diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..1f24813c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,7 @@
+# Security vulnerability disclosure
+
+If you discover a security vulnerability, you can report it to us via any of the below channels:
+- Open an issue of type "Security" on the [issue tracker](https://issues.iceshrimp.dev/). Make sure to set "Confidential" to "Yes" if the vulnerability details are not already public.
+- Send your PGP key to security@iceshrimp.dev. After secure communication is established, send us the vulnerability details as an encrypted message.
+
+This will allow us to assess the risk & make a fix available before the vulnerability is disclosed publicly.