Back to LaunchReady
Security

Security and Responsible Disclosure

How LaunchReady handles project access, credentials, security reports, and responsible disclosure.

Last updated: June 26, 2026

Project access

LaunchReady asks for the least access reasonably needed to complete the requested review. Read-only, scoped, temporary, and revocable access is preferred whenever practical.

Do not send production secrets in email or chat. Use your platform's secure secret-sharing, access-management, or invitation flow whenever possible.

Credentials

Rotate temporary credentials after the engagement is complete. Remove repository, hosting, analytics, database, and admin access that is no longer needed.

If credentials are accidentally shared in an unsafe way, notify us and rotate them promptly.

Security review limits

A LaunchReady review may identify practical security risks, but it is not a formal penetration test, compliance audit, SOC 2 audit, HIPAA audit, PCI assessment, or legal compliance review unless a written agreement explicitly says so.

Security findings depend on the scope, time, access, environment, and code available during the review.

Responsible disclosure

If you believe you found a security issue involving LaunchReady, email a clear report with reproduction steps, affected URLs, impact, and any relevant screenshots or logs.

Do not access, modify, destroy, download, or exfiltrate data that does not belong to you. Do not run disruptive testing against production systems.

Response

We will review good-faith security reports and prioritize remediation based on severity, exploitability, and affected systems.

Questions about this page? Contact hello@launchready.biz.