Security and Responsible Disclosure

If you believe you have identified a security issue in Commercial Readiness, report it privately and do not disclose it publicly until we have had a reasonable opportunity to investigate and remediate.

Please include a clear description of the issue, affected endpoint or workflow, reproduction steps, impact assessment, and any proof of concept needed to verify the report safely.

Security reports should be sent to security@belton.co.nz. We will acknowledge receipt and aim to respond with next steps as quickly as practical.

Please avoid actions that could degrade service, expose customer data, or disrupt other users while testing.