Security Policy

WillCoach Pty Ltd (Trading as Germinate Collective)
Last Updated: November 2025

1. Overview

WillCoach Pty Ltd, trading as Germinate Collective, is committed to protecting the confidentiality, integrity, and security of all personal information and digital transactions conducted through our website, Thinkific online learning platform, the Germinate Ecosystem, and any connected services.

We comply with:

  • The Protection of Personal Information Act (POPIA)

  • The General Data Protection Regulation (GDPR)

  • South African banking and payment gateway security standards

  • Coaching ethical guidelines regarding confidentiality

This Security Policy explains how we secure transactions, communications, data, and digital content.

2. Payment Security

All payment transactions are processed securely through:

PayGate (Pty) Ltd / Network International (Pty) Ltd
PCI-DSS Level 1 Service Provider
SSL3 / TLS Encryption

We do NOT:

  • store credit card details

  • process card data directly on our servers

  • have access to your full card number at any point

PayGate ensures:

  • Encrypted payment sessions

  • Secure 3D authentication (where enabled)

  • Anti-fraud monitoring

  • Tokenised payment processing

  • Bank-level compliance

All transactions are processed in South African Rand (ZAR) and the merchant outlet country is South Africa.

3. Data Security Practices

We use multiple secure platforms to deliver services. All data is stored in encrypted environments and protected by access controls.

Thinkific

  • Stores course progress, profile data, and access credentials

  • PCI-compliant for all payment interactions through PayGate

  • Encrypted data storage and protected connections

HubSpot CRM

  • Used for communication, email updates, and customer relationships

  • Data encrypted at rest and in transit

  • Access restricted to authorised personnel only

Make.com (Integromat)

  • Used exclusively for automating internal operations

  • Does not store or process credit card information

  • Encrypted in transit

Airtable

  • Stores operational and program or journey related data

  • Encrypted at rest and in transit

  • Access limited to authorised team members

Calendly

  • Used for booking sessions

  • Only stores scheduling and contact information

Memberstack

  • Used for managing membership access to the Germinate Ecosystem
  • Stores login credentials
  • No password information is accessible to any other system
  • Data is encrypted in transit and in Memberstack


Zoom

Used for coaching and facilitation sessions.

We do NOT enable AI transcription, AI summarisation, or AI meeting analysis tools without explicit written consent.

Session confidentiality is maintained according to coaching ethical guidelines.

4. AI, Recording, and Confidentiality Protection

To protect coaching confidentiality and comply with POPIA/GDPR:

We commit to:

  • Keeping ALL Zoom AI features disabled by default

  • Not recording sessions unless explicitly agreed

  • Not using automated transcription tools without consent

  • Not storing session recordings in unsecured environments

  • Never using client session data to train AI or machine-learning models

Clients may request the use of alternative platforms if preferred.

5. Operational Security Controls

We maintain layered protection across the Germinate Ecosystem.

Access Control

  • Password-protected systems

  • Role-based access permissions

  • 2FA on key systems

  • Limited personnel access

Data Transmission

All data transmitted across platforms is encrypted using HTTPS/TLS.

Data Storage

  • No sensitive financial data is stored internally

  • Personal data stored only for operational, legal, or service delivery purposes

  • Data is retained only as long as necessary for service delivery or compliance

  • Data used for Germinate Practice Research is given explicitly by participants of journeys, used anonymously and stored securely. Data is only used to improve the services and products of Germinate and to contribute towards the improvement of leadership development and coaching as a discipline. 

Backups & Redundancy

Platforms used (Thinkific, HubSpot, Airtable) maintain their own automated backup systems and uptime guarantees.

6. User Responsibility

To protect your access and information:

You agree to:

  • Maintain the confidentiality of your login details

  • Use a secure password

  • Notify us immediately if access credentials are compromised

  • Not share course or community access with third parties

We reserve the right to revoke access if account sharing or misuse is detected.

7. Intellectual Property Security

All materials, tools, content, and downloads inside the Germinate Ecosystem are protected by:

  • South African copyright law

  • International copyright treaties

  • Digital watermarking (where applicable)

  • Germinate is a trademark protected coaching model and concept. 

You may not copy, distribute, resell, or share materials.

We monitor for unauthorised distribution.

8. Incident Response & Breach Notification

If a data breach is suspected or confirmed:

  1. Affected users will be notified within the timelines required by POPIA and GDPR

  2. Authorities will be informed where required

  3. Steps will be taken immediately to restore security and prevent recurrence

  4. Access to affected systems may be temporarily restricted

9. Compliance

Our security practices adhere to:

  • POPIA (SA)

  • GDPR (EU)

  • PCI-DSS (through PayGate)

  • Thinkific’s platform security standards

  • Professional coaching confidentiality practices

10. Contact Information

If you have security questions or concerns, please contact:

WillCoach Pty Ltd
Trading as Germinate Collective
Email: [email protected]
Website: www.willcoach.co.za