diff --git a/functions/src/server.ts b/functions/src/server.ts
index 35e802a..4dcd77d 100644
--- a/functions/src/server.ts
+++ b/functions/src/server.ts
@@ -33,6 +33,32 @@ app.use(validateSessionCookie);
 app.use(csrfProtection);
 
 // Logging
+const sanitizeBody = (body: any): any => {
+  if (!body) return body;
+
+  const sensitiveFields = [
+    "password",
+    "token",
+    "secret",
+    "key",
+    "authorization",
+    "credit_card",
+    "ssn",
+    "social_security",
+  ];
+  const sanitized = { ...body };
+
+  Object.keys(sanitized).forEach((key) => {
+    if (sensitiveFields.some((field) => key.toLowerCase().includes(field))) {
+      sanitized[key] = "[REDACTED]";
+    } else if (typeof sanitized[key] === "object" && sanitized[key] !== null) {
+      sanitized[key] = sanitizeBody(sanitized[key]);
+    }
+  });
+
+  return sanitized;
+};
+
 app.use((req: Request, res: Response, next: NextFunction) => {
   const logData = {
     method: req.method,
@@ -46,7 +72,7 @@ app.use((req: Request, res: Response, next: NextFunction) => {
 
   const contentType = req.headers["content-type"] || "";
   if (!contentType.includes("multipart/form-data")) {
-    logData.body = req.body;
+    logData.body = sanitizeBody(req.body);
   }
 
   const timestamp = new Date().toISOString();