diff --git a/README.md b/README.md
index cba347b..afdd040 100644
--- a/README.md
+++ b/README.md
@@ -69,13 +69,13 @@ A self-hosted Gitea instance running on a home server, made publicly accessible
 ## Design Decisions
 
 **WireGuard over Tailscale/Headscale**
-Only two endpoints with a fixed public IP on the VPS side – a simple point-to-point WireGuard tunnel is sufficient. No need for mesh networking, NAT traversal, or a coordination server. Tailscale/Headscale can be added later if the setup grows.
+Only two endpoints with a fixed public IP on the VPS side - a simple point-to-point WireGuard tunnel is sufficient. No need for mesh networking, NAT traversal, or a coordination server. Tailscale/Headscale can be added later if the setup grows.
 
 **Caddy over NGINX**
 Caddy provides automatic TLS certificate provisioning and renewal with zero configuration. The entire reverse proxy config is 6 lines.
 
 **Reverse Proxy in separate LXC**
-Keeps the proxy isolated from both the hypervisor and the application. Adding new services only requires editing the Caddyfile – no changes to the VPS or tunnel needed.
+Keeps the proxy isolated from both the hypervisor and the application. Adding new services only requires editing the Caddyfile - no changes to the VPS or tunnel needed.
 
 **TLS termination at home, not on VPS**
 The VPS only forwards encrypted traffic. TLS is terminated by Caddy in the home network, keeping certificate management local and the VPS stateless.
@@ -97,7 +97,7 @@ No changes to the VPS, tunnel, or firewall needed.
 
 ## Security
 
-- VPS has no application logic – it only forwards traffic
+- VPS has no application logic - it only forwards traffic
 - WireGuard provides authenticated, encrypted communication between sites
 - TLS certificates are automatically managed by Caddy (Let's Encrypt)
 - Gitea is not directly exposed to the internet