diff --git a/w3p-03.md b/w3p-03.md
index 76cb5af..10ea9f4 100644
--- a/w3p-03.md
+++ b/w3p-03.md
@@ -9,6 +9,7 @@
 - [Context](#Context)
 - [Privacy features to audit](#Privacy-features)
 - [Additional](#Additional)
+- [Comments](#Comments)
 
 # Context 
 
@@ -26,7 +27,7 @@ This will significantly protect the general public from compromised services wit
 | Default privacy | enabled, not |
 | Privacy policies (data collection policies) | what data is collected & why; marking non-essential data collection practices |
 | Non-consent data collection practices | IP, wallet, balance etc |
-| Anonymous set | data "profile" service reveal about you |
+| Anonymity set | data "profile" service reveal about you |
 | Third-party privacy tech maturity | If service is a part of ecosystem - security audit company comments on core tech privacy (Ethereum, Waku) |
 | Traceability | How traceable are transactions |
 
@@ -35,3 +36,7 @@ This will significantly protect the general public from compromised services wit
 | Feature  | Observation  | 
 | ------------- | ------------- 
 | Privacy risk | low, medium, high |
+
+# Comments
+- there's a thin line between privacy & security, so we approach it like this: if privacy is compromised -> it becomes a security issue (threat)
+- some privacy observations are ethical (like "compliance"), so tech companies couldn't say it's "good" or "bad" -> we will just highlight them on our public platform (like KYC,  team reputation etc)