diff --git a/server/entity/User.ts b/server/entity/User.ts
index b15b6683..011b1be4 100644
--- a/server/entity/User.ts
+++ b/server/entity/User.ts
@@ -39,7 +39,16 @@ export class User {
     return users.map((u) => u.filter(showFiltered));
   }
 
-  static readonly filteredFields: string[] = ['email', 'plexId'];
+  static readonly filteredFields: string[] = [
+    'email',
+    'plexId',
+    'password',
+    'resetPasswordGuid',
+    'jellyfinDeviceId',
+    'jellyfinAuthToken',
+    'plexToken',
+    'settings',
+  ];
 
   public displayName: string;
 
diff --git a/server/routes/user/index.ts b/server/routes/user/index.ts
index b7733c92..7ef98a4e 100644
--- a/server/routes/user/index.ts
+++ b/server/routes/user/index.ts
@@ -355,14 +355,14 @@ router.delete<{ userId: number; endpoint: string }>(
 router.get<{ id: string }>('/:id', async (req, res, next) => {
   try {
     const userRepository = getRepository(User);
-
     const user = await userRepository.findOneOrFail({
       where: { id: Number(req.params.id) },
     });
 
-    return res
-      .status(200)
-      .json(user.filter(req.user?.hasPermission(Permission.MANAGE_USERS)));
+    const isOwnProfile = req.user?.id === user.id;
+    const isAdmin = req.user?.hasPermission(Permission.MANAGE_USERS);
+
+    return res.status(200).json(user.filter(isOwnProfile || isAdmin));
   } catch (e) {
     next({ status: 404, message: 'User not found.' });
   }