diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..983f5d2c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.4.x   | :white_check_mark: |
+| <2.4.x   | :x:                |
+
+## Reporting a Vulnerability
+
+Please report any security issues via email to security@getontracks.org. If you don't get a reply for your email, resend the email after one week. If there's still no reply, open an issue in the issue queue but *do not disclose the details* in the issue, only ask about the reply and status.
+
+Unfortunately Tracks is not part of a bug bounty program, but we do provide appropriate credits for disclosing security issues.