diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..c63be254b
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,20 @@
+# Security Policy
+
+When you think you've discovered a security issue, please contact us at hello@photoprism.app.
+
+Your report should at least include the following:
+
+- Version and architecture
+- Vulnerability description
+- Reproduction steps
+
+We will then try to reproduce it, determine the impact, and get back to you as soon as possible.
+
+Please also report vulnerabilities in third-party applications.
+
+### Responsible Disclosure ###
+
+- Only test for vulnerabilities on your own PhotoPrism instance
+- Confirm the vulnerability applies to a supported version
+- Share vulnerability details with us first
+- Wait for a fix before publicly sharing details