diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..4ecf8df
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,45 @@
+## Security Policy
+
+### Supported Versions
+
+We actively support the following versions:
+
+| Version    | Supported |
+| ---------- | --------- |
+| 20240821v2 | ✅         |
+
+Please ensure you are using the latest version to receive security updates and fixes.
+
+### Reporting a Vulnerability
+
+If you discover a security vulnerability in GPT-SoVITS-WebUI, we encourage you to report it responsibly via GitHub Security Advisories. Here's how you can do it:
+
+1. **Open a GitHub Security Advisory**:
+   - Navigate to the repository's [Security tab](https://github.com/RVC-Boss/GPT-SoVITS/security).
+   - Select "Report a vulnerability."
+   - Provide the following details:
+     - A detailed description of the vulnerability.
+     - Steps to reproduce the issue (if applicable).
+     - Any potential impact and severity level.
+2. **Response Time**: We will acknowledge your report within 72 hours and provide an estimated timeline for resolution.
+3. **Responsible Disclosure**: We request that you do not publicly disclose the vulnerability until it has been resolved. If necessary, we will work with you to determine an appropriate disclosure timeline.
+
+### Best Practices for Users
+
+To maintain security while using GPT-SoVITS-WebUI:
+
+- **Update Regularly**: Always use the latest version to ensure you're benefiting from security updates.
+- **Environment Isolation**: Run the application in isolated environments (e.g., Docker, Conda environments) to reduce potential risks.
+- **Data Privacy**: Avoid using sensitive or private data unless necessary, as models are not encrypted by default.
+
+### Security Practices
+
+To ensure a secure codebase, we follow these practices:
+
+- **Dependency Monitoring**: Regular updates and audits of third-party dependencies.
+- **Code Reviews**: All new contributions undergo thorough reviews to ensure they meet our security standards.
+- **Static Analysis**: Automated tools are used to identify common vulnerabilities in the code.
+
+### Acknowledgments
+
+We thank the community for reporting issues and helping us improve security. If your vulnerability report leads to a fix, we would be happy to acknowledge your contribution in the release notes (if desired).