diff --git a/README.md b/README.md
index f2ebcd3..893a5d5 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,10 @@ You can install this package with `pip`:
 
     pip install redflag
 
+Alternatively, you can use the `conda` package manager, pointed at the `conda-forge` channel:
+
+    conda install -c conda-forge redflag
+
 For developers, there is a `pip` option for installing `dev` dependencies. Use `pip install redflag[dev]` to install all testing and documentation packages.
 
 
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..e2ccd5f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security policy
+
+
+## Supported versions
+
+Only the latest version of `redflag` is supported.
+
+
+## Reporting a vulnerability
+
+Please do not report on issue on GitHub, instead report vulnerabilities to hello@scienxlab.org
+
+We do not award bounties for security vulnerabilities, but will notify you if and when the report is accepted and acted upon.