diff --git a/docs/GLOSSARY.md b/docs/GLOSSARY.md
index f1c75053..55ffca93 100644
--- a/docs/GLOSSARY.md
+++ b/docs/GLOSSARY.md
@@ -107,6 +107,13 @@ _See also [Briefwechsel](#briefwechsel-user-facing)._
 
 ---
 
+## Infrastructure Terms
+
+**archiv-app** — the bucket-scoped MinIO service account the backend uses to read and write the `familienarchiv` bucket. Distinct from the MinIO root account (`archiv`, used only by the bootstrap container for admin operations). Defined and provisioned in [`infra/minio/bootstrap.sh`](../infra/minio/bootstrap.sh) and consumed by the backend as `S3_ACCESS_KEY` in [`docker-compose.prod.yml`](../docker-compose.prod.yml). The attached `archiv-app-policy` grants `s3:GetObject/PutObject/DeleteObject` on `familienarchiv/*` and `s3:ListBucket/GetBucketLocation` on the bucket only — not the built-in `readwrite` policy which would grant `s3:*` on all buckets.
+_See also [ADR-010 — MinIO stays self-hosted, not Hetzner OBS](./adr/010-minio-self-hosted-not-hetzner-obs.md)._
+
+---
+
 ## Pending Terms
 
 _Terms flagged as potentially ambiguous that have not yet been formally defined here. Add an entry above and remove it from this list when resolved._