diff --git a/internal/api/email.go b/internal/api/email.go
index c8764f8..ad37f45 100644
--- a/internal/api/email.go
+++ b/internal/api/email.go
@@ -28,8 +28,6 @@ func FindAllEmails(s storage.Store) http.HandlerFunc {
 			return
 		}
 
-		emails = app.DecryptEmailPasswords(emails)
-
 		// Encrypt payload
 		var payload model.Payload
 		key := r.Context().Value("transmissionKey").(string)
@@ -55,19 +53,20 @@ func FindEmailByID(s storage.Store) http.HandlerFunc {
 		}
 
 		schema := r.Context().Value("schema").(string)
-		account, err := s.Emails().FindByID(uint(id), schema)
+		email, err := s.Emails().FindByID(uint(id), schema)
 		if err != nil {
 			RespondWithError(w, http.StatusNotFound, err.Error())
 			return
 		}
 
-		email, err := app.DecryptEmailPassword(s, account)
+		// Decrypt server side encrypted fields
+		decEmail, err := app.DecryptModel(email)
 		if err != nil {
 			RespondWithError(w, http.StatusInternalServerError, err.Error())
 			return
 		}
 
-		emailDTO := model.ToEmailDTO(email)
+		emailDTO := model.ToEmailDTO(decEmail.(*model.Email))
 
 		// Encrypt payload
 		var payload model.Payload
diff --git a/internal/app/email.go b/internal/app/email.go
index b7d8ad3..d52f721 100644
--- a/internal/app/email.go
+++ b/internal/app/email.go
@@ -1,39 +1,31 @@
 package app
 
 import (
-	"encoding/base64"
-
 	"github.com/passwall/passwall-server/internal/storage"
 	"github.com/passwall/passwall-server/model"
-	"github.com/spf13/viper"
 )
 
 // CreateEmail creates a new bank account and saves it to the store
 func CreateEmail(s storage.Store, dto *model.EmailDTO, schema string) (*model.Email, error) {
+	rawModel := model.ToEmail(dto)
+	encModel := EncryptModel(rawModel)
 
-	rawPass := dto.Password
-	dto.Password = base64.StdEncoding.EncodeToString(Encrypt(dto.Password, viper.GetString("server.passphrase")))
-
-	createdEmail, err := s.Emails().Save(model.ToEmail(dto), schema)
+	createdEmail, err := s.Emails().Save(encModel.(*model.Email), schema)
 	if err != nil {
 		return nil, err
 	}
 
-	createdEmail.Password = rawPass
-
 	return createdEmail, nil
 }
 
 // UpdateEmail updates the account with the dto and applies the changes in the store
-func UpdateEmail(s storage.Store, email *model.Email, emailDTO *model.EmailDTO, schema string) (*model.Email, error) {
+func UpdateEmail(s storage.Store, email *model.Email, dto *model.EmailDTO, schema string) (*model.Email, error) {
+	rawModel := model.ToEmail(dto)
+	encModel := EncryptModel(rawModel).(*model.Email)
 
-	rawPass := emailDTO.Password
-	emailDTO.Password = base64.StdEncoding.EncodeToString(Encrypt(emailDTO.Password, viper.GetString("server.passphrase")))
-
-	email.ID = uint(email.ID)
-	email.Title = emailDTO.Title
-	email.Email = emailDTO.Email
-	email.Password = emailDTO.Password
+	email.Title = encModel.Title
+	email.Email = encModel.Email
+	email.Password = encModel.Password
 
 	updatedEmail, err := s.Emails().Save(email, schema)
 	if err != nil {
@@ -41,28 +33,5 @@ func UpdateEmail(s storage.Store, email *model.Email, emailDTO *model.EmailDTO,
 		return nil, err
 	}
 
-	updatedEmail.Password = rawPass
 	return updatedEmail, nil
 }
-
-// DecryptEmailPassword decrypts password
-func DecryptEmailPassword(s storage.Store, account *model.Email) (*model.Email, error) {
-	passByte, _ := base64.StdEncoding.DecodeString(account.Password)
-	account.Password = string(Decrypt(string(passByte[:]), viper.GetString("server.passphrase")))
-
-	return account, nil
-}
-
-// DecryptEmailPasswords ...
-// TODO: convert to pointers
-func DecryptEmailPasswords(emails []model.Email) []model.Email {
-	for i := range emails {
-		if emails[i].Password == "" {
-			continue
-		}
-		passByte, _ := base64.StdEncoding.DecodeString(emails[i].Password)
-		passB64 := string(Decrypt(string(passByte[:]), viper.GetString("server.passphrase")))
-		emails[i].Password = passB64
-	}
-	return emails
-}
diff --git a/internal/app/login.go b/internal/app/login.go
index 6f6c204..4b19ac9 100644
--- a/internal/app/login.go
+++ b/internal/app/login.go
@@ -20,17 +20,18 @@ func CreateLogin(s storage.Store, dto *model.LoginDTO, schema string) (*model.Lo
 
 // UpdateLogin updates the login with the dto and applies the changes in the store
 func UpdateLogin(s storage.Store, login *model.Login, dto *model.LoginDTO, schema string) (*model.Login, error) {
-	rawLogin := model.ToLogin(dto)
-	encLogin := EncryptModel(rawLogin).(*model.Login)
+	rawModel := model.ToLogin(dto)
+	encModel := EncryptModel(rawModel).(*model.Login)
+
+	login.Title = encModel.Title
+	login.URL = encModel.URL
+	login.Username = encModel.Username
+	login.Password = encModel.Password
 
