diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..4df36196
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,40 @@
+# Security Policy
+
+## Supported Versions
+
+We currently support the latest stable version of CryptoTracker. Users are encouraged to always update to the most recent version to benefit from security patches and improvements.
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in CryptoTracker, please help us keep the project and its users safe by following these steps:
+
+1.  **Do not open public issues** for security vulnerabilities.
+2.  **Privately report the vulnerability** by emailing the maintainer.
+3.  Include the following in your report:
+    -  A detailed description of the vulnerability.
+    -  Steps to reproduce the issue.
+    -  Potential impact.
+    -  Suggested fixes, if available.
+
+We aim to respond to vulnerability reports within **5 business days** and will work with you to resolve the issue promptly.
+
+## Security Best Practices
+
+-  Do not run PromptShell as root unless absolutely necessary.
+-  Only use PromptShell in trusted environments.
+-  Be cautious when prompting with sensitive data or executing dynamic commands.
+-  Review and audit any third-party models or plugins used within PromptShell.
+
+## Responsible Disclosure
+
+We support and encourage responsible disclosure. If you responsibly disclose a vulnerability, we will:
+
+-  Acknowledge your contribution.
+-  Provide credit in the changelog (if desired).
+
+## Additional Resources
+
+- [GitHub Security Best Practices](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability)
+
+---
+Thank you for helping make PromptShell safer and more reliable!