Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Jan. 31, 2025	Jan. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Risk Management and Strategy As our business objectives and operational needs change, our cybersecurity professionals continuously evaluate and refine the measures taken to address our identified risks for each subsidiary. Our technical measures, based on each subsidiary’s environment, may include firewalls, segmented networks, intrusion detection and prevention systems, encryption, anti-malware tools, and configuration controls, to shield our information systems from cybersecurity incidents. Additionally, we apply strong access controls, enforce multi-factor authentication, and regularly update software and patches against vulnerability exploitation. We use managed endpoint detection and response tools to proactively monitor, detect, and respond to security threats across all endpoints, including desktops, laptops, and mobile devices. These tools provide real-time visibility into endpoint activities, allowing us to identify suspicious behavior, such as malware infections, unauthorized access attempts, and abnormal system processes. We maintain business continuity plans that define how our critical operations will continue during disruptions, ensuring minimal downtime and seamless access to vital services. Our comprehensive disaster recovery plans include regularly testing backup systems and clear procedures for restoring critical business applications in the event of data loss, cyberattacks, or natural disasters. This multi-faceted approach ensures that, even in the face of unexpected incidents, our subsidiaries and organization can quickly recover, maintain operational resilience, and protect the data and services that are essential to our success. Acknowledging the dynamic and complex landscape of cybersecurity threats, we engage with various external specialists to evaluate and strengthen our information security practices and procedures. Such engagements differ across our subsidiaries, as they are tailored to the specific risk profile of each subsidiary, ensuring that each entity works with experts most suited to their specific cybersecurity needs. These engagements, which may encompass regular audits, risk assessments, gap assessments, social engineering and penetration testing, and consultations on security enhancements, enable us to align with industry best practices. Significant results and recommendations of these assessments are reported to the audit committee and, as necessary, the board of directors, leading to adjustments in our cybersecurity approach to ensure our defenses remain robust and effective. During Fiscal 2025, GPS hired a cybersecurity engineer whose mission is to design and implement a comprehensive cybersecurity architecture that elevates the current risk management and strategy while leveraging existing platforms, policies and best practices. Recognizing the importance of human factors in cybersecurity, we prioritize conducting regular security and awareness training for employees that emphasizes common threats, such as phishing, social engineering, sensitive data exposure, and insider risks. These initiatives are designed to ensure that employees understand the latest security threats, best practices, and how to recognize potential risks. In addition to regular training sessions, we also perform simulated exercises, such as phishing drills, to reinforce learning and test employees' ability to respond to real-world threats. Lastly, we regularly share security updates and reminders through internal communications and provide dedicated means for employees to report attempted threats. To mitigate cybersecurity risks linked to our engagement with third-party service providers, we perform security screening and review for prospective vendors that require access to our information systems. Based on the subsidiary and the vendor, this process may include reviewing the vendor’s data protection policies, assessing their ability to meet our security requirements, and ensuring that they have adequate safeguards in place to prevent and respond to breaches. For our ongoing relationships with regular vendors, we may conduct annual risk assessments to re-evaluate their security posture, identify any changes or emerging risks, and ensure that they continue to meet our standards. Additionally, to further protect our operations and enhance our cybersecurity risk management process, we maintain cybersecurity risk insurance obtained from industry leading underwriters. Our strategy for responding to cybersecurity incidents involves a well-defined plan at each subsidiary that prescribes dedicated cross-functional personnel to each response team, ensuring a coordinated and premeditated response. These plans, which undergo regular review, assert the ability of system recovery processes and provide response frameworks for escalating issues. The plans are designed to minimize the impact to our operations and stakeholders, initiate appropriate communications both within and outside of the organization, and identify recommendations for improvement.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Our approach to managing cybersecurity risk involves a comprehensive program established at each subsidiary and our corporate headquarters. This strategy intends to pinpoint entity-specific risks associated with both our digital and physical assets with the objective of employing effective measures that ensure the security of our infrastructure, systems, data, business partners, customers, and financial information against potential cyber incidents. Corporate management of the holding company oversees the cybersecurity risk program at each of the subsidiaries to ensure the collective cohesively responds to organization-wide risks. Administered by information security, information technology, and compliance professionals and managed by senior management at each of our subsidiaries, our cybersecurity program is integrated into our broader enterprise risk management process and aligns with recognized frameworks and industry standards, as applicable, and complies with various legal and regulatory requirements.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]		true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]	As previously disclosed, we were targeted by a complex criminal scheme early in Fiscal 2024, which resulted in fraudulently-induced outbound wire transfers to a third-party account (see Note 18 to the accompanying consolidated financial statements). The Company promptly self-discovered the fraudulent activity and contacted the remitting bank, receiving bank, dispute resolution experts, and federal and local law enforcement authorities. Moreover, we quickly informed the audit committee and regularly provided them with updates during investigation and recovery efforts. As a result of the fraud loss, net with funds recovered, and professional fees incurred related to an independent forensic investigation and efforts to recover the funds, we recognized $2.7 million of loss. We are unaware of any other significant security breaches at any of our business locations.
