diff --git a/README.md b/README.md
index e49362e95e9a69c159a5b8d857ccb336cf58d3c6..31365da89169cfe2be58de89a574ae4b69e40224 100644
--- a/README.md
+++ b/README.md
@@ -12,4 +12,12 @@ and [Network In Network (Lin et al., 2014)](https://arxiv.org/abs/1312.4400).
 # Installation
 
 * Install __proj__ on your machine using the console. E.g. for opensuse / leap `zypper install proj`
-* c++ compiler required for cartopy installation
\ No newline at end of file
+* c++ compiler required for cartopy installation
+
+# Security
+
+* To use hourly data from ToarDB via JOIN interface, a private token is required. Request your personal access token and
+add it to `src/join_settings.py` in the hourly data section. Replace the `TOAR_SERVICE_URL` and the `Authorization` 
+value. To make sure, that this **sensitive** data is not uploaded to the remote server, use the following command to
+prevent git from tracking this file: `git update-index --assume-unchanged src/join_settings.py
+`
\ No newline at end of file