diff --git a/src/web/pug/guild.pug b/src/web/pug/guild.pug
index 1e27f2e..250b23b 100644
--- a/src/web/pug/guild.pug
+++ b/src/web/pug/guild.pug
@@ -95,8 +95,11 @@ block body
           src.searchParams.set("data", `https://bridge.cadence.moe/invite?nonce=${nonce}`)
         img(width=size height=size src=src.toString())
 
-    h2.mt48.fs-headline1 Linked channels
+    h2.mt48.fs-headline1 Moderation
 
+    h2.mt48.fs-headline1 Matrix setup
+
+    h3.mt32.fs-category Linked channels
     -
       function getPosition(channel) {
         let position = 0
@@ -139,9 +142,61 @@ block body
           p.s-description If you want, OOYE can automatically create new Matrix rooms and link them when an unlinked Discord channel is spoken in.
         - let value = !!select("guild_active", "autocreate", {guild_id}).pluck().get()
         input(type="hidden" name="guild_id" value=guild_id)
-        input.s-toggle-switch.order-last#autocreate(name="autocreate" type="checkbox" hx-post="/api/autocreate" hx-indicator="#autocreate-loading" hx-disabled-elt="this" hx-swap="none" checked=value)
+        input.s-toggle-switch.order-last#autocreate(name="autocreate" type="checkbox" hx-post="/api/autocreate" hx-indicator="#autocreate-loading" hx-disabled-elt="this" checked=value)
         .is-loading#autocreate-loading
 
+    h3.mt32.fs-category Privacy level
+    .s-card
+      - let p = select("guild_space", "privacy_level", {guild_id}).pluck().get()
+      form(hx-post="/api/privacy-level" hx-trigger="change" hx-indicator="#privacy-level-loading" hx-disabled-elt="this")
+        input(type="hidden" name="guild_id" value=guild_id)
+        .d-flex.ai-center.mb4
+          label.s-label.fl-grow1
+            | How people can join on Matrix
+            span.is-loading#privacy-level-loading
+        .s-toggle-switch.s-toggle-switch__multiple.s-toggle-switch__incremental.d-grid.gx16.ai-center(style="grid-template-columns: auto 1fr")
+          input(type="radio" name="level" value="directory" id="privacy-level-directory" checked=(p === 2))
+          label.d-flex.gx8.jc-center.grid--row-start3(for="privacy-level-directory")
+            != icons.Icons.IconPlusSm
+            != icons.Icons.IconInternationalSm
+            .fl-grow1 Directory
+
+          input(type="radio" name="level" value="link" id="privacy-level-link" checked=(p === 1))
+          label.d-flex.gx8.jc-center.grid--row-start2(for="privacy-level-link")
+            != icons.Icons.IconPlusSm
+            != icons.Icons.IconLinkSm
+            .fl-grow1 Link
+
+          input(type="radio" name="level" value="invite" id="privacy-level-invite" checked=(p === 0))
+          label.d-flex.gx8.jc-center.grid--row-start1(for="privacy-level-invite")
+            svg.svg-icon(width="14" height="14" viewBox="0 0 14 14")
+            != icons.Icons.IconLockSm
+            .fl-grow1 Invite
+
+          p.s-description.m0 In-app direct invite from another user; /invite on Discord; web form
+          p.s-description.m0 Shareable invite links, like Discord
+          p.s-description.m0 Publicly listed in directory, like Discord server discovery
+
+
+      //-
+        fieldset.s-check-group
+          legend.s-label How people can join on Matrix
+          .s-check-control
+            input.s-radio(type="radio" name="privacy-level" id="privacy-level-invite" value="invite" checked)
+            label.s-label(for="privacy-level-invite")
+              | Invite
+              p.s-description In-app direct invite on Matrix; invite command on Discord; invite form on web
+          .s-check-control
+            input.s-radio(type="radio" name="privacy-level" id="privacy-level-link" value="link")
+            label.s-label(for="privacy-level-link")
+              | Link
+              p.s-description All of the above, and shareable invite links (like Discord)
+          .s-check-control
+            input.s-radio(type="radio" name="privacy-level" id="privacy-level-directory" value="directory")
+            label.s-label(for="privacy-level-directory")
+              | Public
+              p.s-description All of the above, and publicly visible in the Matrix space directory (like Server Discovery)
+
     h3.mt32.fs-category Manually link channels
     form.d-flex.g16.ai-start(method="post" action="/api/link")
       .fl-grow2.s-btn-group.fd-column.w40
diff --git a/src/web/pug/includes/template.pug b/src/web/pug/includes/template.pug
index 8bb4415..8345d76 100644
--- a/src/web/pug/includes/template.pug
+++ b/src/web/pug/includes/template.pug
@@ -26,6 +26,10 @@ html(lang="en")
         --theme-dark-primary-color-s: 53%;
         --theme-dark-primary-color-l: 63%;
       }
+      .s-toggle-switch.s-toggle-switch__multiple.s-toggle-switch__incremental input[type="radio"]:checked ~ label:not(.s-toggle-switch--label-off) {
+        --_ts-multiple-bg: var(--green-400);
+        --_ts-multiple-fc: var(--white);
+      }
   body.themed.theme-system
     header.s-topbar
       .s-topbar--skip-link(href="#content") Skip to main content
diff --git a/src/web/routes/guild-settings.js b/src/web/routes/guild-settings.js
index 7940853..1c33854 100644
--- a/src/web/routes/guild-settings.js
+++ b/src/web/routes/guild-settings.js
@@ -1,15 +1,25 @@
 // @ts-check
 
+const assert = require("assert/strict")
 const {z} = require("zod")
 const {defineEventHandler, sendRedirect, useSession, createError, readValidatedBody} = require("h3")
 
-const {as, db} = require("../../passthrough")
+const {as, db, sync} = require("../../passthrough")
 const {reg} = require("../../matrix/read-registration")
 
+/** @type {import("../../d2m/actions/create-space")} */
+const createSpace = sync.require("../../d2m/actions/create-space")
+
+/** @type {["invite", "link", "directory"]} */
+const levels = ["invite", "link", "directory"]
 const schema = {
 	autocreate: z.object({
 		guild_id: z.string(),
 		autocreate: z.string().optional()
+	}),
+	privacyLevel: z.object({
+		guild_id: z.string(),
+		level: z.enum(levels)
 	})
 }
 
@@ -19,5 +29,17 @@ as.router.post("/api/autocreate", defineEventHandler(async event => {
 	if (!(session.data.managedGuilds || []).includes(parsedBody.guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't change settings for a guild you don't have Manage Server permissions in"})
 
 	db.prepare("UPDATE guild_active SET autocreate = ? WHERE guild_id = ?").run(+!!parsedBody.autocreate, parsedBody.guild_id)
-	return sendRedirect(event, `/guild?guild_id=${parsedBody.guild_id}`, 302)
+	return null // 204
+}))
+
+as.router.post("/api/privacy-level", defineEventHandler(async event => {
+	const parsedBody = await readValidatedBody(event, schema.privacyLevel.parse)
+	const session = await useSession(event, {password: reg.as_token})
+	if (!(session.data.managedGuilds || []).includes(parsedBody.guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't change settings for a guild you don't have Manage Server permissions in"})
+
+	const i = levels.indexOf(parsedBody.level)
+	assert.notEqual(i, -1)
+	db.prepare("UPDATE guild_space SET privacy_level = ? WHERE guild_id = ?").run(i, parsedBody.guild_id)
+	await createSpace.syncSpaceFully(parsedBody.guild_id) // this is inefficient but OK to call infrequently on user request
+	return null // 204
 }))