diff --git a/ChatBot/Dockerfile b/ChatBot/Dockerfile
index a2f5c13..c86a943 100644
--- a/ChatBot/Dockerfile
+++ b/ChatBot/Dockerfile
@@ -22,14 +22,19 @@ RUN dotnet publish -c Release -o /app/publish /p:UseAppHost=false
 FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS final
 WORKDIR /app
 
-# Install PostgreSQL client for healthcheck (optional)
-RUN apt-get update && apt-get install -y postgresql-client && rm -rf /var/lib/apt/lists/*
+# Install PostgreSQL client, create user, and prepare directories
+RUN apt-get update && apt-get install -y --no-install-recommends postgresql-client && rm -rf /var/lib/apt/lists/* \
+    && groupadd -r appuser && useradd -r -g appuser appuser \
+    && mkdir -p /app/logs
 
-# Copy published application
+# Copy published application (safe: only contains compiled output from dotnet publish)
 COPY --from=publish /app/publish .
 
-# Create directory for logs
-RUN mkdir -p /app/logs && chmod 755 /app/logs
+# Set ownership after copying files
+RUN chown -R appuser:appuser /app
+
+# Switch to non-root user
+USER appuser
 
 # Expose ports (if needed for health checks or metrics)
 EXPOSE 8080