diff --git a/backend/src/__tests__/profile.test.js b/backend/src/__tests__/profile.test.js
index 0330559..e96172f 100644
--- a/backend/src/__tests__/profile.test.js
+++ b/backend/src/__tests__/profile.test.js
@@ -10,4 +10,14 @@ test('GET /profile should return user profile', async () => {
 
   assert.strictEqual(response.statusCode, 200);
   assert.strictEqual(response.headers['content-type'], 'application/json; charset=utf-8');
+});
+
+test('POST /phone should update phone number', async () => {
+  const response = await app.inject({
+    method: 'POST',
+    url: '/phone',
+    payload: { phone: '1234567890' }
+  });
+
+  assert.strictEqual(response.statusCode, 200);
 });
\ No newline at end of file
diff --git a/backend/src/routes/profile.js b/backend/src/routes/profile.js
index 6ff1e7b..af82b31 100644
--- a/backend/src/routes/profile.js
+++ b/backend/src/routes/profile.js
@@ -21,4 +21,26 @@ router.post('/phone', requireAuth, async (req, res) => {
   }
 });
 
+// GET /profile endpoint
+router.get('/', requireAuth, async (req, res) => {
+  try {
+    const [rows] = await pool.query('SELECT id, name, email, phone_encrypted FROM users WHERE id = ?', [req.user.userId]);
+    if (rows.length === 0) return res.status(404).json({ error: 'User not found' });
+
+    const user = rows[0];
+    // Decrypt phone number for response
+    const decryptedPhone = user.phone_encrypted ? decryptText(user.phone_encrypted) : null;
+    
+    res.status(200).json({
+      id: user.id,
+      name: user.name,
+      email: user.email,
+      phone: decryptedPhone
+    });
+  } catch (error) {
+    console.error('Error fetching profile:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
 export default router;
\ No newline at end of file