diff --git a/README.md b/README.md
index 82116ae..c8ad175 100644
--- a/README.md
+++ b/README.md
@@ -41,11 +41,35 @@ A config file named `calanonsync.json` is opened from the working directory. It
     "Password": ""
   },
   "Anonymize": {
-    "Title": "#Work"
+    "Title": {
+      "ReplaceWith": "#Work",
+      "Whitelist": [
+        "Something"
+      ]
+    }
   }
 }
 ```
 
 Both passwords are optional. If they are left blank, CalAnonSync will prompt for the password upon startup. (Recommended for security reasons!)
 
-The CalDAV URL should point to the URL of a dedicated calendar. Beware that CalAnonSync will remove **all** events from that calendar that are not known to Exchange.
\ No newline at end of file
+The CalDAV URL should point to the URL of a dedicated calendar. Beware that CalAnonSync will remove **all** events from that calendar that are not known to Exchange.
+
+### Whitelist
+
+If words (or phrases) are whitelisted, matches within the title for these words (or phrases) will be used as the
+new title instead of the replacement. The order of these matches within the original title is kept, all non matching
+parts of the title are simply stripped.
+
+### Encryption
+
+If you want to automate the sync process your probably have not much of a choice but storing the passwords
+in the config file. Since plaintext passwords are always a big risk, CalAnonSync at least provides a simple
+layer of eavesdropping security.
+
+Using `calanonsync settings encrypt` you can encrypt all passwords in the config file. With `calanonsync settings decrypt`
+you can revert that process.
+
+Beware, that the encryption key is simply stored in a file alongside the config so it is really easy to decrypt.
+It doesn't provide any security against a real attack and is only meant to prevent someone from getting access
+to the password by looking over your shoulder.