diff --git a/README.md b/README.md
index b927f78..0ac9de0 100644
--- a/README.md
+++ b/README.md
@@ -98,6 +98,10 @@ Most noably you can disable reverse dns lookups, hide domains with given suffixe
 `echoip-slatecave` only exposes an unencrypted http interface to keep the service itself simple.
 For a public service you should use a reverse proxy like Caddy, apache2 or nginx and configure the `ip_header` option, see the echoip_config.toml file. Usually the preconfigured `RightmostXForwardedFor` is the correct one, but please doublecheck it matches your servers configuration, it should fail by simply not working, but no guarantees given.
 
+Consider hiding the values of the following in your server logs for increased privacy:
+* The `query` URL query paramter
+* All paths subpath to `/ip/` and `/dig/`
+
 ### Denail of Service
 
 `echoip-slatecave` has some simle ratelimiting built in (see the `[ratelimit]` section in the configuration file) this should help you with too frequest automated requests causung high load.