diff --git a/.env.example b/.env.example
index a0e9512..074b781 100644
--- a/.env.example
+++ b/.env.example
@@ -10,5 +10,5 @@ KEYCAST_UID=10001
 KEYCAST_GID=10001
 
 # Image settings used by docker-compose.prod.yml
-KEYCAST_IMAGE=ghcr.io/erskingardner/keycast
+KEYCAST_IMAGE=ghcr.io/marmot-protocol/keycast
 KEYCAST_IMAGE_TAG=master
diff --git a/Dockerfile b/Dockerfile
index 570fde0..f63faab 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -66,7 +66,7 @@ RUN bun install --production --frozen-lockfile
 
 # Final stage
 FROM debian:bookworm-slim@sha256:67b30a61dc87758f0caf819646104f29ecbda97d920aaf5edc834128ac8493d3 AS runtime
-LABEL org.opencontainers.image.source="https://github.com/erskingardner/keycast"
+LABEL org.opencontainers.image.source="https://github.com/marmot-protocol/keycast"
 WORKDIR /app
 
 # Install only the essential runtime dependencies
diff --git a/README.md b/README.md
index 0a8cc9f..9652ccc 100644
--- a/README.md
+++ b/README.md
@@ -185,7 +185,7 @@ access control matter more than cosmetic cleanup.
 Docker deployment uses:
 
 - `docker-compose.yml` for local source builds of API, web, and signer containers,
-- `docker-compose.prod.yml` for pulling the published `ghcr.io/erskingardner/keycast` image,
+- `docker-compose.prod.yml` for pulling the published `ghcr.io/marmot-protocol/keycast` image,
 - `master.key` mounted into API and signer containers,
 - an external Docker network named `keycast`,
 - Caddy labels for routing `/api/*` to the API and the rest to the web app.
diff --git a/UPGRADE.md b/UPGRADE.md
index 10d4afd..5e638f9 100644
--- a/UPGRADE.md
+++ b/UPGRADE.md
@@ -8,7 +8,7 @@ install path.
 - Containers now run as a non-root user and use a read-only root filesystem.
 - `master.key` is mounted from the host instead of being copied into the image.
 - `ALLOWED_PUBKEYS` is enforced by the API, not just the browser.
-- `docker-compose.prod.yml` can pull the published `ghcr.io/erskingardner/keycast` image instead of
+- `docker-compose.prod.yml` can pull the published `ghcr.io/marmot-protocol/keycast` image instead of
   building Rust and Bun on the server.
 - The Nostr Rust stack moved to current crates.io releases.
 - Migration `0002_normalize_allowed_kinds_permissions.sql` normalizes old `allowed_kinds` permission
@@ -75,6 +75,10 @@ docker compose -f docker-compose.prod.yml up -d
 docker compose -f docker-compose.prod.yml ps
 ```
 
+Production Compose pulls `ghcr.io/marmot-protocol/keycast` by default. If `pull` returns
+`unauthorized`, change the GitHub Packages visibility to public or log the deployment host in to
+GHCR before retrying.
+
 The API and signer run SQLx migrations on startup. The new migration only normalizes old permission
 JSON. It does not rotate keys, change stored-key ciphertext, or invalidate existing bunker connection
 strings.
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index e38e099..37448b8 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -12,7 +12,7 @@ services:
   keycast-api:
     <<: *keycast-hardening
     container_name: keycast-api
-    image: ${KEYCAST_IMAGE:-ghcr.io/erskingardner/keycast}:${KEYCAST_IMAGE_TAG:-master}
+    image: ${KEYCAST_IMAGE:-ghcr.io/marmot-protocol/keycast}:${KEYCAST_IMAGE_TAG:-master}
     command: api
     expose:
       - "3000"
@@ -43,7 +43,7 @@ services:
   keycast-web:
     <<: *keycast-hardening
     container_name: keycast-web
-    image: ${KEYCAST_IMAGE:-ghcr.io/erskingardner/keycast}:${KEYCAST_IMAGE_TAG:-master}
+    image: ${KEYCAST_IMAGE:-ghcr.io/marmot-protocol/keycast}:${KEYCAST_IMAGE_TAG:-master}
     command: web
     expose:
       - "5173"
@@ -77,7 +77,7 @@ services:
   keycast-signer:
     <<: *keycast-hardening
     container_name: keycast-signer
-    image: ${KEYCAST_IMAGE:-ghcr.io/erskingardner/keycast}:${KEYCAST_IMAGE_TAG:-master}
+    image: ${KEYCAST_IMAGE:-ghcr.io/marmot-protocol/keycast}:${KEYCAST_IMAGE_TAG:-master}
     command: signer
     volumes:
       - ./database:/app/database:rw