diff --git a/apt-autoupdate.sh b/apt-autoupdate.sh
index 45b5294..9a0d9fe 100644
--- a/apt-autoupdate.sh
+++ b/apt-autoupdate.sh
@@ -8,6 +8,7 @@
 #  - security + regular updates (kernels included)
 #  - smart reboot at 04:00 (only when needed, and no logged-in users)
 #  - no email configuration
+#  - optional self-deletion at end
 
 set -Eeuo pipefail
 trap 'echo "[ERROR] Line $LINENO failed" >&2' ERR
@@ -42,7 +43,6 @@ fix_locale() {
   apt-get update -y >/dev/null 2>&1 || true
   DEBIAN_FRONTEND=noninteractive apt-get install -y locales >/dev/null 2>&1 || true
 
-  # Ensure the line exists and is uncommented in /etc/locale.gen
   if [[ -f /etc/locale.gen ]]; then
     if grep -qE "^\s*#\s*${TARGET_LOCALE}\s+UTF-8" /etc/locale.gen; then
       sed -ri "s/^\s*#\s*(${TARGET_LOCALE}\s+UTF-8)/\1/" /etc/locale.gen
@@ -80,8 +80,6 @@ Unattended-Upgrade::Allowed-Origins {
     "\${distro_id}:\${distro_codename}";
     "\${distro_id}:\${distro_codename}-updates";
     "\${distro_id}:\${distro_codename}-security";
-
-    // Harmless if Ubuntu Pro/ESM not enabled:
     "\${distro_id}ESM:\${distro_codename}-infra-security";
     "\${distro_id}ESMApps:\${distro_codename}-apps-security";
 };
@@ -96,7 +94,6 @@ Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
 Unattended-Upgrade::MinimalSteps "true";
 Unattended-Upgrade::SyslogEnable "true";
 Unattended-Upgrade::Verbose "0";
-// Unattended-Upgrade::OnlyOnACPower "true";  // enable on laptops if desired
 EOF
 }
 
@@ -108,8 +105,6 @@ Unattended-Upgrade::Allowed-Origins {
     "Debian:\${distro_codename}";
     "Debian:\${distro_codename}-updates";
     "Debian-Security:\${distro_codename}-security";
-    // Uncomment if you explicitly want proposed point-release updates:
-    // "Debian:\${distro_codename}-proposed-updates";
 };
 
 Unattended-Upgrade::Automatic-Reboot "true";
@@ -149,6 +144,15 @@ show_status() {
   ls -l /etc/apt/apt.conf.d/20auto-upgrades /etc/apt/apt.conf.d/50unattended-upgrades
 }
 
+prompt_self_delete() {
+  echo
+  read -r -p "Remove this script? [Y/n] " confirm
+  case "$confirm" in
+    [nN]*) echo "[INFO] Script not removed." ;;
+    *) echo "[INFO] Removing script: $0"; rm -- "$0" ;;
+  esac
+}
+
 main() {
   require_root
   detect_os
@@ -170,6 +174,7 @@ main() {
   show_status
 
   echo "[OK] Unattended updates configured. Security + regular updates, reboot @ ${REBOOT_TIME} if needed."
+  prompt_self_delete
 }
 
 main "$@"