Product Decision System of Record · by Helium

Product decisions need more than an agent.

pm.gold is the governed system of record for product evidence, decisions, and outcomes. Use ChatGPT, Codex, Claude, or any model to do the work — pm.gold preserves what supported it, who approved it, what shipped, and whether it worked.

Supported claims cited — gaps shown, not inventedAgents propose · a human approves · the record is append-onlyModel-agnostic — your record outlives any one vendor
app.pm.gold
The pm.gold workspace: sources traced, the commit gate, and quick actions — a real screenshot of the product.
Entra & Google SSOImmutable auditTenant isolation, fail-closedPermission-faithful retrieval

What only a system of record can do

Three questions an agent can’t answer for you.

Not because the model isn’t good enough — because the answer isn’t in a conversation. It’s in a governed record.

Defend any decision

“Why did we build this, and who approved it?”

Walk any requirement backwards: the evidence it cites, the sections that honestly had none, the precedent that informed it, every version, and the human who committed it — with separation of duties on the record.

Intent vs. reality

“Did we ship what we approved?”

Compare the approved PRD clause by clause against implementation evidence. Each gap is filed as a proposal at the gate — surfaced, not quietly lost between the spec and the sprint.

Learn from decisions

“Have we tried this before, and did it work?”

A new draft recalls similar past decisions and their recorded outcomes — won or lost — and the corrections your team keeps making. Precedent is linked to the draft it shaped, so the learning is auditable.

Each answer is assembled from committed rows — never generated. Where a step hasn’t happened yet, pm.gold says so rather than implying it.

The problem

Your agents are getting better. Your decision record isn’t.

ChatGPT and Claude now remember context and cite connected sources. What none of them keep is a governed record of what your team actually approved — the evidence behind it, who signed off, what shipped, and whether it worked. As agents write more of the work, that record is what gets scarce.

48%

of a PM’s time goes to unplanned firefighting.

Product Focus, 2024

23%

use AI where they need it most — shifting priorities.

Atlassian, 2026

84%

worry their product won’t succeed in the market.

Atlassian, 2026

How it works

One loop, from raw signal to system of record.

Agents do the work; the Brain holds the truth. Every step is typed, versioned, and traceable to the source that drove it.

01

Capture

Meetings, calls, docs, tickets — ingested as evidence.

02

Reason

Agents cluster signals and draft, grounded in the Brain.

03

Propose

PRDs, scores, decisions — supported claims cited, gaps flagged.

04

Gate

A human approves or rejects. Nothing is automatic.

05

Record

Approved work enters the append-only Brain.

Nothing enters the record until a human approves it. The commit gate is the product, not a setting.

Capabilities

Everything a PM touches — captured & cited.

See all capabilities →

Meeting capture

Transcripts turned into decisions, actions, and PRD-ready snippets — each timestamped to its source.

PRD generation

Draft from evidence with inline citations, then red-team and ship-check before it ships.

The commit gate

Agents propose; a human approves. Every decision and override recorded in an immutable audit.

Why pm.gold

Not another tool. The most trusted voice in the room.

A typed decision graph

Not notes in a chat history: meetings, signals, decisions, PRDs, risks and outcomes as typed nodes with append-only versions and traversable evidence chains. Every artifact knows what it rests on.

Learns from your approvals

pm.gold captures what humans change between the draft and the approved version, distills governed calibration rules, and applies them to future work. Early controlled tests reduced later editing while grounding held flat — directional, and we report it that way.

Your record outlives the model

Models swap behind a clean seam, so every leap in AI is an input rather than a migration — and your decision history never lives inside one vendor’s memory.

Security & trust

Enterprise-grade by construction, not by checklist.

The guarantees are enforced in the data layer — so they hold even when something above them has a bug.

SSO — Entra & Google

Sign in through your identity provider, bound to your tenant.

Immutable audit

Every decision and override is recorded and can’t be edited or deleted.

Tenant isolation, fail-closed

Enforced in the data layer — row-level security on every content table, failing closed by default. Dedicated single-tenant deployment available for Enterprise.

Grounded & defensible

Every AI claim cites its source — nothing asserted that can’t be traced.

FAQ

Questions, answered honestly.

The short version. For the full, honestly-labeled security posture, see the Security page.

What is pm.gold?
It’s the governed system of record for product evidence, decisions, and outcomes. Your meetings, docs, and tickets become cited evidence; agents propose PRDs, scores, and decisions from it; a human approves at a commit gate; and what’s approved becomes a versioned, traceable record — with the evidence, the approver, what shipped, and whether it worked all preserved.
How is it different from ChatGPT, Codex, or Claude?
They’re powerful agents for researching, drafting, and executing work — and they now remember context and cite connected sources too. pm.gold is the durable decision layer underneath them: a typed, permission-faithful record of evidence, approvals, versions, and outcomes. Your agents can propose work into pm.gold, but only what a human approves becomes organizational knowledge. Use whichever model you like — the record outlives the choice.
Does it make things up? How do I trust the output?
Every supported claim carries a citation to the source it came from. Where the evidence doesn’t support a section, pm.gold shows the gap instead of inventing support — citations can only ever point at retrieved sources, so a fabricated citation isn’t expressible. We publish an eval harness rather than claim perfection. And nothing enters the record without a human approving it at the commit gate.
Who is it for?
Product managers and product teams who need their signals, decisions, and rationale to stay connected, recallable, and defensible instead of scattered across a dozen tools.
How do we get our context in?
Attach documents directly — PDF, Word, PowerPoint, Excel/CSV, email, or a .zip of them — paste notes, or capture a public web page. All of it lands as cited, groundable evidence, and company-wide context stays separate from personal context. Connectors to systems of record are labeled honestly by state: adapters (permission mapping built, scheduled sync still staged), and roadmap. We don’t call a connector live until its sync is proven against a real tenant.
Is our data used to train AI models?
No. Your content is not used to train generalized models — enforced by the no-training terms of the commercial model APIs we use, and committed contractually in our DPA. Models are reached behind a model-agnostic seam, and each call gets only the data the task requires.
How is access controlled? Is our data isolated from other companies?
Tenant isolation is enforced in the data layer and fails closed by default — a request without verified workspace context returns nothing. Role-based access separates what you can do from what you can see, and source-level permissions are enforced at retrieval. A dedicated single-tenant deployment is available for Enterprise.
How do we sign in?
Single sign-on through Microsoft Entra ID or Google, bound to your tenant — we never see passwords. Magic-link and password options are also supported.
Which AI models does it use?
pm.gold is model-agnostic — models swap behind a clean seam, so you’re always on the frontier with no lock-in to one provider. Bring-your-own-key is supported for teams that prefer their own provider relationship.
Are you SOC 2 certified?
Not yet, and we say so plainly. SOC 2 and an independent penetration test are planned, not complete. A DPA is available today, we complete a CAIQ-Lite questionnaire on request, and our subprocessor list is published — see the Security page for the full, honestly-labeled status.
Can it connect to our existing tools?
You connect the way you already do in Claude or ChatGPT — authorize access in the browser; we never take a password. Each connector carries every item’s real permissions into the Brain, fail-closed. We label them in four honest states: live (sync proven against a real tenant),design partner, adapter (permission mapping built, scheduled sync still staged), and roadmap. Today the built connectors are adapters — we don’t call one live until it syncs your tenant.
How do we get started?
We’re onboarding design-partner teams now. Request a demo and we’ll stand up your workspace.

Still have questions? Request a demo →

The gold standard

Give your best decisions a gold standard.

We’re onboarding design-partner teams now. Book a walkthrough and we’ll stand up your workspace.