Security
Security posture for GoChamie and the brands we build and operate.
Engineering controls
Mandatory code review on every change. Two-person rule for production deploys. Least-privilege access enforced through single sign-on with hardware-backed multi-factor authentication. Secrets are stored in managed vaults and never committed to code.
Operational controls
Production infrastructure is monitored 24/7. Our incident response process targets first acknowledgement within 15 minutes for severity-1 events. We run regular tabletop exercises and post-incident reviews.
Data handling
Encryption in transit (TLS 1.3 minimum) and at rest (AES-256 minimum). Member data is logically segregated and access is logged. Cryptographic erasure is available when data must be destroyed.
Member account security
We offer multi-factor authentication, detect suspicious logins, and notify members of significant account changes. We rate-limit sensitive actions and monitor for credential-stuffing and automated abuse.
Vendors and subprocessors
We vet the vendors who process member data, bind them by contract, and review their security posture. A summary of our subprocessor governance is on our Data processing page.
Compliance
A SOC 2 Type II audit is currently underway. We commission independent penetration tests at least annually and remediate findings on a risk-prioritized schedule.
Reporting a vulnerability
See our Responsible disclosure policy. We thank researchers who report findings in good faith.
Last updated 2026-06-13. Questions: legal@gochamie.com.
Building the systems that bring people together.
Questions about our brands, press, or partnerships? Send a note and we'll reply within two business days.