diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..a2b1ae4f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,11 @@
+# Reporting security issues
+
+## Supported Versions
+
+Security fixes are applied to the latest `main` branch.
+
+## Reporting a Vulnerability
+
+Please **DO NOT** file a public issue, instead send your report privately to security@lightpanda.io.
+
+Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it.