diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..e17a4d50c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+**Please do not use GitHub issues for security-sensitive communication.**
+
+The LibreTime maintainers ask that known and suspected vulnerabilities to be privately and responsibly disclosed by:
+
+- sending all the required detail to [security@libretime.org](security@libretime.org),
+- or by filling a [security advisory on Github](https://github.com/libretime/libretime/security/advisories/new).
+
+A LibreTime maintainer will acknowledged the report within 3 working days.
+
+We aim to provide a security patch within 30 days, after this period the report will be disclosed to the public. The security patch will be distributed for the [maintained versions of LibreTime](https://libretime.org/docs/developer-manual/development/releases/#distributions-releases-support).