diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index f9f5ae78..56a88b72 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -187,6 +187,12 @@ Before opening a new issue:
 
 For feature requests, describe the use case, the expected behavior, and why the change would help DoubtDesk users.
 
+### Security Issues
+
+Please do not report security vulnerabilities through public GitHub issues.
+
+Refer to [SECURITY.md](./SECURITY.md) for responsible disclosure instructions.
+
 ### Requesting Assignment
 
 If you want to work on an issue, please leave a comment containing the exact phrase `/assign`. 
diff --git a/README.md b/README.md
index d57290f5..3646f6e2 100644
--- a/README.md
+++ b/README.md
@@ -43,6 +43,7 @@
     - [Mid-Term (v1.2)](#mid-term-v12)
     - [Long-Term (v2.0)](#long-term-v20)
   - [Code of Conduct](#code-of-conduct)
+  - [Security](#security)
   - [License](#license)
   - [Acknowledgments](#acknowledgments)
 
@@ -412,6 +413,12 @@ We are committed to providing a welcoming and harassment-free experience for eve
 
 ---
 
+## Security
+
+If you discover a security vulnerability, please follow the responsible disclosure process described in [SECURITY.md](SECURITY.md).
+
+---
+
 ## License
 
 This project is licensed under the **MIT License**. See the [LICENSE](LICENSE) file for details.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..d6ba1f87
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,55 @@
+# Security Policy
+
+Thank you for helping keep DoubtDesk and its users safe.
+
+## Supported Versions
+
+At this time, only the latest version of DoubtDesk is actively supported with security updates.
+
+| Version        | Supported |
+| -------------- | --------- |
+| Latest Release | ✅         |
+| Older Versions | ❌         |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please **do not create a public GitHub issue**.
+
+Instead, report the issue privately to the project maintainers through GitHub or any official communication channel provided by the maintainers.
+
+When reporting a vulnerability, please include:
+
+* A clear description of the issue
+* Steps to reproduce the vulnerability
+* Potential impact
+* Screenshots or proof-of-concept details (if applicable)
+
+## Response Timeline
+
+The maintainers will review security reports as soon as possible and aim to acknowledge reports within 72 hours.
+
+After verification, maintainers will investigate the issue, develop a fix, and coordinate responsible disclosure when appropriate.
+
+## Scope
+
+Examples of security issues include:
+
+* Authentication bypass
+* Unauthorized access to classrooms or user accounts
+* Privilege escalation
+* Sensitive information disclosure
+* Database exposure
+* Vulnerabilities affecting student or teacher data
+
+The following are generally not considered security issues:
+
+* UI or styling bugs
+* Feature requests
+* Documentation issues
+* Minor usability concerns
+
+## Responsible Disclosure
+
+Please avoid publicly disclosing security vulnerabilities until the maintainers have had a reasonable opportunity to investigate and address the issue.
+
+Thank you for helping improve the security of DoubtDesk.