Cybersecurity Risk Board of Directors Oversight [Text Block]	While our management team is tasked with the day-to-day handling of risks facing our organization, the audit committee, as delegated by the board of directors and documented in the committee’s charter, specifically oversees cybersecurity risk and governance. Management provides the audit committee regular updates covering information security issues, recent organizational developments and IT initiatives, vulnerability assessments, third-party evaluations, and emerging best practices. The audit committee also engages with our internal audit firm and other external specialists about organizational risks related to cybersecurity, as well as the policies and controls designed to mitigate these risks. In January 2024, our board of directors participated in a cybersecurity training session provided by our internal audit firm. Our audit committee or the board of directors is actively involved in strategic cybersecurity decisions, providing guidance and concurrence for significant or pervasive projects. This ensures that cybersecurity is seamlessly integrated into our strategic planning, aligning with our broader organizational goals.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	true
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	While our management team is tasked with the day-to-day handling of risks facing our organization, the audit committee, as delegated by the board of directors and documented in the committee’s charter, specifically oversees cybersecurity risk and governance. Management provides the audit committee regular updates covering information security issues, recent organizational developments and IT initiatives, vulnerability assessments, third-party evaluations, and emerging best practices. The audit committee also engages with our internal audit firm and other external specialists about organizational risks related to cybersecurity, as well as the policies and controls designed to mitigate these risks. In January 2024, our board of directors participated in a cybersecurity training session provided by our internal audit firm. Our audit committee or the board of directors is actively involved in strategic cybersecurity decisions, providing guidance and concurrence for significant or pervasive projects. This ensures that cybersecurity is seamlessly integrated into our strategic planning, aligning with our broader organizational goals.
Cybersecurity Risk Role of Management [Text Block]	Governance and Oversight While our management team is tasked with the day-to-day handling of risks facing our organization, the audit committee, as delegated by the board of directors and documented in the committee’s charter, specifically oversees cybersecurity risk and governance. Management provides the audit committee regular updates covering information security issues, recent organizational developments and IT initiatives, vulnerability assessments, third-party evaluations, and emerging best practices. The audit committee also engages with our internal audit firm and other external specialists about organizational risks related to cybersecurity, as well as the policies and controls designed to mitigate these risks. In January 2024, our board of directors participated in a cybersecurity training session provided by our internal audit firm. Our audit committee or the board of directors is actively involved in strategic cybersecurity decisions, providing guidance and concurrence for significant or pervasive projects. This ensures that cybersecurity is seamlessly integrated into our strategic planning, aligning with our broader organizational goals. Additionally, we have established a cross-organizational IT steering committee, comprising senior and executive leadership, enterprise risk management representatives, and IT management, many of whom have over 15 years of experience and hold professional certifications in their respective fields. In an effort to build a comprehensive cybersecurity strategy across the organization, this committee convenes as needed to discuss ongoing cybersecurity initiatives, emerging regulatory requirements and industry standards, and results of risk assessments. Cybersecurity incidents are regularly reported to cross-functional teams at each subsidiary through the dedicated means we have in place, and events deemed critical are reported to the chief executive officer and chief financial officer. Moreover, the audit committee and the board of directors are promptly informed of any significant cybersecurity incident, along with continuous updates until resolution.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	cross-organizational IT steering committee
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Additionally, we have established a cross-organizational IT steering committee, comprising senior and executive leadership, enterprise risk management representatives, and IT management, many of whom have over 15 years of experience and hold professional certifications in their respective fields.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Cybersecurity incidents are regularly reported to cross-functional teams at each subsidiary through the dedicated means we have in place, and events deemed critical are reported to the chief executive officer and chief financial officer. Moreover, the audit committee and the board of directors are promptly informed of any significant cybersecurity incident, along with continuous updates until resolution.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Jan. 31, 2025

