Security & Responsible Disclosure
Last updated: October 2025
We deeply appreciate contributions from the security community. If you believe you have found a vulnerability in CopyMagic or any related service, please report it to us responsibly. We will investigate and resolve valid issues as quickly as possible.
How to Report
- Email: security@arcifylabs.com orritik@arcifylabs.com
- Include a clear description, steps to reproduce, affected versions, and any relevant logs or PoC.
- If the issue includes sensitive details, feel free to request an encrypted channel. We can provide a public key on request.
Our Commitment
- We will acknowledge your report within 72 hours.
- We will provide an initial assessment and next steps within 7 days.
- We will keep you informed of progress and notify you when the issue is resolved.
Scope & Guidelines
In Scope
- *.copymagic.app
- copymagic.app
- CopyMagic for macOS — the latest release available as a .dmg from our download page
Guidelines
- Please avoid privacy violations, data destruction, or service disruption.
- Never access data that does not belong to you. Use test accounts where possible.
- Give us reasonable time to remediate before any public disclosure.
- Out of scope examples: social engineering, physical attacks, volumetric DoS, issues requiring a rooted/jailbroken device, best-practice suggestions without a concrete vulnerability.
Recognition
We don't operate a formal bug bounty program at this time. For accepted, security-impacting reports, we offer public recognition on this page and a sincere thank you. As we grow, we may introduce rewards.
Honorable Mentions
Thank you for helping keep CopyMagic safe. We'll list confirmed reporters here.
- Abdul Rehman