diff --git a/CLAUDE.md b/CLAUDE.md
index 424deab..0aa8041 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -1293,3 +1293,51 @@ Bug fix release improving admin UI usability for version management and license
 - Created release package: `releases/wc-licensed-product-0.5.1.zip` (863 KB)
 - SHA256: `a489f0b8cfcd7d5d9b2021b7ff581b9f1a56468dfde87bbb06bb4555d11f7556`
 - Tagged as `v0.5.1` and pushed to `main` branch
+
+### 2026-01-26 - Version 0.5.2 - Per-License Customer Secrets
+
+**Overview:**
+
+Security enhancement release adding per-license customer secrets for API response verification. Each customer now receives a unique secret derived from their license key, eliminating the need to share a global server secret.
+
+**Implemented:**
+
+- Per-license secret derivation using HKDF-like approach
+- Customer account UI showing API verification secret with collapsible section
+- Copy-to-clipboard functionality for customer secrets
+- Static helper methods in ResponseSigner for secret derivation
+
+**New methods in ResponseSigner:**
+
+- `deriveCustomerSecret()` - Static method to derive customer secret from license key and server secret
+- `getCustomerSecretForLicense()` - Static method to get customer secret using configured server secret
+- `isSigningEnabled()` - Static method to check if response signing is configured
+
+**Modified files:**
+
+- `src/Api/ResponseSigner.php` - Added static methods for customer secret derivation
+- `src/Frontend/AccountController.php` - Added `signing_enabled` and `customer_secret` to template data
+- `templates/frontend/licenses.html.twig` - Added collapsible secret section with toggle and copy button
+- `assets/css/frontend.css` - Added styles for `.license-row-secret`, `.secret-toggle`, `.secret-content`
+- `assets/js/frontend.js` - Added `toggleSecret()` and `copySecret()` event handlers
+- `docs/server-implementation.md` - Added documentation for per-license secrets
+
+**Technical notes:**
+
+- Secret derivation uses HKDF-like approach: `HMAC-SHA256(HMAC-SHA256(license_key, server_secret) + "\x01", server_secret)`
+- Each license gets a unique 64-character hex secret
+- Secrets are only shown when `WC_LICENSE_SERVER_SECRET` is configured
+- Collapsible UI prevents accidental secret exposure
+- If server secret is rotated, all customer secrets change automatically
+
+**Security improvement:**
+
+- Customers no longer need access to the master `WC_LICENSE_SERVER_SECRET`
+- If one customer's secret is leaked, other customers are not affected
+- Each license key derives its own unique verification secret
+
+**Release v0.5.2:**
+
+- Created release package: `releases/wc-licensed-product-0.5.2.zip` (845 KB)
+- SHA256: `2d61a78ac5ba0f1d115a6401e6dded5b872b18f5530027c371604cbd18e9e27c`
+- Tagged as `v0.5.2` and pushed to `main` branch