diff --git a/accounts.js b/accounts.js
index 746ba34..832aa0a 100644
--- a/accounts.js
+++ b/accounts.js
@@ -546,6 +546,7 @@ function create(deps, app) {
       if (!result) { result = { id: undefined }; }
 
       result.id = undefined;
+      //result.prv = undefined;
 
       return result;
     });
@@ -557,12 +558,13 @@ function create(deps, app) {
     console.log(req.oauth3);
 
     var body = req.body;
-    var promise = req.Models.IssuerOauth3OrgProfiles.find({ sub: req.oauth3.ppid, iss: req.experienceId }).then(function (results) {
-      var result = results[0];
+    var promise = req.Models.IssuerOauth3OrgProfiles.get(req.oauth3._IDX_ || req.oauth3.accountIdx).then(function (result) {
+    //var promise = req.Models.IssuerOauth3OrgProfiles.find({ sub: req.oauth3.ppid, iss: req.experienceId })
+      //var result = results[0];
       var changed = false;
 
-      console.log('get gotten');
-      console.log(results);
+      console.log('[setProfile] get gotten:');
+      console.log(result);
 
       if (!result) { throw new OpErr("account could not be found"); /*result = { accountId: req.oauth3.accountIdx, displayName: '', firstName: '', lastName: '', avatarUrl: '' };*/ }
 
@@ -576,13 +578,22 @@ function create(deps, app) {
         }
       });
 
+      if (body.email && (result.email !== body.email)) {
+        if (result.unverifiedEmail !== body.email) {
+          changed = true;
+          result.unverifiedEmail = body.email;
+        }
+      }
+
       if (changed) {
-        return req.Models.IssuerOauth3OrgProfiles.upsert(result).then(function () { console.log('update updated'); return result; });
+        return req.Models.IssuerOauth3OrgProfiles.upsert(result).then(function () { console.log('[setProfile] update updated'); return result; });
       }
 
       return result;
     }).then(function (result) {
       result.id = undefined;
+      //result.prv = undefined;
+      return result;
     });
 
     app.handlePromise(req, res, promise, '[issuer@oauth3.org] set profile');