diff --git a/knip.json b/knip.json
index b5f4e20e8..82c3a2d67 100644
--- a/knip.json
+++ b/knip.json
@@ -1,5 +1,5 @@
 {
-    "$schema": "https://unpkg.com/knip@latest/schema.json",
+    "$schema": "https://unpkg.com/knip@5.37.1/schema.json",
     "ignore": ["src/assets/**"],
     "entry": ["src/**/*.{js,jsx,ts,tsx}", "postcss.config.js", "tailwind.config.js"],
     "project": ["src/**/*.{js,jsx,ts,tsx}", "*.config.{js,ts}"]
diff --git a/public/game/peanut-game.html b/public/game/peanut-game.html
index 2dabff7f5..b1b0629e2 100644
--- a/public/game/peanut-game.html
+++ b/public/game/peanut-game.html
@@ -2625,6 +2625,9 @@
 
     <body id="t">
         <script>
+            // Note: Facebook SDK version is pinned to v2.2 to match the API version used in FB.init.
+            // Using versioned SDK URL ensures consistent behavior. Consider upgrading to a newer
+            // version (e.g., v19.0) as v2.2 is deprecated, but test thoroughly before updating.
             window.fbAsyncInit = function () {
                 FB.init({
                     appId: '576553495813787',
@@ -2640,7 +2643,7 @@
                 }
                 js = d.createElement(s)
                 js.id = id
-                js.src = '//connect.facebook.net/en_US/sdk.js'
+                js.src = '//connect.facebook.net/en_US/sdk/v2.2/sdk.js'
                 fjs.parentNode.insertBefore(js, fjs)
             })(document, 'script', 'facebook-jssdk')
         </script>
diff --git a/public/onesignal/OneSignalSDKWorker.js b/public/onesignal/OneSignalSDKWorker.js
index 7032e7a66..4856c9450 100644
--- a/public/onesignal/OneSignalSDKWorker.js
+++ b/public/onesignal/OneSignalSDKWorker.js
@@ -1,3 +1,7 @@
-// use the stable v16 service worker path per onesignal docs
-// note: onesignal does not publish minor-pinned sw paths; use v16 channel
+// Version Pinning: OneSignal uses major version channels (v16) for their CDN.
+// Per OneSignal documentation, they do not publish minor or patch-pinned service worker URLs.
+// The v16 channel receives security updates and bug fixes automatically while maintaining
+// API compatibility. This is the recommended approach per OneSignal's best practices.
+// For stricter version control, we can consider self-hosting the SDK, but this requires manual updates.
+// Reference: https://documentation.onesignal.com/docs/web-push-quickstart
 importScripts('https://cdn.onesignal.com/sdks/web/v16/OneSignalSDK.sw.js')
diff --git a/src/app/(mobile-ui)/layout.tsx b/src/app/(mobile-ui)/layout.tsx
index e44b0b963..2a98ec647 100644
--- a/src/app/(mobile-ui)/layout.tsx
+++ b/src/app/(mobile-ui)/layout.tsx
@@ -20,9 +20,7 @@ import { Banner } from '@/components/Global/Banner'
 import { DeviceType, useDeviceType } from '@/hooks/useGetDeviceType'
 import { useSetupStore } from '@/redux/hooks'
 import ForceIOSPWAInstall from '@/components/ForceIOSPWAInstall'
-
-// Allow access to some public paths without authentication
-const publicPathRegex = /^\/(request\/pay|claim|pay\/.+$|support|invite|dev)/
+import { PUBLIC_ROUTES_REGEX } from '@/constants/routes'
 
 const Layout = ({ children }: { children: React.ReactNode }) => {
     const pathName = usePathname()
@@ -78,7 +76,7 @@ const Layout = ({ children }: { children: React.ReactNode }) => {
     }, [])
 
     // Allow access to public paths without authentication
-    const isPublicPath = publicPathRegex.test(pathName)
+    const isPublicPath = PUBLIC_ROUTES_REGEX.test(pathName)
 
