diff --git a/llm_team_ui.py b/llm_team_ui.py
index 77dc365..3f368d9 100644
--- a/llm_team_ui.py
+++ b/llm_team_ui.py
@@ -174,11 +174,10 @@ def security_checks():
     if path.startswith("/static"):
         return
 
-    # In demo mode, block admin write routes for non-admins
-    if is_demo() and not is_admin():
-        for route, methods in ADMIN_WRITE_ROUTES.items():
-            if path == route and request.method in methods:
-                return jsonify({"error": "demo mode: admin settings are read-only", "demo": True}), 403
+    # In demo mode, block destructive writes for non-admins
+    if is_demo() and not is_admin() and request.method == "POST":
+        if path in DEMO_BLOCKED_POSTS:
+            return jsonify({"error": "demo mode: read-only", "demo": True}), 403
 
 
 @app.after_request