diff --git a/docker-compose.yml b/docker-compose.yml
index 2a3b7407..c256fa39 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -87,8 +87,9 @@ services:
     memswap_limit: 12g
     volumes:
       - ocr_models:/app/models
-      - ocr_cache:/root/.cache  # Hugging Face / ketos model download cache — prevents re-downloads on container recreate
+      - ocr_cache:/app/cache
     environment:
+      HF_HOME: /app/cache
       KRAKEN_MODEL_PATH: /app/models/german_kurrent.mlmodel
       TRAINING_TOKEN: "${OCR_TRAINING_TOKEN:-}"
       OCR_CONFIDENCE_THRESHOLD: "0.3"
@@ -106,6 +107,12 @@ services:
       timeout: 5s
       retries: 12
       start_period: 120s
+    read_only: true
+    tmpfs:
+      - /tmp:size=512m   # training endpoints write ZIPs to /tmp; 512 MB covers typical batches (20–50 images)
+    cap_drop: [ALL]
+    security_opt:
+      - no-new-privileges:true
 
   # --- Backend: Spring Boot ---
   backend: