diff --git a/CHANGELOG.md b/CHANGELOG.md
index fdc42a2..8d420a3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 - typo in dropdown options https://github.com/ohmyform/ohmyform/issues/96
 
 ### Security
+
+- container now runs as non root user
  
 ## [0.9.5] - 2020-06-10
 
diff --git a/Dockerfile b/Dockerfile
index 6372b24..7823814 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,5 @@
-FROM node:12-alpine
+FROM node:12-alpine AS builder
+MAINTAINER OhMyForm <admin@ohmyform.com>
 
 WORKDIR /usr/src/app
 
@@ -7,6 +8,19 @@ COPY . ./
 RUN yarn install --frozen-lock-file
 RUN yarn build
 
+FROM node:12-alpine
+MAINTAINER OhMyForm <admin@ohmyform.com>
+
+# Create a group and a user with name "ohmyform".
+RUN addgroup --gid 9999 ohmyform && adduser -D --uid 9999 -G ohmyform ohmyform
+
+WORKDIR /usr/src/app
+
+COPY --from=builder /usr/src/app /usr/src/app
+
 ENV PORT=4000
 
+# Change to non-root privilege
+USER ohmyform
+
 CMD [ "yarn", "start" ]