Responsible Disclosure Policy

Last updated April 24, 2025

Introduction

At Arphie, Inc., we take the security of our systems, products, and customer data very seriously. We value the contributions of the security community in helping us maintain a safe and secure environment.

If you have discovered a security vulnerability in any of our products or services, we encourage you to report it to us responsibly. This policy outlines how to submit a vulnerability report and what you can expect from us.

Scope

This policy applies to vulnerabilities discovered in:

  • Arphie, Inc. public websites and applications
  • Arphie, Inc. APIs and services
  • Arphie, Inc. desktop applications

Out of scope:

  • Third-party services not owned or operated by Arphie, Inc.
  • Social engineering, phishing, or physical security attacks
  • Denial of service (DoS/DDoS) or spam attacks

How to Report

If you believe you’ve discovered a vulnerability, please email us at: security@arphie.ai

Your report should include:

  • A detailed description of the vulnerability
  • Steps to reproduce the issue (proof-of-concept if possible)
  • The potential impact of the vulnerability

We encourage you to encrypt sensitive information when sending this information.

Our Commitments

When you submit a report, Arphie, Inc. will:

  1. Acknowledge receipt of your report within 5 business days.
  2. Provide an estimated timeline for investigation and remediation.
  3. Keep you informed of our progress as we work on a fix.
  4. Credit you publicly (with your consent) once the issue has been resolved.

Researcher Guidelines

To ensure safe and responsible research, we ask that you:

  • Avoid accessing, modifying, or destroying user data.
  • Avoid actions that could harm Arphie, Inc. systems or customers.
  • Respect user privacy.
  • Refrain from publicly disclosing the vulnerability until it has been addressed.

Safe Harbor

We will not pursue legal action against researchers who:

  • Act in good faith and comply with this policy.
  • Avoid violating privacy, intellectual property, or regulatory requirements.
  • Report vulnerabilities promptly and responsibly.

Recognition

While we do not currently operate a formal bug bounty program, we deeply value the contributions of the security community. Researchers who responsibly disclose vulnerabilities may be publicly recognized (if consent is provided).

Contact

For vulnerability reports or questions about this policy, contact: security@arphie.ai

Arphie

Ready to onboard your team's own Arphie AI agent? Reach out to learn more.

Thank you. We will reach out shortly.
Oops! Something went wrong while submitting the form.
Product
FeaturesIntegrations
Company
SecurityAboutCareersContactCase Studies
Legal
Privacy PolicyAcceptable Use PolicyTerms of UseResponsible Disclosure Policy
Knowledge
ResourcesGlossaryArticlesIndustry Guides
Connected
Social Icon
LinkedIn
Social Icon
Twitter
© 2025 Arphie, Inc. All rights reserved.