diff --git a/nginx.conf b/nginx.conf
index c5afa8f..9c6a21d 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -4,6 +4,16 @@ server {
     root /usr/share/nginx/html;
     index index.html;
 
+    # Proxy API requests to backend (same-origin = no cookie issues in Brave etc.)
+    location /api/ {
+        proxy_pass https://api.thenetwork.donovankelly.xyz/api/;
+        proxy_set_header Host api.thenetwork.donovankelly.xyz;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_ssl_server_name on;
+    }
+
     location / {
         try_files $uri $uri/ /index.html;
     }
diff --git a/src/lib/api.ts b/src/lib/api.ts
index a38ab75..f1b02e9 100644
--- a/src/lib/api.ts
+++ b/src/lib/api.ts
@@ -1,12 +1,10 @@
 import type { Profile, Client, ClientCreate, ClientNote, Event, EventCreate, Email, EmailGenerate, User, Invite, ActivityItem, InsightsData, ImportPreview, ImportResult, NetworkMatch, NetworkStats, Notification, Interaction, BulkEmailResult, EmailTemplate, EmailTemplateCreate, ClientSegment, SegmentFilters, FilterOptions, AuditLogsResponse, MeetingPrep, CommunicationStyle } from '@/types';
 
-const API_BASE = import.meta.env.PROD
-  ? 'https://api.thenetwork.donovankelly.xyz/api'
-  : '/api';
+// Always use same-origin paths — nginx proxies /api/* to the backend
+// This avoids cross-domain cookie issues in Brave and other privacy browsers
+const API_BASE = '/api';
 
-const AUTH_BASE = import.meta.env.PROD
-  ? 'https://api.thenetwork.donovankelly.xyz'
-  : '';
+const AUTH_BASE = '';
 
 const TOKEN_KEY = 'network-auth-token';