diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..5c957649a
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Responsible Disclosure
+
+## Reporting a Vulnerability
+
+We strive to stay ahead of security vulnerabilities but would love to get the community's help in making us aware of the ones we miss.
+
+Please email `security@boxyhq.com` to report security vulnerabilities and exploits.
+
+We will acknowledge legitimate reports and address it according to the severity.