Security

We take security extremely seriously and make every effort to protect the data stored in our platform. Chalk employs bank grade security and industry best practices to ensure that your data is safe and secure.

Special Thanks To

Responsible Disclosure

In accordance with our responsible disclosure policy, if you believe you have found a security vulnerability on Chalk, we encourage you to contact us immediately. We will not bring any lawsuit or law enforcement investigation against you so long as you give us reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research.

Non-qualifying Vulnerabilities
The following vulnerabilities are frequently reported to us but are either not exploitable or have a very low risk.

  • Anything related to standard WordPress functionality (XMLRPC API, WP-JSON API, load-scripts.php, etc.)
    • Please contact WordPress in accordance with their bug bounty policy instead
  • DoS on www.chalk.com
  • Lack of CSP on www.chalk.com
  • Password strength policy