diff --git a/.planning/phases/01-foundation-auth/01-CONTEXT.md b/.planning/phases/01-foundation-auth/01-CONTEXT.md
new file mode 100644
index 0000000..3f04747
--- /dev/null
+++ b/.planning/phases/01-foundation-auth/01-CONTEXT.md
@@ -0,0 +1,72 @@
+# Phase 1: Foundation & Auth - Context
+
+**Gathered:** 2026-01-31
+**Status:** Ready for planning
+
+<domain>
+## Phase Boundary
+
+Users can create accounts, log in (email/password or Google OAuth), and subscribe to plans (Free, Creator, Pro) in a secure multi-tenant environment. All data is isolated per tenant with Row Level Security. This phase builds the foundation — onboarding wizard, chat interface, and social connections are separate phases.
+
+</domain>
+
+<decisions>
+## Implementation Decisions
+
+### Registration Flow
+- Email verification is **mandatory** — user cannot access the app until verified
+- Password requirements: **medium** (8+ characters, 1 number, 1 uppercase)
+- Registration fields: Claude's discretion (likely minimal to reduce friction)
+- Verification method: Claude's discretion (link vs 6-digit code)
+
+### Plan Selection
+- When to choose plan: Claude's discretion (likely start Free, upgrade later)
+- Plan display format: Claude's discretion (table vs cards)
+- Trial offering: Claude's discretion (likely no trial, Free tier is the trial)
+- Upgrade prompt style: Claude's discretion (likely non-invasive banner)
+
+### Session Behavior
+- Session duration: Claude's discretion (likely 30 days)
+- Multi-device: Claude's discretion (likely unlimited)
+- "Logout from all devices": Claude's discretion
+- **New device notification: YES** — email when login from unrecognized device
+
+### Login Experience
+- Login method priority: Claude's discretion (Google vs email form)
+- "Remember me" checkbox: Claude's discretion
+- **Error messages: SPECIFIC** — tell user "Password errata" or "Email non registrata" (more helpful than generic)
+- **Password reset: link via email** (not code)
+
+### Claude's Discretion
+- Registration form fields (minimize friction)
+- Verification method (link vs code)
+- Plan selection timing and UI
+- Trial offering (if any)
+- Upgrade prompt style
+- Session duration
+- Multi-device policy
+- Login method visual priority
+- "Remember me" behavior
+
+</decisions>
+
+<specifics>
+## Specific Ideas
+
+- Error messages should be helpful and specific (user-friendly over security-paranoid)
+- New device login notification via email (security feature the user explicitly wanted)
+- Password reset via clickable link, not OTP code
+
+</specifics>
+
+<deferred>
+## Deferred Ideas
+
+None — discussion stayed within phase scope
+
+</deferred>
+
+---
+
+*Phase: 01-foundation-auth*
+*Context gathered: 2026-01-31*