diff --git a/scripts/install.sh b/scripts/install.sh
index 9c18279..7b5dd28 100644
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -270,6 +270,14 @@ if [ "$SKIP_CONFIG" = false ]; then
     echo -e "    │  MITRE sync:    ${CYAN}$([ "$RUN_MITRE_SYNC" = true ] && echo "yes" || echo "no")${NC}"
     echo -e "${BOLD}    └──────────────────────────────────────────────────────┘${NC}"
     echo ""
+    # Warn about data loss if containers/volumes already exist
+    if $COMPOSE_CMD -f docker-compose.prod.yml ps -q 2>/dev/null | grep -q . || \
+       docker volume ls --format '{{.Name}}' 2>/dev/null | grep -qi 'postgres'; then
+        echo ""
+        print_warn "Existing database volumes detected."
+        print_warn "Proceeding will RESET the database — all existing data will be lost."
+    fi
+
     print_prompt "Proceed with these settings? (Y/n): "
     read -r CONFIRM
     if [[ $CONFIRM =~ ^[Nn]$ ]]; then
@@ -325,6 +333,14 @@ print_header "Step 3/5 - Building and starting containers"
 
 print_info "This may take several minutes on first run..."
 
+# When reconfiguring, remove old volumes so Postgres re-initializes with the new password.
+# Without this, Postgres ignores the new DB_PASSWORD because it only sets credentials
+# on first initialization (empty volume) — leaving the backend unable to authenticate.
+if [ "$SKIP_CONFIG" = false ]; then
+    print_info "Removing existing volumes to apply new credentials..."
+    $COMPOSE_CMD -f docker-compose.prod.yml down -v > /dev/null 2>&1 || true
+fi
+
 if ! $COMPOSE_CMD -f docker-compose.prod.yml up -d --build 2>&1; then
     print_error "Failed to build/start containers. Check the output above."
     exit 1