Privacy Policy

Introduction

GGenesis Strategic Solutions LLC ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.ggsso.com (the "Site") and use our services, including strategic consulting, change management, leadership training courses, and the Leadership Circle subscription program.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Site or services.

1. Information We Collect

1.1 Contact Form Data

When you fill out and submit our contact form on the Site, we collect the following information:

• Full name
• Email address
• Company name
• Message content

This information is voluntarily provided by you and is used to respond to your inquiries, provide information about our services, and facilitate business communications.

1.2 Third-Party Services Data Collection

Google Sheets Integration: Contact form submissions are stored in Google Sheets for our internal records and customer relationship management. Google may collect and process this data according to their privacy policies. Your data is stored securely in our Google Sheets workspace and is only accessed by authorized company personnel.

EmailJS: We use EmailJS to send email notifications for form submissions. EmailJS may collect technical information about your submission. Please review EmailJS's privacy policy at https://www.emailjs.com/legal/privacy-policy/ for more details.

Google Fonts: Our Site uses Google Fonts to display custom typography. When Google Fonts are loaded, Google may collect information about your visit. Learn more at https://policies.google.com/privacy.

1.3 Cookies and Tracking

Our Site does not use cookies for tracking, analytics, or advertising purposes. We do not use cookies to collect personal information about you. However, third-party services we integrate with (such as Google Fonts and EmailJS) may use cookies. You can control cookies through your browser settings.

1.4 Analytics and Monitoring

Our Site uses Google Analytics 4 to collect anonymous usage data and understand how visitors interact with our Site. This helps us improve the user experience and optimize our content. Google Analytics uses cookies to track page views, user engagement, and other metrics. The data collected is aggregated and does not personally identify you. You can opt out of Google Analytics tracking by adjusting your browser settings or by installing the Google Analytics opt-out add-on available at https://tools.google.com/dlpage/gaoptout.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To respond to your inquiries and provide customer service
• To deliver consulting, training, and subscription services you request
• To send you service-related announcements and updates
• To improve our Site, services, and customer experience
• To comply with legal obligations and enforce our terms
• To detect, prevent, and address fraud and security issues

We will not use your information for marketing purposes without your explicit consent, except for transactional communications related to services you have requested.

3. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, secure data storage, and restricted access controls. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

4. Artificial Intelligence (AI) Use and Governance

4.1 How We Use AI

GGenesis Strategic Solutions and its training division, PastDue Academy, use artificial intelligence tools to support content creation, training development, operational workflows, and marketing communications. We maintain a formal AI Use Policy that governs how AI is deployed across our organization.

4.2 Healthcare Compliance Standards

We hold ourselves to the same compliance standards as regulated healthcare organizations. Our AI governance practices align with HIPAA Privacy and Security Rule requirements, CMS regulatory guidelines, and HHS risk management frameworks. This includes maintaining a Technology Asset Inventory of all AI tools in use, requiring a Business Associate Agreement (BAA) with any third-party AI vendor before any protected health information (PHI) is processed through that vendor on GGenesis's behalf, and following minimum necessary access principles for all data handling. GGenesis does not currently offer or extend BAAs to its customers; CaliberSuite™ does not process PHI and is not a BAA-eligible service.

4.3 Protected Health Information (PHI) Safeguards

We do not use real Protected Health Information (PHI) in our AI systems or training environments. All training scenarios, mock claims, and educational simulations are built using synthetic data. Our staff are trained on HIPAA-compliant data handling practices, and we prohibit the entry of any individually identifiable health information into consumer-grade or non-BAA-covered AI tools.

4.4 AI Transparency and Disclosure

In accordance with applicable federal and state AI disclosure laws, we disclose when content, communications, or training materials have been created or assisted by artificial intelligence. We do not use AI in a manner that implies human authorship where AI was involved, and we do not deploy AI tools that could mislead students, clients, or the public about the nature of the interaction.

4.5 AI Data Processing

When AI tools are used in our operations, we ensure that:

• No personally identifiable information (PII) or PHI is used to train third-party AI models
• All AI-generated outputs involving healthcare information are reviewed by qualified personnel before publication or distribution
• AI vendor relationships are governed by contractual agreements that include data protection, breach notification, and data deletion provisions
• We conduct regular audits of AI tool usage and maintain compliance logs

4.6 Compliance Mindset in Training

PastDue Academy operates under these same regulatory safeguards to ensure that students are trained within a compliance-first environment. By experiencing these standards throughout their education, our students develop the compliance awareness, regulatory vocabulary, and professional discipline that healthcare employers require from day one.

5. Data Retention

We retain your contact form information for as long as necessary to fulfill the purposes for which it was collected, typically for the duration of our business relationship. If you request deletion of your information, we will remove it from our active systems within 30 days, except where we are required to retain it by law.

