diff --git a/web/server/Dockerfile b/web/server/Dockerfile
index 2a59f8f..3d3468e 100644
--- a/web/server/Dockerfile
+++ b/web/server/Dockerfile
@@ -15,10 +15,13 @@ RUN apk del python3 make g++
 
 COPY . .
 
-# Create data directory for SQLite
-RUN mkdir -p /data
+# Create data directory for SQLite with proper ownership
+RUN mkdir -p /data && chown node:node /data
 VOLUME /data
 
+# Run as non-root user for security
+USER node
+
 EXPOSE 3001
 
 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \