diff --git a/README.md b/README.md
index 75656fe..9559a61 100644
--- a/README.md
+++ b/README.md
@@ -11,11 +11,11 @@ To protect the security of your account, you shouldn't share passwords with your
 * Optionally require 2FA and a group password to interact with accounts.
 
 ## Security considerations
-* Sessions are encrypted with a system password by default, but they can be further secured with an administrator password. In this case, it means that Da Dragon Den, Beastslash, or any other Postoad server host cannot act on your behalf without knowing your administrator password.
+* Sessions are encrypted with a system key by default, but they can be further secured with a group key. In this case, it means that Da Dragon Den, Beastslash, or any other Postoad server host cannot act on your behalf without knowing your group key.
 * If a database breach happens, the malicious actor will only get encrypted sessions.
 * Only your guild ID, required channel IDs, authorized user IDs, and encrypted sessions are saved to the database — nothing else.
-* If a server administrator forgets their 2FA method or administrator password, they can only access the Bluesky account by revoking authorization and adding it back to the bot. This protects your social accounts from unauthorized Discord server administrators.
-* By default, only server administrators can modify bot settings. Permissions can be changed in the bot's settings.
+* If a server administrator forgets their 2FA method or group key, they can only access the Bluesky account by revoking authorization and adding it back to the bot. This protects your social accounts from unauthorized Discord server administrators.
+* By default, only server managers can modify bot settings. Permissions can be changed in the Discord integration settings.
 
 ## Add Postoad to your server
 ### Da Dragon Den-managed Postoad