diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..44120268e
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,34 @@
+# Security Policy
+
+## Supported Versions
+
+Reactive Resume provides security updates for version `5.0.x` and newer.
+Earlier major versions are no longer supported.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| >= 5.0  | :white_check_mark: |
+| 4.x     | :x:                |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+If you believe you have found a security vulnerability, please report it
+privately instead of opening a public issue.
+
+Preferred reporting channels:
+
+- Use GitHub's private vulnerability reporting for this repository.
+- If that is unavailable, email `hello@amruthpillai.com` with the subject
+  `Security Vulnerability: Reactive Resume`.
+
+Please include as much detail as possible, including:
+
+- A description of the vulnerability and its impact.
+- Steps to reproduce or a proof of concept.
+- Affected versions, configuration, or deployment details.
+- Any relevant logs, screenshots, or links.
+
+You can expect an initial response within 7 days. If the report is accepted,
+we will coordinate remediation and disclosure timing with you before publishing
+details publicly.