diff --git a/app/assets/stylesheets/base.sass b/app/assets/stylesheets/base.sass
index 253661d..faae711 100644
--- a/app/assets/stylesheets/base.sass
+++ b/app/assets/stylesheets/base.sass
@@ -120,3 +120,6 @@ kbd
   border-radius: 3px
   border: 1px solid #CCC
   margin: 0 1px
+
+label.radio
+  font-weight: normal
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index f316946..0a516c8 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -21,7 +21,7 @@ class UsersController < ApplicationController
 
   def update
     authorize current_user
-    user = User.find(current_user.id)
+    @user = User.find(current_user.id)
 
     if user.update_attributes(update_params)
       redirect_to profile_path(user), notice: 'Account settings saved.'
@@ -33,7 +33,7 @@ class UsersController < ApplicationController
   private
 
   def update_params
-    params.require(:user).permit(:username, :name, :email, :theme_name)
+    params.require(:user).permit(*policy(user).permitted_attributes)
   end
 
 end
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index 1cc5d15..cb33bcf 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -6,6 +6,13 @@ class UserPolicy < ApplicationPolicy
     end
   end
 
+  def permitted_attributes
+    attrs = [:username, :name, :email, :theme_name]
+    attrs << :asciicasts_private_by_default if record.supporter?
+
+    attrs
+  end
+
   def update?
     record == user
   end
diff --git a/app/presenters/user_edit_page_presenter.rb b/app/presenters/user_edit_page_presenter.rb
index 9957887..f5d93f3 100644
--- a/app/presenters/user_edit_page_presenter.rb
+++ b/app/presenters/user_edit_page_presenter.rb
@@ -18,6 +18,10 @@ class UserEditPagePresenter
     !active_tokens.empty? || !revoked_tokens.empty?
   end
 
+  def show_privacy_controls?
+    user.supporter?
+  end
+
   private
 
   def sort(tokens)
diff --git a/app/views/users/edit.html.slim b/app/views/users/edit.html.slim
index 0d467fb..e2a1ddb 100644
--- a/app/views/users/edit.html.slim
+++ b/app/views/users/edit.html.slim
@@ -7,7 +7,9 @@
         = f.input :username
         = f.input :email, required: true
         = f.input :name, label: 'Full name'
-        = f.input :theme_name, label: 'Terminal theme', collection: themes_for_select, include_blank: default_user_theme_label, hint: 'Used for all recordings unless custom theme chosen for a specific recording'
+        = f.input :theme_name, label: 'Terminal theme', collection: themes_for_select, include_blank: default_user_theme_label, hint: 'Applies to all your asciicasts unless custom theme chosen for a specific asciicast'
+        - if page.show_privacy_controls?
+          = f.input :asciicasts_private_by_default, label: 'Asciicast visibility', as: :radio_buttons, collection: [['public', false], ['private', true]], hint: 'Applies to all *new* asciicasts'
         = f.buttons do
           = f.button :submit, 'Save', class: 'btn-primary'
           = link_to 'Cancel', profile_path(current_user), class: 'btn'
diff --git a/spec/policies/user_policy_spec.rb b/spec/policies/user_policy_spec.rb
index 18ee0d3..e5238e9 100644
--- a/spec/policies/user_policy_spec.rb
+++ b/spec/policies/user_policy_spec.rb
@@ -4,6 +4,24 @@ describe UserPolicy do
 
   subject { described_class }
 
+  describe '#permitted_attributes' do
+    subject { Pundit.policy(user, user).permitted_attributes }
+
+    let(:user) { User.new }
+
+    it "includes basic form fields" do
+      expect(subject).to eq([:username, :name, :email, :theme_name])
+    end
+
+    context "when user is a supporter" do
+      let(:user) { stub_model(User, supporter?: true) }
+
+      it "also includes asciicasts_private_by_default" do
+        expect(subject).to eq([:username, :name, :email, :theme_name, :asciicasts_private_by_default])
+      end
+    end
+  end
+
   permissions :update? do
     it "grants access if edited user is current user" do
       user = User.new