diff --git a/CLA.md b/CLA.md
new file mode 100644
index 0000000..ee6bd47
--- /dev/null
+++ b/CLA.md
@@ -0,0 +1,52 @@
+# Estuary Technologies, Inc. — Individual Contributor License Agreement
+
+Thank you for your interest in contributing to projects maintained by Estuary Technologies, Inc. ("Estuary"). This Contributor License Agreement ("Agreement") documents the rights granted by contributors to Estuary. This is a legally binding document, so please read it carefully before agreeing to it.
+
+## 1. Definitions
+
+**"You" (or "Your")** means the individual who submits a Contribution to Estuary.
+
+**"Contribution"** means any original work of authorship, including any modifications or additions to an existing work, that is intentionally submitted by You to Estuary for inclusion in any of the projects owned or managed by Estuary (the "Work"). For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to Estuary or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, Estuary for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by You as "Not a Contribution."
+
+**"Work"** means any project owned or managed by Estuary to which You submit a Contribution.
+
+## 2. Grant of Copyright License
+
+Subject to the terms and conditions of this Agreement, You hereby grant to Estuary and to recipients of software distributed by Estuary a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your Contributions and such derivative works.
+
+## 3. Grant of Patent License
+
+Subject to the terms and conditions of this Agreement, You hereby grant to Estuary and to recipients of software distributed by Estuary a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by You that are necessarily infringed by Your Contribution(s) alone or by combination of Your Contribution(s) with the Work to which such Contribution(s) was submitted.
+
+## 4. Representations
+
+You represent that:
+
+**(a)** You are legally entitled to grant the above licenses. If your employer(s) has rights to intellectual property that you create that includes your Contributions, you represent that you have received permission to make Contributions on behalf of that employer, that your employer has waived such rights for your Contributions to Estuary, or that your employer has executed a separate Corporate Contributor License Agreement with Estuary.
+
+**(b)** Each of Your Contributions is Your original creation. You represent that Your Contribution submissions include complete details of any third-party license or other restriction (including, but not limited to, related patents and trademarks) of which you are personally aware and which are associated with any part of Your Contributions.
+
+**(c)** Your Contribution is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
+
+## 5. Support
+
+You are not expected to provide support for Your Contributions, except to the extent You desire to provide support. You may provide support for free, for a fee, or not at all.
+
+## 6. Notification
+
+You agree to notify Estuary of any facts or circumstances of which you become aware that would make these representations inaccurate in any respect.
+
+## 7. Licensing of the Work
+
+You understand that Estuary projects may be licensed under various licenses, including but not limited to the Business Source License 1.1 (BSL), the Apache License 2.0, and other open source or source-available licenses. Your Contributions may be distributed under the license applicable to the Work at the time of distribution, including any future license changes made by Estuary.
+
+## 8. Agreement
+
+By signing this Agreement or by submitting a Contribution with a statement of agreement (such as commenting "I have read the CLA Document and I hereby sign the CLA" on a pull request), You accept and agree to the terms and conditions of this Agreement for Your present and future Contributions submitted to Estuary.
+
+---
+
+**Estuary Technologies, Inc.**
+https://estuary.dev
+
+To sign this CLA, please follow the instructions provided by CLA Assistant on your pull request.
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000..ec3269d
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,50 @@
+# Estuary Code of Conduct
+
+## Our Commitment
+
+Estuary is committed to providing a welcoming, inclusive, and harassment-free experience for everyone who participates in our open source projects and community, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment:
+
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community and the project
+- Showing empathy toward other community members
+
+Examples of unacceptable behavior:
+
+- The use of sexualized language or imagery, and unwelcome sexual attention or advances
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email address, without explicit permission
+- Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Scope
+
+This Code of Conduct applies within all project spaces, including GitHub repositories, issue trackers, pull requests, discussions, and any other communication channels used by Estuary's open source community. It also applies when an individual is representing the project or its community in public spaces.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the Estuary team at:
+
+**conduct@estuary.dev**
+
+All complaints will be reviewed and investigated promptly and fairly. The project team is obligated to maintain confidentiality with regard to the reporter of an incident.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by Estuary leadership.
+
+## Enforcement Actions
+
+Maintainers may take any action they deem appropriate, including but not limited to:
+
+- A private warning to the individual
+- A public warning within the project space
+- Temporary or permanent ban from participation in the project
+- Removal of contributions that violate this Code of Conduct
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org/), version 2.1.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..92bfa8d
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,74 @@
+# Contributing to Estuary
+
+Thank you for your interest in contributing to Estuary! We welcome contributions from the community and are grateful for any help you can provide.
+
+## Before You Start
+
+### Contributor License Agreement (CLA)
+
+All contributions to Estuary projects require a signed Contributor License Agreement. This ensures that the project has the necessary rights to distribute your contributions under the applicable license.
+
+When you open your first pull request, CLA Assistant will automatically prompt you to sign the CLA. You only need to sign once — it covers all future contributions to any Estuary repository.
+
+You can review the full CLA text here: [CLA.md](https://github.com/estuary/.github/blob/main/CLA.md)
+
+### Check for Existing Issues
+
+Before starting work on a significant change, please check the repository's issue tracker to see if there's an existing issue or discussion. If not, consider opening one first — it helps avoid duplicate effort and gives maintainers a chance to provide guidance on your approach.