6. Third-Party Services and Links

Our Site may contain links to third-party websites and services. This Privacy Policy applies only to our Site and services. When you click on links to third-party sites, we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services before providing your information.

7. Your Rights and Choices

7.1 Access and Deletion

You have the right to request access to, or deletion of, any personal information we have collected about you. To exercise these rights, please contact us at info@ggsso.com with your request.

7.2 California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information is collected, used, shared, or sold
• The right to delete personal information collected from you
• The right to opt-out of the sale or sharing of your personal information
• The right to non-discrimination for exercising your CCPA rights

To exercise any of these rights, please submit a request to info@ggsso.com. We will verify your request and respond within 45 days as required by law.

7.3 Email Communications

If you receive marketing or promotional emails from us, you can opt-out by clicking the "unsubscribe" link at the bottom of the email or by contacting us directly.

8. Children's Privacy

Our Site and services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without parental consent, we will delete such information immediately. If you believe we have collected information from a child under 13, please contact us at info@ggsso.com.

9. International Users

Our Site and services are based in the United States. If you are accessing our Site from outside the United States, please note that your information will be transferred to, stored in, and processed in the United States, which may have different data protection laws than your country of residence. By using our Site, you consent to this transfer and processing.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by updating the "Last updated" date at the top of this policy. Your continued use of our Site after changes become effective constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

GGenesis Strategic Solutions LLC
Email: info@ggsso.com
Location: Broussard, Louisiana

We will respond to your inquiry within 10 business days.

12. CaliberSuite™ Platform Provisions

This Section 12 applies specifically to your use of CaliberSuite™, GGenesis Strategic Solutions' AI-enabled executive advisory platform. To the extent of any conflict between this Section 12 and the foregoing sections of this Privacy Policy, this Section 12 controls with respect to CaliberSuite™.

12.1 About CaliberSuite™

CaliberSuite™ is a personal AI advisor for senior HR leaders, delivered as an individual direct subscription. It is built for CHROs, Chief People Officers, VPs of People, and other senior HR leadership roles, and is currently in private beta with a Founding Member program.

12.2 Architectural Privacy Model

CaliberSuite™ is built on a principle of architectural separation: your organization's sensitive data does not enter the platform. The most sensitive context inputs — your organizational context, stakeholder map, and prior conversation history — are persisted in your web browser's local storage, on your own device, under your direct control. GGenesis does not maintain server-side copies of this context data. Clearing your browser's site data for CaliberSuite™ removes your context from your device.

12.3 Third-Party Processors

CaliberSuite™ relies on the following third-party service providers in delivering the platform:

• Anthropic, Inc. — provides the underlying AI model (Claude) via the Anthropic Claude API. Your conversations with the advisor are transmitted to Anthropic's API for response generation, encrypted in transit. Per Anthropic's commercial terms governing CaliberSuite™'s API usage, your inputs are not used to train Anthropic's AI models.
• Vercel, Inc. — provides web hosting infrastructure for the CaliberSuite™ platform. Vercel's platform operations carry SOC 2 Type II certification. Vercel does not retain conversation content beyond delivery and operational logs required for service.

CaliberSuite™ itself is not currently independently SOC 2 or HIPAA certified. The architecture is intentionally designed so that those certifications are not required for individual-only access.

12.4 AI Prompt and Output Handling

Your inputs (prompts) and the advisor's responses (outputs) for a given session are processed for that session only. GGenesis does not store CaliberSuite™ conversation content on GGenesis servers. The advisor's continuity across sessions is provided by reading your context from your browser's local storage at the start of each new session — not by retaining conversation history on GGenesis infrastructure.

12.5 Data Export and Import

You have the right to export your CaliberSuite™ context as a portable backup file at any time, and to import that file back into the platform later. This functionality is provided so that you may save a copy of your context before clearing browser data, restore your context when you change devices, or maintain a portable record under your direct control.

12.6 Subscriber Administrative Data

For paying subscribers, certain administrative data — including your account information, billing details, subscription status, and platform access logs — is collected and handled exclusively by GGenesis Strategic Solutions LLC for operational and billing purposes. This administrative data does not include your CaliberSuite™ session content, your conversations with the advisor, or any context data persisted on your device.

12.7 Availability and Tiers

CaliberSuite™ is currently delivered as individual access only. GGenesis does not currently offer team or enterprise deployment of CaliberSuite™. When team or enterprise deployment becomes available, it will be subject to the relevant compliance certifications (including, where applicable, SOC 2 Type II and HIPAA Business Associate Agreement availability) and to a separate set of terms specific to that deployment tier.

12.8 Onboarding Consent

Before first use of the CaliberSuite™ platform, you will be presented with an onboarding consent screen that defines what categories of data are appropriate to provide and what categories must not be provided (including PHI, PII of employees, MNPI, and other regulated data). Your acknowledgment of this consent screen is recorded with a timestamp and the version of the consent language displayed.