     useEffect(() => {
         if (!isPublicPath && !isFetchingUser && !user) {
diff --git a/src/app/(mobile-ui)/qr/[code]/page.tsx b/src/app/(mobile-ui)/qr/[code]/page.tsx
new file mode 100644
index 000000000..4a5e6673a
--- /dev/null
+++ b/src/app/(mobile-ui)/qr/[code]/page.tsx
@@ -0,0 +1,265 @@
+'use client'
+
+import { Button } from '@/components/0_Bruddle'
+import Card from '@/components/Global/Card'
+import NavHeader from '@/components/Global/NavHeader'
+import { PEANUT_API_URL } from '@/constants'
+import { useAuth } from '@/context/authContext'
+import { useRouter, useParams } from 'next/navigation'
+import { useCallback, useEffect, useState } from 'react'
+import PeanutLoading from '@/components/Global/PeanutLoading'
+import ErrorAlert from '@/components/Global/ErrorAlert'
+import { Icon } from '@/components/Global/Icons/Icon'
+import { saveRedirectUrl, generateInviteCodeLink, sanitizeRedirectURL } from '@/utils'
+import { getShakeClass } from '@/utils/perk.utils'
+import Cookies from 'js-cookie'
+import { useRedirectQrStatus } from '@/hooks/useRedirectQrStatus'
+import { useHoldToClaim } from '@/hooks/useHoldToClaim'
+
+export default function RedirectQrClaimPage() {
+    const router = useRouter()
+    const params = useParams()
+    const code = params?.code as string
+    const { user } = useAuth()
+    const [isLoading, setIsLoading] = useState(false)
+    const [error, setError] = useState<string | null>(null)
+
+    // Fetch redirect QR status using shared hook
+    const { data: redirectQrData, isLoading: isCheckingStatus, error: redirectQrError } = useRedirectQrStatus(code)
+
+    // Handle redirects based on QR status and authentication
+    useEffect(() => {
+        // Wait for QR status to load
+        if (isCheckingStatus || !redirectQrData) {
+            return
+        }
+
+        // If QR is already claimed, redirect to the target URL
+        if (redirectQrData.claimed && redirectQrData.redirectUrl) {
+            // Sanitize redirect URL to prevent open redirect attacks
+            // For same-origin URLs, sanitizeRedirectURL returns safe path
+            // For external URLs, it returns null (we handle separately)
+            const sanitizedPath = sanitizeRedirectURL(redirectQrData.redirectUrl)
+
+            if (sanitizedPath) {
+                // Internal redirect - use sanitized path with Next.js router
+                router.push(sanitizedPath)
+            } else {
+                // External redirect - validate it's expected domain before redirecting
+                try {
+                    const url = new URL(redirectQrData.redirectUrl)
+                    // Allow external redirects ONLY for trusted domains (peanut.me)
+                    // This relies on backend validation during QR claiming
+                    if (url.hostname.includes('peanut.me') || url.hostname.includes('localhost')) {
+                        window.location.href = redirectQrData.redirectUrl
+                    } else {
+                        console.error('Untrusted external redirect blocked:', redirectQrData.redirectUrl)
+                        setError('Invalid QR code destination.')
+                    }
+                } catch (error) {
+                    console.error('Invalid redirect URL:', redirectQrData.redirectUrl)
+                    setError('Invalid QR code destination.')
+                }
+            }
+            return
+        }
+
+        // QR is not claimed - check authentication
+        if (!user) {
+            // User not logged in - redirect to setup to create account/login
+            saveRedirectUrl()
+            router.push('/setup')
+        }
+    }, [isCheckingStatus, redirectQrData, user, router])
+
+    const handleClaim = useCallback(async () => {
+        // Auth check is already handled by useEffect above
+        // If we reach here, user is authenticated
+        setIsLoading(true)
+        setError(null)
+
+        try {
+            // Generate invite link with correct 3-digit suffix
+            const username = user?.user?.username
+            if (!username) {
+                throw new Error('Username not found')
+            }
+
+            const { inviteLink } = generateInviteCodeLink(username)
+
+            const response = await fetch(`${PEANUT_API_URL}/qr/${code}/claim`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    Authorization: `Bearer ${Cookies.get('jwt-token')}`,
+                },
+                body: JSON.stringify({
+                    targetUrl: inviteLink, // Pass the correctly formatted invite link
+                }),
+            })
+
+            const data = await response.json()
+
+            if (!response.ok) {
+                // Log backend error for debugging but show generic message to user
+                console.error('Backend claim error:', data.message || data.error)
+                throw new Error('Failed to claim QR code. Please try again.')
+            }
+
+            // Success! Show success page, then redirect to invite (which goes to profile for logged-in users)
+            router.push(`/qr/${code}/success`)
+        } catch (err: any) {
+            console.error('Error claiming QR:', err)
+            // Always show generic error message (don't expose backend details)
+            setError('Failed to claim QR code. Please try again.')
+        } finally {
+            setIsLoading(false)
+        }
+    }, [code, router, user])
+
+    // Hold-to-claim mechanics with shake animation
+    const { holdProgress, isShaking, shakeIntensity, buttonProps } = useHoldToClaim({
+        onComplete: handleClaim,
+        disabled: isLoading,
+    })
+
+    // Show loading while checking status or if we're in the process of redirecting
+    if (isCheckingStatus || (redirectQrData?.claimed && redirectQrData?.redirectUrl)) {
+        return (
+            <div className={`flex min-h-[inherit] flex-col gap-8 ${getShakeClass(isShaking, shakeIntensity)}`}>
+                <NavHeader title="Claim QR Code" />
+                <div className="flex h-full items-center justify-center">
+                    <PeanutLoading />
+                </div>
+            </div>
+        )
+    }
+
+    // If not logged in and QR is unclaimed, the useEffect above will redirect to setup
+    // This loading screen will show briefly during that redirect
+    if (!user) {
+        return (
+            <div className={`flex min-h-[inherit] flex-col gap-8 ${getShakeClass(isShaking, shakeIntensity)}`}>
+                <NavHeader title="Claim QR Code" />
+                <div className="flex h-full items-center justify-center">
+                    <PeanutLoading />
+                </div>
+            </div>
+        )
+    }
+
+    // Show error only if there's an actual error or QR is not available (and not claimed)
+    if (redirectQrError || !redirectQrData || (!redirectQrData.available && !redirectQrData.claimed)) {
+        // Log error for debugging but don't expose details to user
+        if (redirectQrError) {
+            console.error('QR status check error:', redirectQrError)
+        }
+        return (
+            <div className={`flex min-h-[inherit] flex-col gap-8 ${getShakeClass(isShaking, shakeIntensity)}`}>
+                <NavHeader title="Claim QR Code" />
+                <div className="my-auto flex h-full flex-col justify-center space-y-4">
+                    <Card className="space-y-4 p-6">
+                        <div className="flex items-center justify-center">
+                            <div className="bg-red-100 flex h-16 w-16 items-center justify-center rounded-full">
+                                <Icon name="cancel" size={32} className="text-red-600" />
+                            </div>
+                        </div>
+                        <div className="space-y-2 text-center">
+                            <h1 className="text-2xl font-extrabold">QR Code Unavailable</h1>
+                            <p className="text-base text-grey-1">
+                                {redirectQrData?.claimed
+                                    ? 'This QR code has already been claimed by another user.'
+                                    : 'This QR code is not available for claiming.'}
+                            </p>
+                        </div>
+                    </Card>
+                    <Button variant="purple" shadowSize="4" onClick={() => router.push('/home')} className="w-full">
+                        Go to Home
+                    </Button>
+                </div>
+            </div>
+        )
+    }
+
+    return (
+        <div className={`flex min-h-[inherit] flex-col gap-8 ${getShakeClass(isShaking, shakeIntensity)}`}>
+            <NavHeader title="Claim Your QR Code" />
+            <div className="my-auto flex h-full flex-col justify-center space-y-4">
+                {/* QR Code Visual */}
+                <Card className="space-y-4 p-6">
+                    <div className="flex items-center justify-center">
+                        <div className="flex h-20 w-20 items-center justify-center rounded-full">
+                            <Icon name="qr-code" size={40} className="text-purple-600" />
+                        </div>
+                    </div>
+                    <div className="space-y-2 text-center">
+                        <h1 className="text-2xl font-extrabold">Claim Your Code</h1>
+                        <p className="text-base text-grey-1">
+                            This QR code will be permanently linked to your Peanut profile. Anyone who scans it will be
+                            able to use your invite.
+                        </p>
+                    </div>
+                </Card>
+
+                {/* How it works */}
+                <Card className="space-y-3 p-6">
+                    <h2 className="text-lg font-bold">How it works</h2>
+                    <div className="space-y-3">
+                        <div className="flex gap-3">
+                            <div className="flex h-8 w-8 flex-shrink-0 items-center justify-center rounded-full bg-secondary-1 text-sm font-bold">
+                                1
+                            </div>
+                            <p className="text-sm text-grey-1">You claim this QR code and it becomes yours forever</p>
+                        </div>
+                        <div className="flex gap-3">
+                            <div className="flex h-8 w-8 flex-shrink-0 items-center justify-center rounded-full bg-secondary-1 text-sm font-bold">
+                                2
+                            </div>
+                            <p className="text-sm text-grey-1">Put the sticker anywhere you want people to find you</p>
+                        </div>
+                        <div className="flex gap-3">
+                            <div className="flex h-8 w-8 flex-shrink-0 items-center justify-center rounded-full bg-secondary-1 text-sm font-bold">
+                                3
+                            </div>
+                            <p className="text-sm text-grey-1">
+                                They can join Peanut with your invite and contribute towards your points, forever.
+                            </p>
+                        </div>
+                    </div>
+                </Card>
+
+                {/* Important note */}
+                <Card className="border-2 border-secondary-1 bg-secondary-1/10 p-4">
+                    <div className="flex gap-3">
+                        <Icon name="info" size={20} className="flex-shrink-0 text-secondary-1" />
+                        <p className="text-sm font-medium">
+                            <strong>Important:</strong> Once claimed, this QR code cannot be transferred or changed.
+                        </p>
+                    </div>
+                </Card>
+
+                {/* Claim button - Hold to claim */}
+                <Button
+                    {...buttonProps}
+                    variant="purple"
+                    shadowSize="4"
+                    disabled={isLoading}
+                    loading={isLoading}
+                    className={`${buttonProps.className} w-full`}
+                >
+                    {/* Black progress fill from left to right */}
+                    <div
+                        className="absolute inset-0 bg-black transition-all duration-100"
+                        style={{
+                            width: `${holdProgress}%`,
+                            left: 0,
+                        }}
+                    />
+                    <span className="relative z-10">{isLoading ? 'Claiming...' : 'Hold to Claim QR Code'}</span>
+                </Button>
+
+                {error && <ErrorAlert description={error} />}
+            </div>
+        </div>
+    )
+}
diff --git a/src/app/(mobile-ui)/qr/[code]/success/page.tsx b/src/app/(mobile-ui)/qr/[code]/success/page.tsx
new file mode 100644
index 000000000..1f2e50eed
--- /dev/null
+++ b/src/app/(mobile-ui)/qr/[code]/success/page.tsx
@@ -0,0 +1,121 @@
+'use client'
+
+import { Button } from '@/components/0_Bruddle'
+import Card from '@/components/Global/Card'
+import NavHeader from '@/components/Global/NavHeader'
+import { BASE_URL } from '@/constants'
+import { useRouter, useParams } from 'next/navigation'
+import { useEffect } from 'react'
+import PeanutLoading from '@/components/Global/PeanutLoading'
+import { Icon } from '@/components/Global/Icons/Icon'
+import { confettiPresets } from '@/utils/confetti'
+import { useRedirectQrStatus } from '@/hooks/useRedirectQrStatus'
+import QRCodeWrapper from '@/components/Global/QRCodeWrapper'
+import { useToast } from '@/components/0_Bruddle/Toast'
+
+export default function RedirectQrSuccessPage() {
+    const router = useRouter()
+    const params = useParams()
+    const code = params?.code as string
+    const toast = useToast()
+
+    // Fetch redirect QR details using shared hook
+    const { data: redirectQrData, isLoading } = useRedirectQrStatus(code)
+
+    const qrUrl = `${BASE_URL}/qr/${code}`
+
+    // Trigger confetti on mount
+    useEffect(() => {
+        const timer = setTimeout(() => {
+            confettiPresets.success()
+        }, 300)
+
+        return () => clearTimeout(timer)
+    }, [])
+
+    if (isLoading || !redirectQrData) {
+        return (
+            <div className="flex min-h-[inherit] flex-col gap-8">
+                <NavHeader title="Success" />
+                <div className="flex h-full items-center justify-center">
+                    <PeanutLoading />
+                </div>
+            </div>
+        )
+    }
+
+    return (
+        <div className="flex min-h-[inherit] flex-col gap-8">
+            <NavHeader title="Success" />
+            <div className="my-auto flex h-full flex-col justify-center space-y-4">
+                {/* Title */}
+                <div className="space-y-1 text-center">
+                    <h1 className="text-2xl font-extrabold">This QR is now yours!</h1>
+                    <p className="text-base text-grey-1">Your sticker is now linked to your profile forever.</p>
+                </div>
+
+                {/* QR Code Display */}
+                <div className="flex justify-center py-4">
+                    <QRCodeWrapper url={qrUrl} />
+                </div>
+
+                {/* Sticker Info Card */}
+                <Card className="border-2 border-secondary-1 bg-secondary-1/10 p-4">
+                    <div className="flex gap-3">
+                        <Icon name="star" size={20} className="flex-shrink-0 text-secondary-1" />
+                        <div className="space-y-1">
+                            <p className="text-sm font-bold">Put it anywhere!</p>
+                            <p className="text-xs text-grey-1">
+                                Stick it on your laptop, water bottle, or anywhere you want people to find you. Anyone
+                                who scans will be able to join Peanut with your invite and contribute towards your
+                                points forever.
+                            </p>
+                        </div>
+                    </div>
+                </Card>
+
+                {/* Action Buttons */}
+                <div className="space-y-3">
+                    <Button
+                        variant="purple"
+                        shadowSize="4"
+                        onClick={() => router.push('/home')}
+                        className="w-full"
+                        icon="arrow-up-right"
+                    >
+                        Go to Home
+                    </Button>
+                    <Button
+                        variant="primary-soft"
+                        shadowSize="4"
+                        onClick={async () => {
+                            try {
+                                // ALWAYS copy to clipboard first (works on both desktop and mobile)
+                                await navigator.clipboard.writeText(qrUrl)
+                                toast.info('Link copied')
+
+                                // THEN try to open share dialog if available (bonus for mobile users)
+                                if (navigator.share) {
+                                    await navigator.share({
+                                        title: 'My Peanut QR Code',
+                                        text: 'Scan my QR code to connect with me on Peanut!',
+                                        url: qrUrl,
+                                    })
+                                }
+                            } catch (error: any) {
+                                // Ignore user cancellation
+                                if (error.name !== 'AbortError') {
+                                    console.error('Share error:', error)
+                                }
+                            }
+                        }}
+                        className="w-full"
+                        icon="share"
+                    >
+                        Share QR Code
+                    </Button>
+                </div>
+            </div>
+        </div>
+    )
+}
diff --git a/src/app/[...recipient]/page.tsx b/src/app/[...recipient]/page.tsx
index a1dcf33b1..64b5c73df 100644
--- a/src/app/[...recipient]/page.tsx
+++ b/src/app/[...recipient]/page.tsx
@@ -7,17 +7,31 @@ import { isAddress } from 'viem'
 import { printableAddress, resolveAddressToUsername } from '@/utils'
 import { chargesApi } from '@/services/charges'
 import { parseAmountAndToken } from '@/lib/url-parser/parser'
+import { notFound } from 'next/navigation'
+import { RESERVED_ROUTES } from '@/constants/routes'
 
 type PageProps = {
     params: Promise<{ recipient?: string[] }>
 }
 
 export async function generateMetadata({ params, searchParams }: any) {
-    let title = 'Request Payment | Peanut'
-    const siteUrl: string = (await getOrigin()) || BASE_URL // getOrigin for getting the origin of the site regardless of its a vercel preview or not
     const resolvedSearchParams = await searchParams
     const resolvedParams = await params
 
+    // Guard: Don't generate metadata for reserved routes (handled by their specific routes)
+    const firstSegment = resolvedParams.recipient?.[0]?.toLowerCase()
+    if (firstSegment && RESERVED_ROUTES.includes(firstSegment)) {
+        return {}
+    }
+
+    // Guard: Ensure recipient exists
+    if (!resolvedParams.recipient?.[0]) {
+        return {}
+    }
+
+    let title = 'Request Payment | Peanut'
+    const siteUrl: string = (await getOrigin()) || BASE_URL // getOrigin for getting the origin of the site regardless of its a vercel preview or not
+
     let recipient = resolvedParams.recipient[0].toLowerCase()
 
     if (recipient.includes('%40') || recipient.includes('@')) {
@@ -165,6 +179,13 @@ export default function Page(props: PageProps) {
     const params = use(props.params)
     const recipient = params.recipient ?? []
 
+    // Guard: Reserved routes should be handled by their specific route files
+    // If we reach here, it means Next.js routing didn't catch it properly
+    const firstSegment = recipient[0]?.toLowerCase()
+    if (firstSegment && RESERVED_ROUTES.includes(firstSegment)) {
+        notFound()
+    }
+
     return (
         <PageContainer>
             <PaymentPage recipient={recipient} />
diff --git a/src/app/layout.tsx b/src/app/layout.tsx
index 430beb702..a62095b59 100644
--- a/src/app/layout.tsx
+++ b/src/app/layout.tsx
@@ -69,6 +69,7 @@ export default function RootLayout({ children }: { children: React.ReactNode })
         <html lang="en" style={{ colorScheme: 'light' }} data-theme="light">
             <head>
                 <meta name="color-scheme" content="light" />
+                {/* Note: Google Tag Manager (gtag.js) does not support version pinning.*/}
                 {process.env.NODE_ENV !== 'development' && process.env.NEXT_PUBLIC_GA_KEY && (
                     <>
                         <Script
diff --git a/src/components/Global/ActionModal/index.tsx b/src/components/Global/ActionModal/index.tsx
index 32aa0b75b..c872fb9ac 100644
--- a/src/components/Global/ActionModal/index.tsx
+++ b/src/components/Global/ActionModal/index.tsx
@@ -106,7 +106,7 @@ const ActionModal: React.FC<ActionModalProps> = ({
             className={twMerge('items-center justify-center md:mx-auto md:max-w-md', modalClassName)}
             classButtonClose={hideModalCloseButton ? '!hidden' : ''}
             classWrap={twMerge(
-                'sm:m-auto sm:self-center self-center m-4 bg-white rounded-none border-0 z-50',
+                'sm:m-auto sm:self-center self-center m-4 bg-white rounded-none !border-0 z-50',
                 defaultModalPanelClasses,
                 modalPanelClassName
             )}
diff --git a/src/components/Global/DirectSendQR/index.tsx b/src/components/Global/DirectSendQR/index.tsx
index 1d5c8b242..2cffa0c34 100644
--- a/src/components/Global/DirectSendQR/index.tsx
+++ b/src/components/Global/DirectSendQR/index.tsx
@@ -246,12 +246,41 @@ export default function DirectSendQr({
         switch (qrType) {
             case EQrType.PEANUT_URL:
                 {
+                    // Extract path by removing domain (handle with/without protocol and www)
                     let path = originalData
-                    path = path.substring(BASE_URL.length)
+                        .replace(/^https?:\/\/(www\.)?/, '') // Remove protocol and www
+                        .replace(/^[^/]+/, '') // Remove domain
+
                     if (!path.startsWith('/')) {
                         path = '/' + path
                     }
-                    redirectUrl = path
+
+                    // Special handling for /qr/ paths (redirect QR codes - user-tied QRs)
+                    if (path.startsWith('/qr/')) {
+                        const redirectQrCode = path.substring(4) // Remove '/qr/' prefix
+
+                        // Check redirect QR status (single endpoint for speed)
+                        try {
+                            const response = await fetch(
+                                `${process.env.NEXT_PUBLIC_PEANUT_API_URL}/qr/${redirectQrCode}`
+                            )
+                            const data = await response.json()
+
+                            if (data.claimed && data.redirectUrl) {
+                                // Redirect QR is claimed, redirect to target URL
+                                redirectUrl = data.redirectUrl
+                            } else {
+                                // Redirect QR is available, go to claim/redirect page
+                                redirectUrl = `/qr/${redirectQrCode}`
+                            }
+                        } catch (error) {
+                            console.error('Error checking redirect QR:', error)
+                            // Fallback: redirect to claim page
+                            redirectUrl = `/qr/${redirectQrCode}`
+                        }
+                    } else {
+                        redirectUrl = path
+                    }
                 }
                 break
             case EQrType.EVM_ADDRESS:
diff --git a/src/components/Global/DirectSendQR/utils.ts b/src/components/Global/DirectSendQR/utils.ts
index 572bcddaf..1c37a990d 100644
--- a/src/components/Global/DirectSendQR/utils.ts
+++ b/src/components/Global/DirectSendQR/utils.ts
@@ -108,9 +108,17 @@ const REGEXES_BY_TYPE: { [key in QrType]?: RegExp } = {
 export const BASE_URL = process.env.NEXT_PUBLIC_BASE_URL!
 
 export function recognizeQr(data: string): QrType | null {
-    if (data.startsWith(BASE_URL)) {
+    // Normalize the data for comparison (remove protocol and www)
+    const normalizedData = data.toLowerCase().replace(/^https?:\/\/(www\.)?/, '')
+    const normalizedBaseUrl = BASE_URL.toLowerCase().replace(/^https?:\/\/(www\.)?/, '')
+
+    // Check if it's a Peanut URL:
+    // 1. Matches BASE_URL (works for tests and production)
+    // 2. OR explicitly matches peanut.me (works on localhost with real QR codes)
+    if (normalizedData.startsWith(normalizedBaseUrl) || normalizedData.startsWith('peanut.me/')) {
         return EQrType.PEANUT_URL
     }
+
     if (isAddress(data)) {
         return EQrType.EVM_ADDRESS
     }
diff --git a/src/components/Global/Modal/index.tsx b/src/components/Global/Modal/index.tsx
index 05edc8306..6a7f3f536 100644
--- a/src/components/Global/Modal/index.tsx
+++ b/src/components/Global/Modal/index.tsx
@@ -77,7 +77,7 @@ const Modal = ({
                 >
                     <Dialog.Panel
                         className={twMerge(
-                            `relative bottom-0 z-10 mx-0 max-h-[] w-full max-w-[26rem] self-end rounded-md bg-white outline-none dark:bg-n-1 sm:m-auto sm:self-auto ${
+                            `relative bottom-0 z-10 mx-0 max-h-[] w-full max-w-[26rem] self-end rounded-md border-0 bg-white outline-none dark:bg-n-1 sm:m-auto sm:self-auto ${
                                 video
                                     ? 'static aspect-video max-w-[64rem] overflow-hidden bg-n-1 shadow-[0_2.5rem_8rem_rgba(0,0,0,0.5)] dark:border-transparent'
                                     : ''
diff --git a/src/components/Global/ShareButton/index.tsx b/src/components/Global/ShareButton/index.tsx
index 812349782..397df771e 100644
--- a/src/components/Global/ShareButton/index.tsx
+++ b/src/components/Global/ShareButton/index.tsx
@@ -69,28 +69,24 @@ const ShareButton = ({
     const handleShare = useCallback(async () => {
         const shareUrl = url ?? (generateUrl ? await generateUrl() : undefined)
         const shareText = generateText ? await generateText() : text
+        let copied = false
 
         try {
-            // Check if Web Share API is available
-            if (!navigator.share) {
-                // Fallback to clipboard
-                const contentToCopy = shareUrl || shareText || ''
-                const copied = await copyTextToClipboardWithFallback(contentToCopy)
-                if (copied) {
-                    toast.info(shareUrl ? 'Link copied' : 'Text copied')
-                    onSuccess?.()
-                } else {
-                    throw new Error('Failed to copy to clipboard')
-                }
-                return
+            // ALWAYS copy to clipboard first (works on both desktop and mobile)
+            const contentToCopy = shareUrl || shareText || ''
+            copied = await copyTextToClipboardWithFallback(contentToCopy)
+            if (copied) {
+                toast.info(shareUrl ? 'Link copied' : 'Text copied')
             }
 
-            // Use Web Share API
-            const shareData: ShareData = { title }
-            if (shareText) shareData.text = shareText
-            if (shareUrl) shareData.url = shareUrl
+            // THEN try to open share dialog if available (bonus for mobile users)
+            if (navigator.share) {
+                const shareData: ShareData = { title }
+                if (shareText) shareData.text = shareText
+                if (shareUrl) shareData.url = shareUrl
 
-            await navigator.share(shareData)
+                await navigator.share(shareData)
+            }
 
             onSuccess?.()
         } catch (error: any) {
@@ -99,13 +95,15 @@ const ShareButton = ({
                 console.error('Sharing error:', error)
                 Sentry.captureException(error)
 
-                // Try clipboard fallback if sharing fails
-                const contentToCopy = shareUrl || shareText || ''
-                const copied = await copyTextToClipboardWithFallback(contentToCopy)
-                if (copied) {
-                    toast.info(shareUrl ? 'Link copied' : 'Text copied')
-                } else {
-                    toast.error('Sharing failed')
+                // If we didn't copy earlier, try now
+                if (!copied) {
+                    const contentToCopy = shareUrl || shareText || ''
+                    const fallbackCopied = await copyTextToClipboardWithFallback(contentToCopy)
+                    if (fallbackCopied) {
+                        toast.info(shareUrl ? 'Link copied' : 'Text copied')
+                    } else {
+                        toast.error('Sharing failed')
+                    }
                 }
 
                 onError?.(error)
diff --git a/src/components/Invites/InvitesPage.tsx b/src/components/Invites/InvitesPage.tsx
index c3439b028..116fef800 100644
--- a/src/components/Invites/InvitesPage.tsx
+++ b/src/components/Invites/InvitesPage.tsx
@@ -1,5 +1,5 @@
 'use client'
-import React, { Suspense } from 'react'
+import React, { Suspense, useEffect } from 'react'
 import PeanutLoading from '../Global/PeanutLoading'
 import ValidationErrorView from '../Payment/Views/Error.validation.view'
 import InvitesPageLayout from './InvitesPageLayout'
@@ -36,6 +36,20 @@ function InvitePageContent() {
         enabled: !!inviteCode,
     })
 
+    // Redirect logged-in users who already have app access to the inviter's profile
+    // Users without app access should stay on this page to claim the invite and get access
+    useEffect(() => {
+        // Wait for both user and invite data to be loaded
+        if (!user?.user || !inviteCodeData || isLoading) {
+            return
+        }
+
+        // If user has app access and invite is valid, redirect to inviter's profile
+        if (user.user.hasAppAccess && inviteCodeData.success && inviteCodeData.username) {
+            router.push(`/${inviteCodeData.username}`)
+        }
+    }, [user, inviteCodeData, isLoading, router])
+
     const handleClaimInvite = async () => {
         if (inviteCode) {
             dispatch(setupActions.setInviteCode(inviteCode))
diff --git a/src/components/Profile/components/PublicProfile.tsx b/src/components/Profile/components/PublicProfile.tsx
index 4b0a81fe5..e6d55ef71 100644
--- a/src/components/Profile/components/PublicProfile.tsx
+++ b/src/components/Profile/components/PublicProfile.tsx
@@ -217,7 +217,7 @@ const PublicProfile: React.FC<PublicProfileProps> = ({ username, isLoggedIn = fa
                     <div>
                         <HomeHistory isPublic={false} username={username} />
                         {isSelfProfile && (
-                            <div className="flex w-full items-center justify-center gap-2">
+                            <div className="mb-1 mt-3 flex w-full items-center justify-center gap-2 rounded-md bg-grey-4/25 px-3 py-2">
                                 <Icon name="info" size={16} className="text-grey-1" />
                                 <p className="text-center text-sm text-grey-1">
                                     Activity is only visible for you, it is not public.
diff --git a/src/constants/index.ts b/src/constants/index.ts
index ee5e64b26..3670e535e 100644
--- a/src/constants/index.ts
+++ b/src/constants/index.ts
@@ -6,3 +6,4 @@ export * from './loadingStates.consts'
 export * from './query.consts'
 export * from './zerodev.consts'
 export * from './manteca.consts'
+export * from './routes'
diff --git a/src/constants/routes.ts b/src/constants/routes.ts
new file mode 100644
index 000000000..33746b3b8
--- /dev/null
+++ b/src/constants/routes.ts
@@ -0,0 +1,104 @@
+/**
+ * Centralized route configuration
+ *
+ * This file defines all route categories used across the app to avoid duplication
+ * and ensure consistency between layout.tsx, middleware.ts, and catch-all routes.
+ */
+
+/**
+ * Routes with dedicated Next.js page files
+ * These should not be handled by catch-all routes
+ */
+export const DEDICATED_ROUTES = [
+    'qr',
+    'api',
+    'setup',
+    'home',
+    'history',
+    'settings',
+    'points',
+    'claim',
+    'pay',
+    'request',
+    'invite',
+    'support',
+    'dev',
+] as const
+
+/**
+ * Routes from redirects.json (static redirects)
+ * These are handled by Next.js redirects configuration
+ */
+export const STATIC_REDIRECT_ROUTES = [
+    'docs',
+    'packet',
+    'create-packet',
+    'batch',
+    'raffle',
+    'pioneers',
+    'pints',
+    'events',
+    'foodie',
+] as const
+
+/**
+ * All reserved routes that should not be handled by catch-all recipient route
+ * Combination of dedicated routes and static redirects
+ */
+export const RESERVED_ROUTES: readonly string[] = [...DEDICATED_ROUTES, ...STATIC_REDIRECT_ROUTES]
+
+/**
+ * Routes accessible without authentication
+ * These paths can be accessed by non-logged-in users
+ */
+export const PUBLIC_ROUTES = ['request/pay', 'claim', 'pay', 'support', 'invite', 'dev', 'qr'] as const
+
+/**
+ * Regex pattern for public routes (used in layout.tsx)
+ * Matches paths that don't require authentication
+ */
+export const PUBLIC_ROUTES_REGEX = /^\/(request\/pay|claim|pay\/.+|support|invite|dev|qr)/
+
+/**
+ * Routes where middleware should run
+ *
+ * NOTE: This is for documentation only. Next.js middleware config.matcher
+ * must be a static literal array (can't import constants) for build-time parsing.
+ * The actual matcher is defined directly in middleware.ts
+ */
+export const MIDDLEWARE_ROUTES: readonly string[] = [
+    '/',
+    '/home',
+    '/claim/:path*',
+    '/api/:path*',
+    '/home/:path*',
+    '/profile/:path*',
+    '/send/:path*',
+    '/request/:path*',
+    '/settings/:path*',
+    '/setup/:path*',
+    '/share/:path*',
+    '/history/:path*',
+    '/raffle/:path*',
+    '/c/:path*',
+    '/pay/:path*',
+    '/p/:path*',
+    '/link/:path*',
+    '/dev/:path*',
+    '/qr/:path*',
+]
+
+/**
+ * Helper to check if a path is reserved (should not be handled by catch-all)
+ */
+export function isReservedRoute(path: string): boolean {
+    const firstSegment = path.split('/')[1]?.toLowerCase()
+    return RESERVED_ROUTES.includes(firstSegment as any)
+}
+
+/**
+ * Helper to check if a path is public (no auth required)
+ */
+export function isPublicRoute(path: string): boolean {
+    return PUBLIC_ROUTES_REGEX.test(path)
+}
diff --git a/src/hooks/query/user.ts b/src/hooks/query/user.ts
index b4f9341a6..1b1404800 100644
--- a/src/hooks/query/user.ts
+++ b/src/hooks/query/user.ts
@@ -6,9 +6,11 @@ import { fetchWithSentry } from '@/utils'
 import { hitUserMetric } from '@/utils/metrics.utils'
 import { keepPreviousData, useQuery } from '@tanstack/react-query'
 import { usePWAStatus } from '../usePWAStatus'
+import { useDeviceType } from '../useGetDeviceType'
 
