diff --git a/projects/business/memory/state.json b/projects/business/memory/state.json
index 652edfe..d188c9d 100644
--- a/projects/business/memory/state.json
+++ b/projects/business/memory/state.json
@@ -3,7 +3,7 @@
   "phaseLabel": "Build MVP — Fix remaining HIGH security issues",
   "status": "high-security-issues-open",
   "product": "DocFast — HTML/Markdown to PDF API",
-  "currentPriority": "Fix ALL remaining HIGH security issues. These ARE launch blockers per investor. 1) Container runs as root — add non-root user in Dockerfile. 2) Unlimited free signup abuse — add per-IP rate limiting on signup endpoint. 3) CORS wildcard on auth routes — restrict to docfast.dev origin only. 4) In-memory usage tracking resets on restart — persist to disk/volume. Fix all, deploy, QA verify. Do NOT move to Phase 2 until all resolved.",
+  "currentPriority": "Two things before launch: 1) Fix ALL remaining HIGH security issues (container runs as root, unlimited free signup abuse, CORS wildcard on auth routes, in-memory usage resets on restart). 2) Spawn UI/UX developer to polish the landing page and overall website design — it needs to look professional and trustworthy, not like a quick prototype. Both are launch blockers. Sequence: backend security fixes → UI/UX polish → QA on everything → then Phase 2.",
   "infrastructure": {
     "domain": "docfast.dev",
     "url": "https://docfast.dev",