diff --git a/backend/app/Models/ConversationState.php b/backend/app/Models/ConversationState.php
index db2368a..17f2ef0 100644
--- a/backend/app/Models/ConversationState.php
+++ b/backend/app/Models/ConversationState.php
@@ -20,9 +20,10 @@ class ConversationState extends BaseModel
     {
         self::ensureTableExists();
         $hash = Security::blindIndex($phone);
+        $now = date('Y-m-d H:i:s');
         $state = Database::selectOne(
-            "SELECT * FROM " . static::$table . " WHERE company_id = ? AND contact_phone_hash = ? AND expires_at > NOW() LIMIT 1",
-            [$companyId, $hash]
+            "SELECT * FROM " . static::$table . " WHERE company_id = ? AND contact_phone_hash = ? AND expires_at > ? LIMIT 1",
+            [$companyId, $hash, $now]
         );
         return self::decryptState($state);
     }
@@ -68,7 +69,8 @@ class ConversationState extends BaseModel
     {
         self::ensureTableExists();
         try {
-            Database::execute("DELETE FROM " . static::$table . " WHERE expires_at < NOW()");
+            $now = date('Y-m-d H:i:s');
+            Database::execute("DELETE FROM " . static::$table . " WHERE expires_at < ?", [$now]);
         } catch (\Exception $e) {
             error_log("Failed to clean expired conversation states: " . $e->getMessage());
         }