diff --git a/README.md b/README.md
index 654378a0..a76dbaa3 100644
--- a/README.md
+++ b/README.md
@@ -42,6 +42,7 @@ Check out [**Live Demo**](https://vladmandic.github.io/human/demo/index.html) fo
 - [**TypeDoc API Specification: Human**](https://vladmandic.github.io/human/typedoc/classes/human.html)
 - [**TypeDoc API Specification: Root**](https://vladmandic.github.io/human/typedoc/)
 - [**Change Log**](https://github.com/vladmandic/human/blob/main/CHANGELOG.md)
+- [**Current To-do List**](https://github.com/vladmandic/human/blob/main/TODO.md)
 
 ## Wiki pages
 
@@ -64,6 +65,7 @@ Check out [**Live Demo**](https://vladmandic.github.io/human/demo/index.html) fo
 - [**Performance Profiling**](https://github.com/vladmandic/human/wiki/Profiling)
 - [**Platform Support**](https://github.com/vladmandic/human/wiki/Platforms)
 - [**List of Models & Credits**](https://github.com/vladmandic/human/wiki/Models)
+- [**Security & Privacy Policy**](https://github.com/vladmandic/human/blob/main/SECURITY.md)
 
 <br>
 
diff --git a/SECURITY.md b/SECURITY.md
index 67314e55..5ee319a4 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,5 +1,32 @@
-# Security Policy
+# Security & Privacy Policy
 
-All issues are tracked publicly on GitHub  
+<br>
 
-Entire code base and indluded dependencies is automatically scanned against known security vulnerabilities  
+## Issues
+
+All issues are tracked publicly on GitHub: <https://github.com/vladmandic/human/issues>  
+
+<br>
+
+## Vulnerabilities
+
+`Human` library code base and indluded dependencies are automatically scanned against known security vulnerabilities  
+Any code commit is validated before merge  
+
+- [Dependencies](https://github.com/vladmandic/human/security/dependabot)
+- [Scanning Alerts](https://github.com/vladmandic/human/security/code-scanning)
+
+<br>
+
+## Privacy
+
+`Human` library and included demo apps:
+
+- Are fully self-contained and does not send or share data of any kind with external targets
+- Do not store any user or system data tracking, user provided inputs (images, video) or detection results
+- Do not utilize any analytic services (such as Google Analytics)
+
+`Human` library can establish external connections *only* for following purposes and *only* when explicitly configured by user:
+
+- Load models from externally hosted site (e.g. CDN)
+- Load inputs for detection from *http & https* sources
diff --git a/TODO.md b/TODO.md
index 3b8f4761..5cd873f8 100644
--- a/TODO.md
+++ b/TODO.md
@@ -6,9 +6,9 @@ N/A
 
 ## Exploring Features
 
-- Switch from PoseNet to MoveNet
 - Implement demo as installable PWA with model caching
 - Implement results interpolation on library level
+- Switch to TypeScript 4.3
 
 ## Explore Models
 
@@ -16,4 +16,6 @@ N/A
 
 ## In Progress
 
-N/A
+- Face interpolation
+- Gaze interpolation
+- Unify score/confidence variables