diff --git a/README.md b/README.md
index 3986cf9..dcf22df 100644
--- a/README.md
+++ b/README.md
@@ -123,6 +123,18 @@ When a peer joins or leaves, the relay sends a reliable lifecycle control event
 to peers that are still present in the room. Newly joined peers also receive
 `PeerJoined` events for peers that were already present.
 
+### MVP Trust Model
+
+The MVP relay terminates QUIC for every client and gateway connection. QUIC
+protects traffic on the public network path, but the relay process sees
+plaintext Ethernet frames while forwarding them between peers in a room. That is
+acceptable for the first LAN-party proof, where the relay is an operator-trusted
+component, but it is not end-to-end encrypted.
+
+Future room-key payload encryption should keep the relay-visible routing header
+small and leave only Ethernet payload bytes encrypted end-to-end between clients
+and the LAN gateway.
+
 ## Gateway
 
 ```bash