Security & data protection

All customer data is stored in UK-based data centres operated by tier-1 providers, with data residency in the United Kingdom only.

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Database back-ups are encrypted and stored in a separate region.

CHICS holds Cyber Essentials certification, our hosting providers are ISO 27001 certified, and we provide a signed Data Processing Agreement (DPA) on request.

Role-based access control with least-privilege defaults, MFA on all admin accounts, and a tamper-evident audit log for every change to tenancy data.

If you believe you have found a security vulnerability, please report it to support@chics.co.uk. We aim to acknowledge within one working day.

A current list of sub-processors and their purpose is provided to customers and updated whenever we make a change.