diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 00000000..30f329be
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,49 @@
+# Security Policy
+
+Thank you for helping keep `cycle/database` and its users safe. We greatly appreciate your efforts to disclose security vulnerabilities responsibly.
+
+
+
+## 🙋♂️ Supported Versions
+
+Only certain versions of `cycle/database` are currently being maintained with security updates. Please use or upgrade to one of these supported versions:
+
+| Version | Supported |
+|---------|--------------------|
+| 2.x | :white_check_mark: |
+
+Please ensure that you are using one of these supported versions before reporting a security issue.
+
+
+
+## 🗜️ Unsupported Versions
+
+Versions listed below are no longer supported with security updates. We recommend upgrading to a supported version as soon as possible:
+
+| Version | Supported |
+|---------|-----------|
+| 1.x | :x: |
+
+
+
+## 🚨 Reporting a Vulnerability
+
+We take all security bugs in `cycle/database` seriously. Please follow the instructions below to report security vulnerabilities.
+
+### → How to Report
+
+1. **GitHub Security Advisories**: Please report security issues directly through our GitHub Security Advisories page: https://github.com/cycle/database/security/advisories/new. This ensures that sensitive information is handled confidentially.
+
+2. **Empty Security Issue**: After submitting through GitHub Security Advisories, please also create an empty security issue to alert us, as GitHub Advisories do not send automatic notifications. This can be done here: https://github.com/cycle/database/issues/new?assignees=&labels=type%3A+bug%2Cpriority%3A+high%2Ctype%3A+security&projects=&template=5-security-report.yml&title=%5BSecurity%5D%3A+
+
+3. **Direct Contact**: For highly sensitive information, in addition to the GitHub Security Advisories, please email us directly at `team@spiralscout.com` with the subject line "SECURITY - Vulnerability Report". This will be treated with the highest priority.
+
+Please do not discuss potential security issues in public forums or through our public GitHub issues tracker.
+
+
+
+## ❌ Third-Party Bug Bounty Platforms
+
+At this moment, we DO NOT accept reports from third-party bug bounty platforms to minimize risk. All vulnerability reports should come through the specified channels above.
+
+