diff --git a/lib/algora_web/live/sign_in_live.ex b/lib/algora_web/live/sign_in_live.ex
index 9fb76ccef..42d48a7d6 100644
--- a/lib/algora_web/live/sign_in_live.ex
+++ b/lib/algora_web/live/sign_in_live.ex
@@ -128,6 +128,11 @@ defmodule AlgoraWeb.SignInLive do
               <.button :if={!@secret} href={@authorize_url} class="w-full py-5">
                 <Logos.github class="size-5 mr-2 -ml-1 shrink-0" /> Continue with GitHub
               </.button>
+              <p :if={!@secret} class="mt-3 text-xs/5 text-muted-foreground">
+                GitHub calls this authorization "act on your behalf." Algora uses it to identify
+                your GitHub account and perform actions you request, like claiming bounties.
+                Repository access is granted separately when you install the GitHub App.
+              </p>
             </div>
 
             <.simple_form
diff --git a/test/algora_web/live/sign_in_live_test.exs b/test/algora_web/live/sign_in_live_test.exs
new file mode 100644
index 000000000..76c347583
--- /dev/null
+++ b/test/algora_web/live/sign_in_live_test.exs
@@ -0,0 +1,13 @@
+defmodule AlgoraWeb.SignInLiveTest do
+  use AlgoraWeb.ConnCase, async: true
+
+  import Phoenix.LiveViewTest
+
+  test "explains GitHub authorization wording on login", %{conn: conn} do
+    {:ok, _view, html} = live(conn, ~p"/auth/login")
+
+    assert html =~ "GitHub calls this authorization"
+    assert html =~ "act on your behalf"
+    assert html =~ "Repository access is granted separately"
+  end
+end