Do not open a public issue for security vulnerabilities.
Please report security issues directly to: security@chuk.dev
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We aim to respond within 48 hours and provide a fix within 7 days for critical issues.
This policy covers:
- Chuk Chat mobile app (iOS/Android)
- Chuk Chat desktop app (Linux/Windows/macOS)
- Chuk Chat web app (chat.chuk.chat)
- End-to-end encryption implementation
Currently no formal bug bounty program, but we credit researchers in our changelog (with permission).