diff --git a/SECURITY.md b/SECURITY.md
index 034e848..1b945f7 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,20 +2,41 @@
 
 ## Supported Versions
 
-Use this section to tell people about which versions of your project are
-currently being supported with security updates.
+This project is currently in early development. We provide security updates for the latest release version.
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 5.1.x   | :white_check_mark: |
-| 5.0.x   | :x:                |
-| 4.0.x   | :white_check_mark: |
-| < 4.0   | :x:                |
+| 0.1.x   | :white_check_mark: |
+| < 0.1   | :x:                |
+
+**Note:** As this is an early-stage project (v0.1.x), the API and security posture may change between releases. We recommend always using the latest version.
 
 ## Reporting a Vulnerability
 
-Use this section to tell people how to report a vulnerability.
+We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:
+
+### How to Report
+
+1. **DO NOT** open a public GitHub issue for security vulnerabilities
+2. Use GitHub's private security reporting feature by navigating to this repository's **Security** tab and selecting **"Report a vulnerability"**.
+3. If that option is not available, email our security contact at `security@example.com`.
+4. Include the following in your report:
+   - Description of the vulnerability
+   - Steps to reproduce the issue
+   - Potential impact
+   - Suggested fix (if available)
+
+### What to Expect
+
+- **Initial Response:** Within 48-72 hours acknowledging receipt
+- **Status Updates:** We'll keep you informed as we investigate and work on a fix
+- **Resolution Timeline:** Depends on severity and complexity, typically within 7-14 days for critical issues
+- **Credit:** With your permission, we'll acknowledge your contribution in the security advisory and release notes
+
+### Security Best Practices
 
-Tell them where to go, how often they can expect to get an update on a
-reported vulnerability, what to expect if the vulnerability is accepted or
-declined, etc.
+When using this tool:
+- Store your Control D API token securely (use `.env` file, never commit it)
+- Keep your Python environment and dependencies up to date
+- Review the code before running, especially when syncing to production profiles
+- Use dedicated API tokens with minimal necessary permissions