diff --git a/src/pages/docs/_meta.json b/src/pages/docs/_meta.json
index a3e8360..4aaead6 100644
--- a/src/pages/docs/_meta.json
+++ b/src/pages/docs/_meta.json
@@ -9,6 +9,7 @@
   "faq": "FAQ",
   "privacy-policy": "Privacy Policy",
   "service-level-agreement": "Service level agreement",
+  "security-research-policy": "Security Research Policy",
   "terms": "Terms of service",
   "specs": {
     "newWindow": true,
diff --git a/src/pages/docs/security-research-policy.md b/src/pages/docs/security-research-policy.md
new file mode 100644
index 0000000..00666d1
--- /dev/null
+++ b/src/pages/docs/security-research-policy.md
@@ -0,0 +1,21 @@
+# web3.storage Security Research Policy
+
+## Overview
+Our security research program is private and invitation-only. We do not accept unsolicited vulnerability reports or offer rewards for unrequested security research. 
+
+## Important Notice
+- All security testing must be pre-authorized in writing
+- Unauthorized security testing is prohibited
+- We do not provide bug bounties or rewards for unsolicited findings
+- Unauthorized testing may violate our Terms of Service and applicable laws
+
+## Reporting Security Issues
+1. Do not conduct any further testing
+2. Do not exploit the vulnerability
+3. Contact support@web3.storage
+4. Wait for explicit written authorization before any further action
+
+## Legal Notice
+Any unauthorized security testing, vulnerability scanning, or penetration testing of our systems is strictly prohibited and may result in legal action. We reserve all rights to pursue appropriate remedies against unauthorized security testing.
+
+Contact: support@web3.storage