diff --git a/gateway/Dockerfile b/gateway/Dockerfile
index f4ced20..668e102 100644
--- a/gateway/Dockerfile
+++ b/gateway/Dockerfile
@@ -1,8 +1,12 @@
 FROM python:3.12-slim
 WORKDIR /app
-RUN pip install bcrypt
-COPY server.py config.py database.py sessions.py proxy.py responses.py auth.py dashboard.py command.py ./
-COPY integrations/ ./integrations/
+RUN pip install --no-cache-dir bcrypt
+RUN adduser --disabled-password --no-create-home appuser
+RUN mkdir -p /app/data && chown -R appuser /app/data
+COPY --chown=appuser server.py config.py database.py sessions.py proxy.py responses.py auth.py dashboard.py command.py ./
+COPY --chown=appuser integrations/ ./integrations/
 EXPOSE 8100
 ENV PYTHONUNBUFFERED=1
+HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD python3 -c "import urllib.request; urllib.request.urlopen('http://localhost:8100/api/health', timeout=3)" || exit 1
+USER appuser
 CMD ["python3", "server.py"]
diff --git a/services/fitness/Dockerfile.backend b/services/fitness/Dockerfile.backend
index ce89e6a..d43a60a 100644
--- a/services/fitness/Dockerfile.backend
+++ b/services/fitness/Dockerfile.backend
@@ -1,7 +1,11 @@
 FROM python:3.12-slim
 WORKDIR /app
-RUN pip install bcrypt
-COPY server.py .
+RUN pip install --no-cache-dir bcrypt
+RUN adduser --disabled-password --no-create-home appuser
+RUN mkdir -p /app/data/images && chown -R appuser /app/data
+COPY --chown=appuser server.py .
 EXPOSE 8095
 ENV PYTHONUNBUFFERED=1
+HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD python3 -c "import urllib.request; urllib.request.urlopen('http://localhost:8095/api/health', timeout=3)" || exit 1
+USER appuser
 CMD ["python3", "server.py"]
diff --git a/services/trips/Dockerfile b/services/trips/Dockerfile
index 16bb965..46f88ea 100644
--- a/services/trips/Dockerfile
+++ b/services/trips/Dockerfile
@@ -1,11 +1,11 @@
 FROM python:3.12-slim
-
 WORKDIR /app
-
 ENV PYTHONUNBUFFERED=1
-
 RUN pip install --no-cache-dir PyPDF2 bcrypt
-
-COPY . .
-
+RUN adduser --disabled-password --no-create-home appuser
+RUN mkdir -p /app/data/images && chown -R appuser /app/data
+COPY --chown=appuser server.py .
+EXPOSE 8087
+HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD python3 -c "import urllib.request; urllib.request.urlopen('http://localhost:8087/api/health', timeout=3)" || exit 1
+USER appuser
 CMD ["python3", "server.py"]