diff --git a/src/routes/contact.js b/src/routes/contact.js
index 8082124..c668f6c 100644
--- a/src/routes/contact.js
+++ b/src/routes/contact.js
@@ -53,6 +53,8 @@
 const { baseUrl } = require("../utils/baseUrl");
 const { qualifyLink } = require("../utils/qualifyLinks");
 
+const { winstonLogger } = require("../utils/logging");
+
 // Threat detection patterns
 const THREAT_PATTERNS = {
   // Common phishing/spam indicators
@@ -224,36 +226,34 @@
   };
 }
 
-// Enhanced logging with threat analysis
 async function logSecurityEvent(data, eventType = "contact_submission") {
   try {
-    const logDir = path.join(__dirname, "..", "logs", "security");
-    await fs.mkdir(logDir, { recursive: true });
-
-    const logFile = path.join(
-      logDir,
-      `${eventType}_${new Date().toISOString().split("T")[0]}.log`
-    );
+    const date = new Date().toISOString().split("T")[0];
     const logEntry = {
+      eventType,
       ...data,
       loggedAt: new Date().toISOString(),
     };
 
-    await fs.appendFile(logFile, JSON.stringify(logEntry) + "\n");
+    // Log security event at custom 'security' level
+    winstonLogger.log("security", logEntry);
 
-    // Create separate high-threat log
+    // Separate high-threat log file
     if (data.threatAnalysis?.level === "high") {
-      const alertFile = path.join(
-        logDir,
-        `high_threat_${new Date().toISOString().split("T")[0]}.log`
-      );
-      await fs.appendFile(alertFile, JSON.stringify(logEntry) + "\n");
+      const logDir = path.join(__dirname, "..", "..", "logs", "security");
+      await fs.mkdir(logDir, { recursive: true });
+
+      const alertFile = path.join(logDir, `high_threat_${date}.log`);
+      await fs.appendFile(alertFile, message + "\n");
     }
   } catch (err) {
-    console.error("Failed to log security event:", err);
+    // Fail silently or log to error log, depending on requirements
+    winstonLogger.error(`Failed to log security event: ${err.message}`);
   }
 }
 
+module.exports = { logSecurityEvent };
+
 // Middleware to capture request start time
 router.use((req, res, next) => {
   req._startTime = Date.now();
diff --git a/src/utils/logging.js b/src/utils/logging.js
index 6a54266..fbdd9f4 100644
--- a/src/utils/logging.js
+++ b/src/utils/logging.js
@@ -1,8 +1,32 @@
 // utils/logging.js
+
+const customLevels = {
+  levels: {
+    error: 0,
+    warn: 1,
+    security: 2, // Custom level
+    notice: 3,
+    info: 4,
+    debug: 5,
+  },
+  colors: {
+    error: "red",
+    warn: "yellow",
+    security: "magenta", // Optional color
+    notice: "cyan",
+    info: "green",
+    debug: "blue",
+  },
+};
+
 const fs = require("fs");
 const path = require("path");
 const util = require("util");
-const { createLogger, format, transports } = require("winston");
+
+const winston = require("winston");
+winston.addColors(customLevels.colors);
+const { createLogger, format, transports } = winston;
+
 const DailyRotateFile = require("winston-daily-rotate-file");
 const SQLiteTransport = require("../utils/SQLiteTransport");
 const sqliteTransport = new SQLiteTransport();
@@ -168,6 +192,7 @@
 };
 
 const winstonLogger = createLogger({
+  levels: customLevels.levels,
   format: format.combine(
     format.timestamp(),
     format.printf(
@@ -180,6 +205,7 @@
     buildTransport("warn", "warn"),
     buildTransport("debug", "debug"),
     buildTransport("notice", "notice"),
+    buildTransport("security", "security"),
     sessionTransport, // Add session transport to winston
     new transports.Console({
       level: "debug",