Security and privacy are the pillars of Arcana's Digital Sovereignty. We value the work of security researchers and are committed to quickly fixing vulnerabilities to protect our users.

Currently, we only provide security updates for the latest versions of the app. The patch will be added as quickly as possible to the new version, and we encourage you to download it.

Please do not open a public Issue to report security vulnerabilities.

If you believe you have found a flaw that could compromise data privacy or the integrity of Arcana, follow the steps below:

1. Access the Security tab of the repository on GitHub.

2. Click on "Advisories" and then on "Report a vulnerability".

3. Provide technical details, steps for reproduction, and, if possible, a proof of concept (PoC).

If you prefer, or if the GitHub system is unavailable, you can contact us directly via Issue with the label security-urgent (we will contact you to collect the data privately).

• Initial Response: Within 48 business hours after reporting.
• Resolution: We will work to release a patch as quickly as possible, depending on the severity of the vulnerability.
• Acknowledgement: Researchers who report vulnerabilities ethically will have their name (or handle) included in the patch release notes.

• UI/UX bugs that do not expose data (e.g., header misalignment).
• Performance issues that do not result in denial of service (DoS).
• Failures in third-party dependencies (in this case, report to the maintainer of the specific library).