diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..3f9c867c2
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,12 @@
+# Security Policy
+
+## Supported Versions
+
+This software is currently pre-release, so no versions are formally supported.
+
+Once 1.0 has been released, only the most recent version will be supported.
+
+## Reporting a Vulnerability
+
+To report a vulnerability in this application, contact me directly at `dustin@cs.uchicago.edu`.
+You can expect an initial response within a day or two, and a regular email conversational cadence thereafter.