diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..2a841989
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.2.1   | :white_check_mark: |
+| < 1.2.1 | :x:                |
+
+## Reporting a Vulnerability
+
+We run a mailing list under security@privatebin.org. You should be able to get
+a response within a week (usually during the next weekend). The respondee will
+reply from their personal address and can offer you their GPG public key to
+support end-to-end encrypted communication on sensitive topics or attachments.
+
+You can also contact us via the regular issue tracker if the risk of early
+publication is low or you would request input from other PrivateBin users.