Legal

Security

Security posture for GoChamie and the brands we build and operate.

Engineering controls

Mandatory code review on every change. Two-person rule for production deploys. Least-privilege access enforced through single sign-on with hardware-backed multi-factor authentication. Secrets are stored in managed vaults and never committed to code.

Operational controls

Production infrastructure is monitored 24/7. Our incident response process targets first acknowledgement within 15 minutes for severity-1 events. We run regular tabletop exercises and post-incident reviews.

Data handling

Encryption in transit (TLS 1.3 minimum) and at rest (AES-256 minimum). Member data is logically segregated and access is logged. Cryptographic erasure is available when data must be destroyed.

Member account security

We offer multi-factor authentication, detect suspicious logins, and notify members of significant account changes. We rate-limit sensitive actions and monitor for credential-stuffing and automated abuse.

Vendors and subprocessors

We vet the vendors who process member data, bind them by contract, and review their security posture. A summary of our subprocessor governance is on our Data processing page.

Compliance

A SOC 2 Type II audit is currently underway. We commission independent penetration tests at least annually and remediate findings on a risk-prioritized schedule.

Reporting a vulnerability

See our Responsible disclosure policy. We thank researchers who report findings in good faith.

Last updated 2026-06-13. Questions: legal@gochamie.com.

Get in touch

Building the systems that bring people together.

Questions about our brands, press, or partnerships? Send a note and we'll reply within two business days.