Jan. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

As our business objectives and operational needs change, our cybersecurity professionals continuously evaluate and refine the measures taken to address our identified risks for each subsidiary. Our technical measures, based on each subsidiary’s environment, may include firewalls, segmented networks, intrusion detection and prevention systems, encryption, anti-malware tools, and configuration controls, to shield our information systems from cybersecurity incidents. Additionally, we apply strong access controls, enforce multi-factor authentication, and regularly update software and patches against vulnerability exploitation.

We use managed endpoint detection and response tools to proactively monitor, detect, and respond to security threats across all endpoints, including desktops, laptops, and mobile devices. These tools provide real-time visibility into endpoint activities, allowing us to identify suspicious behavior, such as malware infections, unauthorized access attempts, and abnormal system processes.

We maintain business continuity plans that define how our critical operations will continue during disruptions, ensuring minimal downtime and seamless access to vital services. Our comprehensive disaster recovery plans include regularly testing backup systems and clear procedures for restoring critical business applications in the event of data loss, cyberattacks, or natural disasters. This multi-faceted approach ensures that, even in the face of unexpected incidents, our subsidiaries and organization can quickly recover, maintain operational resilience, and protect the data and services that are essential to our success.

Acknowledging the dynamic and complex landscape of cybersecurity threats, we engage with various external specialists to evaluate and strengthen our information security practices and procedures. Such engagements differ across our subsidiaries, as they are tailored to the specific risk profile of each subsidiary, ensuring that each entity works with experts most suited to their specific cybersecurity needs. These engagements, which may encompass regular audits, risk assessments, gap assessments, social engineering and penetration testing, and consultations on security enhancements, enable us to align with industry best practices. Significant results and recommendations of these assessments are reported to the audit committee and, as necessary, the board of directors, leading to adjustments in our cybersecurity approach to ensure our defenses remain robust and effective.

During Fiscal 2025, GPS hired a cybersecurity engineer whose mission is to design and implement a comprehensive cybersecurity architecture that elevates the current risk management and strategy while leveraging existing platforms, policies and best practices.

Recognizing the importance of human factors in cybersecurity, we prioritize conducting regular security and awareness training for employees that emphasizes common threats, such as phishing, social engineering, sensitive data exposure, and insider risks. These initiatives are designed to ensure that employees understand the latest security threats, best practices, and how to recognize potential risks. In addition to regular training sessions, we also perform simulated exercises, such as phishing drills, to reinforce learning and test employees' ability to respond to real-world threats. Lastly, we regularly share

security updates and reminders through internal communications and provide dedicated means for employees to report attempted threats.

