diff --git a/src/pages/AboutPage.tsx b/src/pages/AboutPage.tsx
index 3eb3bf7..4ca0419 100644
--- a/src/pages/AboutPage.tsx
+++ b/src/pages/AboutPage.tsx
@@ -30,7 +30,7 @@ export default function AboutPage() {
 
         <h2>Features</h2>
         <ul>
-          <li><strong>End-to-end encrypted</strong> — your entries are encrypted before leaving your device. We cannot read them.</li>
+          <li><strong>End-to-end encrypted entries</strong> — your journal content is encrypted before leaving your device. We cannot read it.</li>
           <li><strong>No ads, no tracking</strong> — we don't sell your data or show you ads.</li>
           <li><strong>Works offline</strong> — installable as a PWA on Android, iOS, and desktop.</li>
           <li><strong>Daily prompts</strong> — gentle nudges to keep your practice consistent.</li>
@@ -48,7 +48,10 @@ export default function AboutPage() {
         <h2>Privacy first</h2>
         <p>
           We built Grateful Journal because we believe your inner thoughts deserve a private space.
-          Read our full <Link to="/privacy">Privacy Policy</Link> to understand exactly how your data is protected.
+          Your journal entries are end-to-end encrypted — only you can read them. App preferences
+          such as your display name, profile photo, and background images are stored as plain account
+          settings and are not encrypted. Read our full <Link to="/privacy">Privacy Policy</Link> for
+          a complete breakdown of what is and isn't encrypted.
         </p>
       </main>
 
diff --git a/src/pages/PrivacyPage.tsx b/src/pages/PrivacyPage.tsx
index 6539c67..e76a262 100644
--- a/src/pages/PrivacyPage.tsx
+++ b/src/pages/PrivacyPage.tsx
@@ -4,10 +4,10 @@ import { usePageMeta } from '../hooks/usePageMeta'
 export default function PrivacyPage() {
   usePageMeta({
     title: 'Privacy Policy — Grateful Journal',
-    description: 'Grateful Journal\'s privacy policy. Your journal entries are end-to-end encrypted — we cannot read them. No ads, no tracking, no data selling.',
+    description: 'Grateful Journal\'s privacy policy. Your journal entries are end-to-end encrypted — we cannot read them. App preferences are stored unencrypted. No ads, no tracking.',
     canonical: 'https://gratefuljournal.online/privacy',
     ogTitle: 'Privacy Policy — Grateful Journal',
-    ogDescription: 'Your journal entries are end-to-end encrypted and private. We cannot read them, we don\'t sell your data, and we use no advertising cookies.',
+    ogDescription: 'Your journal entries are end-to-end encrypted and private. App preferences like background images are stored unencrypted. No ads, no tracking, no data selling.',
   })
   return (
     <div className="static-page">
@@ -17,7 +17,7 @@ export default function PrivacyPage() {
 
       <main className="static-page__content">
         <h1>Privacy Policy</h1>
-        <p className="static-page__updated">Last updated: April 8, 2026</p>
+        <p className="static-page__updated">Last updated: April 14, 2026</p>
 
         <p>
           Grateful Journal is built on a simple promise: your journal entries are yours alone.
@@ -28,13 +28,21 @@ export default function PrivacyPage() {
         <ul>
           <li><strong>Account info</strong> — your name and email address via Google Sign-In, used solely to identify your account.</li>
           <li><strong>Journal entries</strong> — stored encrypted in our database. We do not have access to the content of your entries.</li>
+          <li><strong>App preferences</strong> — your display name, profile photo, background images, and theme are stored unencrypted as account settings. See the Encryption section below for the full breakdown.</li>
           <li><strong>Usage data</strong> — no analytics, no tracking pixels, no third-party advertising SDKs.</li>
         </ul>
 
         <h2>Encryption</h2>
         <p>
-          Your journal entries are end-to-end encrypted. They are encrypted on your device before being sent to our servers.
-          We store only the encrypted ciphertext — decryption happens locally in your browser using your account key.
+          Encryption is applied selectively based on the sensitivity of each type of data:
+        </p>
+        <ul>
+          <li><strong>Journal entries — end-to-end encrypted.</strong> Entries are encrypted on your device using XSalsa20-Poly1305 before being sent to our servers. We store only ciphertext. Decryption happens locally in your browser using a key derived from your account. We cannot read your entries.</li>
+          <li><strong>App preferences — not encrypted.</strong> Your display name, profile photo, background images, and theme setting are stored as plain data. These are appearance and account settings, not personal journal content. They are accessible to us at the database level.</li>
+        </ul>
+        <p>
+          If you upload a personal photo as a background image, be aware that it is stored unencrypted on our servers.
+          For maximum privacy, use abstract or non-personal images as backgrounds.
         </p>
 
         <h2>Data sharing</h2>
diff --git a/src/pages/TermsOfServicePage.tsx b/src/pages/TermsOfServicePage.tsx
index e28ba6f..c3eea4e 100644
--- a/src/pages/TermsOfServicePage.tsx
+++ b/src/pages/TermsOfServicePage.tsx
@@ -39,8 +39,10 @@ export default function TermsOfServicePage() {
         <h2>3. Your Content</h2>
         <p>
           You own all journal entries and content you create. We do not claim any ownership over your
-          content. Your entries are end-to-end encrypted and inaccessible to us. You are solely
-          responsible for the content you store in the app.
+          content. Your journal entries are end-to-end encrypted and inaccessible to us. App preferences
+          such as your display name, profile photo, and background images are stored as plain account
+          settings and are accessible to us at the database level. You are solely responsible for the
+          content you store in the app, including any images you upload as backgrounds.
         </p>
 
         <h2>4. Prohibited Conduct</h2>