diff --git a/Dockerfile b/Dockerfile
index 1aade3f..607a620 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -43,4 +43,11 @@ EXPOSE 8000
 # Set the ARG value as an environment variable
 ENV EXTRAS=${EXTRAS}
 
+# Create a non-root user and change ownership of necessary directories
+RUN groupadd -r neon && useradd -r -g neon neon \
+    && chown -R neon:neon /neon_iris /usr/local/bin
+
+# Use the non-root user to run the container
+USER neon
+
 ENTRYPOINT ["/neon_iris/entrypoint.sh"]
diff --git a/README.md b/README.md
index ba1acce..c0d4f41 100644
--- a/README.md
+++ b/README.md
@@ -119,7 +119,12 @@ accepts special configuration items prefixed with `webui_` to customize the UI.
 | webui_input_placeholder | The placeholder text for the input box                                                                                                 | Ask me something       |
 | webui_ws_url            | The websocket URL to connect to, which must be accessible from the browser you're running in. Note that the default will usually fail. | ws://localhost:8000/ws |
 
-Example configuration:
+Iris uses the `Configuration()` class from OVOS to handle configuration. This
+means that you can specify configuration in a `neon.yaml` file in the
+`~/.config/neon`. When using a container, you can mount a volume to
+`/home/neon/.config/neon` to provide a configuration file.
+
+Example configuration block:
 
 ```yaml
 iris: