diff --git a/backend/internal/api/handlers/agency_profile.go b/backend/internal/api/handlers/agency_profile.go
index 012f0af..c2bc14f 100644
--- a/backend/internal/api/handlers/agency_profile.go
+++ b/backend/internal/api/handlers/agency_profile.go
@@ -5,6 +5,7 @@ import (
 	"log"
 	"net/http"
 
+	"aggios-app/backend/internal/api/middleware"
 	"aggios-app/backend/internal/repository"
 
 	"github.com/google/uuid"
@@ -58,14 +59,12 @@ func (h *AgencyHandler) GetProfile(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// Get tenant from context (set by middleware)
-	tenantID := r.Context().Value("tenantID")
+	// Get tenant from context (set by auth middleware)
+	tenantID := r.Context().Value(middleware.TenantIDKey)
 	log.Printf("DEBUG GetProfile: tenantID from context = %v (type: %T)", tenantID, tenantID)
 	
 	if tenantID == nil {
-		log.Printf("DEBUG GetProfile: tenantID is nil, checking subdomain from context")
-		subdomain := r.Context().Value("subdomain")
-		log.Printf("DEBUG GetProfile: subdomain = %v", subdomain)
+		log.Printf("DEBUG GetProfile: tenantID is nil from auth middleware")
 		http.Error(w, "Tenant not found in context", http.StatusUnauthorized)
 		return
 	}
@@ -115,8 +114,8 @@ func (h *AgencyHandler) UpdateProfile(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// Get tenant from context
-	tenantID := r.Context().Value("tenantID")
+	// Get tenant from context (set by auth middleware)
+	tenantID := r.Context().Value(middleware.TenantIDKey)
 	if tenantID == nil {
 		http.Error(w, "Tenant not found", http.StatusUnauthorized)
 		return
diff --git a/backend/internal/api/middleware/auth.go b/backend/internal/api/middleware/auth.go
index 730d68b..6cbdc85 100644
--- a/backend/internal/api/middleware/auth.go
+++ b/backend/internal/api/middleware/auth.go
@@ -13,6 +13,7 @@ import (
 type contextKey string
 
 const UserIDKey contextKey = "userID"
+const TenantIDKey contextKey = "tenantID"
 
 // Auth validates JWT tokens
 func Auth(cfg *config.Config) func(http.Handler) http.Handler {
@@ -46,7 +47,9 @@ func Auth(cfg *config.Config) func(http.Handler) http.Handler {
 			}
 
 			userID := claims["user_id"].(string)
+			tenantID := claims["tenant_id"].(string)
 			ctx := context.WithValue(r.Context(), UserIDKey, userID)
+			ctx = context.WithValue(ctx, TenantIDKey, tenantID)
 			next.ServeHTTP(w, r.WithContext(ctx))
 		})
 	}
diff --git a/backend/internal/api/middleware/tenant.go b/backend/internal/api/middleware/tenant.go
index f7082d3..de597e0 100644
--- a/backend/internal/api/middleware/tenant.go
+++ b/backend/internal/api/middleware/tenant.go
@@ -9,10 +9,7 @@ import (
 	"aggios-app/backend/internal/repository"
 )
 
-type tenantContextKey string
-
-const TenantIDKey tenantContextKey = "tenantID"
-const SubdomainKey tenantContextKey = "subdomain"
+const SubdomainKey contextKey = "subdomain"
 
 // TenantDetector detects tenant from subdomain
 func TenantDetector(tenantRepo *repository.TenantRepository) func(http.Handler) http.Handler {