diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..402b198cd
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,59 @@
+# Security Policy
+
+## Supported Versions
+
+The following versions are currently supported with security updates:
+
+| Version | Supported |
+| ------- | --------- |
+| Latest  | Yes       |
+| Older versions | No  |
+
+If you are using an older version, we recommend upgrading to the latest version to receive security fixes and improvements.
+
+## Reporting a Vulnerability
+
+If you believe you have found a security vulnerability, please do **not** disclose it publicly through GitHub issues, discussions, forums, or social media.
+
+Instead, please report it to us by email at:
+
+**hi@olares.com**
+
+To help us investigate the issue efficiently, please include as much of the following information as possible:
+
+- A clear description of the vulnerability
+- Steps to reproduce the issue
+- Proof of concept (PoC), if available
+- Affected product, version, or environment
+- Potential impact of the issue
+- Any relevant screenshots, logs, or recordings
+
+## Our Response Process
+
+After receiving your report, we will:
+
+1. Acknowledge receipt of the report as soon as reasonably possible
+2. Review and validate the issue
+3. Investigate the impact and determine remediation steps
+4. Keep you informed of the progress when appropriate
+
+Please note that response and resolution times may vary depending on the complexity and severity of the issue.
+
+## Responsible Disclosure
+
+We kindly ask that you:
+
+- Give us a reasonable amount of time to investigate and address the issue before any public disclosure
+- Avoid accessing, modifying, or deleting data that does not belong to you
+- Avoid actions that may negatively affect the availability or integrity of our services
+- Act in good faith to avoid privacy violations, service disruption, or data destruction
+
+## Rewards
+
+We do not currently operate a formal bug bounty program.
+
+However, if a reported issue is confirmed to be valid and responsibly disclosed, we may offer a reward at our discretion.
+
+## Thank You
+
+We sincerely appreciate the time and effort of security researchers and users who help us improve the security of our products and services.