Security at CHOYS

This page outlines the key security practices and procedures we follow while building and maintaining the GetChoys platform.

Privacy

Your privacy is our priority. We do not sell or share your data with third parties. For more details, please refer to our Privacy Policy.

If you have any questions or concerns regarding your data or this Security Policy, please contact us at help@getchoys.com.

Infrastructure

CHOYS is hosted on Amazon Web Services (AWS), specifically using ECS + EC2 for our technical infrastructure and servers.

AWS is compliant with leading security and compliance standards including:

  • ISO/IEC 27001
  • SOC 1, 2, and 3
  • PCI-DSS
  • FedRAMP

We use CloudFront for secure content delivery and AWS Certificate Manager (ACM) for TLS/SSL management.

Development & Security Practices

  • All engineers follow industry-standard secure coding practices and are regularly trained in secure software development.
  • We conduct static code analysis, runtime security testing, and integrate automated vulnerability scanning into our CI/CD pipeline.
  • Dependencies are monitored for known vulnerabilities via automated tooling.

Encryption

  • In Transit: All data is encrypted using TLS 1.2+.
  • At Rest: Sensitive data is encrypted using AES-256 through AWS-managed encryption in RDS and S3.
  • Our frontend (lab.choysapp.com) and API (labapi.choysapp.com) are secured with HSTS, CSP, and other HTTP security headers.

Incident Response

  • GetChoys has a 24/7 monitoring system in place for infrastructure, application performance, and anomalies.
  • We maintain a well-documented incident response plan and conduct regular drills.
  • Our engineers rotate on-call duties to ensure rapid response to any incidents or outages.

ISO 27001 Certification – In Progress

We are currently undergoing ISO 27001 certification with the support of Vanta and WorkStreet, targeting full certification by the end of Q3 2025. This includes internal audits, penetration testing, and comprehensive policy and process reviews across the organization.

Contact

If you have any security concerns or would like to report a vulnerability, please reach out to us at security@getchoys.com.