diff --git a/migrations/schema.sql b/migrations/schema.sql
index 006732bd0..d095ca075 100644
--- a/migrations/schema.sql
+++ b/migrations/schema.sql
@@ -28,7 +28,7 @@ CREATE TABLE IF NOT EXISTS users(
     twoFactorAuthenticationEnabled BOOLEAN DEFAULT false,
     source VARCHAR(128) DEFAULT "",
     role VARCHAR(32),
-    inviteToken VARCHAR(128) DEFAULT "",
+    inviteToken VARCHAR(128) DEFAULT "", // one time token until user sets up account
     resetToken VARCHAR(128) DEFAULT "",
     resetTokenCreationTime TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
     active BOOLEAN DEFAULT 1,
diff --git a/src/users.js b/src/users.js
index 33b44e3ff..0c3fc73cb 100644
--- a/src/users.js
+++ b/src/users.js
@@ -194,9 +194,7 @@ function removePrivateFields(user) {
         'id', 'username', 'email', 'fallbackEmail', 'displayName', 'groupIds', 'active', 'source', 'role', 'createdAt',
         'twoFactorAuthenticationEnabled', 'notificationConfig', 'hasAvatar', 'hasBackgroundImage' ]);
 
-    // invite status indicator
-    result.inviteAccepted = !user.inviteToken;
-
+    result.inviteAccepted = !user.inviteToken; // invite status indicator
     return result;
 }
 
@@ -284,7 +282,7 @@ async function add(email, data, auditSource) {
         password: Buffer.from(derivedKey, 'binary').toString('hex'),
         salt: salt.toString('hex'),
         resetToken: '',
-        inviteToken: hat(256),  // new users start out with invite tokens
+        inviteToken: hat(256),  // new users start out a one-time invite token
         displayName,
         source,
         role,