diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..3607f92
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,55 @@
+# Security Policy
+
+## Supported Versions
+
+Security updates are available for all versions.
+
+## Reporting a Vulnerability
+
+If you discover a vulnerability, please report it responsibly to our security email: `c2VjdXJpdHlAYWx0Y2hhLm9yZwo=`.
+
+When reporting a vulnerability, please include the following details to help us quickly assess the issue:
+
+- Detailed steps to reproduce or a proof-of-concept
+- Any relevant tools and their versions used
+- Tool output and any logs or screenshots that may help
+
+**PGP Public Key**: To ensure secure communication, please use our PGP public key when sending sensitive information:
+
+```
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xjMEZtI2nxYJKwYBBAHaRw8BAQdA/RsvtqhwBMzb2lVbYgJ8jfbtOSW6X1Ju
+eJGrTnc/w7rNKXNlY3VyaXR5QGFsdGNoYS5vcmcgPHNlY3VyaXR5QGFsdGNo
+YS5vcmc+wowEEBYKAD4FgmbSNp8ECwkHCAmQQ77nSDCYPoIDFQgKBBYAAgEC
+GQECmwMCHgEWIQTjdfm4rd39SCeb0WpDvudIMJg+ggAAQBYA/AhHznOMm5zg
+L5NVtbEaVzjlGQgq935Ieg7i0ts/ulvSAQCifZduBr9W2Rlev2x4MIaN8PBY
+eq/UQjyDIoi3s+bBAM44BGbSNp8SCisGAQQBl1UBBQEBB0DMbZpWAHLF9W2y
+sFoTHPv0/9wBmd5HQHDFo30pYv6GGAMBCAfCeAQYFgoAKgWCZtI2nwmQQ77n
+SDCYPoICmwwWIQTjdfm4rd39SCeb0WpDvudIMJg+ggAAB2gA/RCLvMElWMP3
+Xb/GVjlYMKM+lP/+Vp6pEPp+oCfb5gg+AP9sTajrdA2GBv6Sc28/GZcbGEX2
+OlJjTSxs11Oj8es+Bg==
+=kb//
+-----END PGP PUBLIC KEY BLOCK-----
+```
+
+## Vulnerability Disclosure Process
+
+- **Acknowledgment**: We will acknowledge receipt of your report within 48 hours.
+- **Assessment**: We will assess the vulnerability and determine the impact and priority.
+- **Resolution**: If the vulnerability is confirmed, we will work on a fix and inform you when it’s resolved.
+- **Disclosure**: We follow responsible disclosure. Once a fix is available, we will coordinate with you to disclose the vulnerability to the public.
+
+## Scope
+
+### In-Scope for Reporting:
+- ALTCHA Widget and any associated open-source code.
+- ALTCHA SaaS platform and related services.
+
+### Out-of-Scope:
+- Any third-party services or software not managed by ALTCHA.
+- Automated tool or scan reports.
+- Distributed Denial of Service (DDoS) attacks that require large volumes of data.
+- Provisioning or usability issues.
+- Flooding of feedback, comments, messages, etc.
+- Issues related to networking protocols or industry standards.