Handling
Your inputs (prompts) and the advisor's responses (outputs) for a given session are processed for that session only. GGenesis does not store CaliberSuite™ conversation content on GGenesis servers. The advisor's continuity across sessions is provided by reading your context from your browser's local storage at the start of each new session — not by retaining conversation history on GGenesis infrastructure.
12.5 Data Export and Import
You have the right to export your CaliberSuite™ context as a portable backup file at any time, and to import that file back into the platform later. This functionality is provided so that you may save a copy of your context before clearing browser data, restore your context when you change devices, or maintain a portable record under your direct control.
12.6 Subscriber Administrative Data
For paying subscribers, certain administrative data — including your account information, billing details, subscription status, and platform access logs — is collected and handled exclusively by GGenesis Strategic Solutions LLC for operational and billing purposes. This administrative data does not include your CaliberSuite™ session content, your conversations with the advisor, or any context data persisted on your device.
12.7 Availability and Tiers
CaliberSuite™ is currently delivered as individual access only. GGenesis does not currently offer team or enterprise deployment of CaliberSuite™. When team or enterprise deployment becomes available, it will be subject to the relevant compliance certifications (including, where applicable, SOC 2 Type II and HIPAA Business Associate Agreement availability) and to a separate set of terms specific to that deployment tier.
12.8 Onboarding Consent
Before first use of the CaliberSuite™ platform, you will be presented with an onboarding consent screen that defines what categories of data are appropriate to provide and what categories must not be provided (including PHI, PII of employees, MNPI, and other regulated data). Your acknowledgment of this consent screen is recorded with a timestamp and the version of the consent language displayed.
Effective Date: This Privacy Policy is effective as of May 18, 2026, and applies to all information collected through our Site and services.