diff --git a/Dockerfile b/Dockerfile
index da235d86..fca70c20 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,7 +17,9 @@ ENV DEBUG="False" \
     SECRET_KEY="tralala" \
     SESSION_COOKIE_SECURE="True" \
     SQLALCHEMY_DATABASE_URI="sqlite:////database/ihatemoney.db" \
-    SQLALCHEMY_TRACK_MODIFICATIONS="False"
+    SQLALCHEMY_TRACK_MODIFICATIONS="False" \
+    ENABLE_CAPTCHA="False" \
+    LEGAL_LINK="False"
 
 RUN mkdir -p /etc/ihatemoney &&\
     pip install --no-cache-dir gunicorn pymysql;
diff --git a/conf/entrypoint.sh b/conf/entrypoint.sh
index 0f506bd9..be1e2806 100755
--- a/conf/entrypoint.sh
+++ b/conf/entrypoint.sh
@@ -22,6 +22,8 @@ SESSION_COOKIE_SECURE = $SESSION_COOKIE_SECURE
 SQLACHEMY_DEBUG = DEBUG
 SQLALCHEMY_DATABASE_URI = "$SQLALCHEMY_DATABASE_URI"
 SQLALCHEMY_TRACK_MODIFICATIONS = $SQLALCHEMY_TRACK_MODIFICATIONS
+ENABLE_CAPTCHA = $ENABLE_CAPTCHA
+LEGAL_LINK = "$LEGAL_LINK"
 EOF
 
 # Start gunicorn without forking
diff --git a/docker-compose.yml b/docker-compose.yml
index 22b54e34..0de37efc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -24,5 +24,7 @@ services:
       - SESSION_COOKIE_SECURE=True
       - SQLALCHEMY_DATABASE_URI=sqlite:////database/ihatemoney.db
       - SQLALCHEMY_TRACK_MODIFICATIONS=False
+      - ENABLE_CAPTCHA=False
+      - LEGAL_LINK=
     ports:
       - "8000:8000"
diff --git a/ihatemoney/conf-templates/ihatemoney.cfg.j2 b/ihatemoney/conf-templates/ihatemoney.cfg.j2
index 9d117c18..f33930dd 100644
--- a/ihatemoney/conf-templates/ihatemoney.cfg.j2
+++ b/ihatemoney/conf-templates/ihatemoney.cfg.j2
@@ -46,3 +46,8 @@ SESSION_COOKIE_SECURE = True
 # You can activate an optional CAPTCHA if you want to. It can be helpful
 # to filter spammer bots.
 # ENABLE_CAPTCHA = True
+
+# You may want to point to a special legal page, for instance to give information
+# about GDPR, or how you handle the data of your users.
+# Set this variable to the URL you want.
+# LEGAL_LINK = ""