top of page

Last updated: 7 June 2026

TRUST CENTRE

Security and privacy, built in from the start

Everything you need to know about how Channel Chaser protects your data — designed for customers, partners, and procurement or security teams doing due diligence.

 UK/EU GDPR aligned

CCPA/CPRA aligned

TLS1.2+ / AES-256 Encrypted

Channel Chaser (operated by Cairncom Communications Ltd 

Compliance aligned

UK/EU GDPR and CCPA/CPRA requirements

Resilience

Backups, monitoring, and recovery plans built in

Least privilege

Access granted only to the extent required

Transparency

Clear documentation of controls, vendors, and responsibilities

Security by design

Built into every stage of our product lifecycle

​

​Everything you need to know about how Channel Chaser protects your data — designed for customers, partners, and procurement or security teams doing due diligence. Channel Chaser is aligned with UK/EU GDPR and CCPA/CPRA requirements. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256 or equivalent).

​

1. Our Principles

Channel Chaser is built around five core security and privacy principles:

  • Security by design — security is built into every stage of our product lifecycle, not added as an afterthought.

  • Least privilege — access to systems and data is granted only to the extent required to perform a function.

  • Transparency — we maintain clear documentation of our controls, vendors, and responsibilities and share it openly with customers.

  • Compliance alignment — our practices are designed to meet UK/EU GDPR and CCPA/CPRA requirements.

  • Resilience — we design for continuity, with documented backup, monitoring, and recovery procedures in place.

​

2. Data Protection & Privacy

Channel Chaser is built for B2B use and typically processes business contact data — such as reseller contacts and CRM records. We do not intentionally process special category data or children's data.

In relation to customer data, Channel Chaser acts as a Data Processor — processing data on your behalf, under your instruction. We act as a Data Controller for our own platform analytics and operational data used to run and improve the service.

Further detail is available in our Data Handling PolicyPrivacy Policy, and GDPR & CCPA/CPRA Compliance Summary.

​

3. Data Hosting & Sub-Processors

We use a small number of carefully selected sub-processors. All are bound by appropriate data protection terms and are assessed during onboarding and reviewed periodically. A full Sub-Processor Register is available in our compliance pack.

Our current sub-processors are:

  • Microsoft Azure — application hosting, database, and platform services

  • Microsoft 365 — email, documents, and internal collaboration

  • Stripe — subscription billing and payment processing

  • HubSpot / Salesforce — only when customers choose to connect their CRM

  • Zoho Desk — customer support and ticket management

  • Wix — marketing website hosting, membership, and authentication

​​

4. Technical Security Controls

We implement layered security controls across our platform, infrastructure, and development practices, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256 or equivalent)

  • Multi-Factor Authentication (MFA) on all privileged accounts

  • Role-Based Access Control (RBAC) and least-privilege access policies

  • Secure development lifecycle informed by OWASP best practices

  • Logging and monitoring of key systems and admin activity

  • Regular vulnerability management and dependency scanning

Full details of our controls are documented in our Technical & Organisational Measures (TOMs).

​

5. Backups, Availability & Business Continuity

We design for resilience and operational continuity. Our backup and recovery posture is as follows:

  • Backup frequency: Daily encrypted backups of all key platform data

  • Backup retention: 90 days

  • Recovery Point Objective (RPO): 24 hours

  • Recovery Time Objective (RTO): 24 hours

We maintain a documented Business Continuity & Disaster Recovery (BCDR) Plan covering a range of disruption scenarios. A copy is available in our compliance pack.

​

6. Incident Response

We maintain a formal Incident Response Plan covering detection, containment, investigation, remediation, and post-incident review. Incidents are classified by severity (P1 Critical / P2 Significant / P3 Low) with defined response timelines for each.

If we identify a personal data breach affecting customer data, we will notify affected customers without undue delay — and the relevant supervisory authority (e.g. the ICO) within 72 hours where required under UK/EU GDPR. We will share relevant details and support customers in meeting any regulatory obligations they may have.

​

7. Compliance Documentation

For customers and partners requiring deeper review — such as during procurement or security due diligence — we provide a comprehensive compliance pack on request. This includes:

  • Data Handling Policy

  • Privacy Policy

  • Data Processing Agreement (DPA)

  • Cookie Policy

  • GDPR & CCPA/CPRA Compliance Summary

  • Technical & Organisational Measures (TOMs)

  • Sub-Processor Register

  • Risk Register

  • Incident Response Plan

  • Business Continuity & DR Plan

​

To request the pack, email privacy@channel-chaser.com

​

8. Your Responsibilities as a Customer

In most cases, you are the Data Controller for the personal data you manage via Channel Chaser. This means certain responsibilities sit with you, including:

  • Ensuring you have a lawful basis for processing personal data in your CRM and within Channel Chaser

  • Providing appropriate privacy notices to your contacts and resellers

  • Not uploading special category or children's data into Channel Chaser

  • Managing access and permissions for your own users within the platform

​​

9. Contact & Security Enquiries

For any security, privacy, or compliance questions — or to request our compliance pack — please contact our data protection and security lead:

  • Channel Chaser (T/A Cairncom Communications Ltd)

  • Email: privacy@channel-chaser.com

  • Registered address: Clyde Offices, 2nd Floor, 48 West George Street, Glasgow, G2 1BP, United Kingdom

Need our full compliance pack?

Request our DPA, TOMs, Sub-Processor Register, Risk Register, and more — sent directly to your security or procurement team.

bottom of page