diff --git a/docs/cloudflare-cache-purge.md b/docs/cloudflare-cache-purge.md
new file mode 100644
index 0000000..8ab4596
--- /dev/null
+++ b/docs/cloudflare-cache-purge.md
@@ -0,0 +1,91 @@
+# Cloudflare Cache Purge Manual
+
+Use this when the deployed frontend has already updated on the servers, but the public site still shows an old version because Cloudflare or browser cache is serving stale files.
+
+## Current API-token note
+
+The current `ark-library.com` Cloudflare Zone ID is:
+
+```text
+ca1368486d3b0bf9f1066f2a2281dced
+```
+
+Cloudflare cache purge by API requires both a valid API token and this Zone ID. If API access is unavailable, use the manual dashboard method below.
+
+> Security note: if a token was pasted into chat, terminal logs, or docs by mistake, revoke it in Cloudflare and create a new one.
+
+## Manual purge in Cloudflare Dashboard
+
+1. Open <https://dash.cloudflare.com/> and log in.
+2. Go to **Websites**.
+3. Select **ark-library.com**.
+4. Go to **Caching** → **Configuration**.
+5. Click **Purge Cache**.
+6. Choose one of these:
+   - **Purge Everything**: safest when a deploy looks stale.
+   - **Custom Purge**: use when only specific pages/assets are stale.
+7. For a stale frontend deploy, purge at least:
+   - `https://ark-library.com/`
+   - `https://ark-library.com/index.html`
+8. Wait 10–60 seconds, then hard-refresh the browser:
+   - macOS Chrome/Safari: `Cmd + Shift + R`
+   - Windows/Linux Chrome: `Ctrl + Shift + R`
+
+## Find the Cloudflare Zone ID
+
+1. Open <https://dash.cloudflare.com/>.
+2. Select **ark-library.com**.
+3. Open **Overview**.
+4. In the right sidebar, find **API** → **Zone ID**.
+5. Copy the Zone ID for API purge commands.
+
+For this project, the known Zone ID is `ca1368486d3b0bf9f1066f2a2281dced`.
+
+## API purge after you have Zone ID
+
+Store the token in an environment variable instead of writing it directly into commands:
+
+```bash
+export CLOUDFLARE_API_TOKEN='replace-with-new-token'
+export CLOUDFLARE_ZONE_ID='replace-with-zone-id'
+```
+
+Purge everything:
+
+```bash
+curl -sS -X POST \
+  "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/purge_cache" \
+  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
+  -H "Content-Type: application/json" \
+  --data '{"purge_everything":true}'
+```
+
+Purge only the main frontend files:
+
+```bash
+curl -sS -X POST \
+  "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/purge_cache" \
+  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
+  -H "Content-Type: application/json" \
+  --data '{"files":["https://ark-library.com/","https://ark-library.com/index.html"]}'
+```
+
+Expected success response includes:
+
+```json
+{"success":true}
+```
+
+## Create a safer Cloudflare API token
+
+1. In Cloudflare Dashboard, open **My Profile** → **API Tokens**.
+2. Click **Create Token**.
+3. Use **Custom token**.
+4. Add permissions:
+   - `Zone` → `Cache Purge` → `Purge`
+   - `Zone` → `Zone` → `Read`
+5. Set zone resources:
+   - `Include` → `Specific zone` → `ark-library.com`
+6. Create the token, copy it once, and store it in a password manager or CI secret.
+
+Do not commit Cloudflare tokens into this repository.