diff --git a/app/models.py b/app/models.py
index a527c1b22ccecde91acf81916037c76cfcd224e2..bcc030e5fa73c69833e478f909ff96db3f12a323 100644
--- a/app/models.py
+++ b/app/models.py
@@ -12,6 +12,7 @@ from werkzeug.utils import secure_filename
 import json
 import jwt
 import os
+import re
 import requests
 import secrets
 import shutil
@@ -518,6 +519,7 @@ class User(HashidMixin, UserMixin, db.Model):
     # Fields
     email = db.Column(db.String(254), index=True, unique=True)
     username = db.Column(db.String(64), index=True, unique=True)
+    username_pattern = re.compile(r'^[A-Za-zÄÖÜäöüß0-9_.]*$')
     password_hash = db.Column(db.String(128))
     confirmed = db.Column(db.Boolean, default=False)
     member_since = db.Column(db.DateTime(), default=datetime.utcnow)
@@ -865,10 +867,12 @@ class User(HashidMixin, UserMixin, db.Model):
             'organization': self.organization,
             'job_status_mail_notification_level': \
                     self.setting_job_status_mail_notification_level.name,
-            'is_public': self.is_public,
-            'show_email': self.has_profile_privacy_setting(ProfilePrivacySettings.SHOW_EMAIL),
-            'show_last_seen': self.has_profile_privacy_setting(ProfilePrivacySettings.SHOW_LAST_SEEN),
-            'show_member_since': self.has_profile_privacy_setting(ProfilePrivacySettings.SHOW_MEMBER_SINCE)
+            'profile_privacy_settings': {
+                'is_public': self.is_public,
+                'show_email': self.has_profile_privacy_setting(ProfilePrivacySettings.SHOW_EMAIL),
+                'show_last_seen': self.has_profile_privacy_setting(ProfilePrivacySettings.SHOW_LAST_SEEN),
+                'show_member_since': self.has_profile_privacy_setting(ProfilePrivacySettings.SHOW_MEMBER_SINCE)
+            }
         }
         if backrefs:
             json_serializeable['role'] = \