Responsible Disclosure Policy

At Madgicx, we take the security of our systems and customer data seriously. We appreciate the efforts of security researchers who act in good faith and responsibly report potential vulnerabilities.

This policy outlines how to report security issues and the conditions under which we accept such reports.

1. No Unauthorized Testing

Security testing of our systems is not permitted without prior written authorization from our security team.

Activities such as scanning, probing, exploiting, or attempting to access data without permission are strictly prohibited under our Terms of Service.

If you engage in security testing without authorization, you may be violating applicable laws.

2. Reporting a Potential Security Issue

If you believe you have identified a vulnerability, please report it via:

📧 [security@madgicx.com]

When reporting an issue, please include (to the extent possible):

• A clear description of the vulnerability
• Steps to reproduce
• Browser, environment, or tool used
• Any supporting evidence (screenshots, logs)
• Your contact information

3. Expectations From Researchers

We ask that researchers follow these guidelines:

• Do not attempt to access, modify, or delete data that does not belong to you.
• Do not perform actions that could impact system availability, such as DoS, brute force, or volume testing.
• Do not use automated scanning tools against production systems.
• Do not perform social engineering (phishing, vishing, etc.).
• Do not publicly disclose any information about the vulnerability before we have confirmed and fixed the issue.
• Stop immediately if you encounter sensitive data.

4. What You Can Expect From Us

When you submit a report:

• We will acknowledge receipt of your message.
• We will review the issue internally.
• We will notify you if we need more details.
• We will inform you once the issue has been addressed.

Please note that:

• We do not confirm vulnerabilities until verification is complete.
• We do not authorize retroactive testing.
• We do not guarantee any monetary reward or bounty unless explicitly stated in a formal bounty program.

5. No Bounty Program (Unless Otherwise Stated)

At this time, we do not operate a public bug bounty program.

This means:

• We do not offer payment for unsolicited or unapproved testing.
• We do not accept additional findings unless prior written authorization has been granted.

Unauthorized testing does not qualify for any reward.

6. Legal & Safe-Harbor Notice

To protect both researchers and our users, the following applies:

• This policy does not grant permission to perform security testing.
• Researchers must obtain formal authorization before testing.
• Unauthorized testing may be considered a violation of applicable laws.

If you comply with this policy and have explicit authorization prior to your testing, we will not pursue legal action for reporting findings responsibly.

7. Contact

For all security-related communications:

📧 security@madgicx.com