diff --git a/.claude/JOURNAL.md b/.claude/JOURNAL.md
index fd02146..d3e7fb3 100644
--- a/.claude/JOURNAL.md
+++ b/.claude/JOURNAL.md
@@ -52,5 +52,5 @@ This journal tracks substantive work on documents, diagrams, and documentation c
 16. **Task - Cleanup startup scripts**: Removed obsolete nvidia-smi script and renumbered ensure_groups<br>
     **Result**: Deleted 01_nvidia-smi.sh (GPU detection now uses separate nvidia/cuda container spawned by jupyterhub_config.py), renamed 02_ensure_groups.py to 01_ensure_groups.py for sequential ordering, bumped version to 3.3.2
 
-17. **Task - Fix Watchtower refresh frequency**: Investigated and fixed Watchtower running image checks on every container restart instead of daily<br>
-    **Result**: nickfedor/watchtower fork doesn't have `--no-startup` flag (caused container crash), removed invalid flag - default behavior (without `--update-on-start`) is to not check on startup, only runs at scheduled midnight (cron `0 0 * * *`)
+17. **Task - Fix Watchtower refresh frequency**: Investigated and fixed Watchtower scheduling issues<br>
+    **Result**: Removed unsupported `--no-startup` flag (caused crash), fixed cron expression from 5-field `0 0 * * *` to 6-field `0 0 0 * * *` (watchtower uses seconds) - was running hourly instead of daily at midnight UTC
diff --git a/compose.yml b/compose.yml
index 4b33a03..831cff5 100644
--- a/compose.yml
+++ b/compose.yml
@@ -98,7 +98,7 @@ services:
     image: nickfedor/watchtower:latest
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:rw # to control docker and refresh images
-    command: --cleanup --schedule "0 0 * * *" # daily at midnight only (no --update-on-start = no startup check)
+    command: --cleanup --schedule "0 0 0 * * *" # daily at midnight UTC (6-field cron with seconds)
     security_opt:
       - seccomp:unconfined #optional
     depends_on: