diff --git a/backend/Dockerfile b/backend/Dockerfile
index 88c0b4e..8cba572 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -1,31 +1,58 @@
-# backend/Dockerfile
-FROM python:3.11-slim
+# ---------------------------
+# 1️⃣ Builder stage
+# ---------------------------
+FROM python:3.11-slim AS builder
 
-# Evitar .pyc y buffering
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 
 WORKDIR /app
 
-# Dependencias del sistema mínimas
+# Solo herramientas necesarias para compilar dependencias
 RUN apt-get update && apt-get install -y --no-install-recommends \
     build-essential \
     && rm -rf /var/lib/apt/lists/*
 
-# Copiamos pyproject y lock si lo hubiera
+# Copiamos solo archivos de dependencias (mejor cache)
 COPY pyproject.toml ./
 
-# Instalamos dependencias
+# Generamos wheels
 RUN pip install --upgrade pip && \
-    pip install .
+    pip wheel --no-cache-dir --no-deps --wheel-dir /wheels .
 
-# Copiamos el resto del código (respetando .dockerignore)
+
+# ---------------------------
+# 2️⃣ Runtime stage
+# ---------------------------
+FROM python:3.11-slim
+
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+
+WORKDIR /app
+
+# Crear usuario no-root
+RUN useradd --create-home appuser
+
+# Copiar wheels desde builder
+COPY --from=builder /wheels /wheels
+
+# Instalar dependencias sin compilers
+RUN pip install --upgrade pip && \
+    pip install --no-cache-dir /wheels/* && \
+    rm -rf /wheels
+
+# Copiar código fuente
 COPY . .
 
-# Variables de autenticación básica
+# Cambiar permisos
+RUN chown -R appuser:appuser /app
+
+USER appuser
+
 ENV BASIC_AUTH_USERNAME=admin
 ENV BASIC_AUTH_PASSWORD=admin
 
 EXPOSE 8000
 
-CMD ["python", "-m", "uvicorn", "beyond_api.main:app", "--host", "0.0.0.0", "--port", "8000"]
+CMD ["uvicorn", "beyond_api.main:app", "--host", "0.0.0.0", "--port", "8000"]
\ No newline at end of file