diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..9437b564d
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,24 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you find a security issue in SeaweedFS, please report it privately:
+
+- Email: support@seaweedfs.com  
+- Do not open a public GitHub issue
+
+Please include:
+- A clear description of the issue
+- Steps to reproduce (if possible)
+- Affected versions
+
+## Response
+
+- We will respond as soon as possible (usually within 1 business day)  
+- We will investigate and work on a fix  
+- We may coordinate disclosure with you
+
+## Notes
+
+- Please allow time for a fix before public disclosure  
+- If you’re unsure whether something is a security issue, feel free to reach out