 export const useUserQuery = (dependsOn?: boolean) => {
     const isPwa = usePWAStatus()
+    const { deviceType } = useDeviceType()
     const dispatch = useAppDispatch()
     const { user: authUser } = useUserStore()
 
@@ -17,7 +19,10 @@ export const useUserQuery = (dependsOn?: boolean) => {
         if (userResponse.ok) {
             const userData: IUserProfile | null = await userResponse.json()
             if (userData) {
-                hitUserMetric(userData.user.userId, 'login', { isPwa: isPwa })
+                hitUserMetric(userData.user.userId, 'login', {
+                    isPwa: isPwa,
+                    deviceType: deviceType,
+                })
 
                 dispatch(userActions.setUser(userData))
             }
diff --git a/src/hooks/useHoldToClaim.ts b/src/hooks/useHoldToClaim.ts
new file mode 100644
index 000000000..4618547ef
--- /dev/null
+++ b/src/hooks/useHoldToClaim.ts
@@ -0,0 +1,200 @@
+import { useCallback, useEffect, useRef, useState } from 'react'
+import { PERK_HOLD_DURATION_MS } from '@/constants'
+
+export type ShakeIntensity = 'none' | 'weak' | 'medium' | 'strong' | 'intense'
+
+interface UseHoldToClaimOptions {
+    onComplete: () => void
+    holdDuration?: number
+    disabled?: boolean
+}
+
+interface UseHoldToClaimReturn {
+    holdProgress: number
+    isShaking: boolean
+    shakeIntensity: ShakeIntensity
+    startHold: () => void
+    cancelHold: () => void
+    buttonProps: {
+        onPointerDown: () => void
+        onPointerUp: () => void
+        onPointerLeave: () => void
+        onKeyDown: (e: React.KeyboardEvent) => void
+        onKeyUp: (e: React.KeyboardEvent) => void
+        onContextMenu: (e: React.MouseEvent) => void
+        className: string
+        style: React.CSSProperties
+    }
+}
+
+/**
+ * Custom hook for hold-to-claim button interactions
+ * Provides progress tracking, shake animation, haptic feedback, and accessibility support
+ */
+export function useHoldToClaim({
+    onComplete,
+    holdDuration = PERK_HOLD_DURATION_MS,
+    disabled = false,
+}: UseHoldToClaimOptions): UseHoldToClaimReturn {
+    const [holdProgress, setHoldProgress] = useState(0)
+    const [isShaking, setIsShaking] = useState(false)
+    const [shakeIntensity, setShakeIntensity] = useState<ShakeIntensity>('none')
+    const holdTimerRef = useRef<NodeJS.Timeout | null>(null)
+    const progressIntervalRef = useRef<NodeJS.Timeout | null>(null)
+    const holdStartTimeRef = useRef<number | null>(null)
+
+    // Cleanup timers on unmount
+    useEffect(() => {
+        return () => {
+            if (holdTimerRef.current) clearTimeout(holdTimerRef.current)
+            if (progressIntervalRef.current) clearInterval(progressIntervalRef.current)
+            holdStartTimeRef.current = null
+        }
+    }, [])
+
+    const cancelHold = useCallback(() => {
+        const PREVIEW_DURATION_MS = 500
+
+        // Calculate how long the user held
+        const elapsed = holdStartTimeRef.current ? Date.now() - holdStartTimeRef.current : 0
+
+        // Clear the completion timer
+        if (holdTimerRef.current) clearTimeout(holdTimerRef.current)
+        holdTimerRef.current = null
+
+        // If it was a quick tap, let the preview animation continue for 500ms before resetting
+        if (elapsed > 0 && elapsed < PREVIEW_DURATION_MS) {
+            const remainingPreviewTime = PREVIEW_DURATION_MS - elapsed
+
+            // Let animations continue for the preview duration
+            const resetTimer = setTimeout(() => {
+                // Clean up after preview
+                if (progressIntervalRef.current) clearInterval(progressIntervalRef.current)
+                progressIntervalRef.current = null
+                setHoldProgress(0)
+                setIsShaking(false)
+                setShakeIntensity('none')
+                holdStartTimeRef.current = null
+
+                if ('vibrate' in navigator) {
+                    navigator.vibrate(0)
+                }
+            }, remainingPreviewTime)
+
+            holdTimerRef.current = resetTimer
+        } else {
+            // Released after preview duration - reset immediately
+            if (progressIntervalRef.current) clearInterval(progressIntervalRef.current)
+            progressIntervalRef.current = null
+            setHoldProgress(0)
+            setIsShaking(false)
+            setShakeIntensity('none')
+            holdStartTimeRef.current = null
+
+            if ('vibrate' in navigator) {
+                navigator.vibrate(0)
+            }
+        }
+    }, [])
+
+    const startHold = useCallback(() => {
+        if (disabled) return
+
+        setHoldProgress(0)
+        setIsShaking(true)
+
+        const startTime = Date.now()
+        holdStartTimeRef.current = startTime
+        let lastIntensity: ShakeIntensity = 'weak'
+
+        // Update progress and shake intensity
+        const interval = setInterval(() => {
+            const elapsed = Date.now() - startTime
+            const progress = Math.min((elapsed / holdDuration) * 100, 100)
+            setHoldProgress(progress)
+
+            // Progressive shake intensity with haptic feedback
+            let newIntensity: ShakeIntensity = 'weak'
