diff --git a/src/BCards.Web/BCards.Web.csproj b/src/BCards.Web/BCards.Web.csproj
index d2c8ef8..802d00d 100644
--- a/src/BCards.Web/BCards.Web.csproj
+++ b/src/BCards.Web/BCards.Web.csproj
@@ -19,20 +19,21 @@
     <PackageReference Include="SixLabors.ImageSharp.Web" Version="3.1.0" />
     <PackageReference Include="Microsoft.AspNetCore.ResponseCaching" Version="2.2.0" />
     <PackageReference Include="HtmlAgilityPack" Version="1.11.54" />
-    <PackageReference Include="SendGrid" Version="9.29.3" />
-    <PackageReference Include="Serilog.AspNetCore" Version="8.0.0" />
-    <PackageReference Include="Serilog.Sinks.Console" Version="5.0.0" />
-    <PackageReference Include="Serilog.Sinks.OpenSearch" Version="1.3.0" />
-    <PackageReference Include="Serilog.Enrichers.Environment" Version="3.0.0" />
-    <PackageReference Include="Serilog.Enrichers.Process" Version="3.0.0" />
-    <PackageReference Include="Serilog.Enrichers.Thread" Version="4.0.0" />
-    <PackageReference Include="Serilog.Sinks.Async" Version="1.5.0" />
-    <PackageReference Include="Microsoft.Extensions.Diagnostics.HealthChecks" Version="8.0.0" />
-    <PackageReference Include="AspNetCore.HealthChecks.MongoDb" Version="7.0.0" />
-  </ItemGroup>
+    <PackageReference Include="SendGrid" Version="9.29.3" />
+    <PackageReference Include="Serilog.AspNetCore" Version="8.0.0" />
+    <PackageReference Include="Serilog.Sinks.Console" Version="5.0.0" />
+    <PackageReference Include="Serilog.Sinks.OpenSearch" Version="1.3.0" />
+    <PackageReference Include="Serilog.Enrichers.Environment" Version="3.0.0" />
+    <PackageReference Include="Serilog.Enrichers.Process" Version="3.0.0" />
+    <PackageReference Include="Serilog.Enrichers.Thread" Version="4.0.0" />
+    <PackageReference Include="Serilog.Sinks.Async" Version="1.5.0" />
+    <PackageReference Include="Microsoft.Extensions.Diagnostics.HealthChecks" Version="8.0.0" />
+    <PackageReference Include="AspNetCore.HealthChecks.MongoDb" Version="7.0.0" />
+    <PackageReference Include="AspNetCore.DataProtection.MongoDB" Version="8.0.0" />
+  </ItemGroup>
 
   <ItemGroup>
     <EmbeddedResource Include="Resources\**\*.resx" />
   </ItemGroup>
 
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/BCards.Web/Program.cs b/src/BCards.Web/Program.cs
index fdcb9c5..a5f0b4d 100644
--- a/src/BCards.Web/Program.cs
+++ b/src/BCards.Web/Program.cs
@@ -2,6 +2,7 @@ using BCards.Web.Configuration;
 using BCards.Web.Services;
 using BCards.Web.Repositories;
 using BCards.Web.HealthChecks;
+using AspNetCore.DataProtection.MongoDb;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.Google;
 using Microsoft.AspNetCore.Localization;
@@ -19,6 +20,7 @@ using Microsoft.Extensions.Diagnostics.HealthChecks;
 using Serilog.Sinks.OpenSearch;
 using BCards.Web.TestSupport;
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.DataProtection;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -233,6 +235,30 @@ builder.Services.AddScoped(serviceProvider =>
     return client.GetDatabase(settings.DatabaseName);
 });
 
+var dataProtectionSection = builder.Configuration.GetSection("DataProtection:Mongo");
+var dataProtectionConnectionString = dataProtectionSection.GetValue<string>("ConnectionString")
+    ?? builder.Configuration.GetSection("MongoDb").GetValue<string>("ConnectionString");
+var dataProtectionDatabase = dataProtectionSection.GetValue<string>("DatabaseName")
+    ?? builder.Configuration.GetSection("MongoDb").GetValue<string>("DatabaseName")
+    ?? "BCardsDB";
+var dataProtectionCollection = dataProtectionSection.GetValue<string>("CollectionName") ?? "DataProtectionKeys";
+
+if (!string.IsNullOrWhiteSpace(dataProtectionConnectionString))
+{
+    Log.Information("Configuring DataProtection to persist keys in MongoDB database {Database} / collection {Collection}",
+        dataProtectionDatabase, dataProtectionCollection);
+
+    builder.Services.AddDataProtection()
+        .SetApplicationName("BCards")
+        .PersistKeysToMongoDb(
+            () => new MongoClient(dataProtectionConnectionString).GetDatabase(dataProtectionDatabase),
+            dataProtectionCollection);
+}
+else
+{
+    Log.Warning("DataProtection MongoDB configuration missing; encryption keys will be ephemeral per container.");
+}
+
 // Stripe Configuration with validation
 builder.Services.Configure<StripeSettings>(
     builder.Configuration.GetSection("Stripe"));
@@ -787,4 +813,4 @@ finally
     Log.CloseAndFlush();
 }
 
-public partial class Program { }
\ No newline at end of file
+public partial class Program { }