diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..1439ef79
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,20 @@
+# Security Policy
+
+## Supported Versions
+
+We release security updates for the latest version of both Community and Enterprise editions. Backported patches for older Enterprise Edition may be considered on a case-by-case basis.
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please report it to us privately, instead of creating a GitHub Issue.
+
+**Email:** security [at] privatecaptcha [dot] com
+
+### Out of Scope
+
+The following are not considered security vulnerabilities:
+
+- Issues in outdated or unsupported browsers
+- Vulnerabilities in third-party dependencies (please report to the respective maintainers)
+- Denial of Service (DoS/DDoS) attacks
+- Issues requiring physical access to a user's device