+            if (progress < 25) {
+                newIntensity = 'weak'
+            } else if (progress < 50) {
+                newIntensity = 'medium'
+            } else if (progress < 75) {
+                newIntensity = 'strong'
+            } else {
+                newIntensity = 'intense'
+            }
+
+            // Trigger haptic feedback when intensity changes
+            if (newIntensity !== lastIntensity && 'vibrate' in navigator) {
+                // Progressive vibration patterns that match shake intensity
+                switch (newIntensity) {
+                    case 'weak':
+                        navigator.vibrate(50) // Short but noticeable pulse
+                        break
+                    case 'medium':
+                        navigator.vibrate([100, 40, 100]) // Medium pulse pattern
+                        break
+                    case 'strong':
+                        navigator.vibrate([150, 40, 150, 40, 150]) // Strong pulse pattern
+                        break
+                    case 'intense':
+                        navigator.vibrate([200, 40, 200, 40, 200, 40, 200]) // INTENSE pulse pattern
+                        break
+                }
+                lastIntensity = newIntensity
+            }
+
+            setShakeIntensity(newIntensity)
+
+            if (progress >= 100) {
+                clearInterval(interval)
+            }
+        }, 50)
+
+        progressIntervalRef.current = interval
+
+        // Complete after hold duration
+        const timer = setTimeout(() => {
+            onComplete()
+        }, holdDuration)
+
+        holdTimerRef.current = timer
+    }, [onComplete, holdDuration, disabled])
+
+    const buttonProps = {
+        onPointerDown: startHold,
+        onPointerUp: cancelHold,
+        onPointerLeave: cancelHold,
+        onKeyDown: (e: React.KeyboardEvent) => {
+            if ((e.key === 'Enter' || e.key === ' ') && !disabled) {
+                e.preventDefault()
+                startHold()
+            }
+        },
+        onKeyUp: (e: React.KeyboardEvent) => {
+            if ((e.key === 'Enter' || e.key === ' ') && !disabled) {
+                e.preventDefault()
+                cancelHold()
+            }
+        },
+        onContextMenu: (e: React.MouseEvent) => {
+            // Prevent context menu from appearing
+            e.preventDefault()
+        },
+        className: 'relative touch-manipulation select-none overflow-hidden',
+        style: {
+            WebkitTouchCallout: 'none',
+            WebkitTapHighlightColor: 'transparent',
+        } as React.CSSProperties,
+    }
+
+    return {
+        holdProgress,
+        isShaking,
+        shakeIntensity,
+        startHold,
+        cancelHold,
+        buttonProps,
+    }
+}
diff --git a/src/hooks/useRedirectQrStatus.ts b/src/hooks/useRedirectQrStatus.ts
new file mode 100644
index 000000000..ee299f592
--- /dev/null
+++ b/src/hooks/useRedirectQrStatus.ts
@@ -0,0 +1,30 @@
+import { useQuery } from '@tanstack/react-query'
+import { PEANUT_API_URL } from '@/constants'
+
+interface RedirectQrStatusData {
+    claimed: boolean
+    available: boolean
+    redirectUrl?: string
+    claimedAt?: string
+}
+
+async function fetchRedirectQrStatus(code: string): Promise<RedirectQrStatusData> {
+    const response = await fetch(`${PEANUT_API_URL}/qr/${code}`)
+    const result = await response.json()
+
+    if (!response.ok) {
+        throw new Error(result.message || 'Failed to fetch redirect QR status')
+    }
+
+    return result
+}
+
+export function useRedirectQrStatus(code: string | null | undefined) {
+    return useQuery({
+        queryKey: ['redirect-qr-status', code],
+        queryFn: () => fetchRedirectQrStatus(code!),
+        enabled: !!code,
+        staleTime: 0, // Always fetch fresh data for redirect QR status
+        refetchOnMount: true,
+    })
+}
diff --git a/src/middleware.ts b/src/middleware.ts
index 3e5b6f045..3eefca16f 100644
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -69,7 +69,9 @@ const isPromoLink = (url: URL) => {
     return !!(linkChainId && linkVersion)
 }
 
-// Updated matcher to include root path
+// Middleware matcher configuration
+// NOTE: This must be a static array for Next.js to parse at build time
+// Routes are documented in src/constants/routes.ts (MIDDLEWARE_ROUTES)
 export const config = {
     matcher: [
         '/',
@@ -90,5 +92,6 @@ export const config = {
         '/p/:path*',
         '/link/:path*',
         '/dev/:path*',
+        '/qr/:path*',
     ],
 }
diff --git a/src/utils/general.utils.ts b/src/utils/general.utils.ts
index 5e8f80106..3992ca303 100644
--- a/src/utils/general.utils.ts
+++ b/src/utils/general.utils.ts
@@ -876,6 +876,9 @@ export const generateInvitesShareText = (inviteLink: string) => {
 /**
  * Generate a deterministic 3-digit suffix from username
  * This is purely cosmetic and derived from a hash of the username
+ *
+ * ⚠️ IMPORTANT: This logic is duplicated in the backend (peanut-api-ts/src/utils.ts)
+ * If you change this, you MUST update the backend version to match!
  */
 export const generateInviteCodeSuffix = (username: string): string => {
     const lowerUsername = username.toLowerCase()