+
+## How to Contribute
+
+### Reporting Bugs
+
+If you've found a bug, please open an issue in the relevant repository with:
+
+- A clear, descriptive title
+- Steps to reproduce the behavior
+- Expected behavior vs. actual behavior
+- Your environment details (OS, version, relevant configuration)
+
+**Security vulnerabilities** should not be reported through public issues. Please see our [Security Policy](SECURITY.md) for responsible disclosure instructions.
+
+### Suggesting Features
+
+Feature requests are welcome. Please open an issue describing:
+
+- The problem you're trying to solve
+- Your proposed solution
+- Any alternatives you've considered
+
+### Submitting Code
+
+1. **Fork** the repository and create your branch from `main`.
+2. **Write clear, well-tested code.** Include tests for any new functionality.
+3. **Follow the existing code style** of the project.
+4. **Write a clear commit message** explaining what your change does and why.
+5. **Open a pull request** with a description of your changes.
+
+### Pull Request Guidelines
+
+- Keep PRs focused — one logical change per PR.
+- Include tests for new features and bug fixes.
+- Update documentation if your change affects user-facing behavior.
+- All CI checks must pass before a PR can be merged.
+- All PRs require review from at least one Estuary maintainer.
+
+## Code Review
+
+All submissions require review before merging. Estuary maintainers will review your pull request for:
+
+- Correctness and completeness
+- Test coverage
+- Code style and consistency
+- Security considerations
+- Documentation
+
+We aim to review PRs promptly, but please be patient — we're a small team. If your PR has been open for more than a week without feedback, feel free to leave a comment.
+
+## Code of Conduct
+
+This project follows our [Code of Conduct](CODE_OF_CONDUCT.md). By participating, you are expected to uphold these standards.
+
+## Questions?
+
+If you have questions about contributing, feel free to open a discussion in the relevant repository or reach out to us at support@estuary.dev.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c5c0113
--- /dev/null
+++ b/README.md
@@ -0,0 +1,25 @@
+# .github
+
+Organization-wide community health files and contribution policies for [Estuary](https://github.com/estuary).
+
+Files in this repository serve as defaults across all Estuary repositories. If a specific repository contains its own version of any of these files, that version takes precedence.
+
+## Contents
+
+| File | Purpose |
+|------|---------|
+| `CONTRIBUTING.md` | Guidelines for contributing to Estuary projects |
+| `CLA.md` | Individual Contributor License Agreement |
+| `SECURITY.md` | How to report security vulnerabilities |
+| `CODE_OF_CONDUCT.md` | Community standards and expectations |
+| `profile/README.md` | Organization profile displayed on github.com/estuary |
+
+## Contributor License Agreement
+
+All external contributions to Estuary repositories require a signed Contributor License Agreement (CLA). The CLA is enforced automatically on pull requests via [CLA Assistant](https://github.com/cla-assistant/cla-assistant). First-time contributors will be prompted to sign the CLA before their pull request can be merged.
+
+See [CLA.md](CLA.md) for the full agreement text.
+
+## License
+
+The content of this repository is licensed under [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0).
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..ec7868c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,57 @@
+# Security Policy
+
+Estuary is committed to the security of our platform and the safety of our customers. We appreciate the efforts of security researchers who help us maintain a secure product.
+
+## Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+**Preferred method:** Use GitHub's built-in **"Report a vulnerability"** feature in the Security tab of the repository where the vulnerability exists. This keeps the report private and associated with the relevant codebase.
+
+**Alternatively**, you can email **security@estuary.dev** — this is equally acceptable, especially for vulnerabilities that span multiple repositories or affect Estuary's infrastructure.
+
+### What to Include
+
+- A description of the vulnerability and its potential impact
+- Steps to reproduce the issue
+- Proof-of-concept code, if available
+- Any plans or intentions for public disclosure
+
+### What to Expect
+
+- **Acknowledgment** within 2 business days of your report
+- **Timeline and status updates** after triage, with transparency about remediation progress
+- **Open dialog** to discuss the issue throughout the process
+- **Notification** when the vulnerability analysis has completed each stage of review
+- **Credit** after the vulnerability has been validated and fixed, if desired
+
+## Scope
+
+This security policy applies to:
+
+- Estuary Flow platform and its components
+- Estuary-maintained open source repositories
+- Estuary's public-facing infrastructure
+
+## Safe Harbor
+
+Estuary will not pursue legal action against individuals who submit vulnerability reports through our reporting channel, provided they:
+
+- Test systems without harming Estuary or its customers
+- Stay within the scope of the vulnerability disclosure program
+- Do not access, modify, or delete customer data
+- Adhere to applicable laws
+- Refrain from public disclosure before a mutually agreed-upon timeframe
+
+## Out of Scope
+
+The following are not in scope for this policy:
+
+- Social engineering attacks against Estuary employees
+- Denial of service attacks
+- Physical security issues
+- Issues in third-party applications or services not maintained by Estuary
+
+## Additional Information
+
+For Estuary's full Responsible Disclosure Policy, including our whistleblower provisions, please contact security@estuary.dev.