diff --git a/www/doc/privacy_data.html b/www/doc/privacy_data.html
line changes: +8/-6
index df2f65a..1b27d9e
--- a/www/doc/privacy_data.html
+++ b/www/doc/privacy_data.html

@@ -13,9 +13,11 @@
 <h2>Blërg Doesn't Want Much Data</h2>
 
 <p>Blërg collects only the data necessary to create an account (username
-and password), and any data submitted via posting.  HTTP logs which
-contain your IP address, browser agent stringand any URLs visited as a
-consequence of using Blërg are kept for seven days then deleted.
+and password), any data submitted via posting, and associations between
+accounts for the purpose of "subscribing" to another account.  HTTP logs
+which contain your IP address, browser agent string, and any URLs
+visited as a consequence of using Blërg are kept for seven days then
+deleted.
 
 <h2>Blërg Doesn't Want To Use Your Data</h2>
 

@@ -36,9 +38,9 @@ you post may exist on Blërg forever.  Be careful what you post.
 
 <p>Currently, all data transmitted to Blërg, including your username and
 password, are transmitted over unencrypted HTTP.  It is entirely
-possible for someone to view your credentials in transit.  We recommend
-that you don't use the same password on Blërg as you use elsewhere (but
-that's just good password policy).
+possible for someone to view data you submit while it is in transit.  We
+recommend that you don't use the same password on Blërg as you use
+elsewhere (but that's just good password policy).
 
 <p>Passwords are hashed server-side with <a
 href="https://www.tarsnap.com/scrypt.html">scrypt</a> with