diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..7f2cefc
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+## Reporting Security Issues
+
+Your security is important to us. If you believe you have found a security vulnerability in our project, please let us know right away.
+
+### How to Report
+
+- **Non-sensitive issues:** If the issue is not sensitive, please [create an issue](https://github.com/devondragon/SpringUserFramework/issues) directly in this repository.
+
+- **Sensitive issues:** If you believe the issue is sensitive, **do not create a public issue**. Instead, please send an email directly to [devon@justblackmagic.com](mailto:devon@justblackmagic.com).
+
+### Response Time
+
+I aim to acknowledge receipt of vulnerabilities within 48 hours and to provide a more detailed response within 72 hours. Cirumstances may delay things (if I am traveling or offline for example).
+
+Thank you for helping us ensure the security and privacy of our users.
+