diff --git a/docs/guides/licensing-tiers.md b/docs/guides/licensing-tiers.md
index 2f436aa..fc5458d 100644
--- a/docs/guides/licensing-tiers.md
+++ b/docs/guides/licensing-tiers.md
@@ -27,8 +27,10 @@ comments or copy as stale.
 
 Tier gates read **live** entitlements from `licenses.entitlements`, refreshed
 hourly by `refresh_self_tier_from_db` in `license_self.rs`, so issuer-applied
-**downgrades, suspensions, and revocations** reach a running daemon without a
-restart. The signed self-license key is the **ceiling**: the live DB row may
+**downgrades, suspensions, and revocations** — plus the key's own **expiry**
+(the refresh re-verifies the on-disk key, demoting an expired one) — reach a
+running daemon without a restart. The signed self-license key is the
+**ceiling**: the live DB row may
 *narrow* the tier but never *widen* it past what the signature grants
 (`clamp_to_signed_ceiling`). A genuine **upgrade** therefore comes from a
 re-issued key — re-run the StartOS "Activate Keysat license" action — not from