diff --git a/Dockerfile b/Dockerfile
index 62b0f64..40b744d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,6 +27,8 @@ FROM python:3.12-slim-bookworm
 # Python executable must be the same, e.g., using `python:3.11-slim-bookworm`
 # will fail.
 
+RUN groupadd -r app && useradd -r -g app app
+
 COPY --from=builder --chown=app:app /app /app
 
 ENV PATH="/app/.venv/bin:$PATH"
@@ -50,6 +52,8 @@ RUN apt-get update && apt-get install -y \
 COPY docker-entrypoint.sh /app/
 RUN chmod +x /app/docker-entrypoint.sh
 
+USER app
+
 # Expose the SSE port
 EXPOSE 8000
 
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index 434522c..b687cb3 100644
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -94,16 +94,6 @@ echo "${processed_args[@]}" >&2
 echo "----------------" >&2
 
 # Execute the command with the processed arguments
-"${processed_args[@]}"
-
-# Capture exit code from the Python process
-exit_code=$?
-
-# If the Python process failed, print additional debug info
-if [ $exit_code -ne 0 ]; then
-    echo "ERROR: Command failed with exit code $exit_code" >&2
-    echo "Command was: ${processed_args[@]}" >&2
-fi
-
-# Return the exit code from the Python process
-exit $exit_code
+# Use exec to replace the shell with the Python process, making it PID 1
+# This ensures signals (SIGTERM, SIGINT) are properly received
+exec "${processed_args[@]}"