Trust & Security · Enterprise-Grade · Last Updated April 2026

Trust & Security.

How PRS handles your data, protects your confidentiality, processes payments, and operates the ecosystem. Enterprise-grade practices published transparently. You should know exactly where your information lives.

Four Trust Principles

How we think about your data.

1

Confidentiality by Default

Everything shared with Gemma stays confidential. Client names, numbers, and situations are never shared publicly without explicit written permission.

2

Minimal Data Retention

We collect only what's needed to deliver the engagement. Session recordings, intake forms, and deliverables — nothing more.

3

Encrypted at Every Layer

TLS in transit. AES-256 at rest. Payments via Stripe (PCI-DSS Level 1). Recordings stored encrypted via Zoom enterprise.

4

Right to Delete

You may request complete data deletion at any time post-engagement. GDPR and CCPA rights honored regardless of your jurisdiction.

Specific Practices

The specific answers to common questions.

Session Recordings

What happens to recorded sessions?

Every PRS session is recorded via Zoom enterprise. Recordings are provided to you as the client within 48 hours of each session. Copies are retained on Gemma's encrypted enterprise Zoom account for the duration of your engagement plus 180 days (to support Day 180 Recalibration).

  • Recordings are never shared with third parties
  • Recordings are never used for training, marketing, or case studies without explicit written permission
  • You may request deletion at any time — honored within 14 business days
Payment Processing

How are payments handled?

All payments flow through Stripe — PCI-DSS Level 1 certified (the highest PCI compliance tier). Your card data is never stored on PRS systems; it is tokenized and stored by Stripe directly.

  • Stripe receipts are automatic and immediate
  • Recurring subscriptions (PRS Manager) use secure token-based renewal
  • Refunds, when applicable under the 30-Day Quality Commitment, are processed within 5 business days
Intake Data

What happens to pre-intake and assessment data?

Pre-intake forms and Revenue Assessment responses are stored in GoHighLevel (SOC 2 Type II certified). Access is restricted to Gemma and the PRS operations team. Data is retained for the duration of the client relationship plus 12 months — after which it's permanently deleted unless the client requests retention.

  • Data is never sold, shared, or licensed to third parties
  • Aggregated anonymized data may inform methodology development — your individual data never identifies you
  • You may export your own data at any time by request
Case Studies & Testimonials

Do case studies require consent?

Yes — always, explicitly, in writing. No client is named, quoted, or profiled without an explicit opt-in signed post-engagement. Even aggregated composite cases (the anonymized patterns shown on industry pages) are approved by a review board of past clients before publishing.

  • Opt-ins can be withdrawn at any time
  • Withdrawn consents result in removal within 14 business days
  • Testimonials are always attributed with the client's preferred level of detail (full name, first-name-only, or fully anonymous)
AI & LLM Usage

Does Gemma or PRS Manager use my data to train AI?

No. PRS Manager (powered by Claude/Anthropic) operates under Anthropic's enterprise data handling — meaning your data is not used to train models. Client conversations, deliverables, and uploaded documents remain yours.

  • Anthropic's commercial terms explicitly prohibit training on customer data
  • PRS Manager workspaces are isolated per client
  • Your uploaded deliverables are encrypted and accessible only from your workspace
Vendor Stack · Full Transparency

Every tool in the stack. Named.

You have the right to know exactly which vendors process your data. Here is the complete list, purpose, and compliance posture for each.

Stripe
Payment processing · PCI-DSS Level 1 · Tokenized card storage
GoHighLevel
CRM & intake forms · SOC 2 Type II · US-based data centers
Zoom Enterprise
Session delivery & recording · E2E encryption · HIPAA available
Anthropic
PRS Manager AI · No training on customer data · Enterprise terms
Notion Enterprise
Internal ops docs · SOC 2 Type II · Encrypted at rest
Google Workspace
Email & calendar · Enterprise-grade encryption · 2FA required
Questions About Trust & Security?

Email directly. Answered personally.

Security, compliance, and data handling questions are taken seriously and answered personally. If you have specific enterprise or compliance requirements (HIPAA, SOC 2 audit, etc.), email directly and Gemma will respond within 24 business hours.

Email Gemma Directly →