diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..b2a87806
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+We only add security updates to the latest MAJOR.MINOR version of the project. No security updates are backported to previous versions. 
+If you want be up to date on security patches, make sure your SimpleLogin image is up to date.
+
+## Reporting a Vulnerability
+
+If you've found a security vulnerability, you can disclose it responsibly by sending a summary to security@simplelogin.io. 
+We will review the potential threat and fix it as fast as we can. 
+
+We are incredibly thankful for people who disclose vulnerabilities, unfortunately we do not have a bounty program in place yet.
+