diff --git a/html/priv.ejs b/html/priv.ejs
index 05146e9c..d2b19524 100644
--- a/html/priv.ejs
+++ b/html/priv.ejs
@@ -411,14 +411,20 @@
   <p>
     When you request any resource from the Poke API (for example: thumbnails, API endpoint) information about the request may be logged.
   </p>
-  <p>Information about a request is limited to:</p>
+<details class="block">
+  <summary>Information logged per request</summary>
+  <p>
+    The information recorded for each API or resource request is <strong>strictly limited</strong> to the following items — and nothing else:
+  </p>
   <ul>
     <li>the time the request was made</li>
     <li>the status code of the response</li>
     <li>the method of the request</li>
     <li>the requested URL</li>
-    <li>how long it took to complete the request.</li>
+    <li>how long it took to complete the request</li>
   </ul>
+</details>
+
   <p>
     <strong>No identifying information is logged</strong>, such as the visitor’s cookie, user-agent, or IP address.
   </p>
@@ -439,26 +445,58 @@
 
 
     <!-- Legal bases -->
-    <section id="legal-bases" aria-labelledby="gdpr-heading">
-      <h2 id="gdpr-heading" class="section">Legal Bases for Processing (GDPR)</h2>
-      <ul>
-        <li><strong>Legitimate interests:</strong> Running Poke smoothly while collecting exactly zero personal data.</li>
-        <li><strong>Consent:</strong> If we ever invent an optional feature that needs info, we’ll ask. But right now? There’s nothing to consent to.</li>
-        <li><strong>Legal obligation:</strong> Even if someone waves a fancy piece of paper at us, we literally have nothing personal to hand over. Empty pockets.</li>
-      </ul>
-    </section>
+<section id="legal-bases" aria-labelledby="gdpr-heading">
+  <h2 id="gdpr-heading" class="section">Legal Bases for Processing (GDPR / EU Law)</h2>
+  <p>
+    The Poke Project and its primary instance (<span class="mono">poketube.fun</span>) operate under the jurisdiction of the
+    <strong>European Union</strong> and comply with the principles of the
+    <strong>General Data Protection Regulation (GDPR)</strong> (Regulation (EU) 2016/679).  
+    The project’s hosting structure is based in <strong>Germany</strong>, where data protection is taken seriously.
+  </p>
+  <ul>
+    <li>
+      <strong>Legitimate interest:</strong> Operating the Poke service safely and efficiently while collecting <em>no</em> personal data whatsoever.
+    </li>
+    <li>
+      <strong>Consent:</strong> If one day we add an optional feature that needs personal information, you’ll be clearly asked — not tricked — before it’s ever processed.  
+      Currently, no such data collection exists.
+    </li>
+    <li>
+      <strong>Legal obligation:</strong> Even if an authority asks for user data, there’s nothing to hand over.  
+      We don’t store IPs, cookies, or user identities — so there’s nothing to surrender under German or EU law.
+    </li>
+  </ul>
+  <p>
+    This section is here for compliance transparency only — Poke simply doesn’t process or retain personal data in the first place.
+  </p>
+</section>
+
+<!-- Your Rights -->
+<section id="your-rights" aria-labelledby="rights-heading">
+  <h2 id="rights-heading" class="section">Your Privacy Rights</h2>
+  <p>
+    Because Poke doesn’t collect or store personal info, there’s really nothing about you that we can give, sell, or lose.  
+    You won’t need to ask for “export my data” or “delete my profile” — we just don’t have any of it.
+  </p>
+  <p>
+    Poke accounts don’t require your name, email, or any identifying detail — you literally can’t add them even if you tried.
+  </p>
+  <p>
+    But outside Poke, you *do* have rights and tools to protect your privacy. Here are a few ideas:
+  </p>
+  <ul>
+    <li>Switch your search engine from a tracker-heavy one (like Google) to a privacy-respecting one — for example, <a href="https://duckduckgo.com/" target="_blank" rel="noopener">DuckDuckGo</a>, which doesn’t track your search history and doesn’t log your activity.</li>
+    <li>Use privacy-oriented browsers or extensions that block trackers, fingerprinting, and unwanted scripts.</li>
+    <li>Enable HTTPS everywhere (many sites support it), avoid untrusted WiFi, and keep your software up to date.</li>
+    <li>Review your device permissions (location, microphone, camera), disable or restrict ones you don’t need.</li>
+    <li>Use VPNs or encrypted services if you want an extra layer of anonymity (especially on public networks).</li>
+    <li>Opt out of ad tracking and analytics where possible — many companies provide “do not track” or preference settings.</li>
+  </ul>
+  <p>
+    These steps won’t make you invisible, but they do shift the balance back toward u!!!!!
+  </p>
+</section>
 
-    <!-- Your rights -->
-    <section id="your-rights" aria-labelledby="rights-heading">
-      <h2 id="rights-heading" class="section">Your Privacy Rights</h2>
-      <p>
-        Since Poke doesn’t collect or store personal data, there’s basically nothing for us to give, sell, or lose about you.
-        You don’t have to worry about “export my data” or “delete my profile” requests because we don’t have anything on you in the first place.
-      </p>
-      <p>
-        Poke Accounts don’t require an email, name, or any other identifying info — and there’s no way to add that kind of data even if you wanted to.
-      </p>
-    </section>
 
     <!-- Data Retention -->
     <section id="retention" aria-labelledby="retention-heading">
