diff --git a/Dockerfile b/Dockerfile
index d2e8eaa..01ddfa5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,23 +1,37 @@
-# Stage 1: Build with dependencies
-FROM python:3.10-bookworm
+# Use a slim base image to reduce potential vulnerabilities
+FROM python:3.10-slim-bookworm
 
 # Set the working directory
 WORKDIR /usr/src/app
 
-RUN pip install uv==0.4.28
 # Copy the requirements file and install the dependencies
 COPY requirements.txt .
 
-# Install the dependencies
-RUN export PYTHON=$(which python) && \ 
-    uv pip install -r ./requirements.txt --python $PYTHON
+# Install uv and the dependencies without caching to reduce image size
+RUN pip install --no-cache-dir uv==0.4.28 && \
+    pip install --no-cache-dir -r requirements.txt
 
 # Copy the application code
 COPY . .
 
-# Expose the port for the application
+# Create a non-root user and group
+RUN groupadd -r appuser && useradd --no-log-init -r -g appuser appuser
+
+# Change ownership of the app directory to the new user
+RUN chown -R appuser:appuser /usr/src/app
+
+# Restrict permissions on all directories except /usr/src/app and /tmp
+RUN chmod -R o-rwx / && \
+    chmod -R o+rx /usr/src/app /tmp
+
+# Switch to the non-root user
+USER appuser
+
+# Expose the application port
 EXPOSE 7860
+
+# Set environment variables
 ENV GRADIO_SERVER_NAME="0.0.0.0"
 
 # Run the application
-CMD ["python", "app.py"]
\ No newline at end of file
+CMD ["python", "app.py"]