diff --git a/.env.development b/.env.development
index a0ff60283..c241013e6 100644
--- a/.env.development
+++ b/.env.development
@@ -65,6 +65,10 @@ BREVO_API_KEY=
 EMAIL_SENDER_ADDRESS=noreply@manacore.ai
 EMAIL_SENDER_NAME=ManaCore
 
+# URLs for auth callbacks
+BASE_URL=http://localhost:3001
+FRONTEND_URL=http://localhost:5173
+
 # ============================================
 # CHAT PROJECT
 # ============================================
diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml
index aa35e9568..8e101007d 100644
--- a/.github/workflows/cd-staging.yml
+++ b/.github/workflows/cd-staging.yml
@@ -116,6 +116,11 @@ jobs:
           EMAIL_SENDER_ADDRESS=noreply@manacore.ai
           EMAIL_SENDER_NAME=ManaCore
 
+          # Base URL for auth callbacks (password reset, email verification)
+          BASE_URL=https://auth.staging.manacore.ai
+          # Frontend URL for password reset and email verification links
+          FRONTEND_URL=https://staging.manacore.ai
+
           # Supabase
           SUPABASE_URL=${{ secrets.SUPABASE_URL }}
           SUPABASE_ANON_KEY=${{ secrets.SUPABASE_ANON_KEY }}
diff --git a/docker-compose.production.yml b/docker-compose.production.yml
index 41f0d50e1..20a9a616b 100644
--- a/docker-compose.production.yml
+++ b/docker-compose.production.yml
@@ -19,6 +19,13 @@ services:
       JWT_SECRET: ${JWT_SECRET}
       JWT_PUBLIC_KEY: ${JWT_PUBLIC_KEY}
       JWT_PRIVATE_KEY: ${JWT_PRIVATE_KEY}
+      # Brevo Email Service
+      BREVO_API_KEY: ${BREVO_API_KEY}
+      EMAIL_SENDER_ADDRESS: ${EMAIL_SENDER_ADDRESS:-noreply@manacore.ai}
+      EMAIL_SENDER_NAME: ${EMAIL_SENDER_NAME:-ManaCore}
+      # URLs
+      BASE_URL: ${BASE_URL:-https://auth.manacore.ai}
+      FRONTEND_URL: ${FRONTEND_URL:-https://manacore.ai}
     ports:
       - "127.0.0.1:3001:3001"
     healthcheck:
diff --git a/docker-compose.staging.yml b/docker-compose.staging.yml
index 2af8e9bb6..c7f1bdfb2 100644
--- a/docker-compose.staging.yml
+++ b/docker-compose.staging.yml
@@ -78,6 +78,10 @@ services:
       BREVO_API_KEY: ${BREVO_API_KEY}
       EMAIL_SENDER_ADDRESS: ${EMAIL_SENDER_ADDRESS:-noreply@manacore.ai}
       EMAIL_SENDER_NAME: ${EMAIL_SENDER_NAME:-ManaCore}
+      # Base URL for auth callbacks (password reset, email verification)
+      BASE_URL: ${BASE_URL:-https://auth.staging.manacore.ai}
+      # Frontend URL for password reset and email verification links
+      FRONTEND_URL: ${FRONTEND_URL:-https://staging.manacore.ai}
       # CORS - Allow all staging web app origins (HTTPS domains + localhost for dev)
       CORS_ORIGINS: https://chat.staging.manacore.ai,https://staging.manacore.ai,https://calendar.staging.manacore.ai,https://clock.staging.manacore.ai,https://todo.staging.manacore.ai,http://localhost:3000,http://localhost:5173,http://localhost:5186,http://localhost:5187,http://localhost:5188
     ports:
diff --git a/services/mana-core-auth/.env.example b/services/mana-core-auth/.env.example
index f4a288005..55b006309 100644
--- a/services/mana-core-auth/.env.example
+++ b/services/mana-core-auth/.env.example
@@ -40,5 +40,11 @@ RATE_LIMIT_MAX=100
 # Get your API key from: https://app.brevo.com/settings/keys/api
 # Without this key, emails are logged to console only (dev mode)
 BREVO_API_KEY=
-EMAIL_SENDER_ADDRESS=noreply@manacore.app
+EMAIL_SENDER_ADDRESS=noreply@manacore.ai
 EMAIL_SENDER_NAME=ManaCore
+
+# URLs
+# BASE_URL: Used by Better Auth for internal callbacks
+# FRONTEND_URL: Used for password reset and email verification links
+BASE_URL=http://localhost:3001
+FRONTEND_URL=http://localhost:5173
diff --git a/services/mana-core-auth/src/auth/better-auth.config.ts b/services/mana-core-auth/src/auth/better-auth.config.ts
index 24daa9846..701908d1d 100644
--- a/services/mana-core-auth/src/auth/better-auth.config.ts
+++ b/services/mana-core-auth/src/auth/better-auth.config.ts
@@ -126,13 +126,20 @@ export function createBetterAuth(databaseUrl: string) {
 			 * Set BREVO_API_KEY environment variable to enable email sending.
 			 * Without the API key, emails are logged to console (dev mode).
 			 *
+			 * The reset URL points to the frontend's reset-password page, not the API.
+			 * Set FRONTEND_URL environment variable for production.
+			 *
 			 * @see https://www.better-auth.com/docs/authentication/email-password#password-reset
 			 */
-			sendResetPassword: async ({ user, url }) => {
+			sendResetPassword: async ({ user, token }) => {
+				// Construct URL pointing to frontend's reset-password page
+				const frontendUrl = process.env.FRONTEND_URL || 'http://localhost:5173';
+				const resetUrl = `${frontendUrl}/reset-password?token=${token}`;
+
 				await sendPasswordResetEmail({
 					email: user.email,
 					name: user.name || undefined,
-					resetUrl: url,
+					resetUrl,
 				});
 			},
 		},
diff --git a/services/mana-core-auth/src/config/configuration.ts b/services/mana-core-auth/src/config/configuration.ts
index bf3871ce2..485681c12 100644
--- a/services/mana-core-auth/src/config/configuration.ts
+++ b/services/mana-core-auth/src/config/configuration.ts
@@ -52,7 +52,12 @@ export default () => ({
 
 	email: {
 		brevoApiKey: process.env.BREVO_API_KEY || '',
-		senderAddress: process.env.EMAIL_SENDER_ADDRESS || 'noreply@manacore.app',
+		senderAddress: process.env.EMAIL_SENDER_ADDRESS || 'noreply@manacore.ai',
 		senderName: process.env.EMAIL_SENDER_NAME || 'ManaCore',
 	},
+
+	urls: {
+		baseUrl: process.env.BASE_URL || 'http://localhost:3001',
+		frontendUrl: process.env.FRONTEND_URL || 'http://localhost:5173',
+	},
 });