To mitigate cybersecurity risks linked to our engagement with third-party service providers, we perform security screening and review for prospective vendors that require access to our information systems. Based on the subsidiary and the vendor, this process may include reviewing the vendor’s data protection policies, assessing their ability to meet our security requirements, and ensuring that they have adequate safeguards in place to prevent and respond to breaches. For our ongoing relationships with regular vendors, we may conduct annual risk assessments to re-evaluate their security posture, identify any changes or emerging risks, and ensure that they continue to meet our standards. Additionally, to further protect our operations and enhance our cybersecurity risk management process, we maintain cybersecurity risk insurance obtained from industry leading underwriters.

Our strategy for responding to cybersecurity incidents involves a well-defined plan at each subsidiary that prescribes dedicated cross-functional personnel to each response team, ensuring a coordinated and premeditated response. These plans, which undergo regular review, assert the ability of system recovery processes and provide response frameworks for escalating issues. The plans are designed to minimize the impact to our operations and stakeholders, initiate appropriate communications both within and outside of the organization, and identify recommendations for improvement.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Our approach to managing cybersecurity risk involves a comprehensive program established at each subsidiary and our corporate headquarters. This strategy intends to pinpoint entity-specific risks associated with both our digital and physical assets with the objective of employing effective measures that ensure the security of our infrastructure, systems, data, business partners, customers, and financial information against potential cyber incidents. Corporate management of the holding company oversees the cybersecurity risk program at each of the subsidiaries to ensure the collective cohesively responds to organization-wide risks.

Administered by information security, information technology, and compliance professionals and managed by senior management at each of our subsidiaries, our cybersecurity program is integrated into our broader enterprise risk management process and aligns with recognized frameworks and industry standards, as applicable, and complies with various legal and regulatory requirements.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

As previously disclosed, we were targeted by a complex criminal scheme early in Fiscal 2024, which resulted in fraudulently-induced outbound wire transfers to a third-party account (see Note 18 to the accompanying consolidated financial statements). The Company promptly self-discovered the fraudulent activity and contacted the remitting bank, receiving bank, dispute resolution experts, and federal and local law enforcement authorities. Moreover, we quickly informed the audit committee and regularly provided them with updates during investigation and recovery efforts. As a result of the fraud loss, net with funds recovered, and professional fees incurred related to an independent forensic investigation and efforts to recover the funds, we recognized $2.7 million of loss. We are unaware of any other significant security breaches at any of our business locations.

Cybersecurity Risk Board of Directors Oversight [Text Block]

While our management team is tasked with the day-to-day handling of risks facing our organization, the audit committee, as delegated by the board of directors and documented in the committee’s charter, specifically oversees cybersecurity risk and governance. Management provides the audit committee regular updates covering information security issues, recent organizational developments and IT initiatives, vulnerability assessments, third-party evaluations, and emerging best practices. The audit committee also engages with our internal audit firm and other external specialists about organizational risks related to cybersecurity, as well as the policies and controls designed to mitigate these risks. In January 2024, our board of directors participated in a cybersecurity training session provided by our internal audit firm. Our audit committee or the board of directors is actively involved in strategic cybersecurity decisions, providing guidance and concurrence for significant or pervasive projects. This ensures that cybersecurity is seamlessly integrated into our strategic planning, aligning with our broader organizational goals.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

true

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Role of Management [Text Block]

Governance and Oversight

Additionally, we have established a cross-organizational IT steering committee, comprising senior and executive leadership, enterprise risk management representatives, and IT management, many of whom have over 15 years of experience and hold professional certifications in their respective fields. In an effort to build a comprehensive cybersecurity strategy across the organization, this committee convenes as needed to discuss ongoing cybersecurity initiatives, emerging regulatory requirements and industry standards, and results of risk assessments.

Cybersecurity incidents are regularly reported to cross-functional teams at each subsidiary through the dedicated means we have in place, and events deemed critical are reported to the chief executive officer and chief financial officer. Moreover, the audit committee and the board of directors are promptly informed of any significant cybersecurity incident, along with continuous updates until resolution.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

cross-organizational IT steering committee

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true