diff --git a/server.js b/server.js
index 47e1429..89caafe 100644
--- a/server.js
+++ b/server.js
@@ -513,16 +513,38 @@ const users = {}; // Simple in-memory user store
 
 app.post('/api/auth/signup', (req, res) => {
   const { email, password } = req.body;
+
   if (!email || !password) {
-    return res.status(400).json({ error: 'Email and password required' });
+    return res.status(400).json({
+      error: 'Email and password required'
+    });
+  }
+
+  // Email validation
+  const emailRegex =
+    /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[A-Za-z]{2,}$/;
+
+  if (!emailRegex.test(email)) {
+    return res.status(400).json({
+      error: 'Invalid email format'
+    });
   }
+
+  // Check existing user
   if (users[email]) {
-    return res.status(400).json({ error: 'User already exists' });
+    return res.status(400).json({
+      error: 'User already exists'
+    });
   }
+
+  // Save user
   users[email] = { email, password };
-  res.json({ success: true, message: 'Account created successfully' });
-});
 
+  res.json({
+    success: true,
+    message: 'Account created successfully'
+  });
+});
 app.post('/api/auth/login', (req, res) => {
   const { email, password } = req.body;
   if (!email || !password) {
@@ -572,4 +594,4 @@ app.use((err, req, res, next) => {
 const PORT = process.env.PORT || 3000;
 app.listen(PORT, () => {
   console.log('Server running on port ' + PORT);
-});
\ No newline at end of file
+});