diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..ac18ec9e2
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in Awesome Cordova Plugins, please report it responsibly.
+
+**Do not open a public GitHub issue for security vulnerabilities.**
+
+Instead, please send an email to the maintainer or use [GitHub's private vulnerability reporting](https://github.com/danielsogl/awesome-cordova-plugins/security/advisories/new).
+
+### What to include
+
+- Description of the vulnerability
+- Steps to reproduce
+- Affected versions
+- Potential impact
+
+### Response
+
+You can expect an initial response within 72 hours. We will work with you to understand the issue and coordinate a fix before any public disclosure.
+
+## Scope
+
+This policy covers the `@awesome-cordova-plugins/*` TypeScript wrapper packages. For vulnerabilities in the underlying Cordova plugins themselves, please report to the respective plugin maintainers.
+
+## Supported Versions
+
+Only the latest major version receives security updates.