diff --git a/app/(auth)/cloud/payment/success/page.tsx b/app/(auth)/cloud/payment/success/page.tsx
index 22abaec..bcf102c 100644
--- a/app/(auth)/cloud/payment/success/page.tsx
+++ b/app/(auth)/cloud/payment/success/page.tsx
@@ -51,7 +51,9 @@ export default async function CloudPaymentSuccessPage({
         <CardTitle className="text-3xl font-bold ">
           <ColoredText>Payment Successful</ColoredText>
         </CardTitle>
-        <CardDescription className="text-center text-xl">You can login to your account now</CardDescription>
+        <CardDescription className="text-center text-xl">
+          Welcome to TaxHacker, {user.name}. You can login to your account now
+        </CardDescription>
         <CardContent className="w-full">
           <LoginForm defaultEmail={user.email} />
         </CardContent>
diff --git a/app/api/stripe/checkout/route.ts b/app/api/stripe/checkout/route.ts
index 5b09689..ef260b2 100644
--- a/app/api/stripe/checkout/route.ts
+++ b/app/api/stripe/checkout/route.ts
@@ -29,6 +29,9 @@ export async function POST(request: NextRequest) {
         },
       ],
       mode: "subscription",
+      automatic_tax: {
+        enabled: true,
+      },
       success_url: config.stripe.paymentSuccessUrl,
       cancel_url: config.stripe.paymentCancelUrl,
     })
diff --git a/docker-compose.production.yml b/docker-compose.production.yml
index 0547de2..707c91d 100644
--- a/docker-compose.production.yml
+++ b/docker-compose.production.yml
@@ -7,7 +7,6 @@ services:
     environment:
       - NODE_ENV=production
       - BASE_URL=https://taxhacker.app
-      - DISABLE_SIGNUP=true
       - SELF_HOSTED_MODE=false
       - UPLOAD_PATH=/app/data/uploads
     env_file:
diff --git a/etc/nginx/taxhacker.app.conf b/etc/nginx/taxhacker.app.conf
index 183804c..6175c02 100644
--- a/etc/nginx/taxhacker.app.conf
+++ b/etc/nginx/taxhacker.app.conf
@@ -7,27 +7,33 @@ server {
     charset utf-8;
     client_max_body_size 256M;
 
-    set_real_ip_from  172.17.0.0/16;
+    set_real_ip_from 172.17.0.0/16;
     real_ip_header X-Forwarded-For;
     real_ip_recursive on;
 
-    ssl_certificate /home/vas3k/certs/pubkey.pem;
+    ssl_certificate     /home/vas3k/certs/pubkey.pem;
     ssl_certificate_key /home/vas3k/certs/privkey.pem;
 
-    location / {
-        add_header "Access-Control-Allow-Origin" "*";
-        add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS";
-        add_header "Access-Control-Allow-Headers" "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
-        add_header "Access-Control-Expose-Headers" "Content-Length,Content-Range";
-        add_header "Strict-Transport-Security" "max-age=31536000;includeSubDomains";
-        add_header "X-Content-Type-Options" "nosniff";
-        add_header "Referrer-Policy" "strict-origin-when-cross-origin";
-        add_header "Permissions-Policy" "accelerometer=(),camera=(),geolocation=(self 'https://taxhacker.app'),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()";
+    # Global security headers
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    add_header X-Frame-Options "DENY" always;
+    add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()" always;
+    add_header Content-Security-Policy "default-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self';" always;
+
+    location / {
+        # CORS headers (adjust if needed)
+        add_header Access-Control-Allow-Origin "https://taxhacker.app";
+        add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
+        add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
+        add_header Access-Control-Expose-Headers "Content-Length,Content-Range";
+
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
 
-        proxy_set_header "Host" $http_host;
-        proxy_set_header "X-Forwarded-Host" $host;
-        proxy_set_header "X-Forwarded-For" $proxy_add_x_forwarded_for;
-        proxy_set_header "X-Forwarded-Proto" $scheme;
         proxy_redirect off;
         proxy_buffering off;
 
diff --git a/lib/stripe.ts b/lib/stripe.ts
index e981160..fc789c5 100644
--- a/lib/stripe.ts
+++ b/lib/stripe.ts
@@ -47,7 +47,7 @@ export const PLANS: Record<string, Plan> = {
       "Unlimited fields, categories and projects",
     ],
     price: "€35 for a year",
-    stripePriceId: "price_1RHTmTAs8DS4NhOzGnWqxvZC",
+    stripePriceId: "price_1RHTj1As8DS4NhOzhejpTN3I",
     limits: {
       storage: 512 * 1024 * 1024,
       ai: 1000,