diff --git a/src/App.tsx b/src/App.tsx
index ea51314..30d2091 100644
--- a/src/App.tsx
+++ b/src/App.tsx
@@ -386,9 +386,10 @@ export function App() {
     return <Navigate to="/setup" replace />;
   }
 
-  // Redirect authenticated users to /admin (but preserve impersonation flow via ?sessionId=)
+  // Redirect staff to /admin; allow customers to access portal (preserve impersonation via ?sessionId=)
   const searchParams = new URLSearchParams(location.search);
-  if (!authDisabled && session && !location.pathname.startsWith("/admin") && !searchParams.has("sessionId")) {
+  const isStaff = session?.user && (session.user as any).role === "staff";
+  if (!authDisabled && session && !location.pathname.startsWith("/admin") && !searchParams.has("sessionId") && isStaff) {
     return <Navigate to="/admin" replace />;
   }