Security & Responsible Disclosure

Last updated: October 2025

We deeply appreciate contributions from the security community. If you believe you have found a vulnerability in CopyMagic or any related service, please report it to us responsibly. We will investigate and resolve valid issues as quickly as possible.

How to Report

  • Email: security@arcifylabs.com orritik@arcifylabs.com
  • Include a clear description, steps to reproduce, affected versions, and any relevant logs or PoC.
  • If the issue includes sensitive details, feel free to request an encrypted channel. We can provide a public key on request.

Our Commitment

  • We will acknowledge your report within 72 hours.
  • We will provide an initial assessment and next steps within 7 days.
  • We will keep you informed of progress and notify you when the issue is resolved.

Scope & Guidelines

In Scope

  • *.copymagic.app
  • copymagic.app
  • CopyMagic for macOS — the latest release available as a .dmg from our download page

Guidelines

  • Please avoid privacy violations, data destruction, or service disruption.
  • Never access data that does not belong to you. Use test accounts where possible.
  • Give us reasonable time to remediate before any public disclosure.
  • Out of scope examples: social engineering, physical attacks, volumetric DoS, issues requiring a rooted/jailbroken device, best-practice suggestions without a concrete vulnerability.

Recognition

We don't operate a formal bug bounty program at this time. For accepted, security-impacting reports, we offer public recognition on this page and a sincere thank you. As we grow, we may introduce rewards.

Honorable Mentions

Thank you for helping keep CopyMagic safe. We'll list confirmed reporters here.

  • Abdul Rehman