-	login.Title = encLogin.Title
-	login.URL = encLogin.URL
-	login.Username = encLogin.Username
-	login.Password = encLogin.Password
 	updatedLogin, err := s.Logins().Save(login, schema)
 	if err != nil {
 		return nil, err
 	}
-	updatedLogin.Password = rawLogin.Password
+
 	return updatedLogin, nil
 }
diff --git a/model/bank_accounts.go b/model/bank_accounts.go
index 96d472f..2d6e2be 100644
--- a/model/bank_accounts.go
+++ b/model/bank_accounts.go
@@ -12,11 +12,11 @@ type BankAccount struct {
 	DeletedAt     *time.Time `json:"deleted_at"`
 	BankName      string     `json:"bank_name"`
 	BankCode      string     `json:"bank_code"`
-	AccountName   string     `json:"account_name"`
-	AccountNumber string     `json:"account_number"`
-	IBAN          string     `json:"iban"`
-	Currency      string     `json:"currency"`
-	Password      string     `json:"password"`
+	AccountName   string     `json:"account_name" encrypt:"true"`
+	AccountNumber string     `json:"account_number" encrypt:"true"`
+	IBAN          string     `json:"iban" encrypt:"true"`
+	Currency      string     `json:"currency" encrypt:"true"`
+	Password      string     `json:"password" encrypt:"true"`
 }
 
 type BankAccountDTO struct {
diff --git a/model/credit_cards.go b/model/credit_cards.go
index 7add0a0..fb765ab 100644
--- a/model/credit_cards.go
+++ b/model/credit_cards.go
@@ -11,11 +11,11 @@ type CreditCard struct {
 	UpdatedAt          time.Time  `json:"updated_at"`
 	DeletedAt          *time.Time `json:"deleted_at"`
 	CardName           string     `json:"card_name"`
-	CardholderName     string     `json:"cardholder_name"`
-	Type               string     `json:"type"`
-	Number             string     `json:"number"`
-	VerificationNumber string     `json:"verification_number"`
-	ExpiryDate         string     `json:"expiry_date"`
+	CardholderName     string     `json:"cardholder_name" encrypt:"true"`
+	Type               string     `json:"type" encrypt:"true"`
+	Number             string     `json:"number" encrypt:"true"`
+	VerificationNumber string     `json:"verification_number" encrypt:"true"`
+	ExpiryDate         string     `json:"expiry_date" encrypt:"true"`
 }
 
 type CreditCardDTO struct {
diff --git a/model/emails.go b/model/emails.go
index eaa7754..c282812 100644
--- a/model/emails.go
+++ b/model/emails.go
@@ -11,8 +11,8 @@ type Email struct {
 	UpdatedAt time.Time  `json:"updated_at"`
 	DeletedAt *time.Time `json:"deleted_at"`
 	Title     string     `json:"title"`
-	Email     string     `json:"email"`
-	Password  string     `json:"password"`
+	Email     string     `json:"email" encrypt:"true"`
+	Password  string     `json:"password" encrypt:"true"`
 }
 
 // EmailDTO ...
diff --git a/model/login.go b/model/login.go
index 65e2f9e..c3563cd 100644
--- a/model/login.go
+++ b/model/login.go
@@ -6,12 +6,12 @@ import (
 
 // Login ...
 type Login struct {
-	ID        uint       `gorm:"primary_key" json:"id" encrypt:"false"`
-	CreatedAt time.Time  `json:"created_at" encrypt:"false"`
-	UpdatedAt time.Time  `json:"updated_at" encrypt:"false"`
-	DeletedAt *time.Time `json:"deleted_at" encrypt:"false"`
-	Title     string     `json:"title" encrypt:"false"`
-	URL       string     `json:"url" encrypt:"false"`
+	ID        uint       `gorm:"primary_key" json:"id"`
+	CreatedAt time.Time  `json:"created_at"`
+	UpdatedAt time.Time  `json:"updated_at"`
+	DeletedAt *time.Time `json:"deleted_at"`
+	Title     string     `json:"title"`
+	URL       string     `json:"url"`
 	Username  string     `json:"username" encrypt:"true"`
 	Password  string     `json:"password" encrypt:"true"`
 }
diff --git a/model/notes.go b/model/notes.go
index 413b1f2..a2123a6 100644
--- a/model/notes.go
+++ b/model/notes.go
@@ -11,7 +11,7 @@ type Note struct {
 	UpdatedAt time.Time  `json:"updated_at"`
 	DeletedAt *time.Time `json:"deleted_at"`
 	Title     string     `json:"title"`
-	Note      string     `json:"note"`
+	Note      string     `json:"note" encrypt:"true"`
 }
 
 // NoteDTO ...
diff --git a/model/server.go b/model/server.go
index ae56f67..2641d68 100644
--- a/model/server.go
+++ b/model/server.go
@@ -11,14 +11,14 @@ type Server struct {
 	UpdatedAt       time.Time  `json:"updated_at"`
 	DeletedAt       *time.Time `json:"deleted_at"`
 	Title           string     `json:"title"`
-	IP              string     `json:"ip"`
-	Username        string     `json:"username"`
-	Password        string     `json:"password"`
+	IP              string     `json:"ip" encrypt:"true"`
+	Username        string     `json:"username" encrypt:"true"`
+	Password        string     `json:"password" encrypt:"true"`
 	URL             string     `json:"url"`
-	HostingUsername string     `json:"hosting_username"`
-	HostingPassword string     `json:"hosting_password"`
-	AdminUsername   string     `json:"admin_username"`
-	AdminPassword   string     `json:"admin_password"`
+	HostingUsername string     `json:"hosting_username" encrypt:"true"`
+	HostingPassword string     `json:"hosting_password" encrypt:"true"`
+	AdminUsername   string     `json:"admin_username" encrypt:"true"`
+	AdminPassword   string     `json:"admin_password" encrypt:"true"`
 }
 
 type ServerDTO struct {