diff --git a/src/routes/profile.js b/src/routes/profile.js
index 256e55cce..e644da346 100644
--- a/src/routes/profile.js
+++ b/src/routes/profile.js
@@ -47,9 +47,6 @@ async function canEditProfile(req, res, next) {
 async function get(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
-    const [error, backgroundImage] = await safe(users.getBackgroundImage(req.user));
-    if (error) return next(BoxError.toHttpError(error));
-
     next(new HttpSuccess(200, {
         id: req.user.id,
         username: req.user.username,
@@ -59,7 +56,8 @@ async function get(req, res, next) {
         twoFactorAuthenticationEnabled: req.user.twoFactorAuthenticationEnabled,
         role: req.user.role,
         source: req.user.source,
-        hasBackgroundImage: !!backgroundImage,
+        hasBackgroundImage: req.user.hasBackgroundImage,
+        hasAvatar: req.user.hasAvatar,
         language: req.user.language || await settings.get(settings.LANGUAGE_KEY),
         notificationConfig: req.user.notificationConfig,
     }));
diff --git a/src/users.js b/src/users.js
index a6e351f5e..33b44e3ff 100644
--- a/src/users.js
+++ b/src/users.js
@@ -99,7 +99,8 @@ const appPasswords = require('./apppasswords.js'),
 
 // the avatar and backgroundImage fields are special and not added here to reduce response sizes
 const USERS_FIELDS = [ 'id', 'username', 'email', 'fallbackEmail', 'password', 'salt', 'creationTime', 'inviteToken', 'resetToken', 'displayName', 'language',
-    'twoFactorAuthenticationEnabled', 'twoFactorAuthenticationSecret', 'active', 'source', 'role', 'resetTokenCreationTime', 'loginLocationsJson', 'notificationConfigJson' ].join(',');
+    'twoFactorAuthenticationEnabled', 'twoFactorAuthenticationSecret', 'active', 'source', 'role', 'resetTokenCreationTime', 'loginLocationsJson', 'notificationConfigJson',
+    '(avatar IS NOT NULL) AS hasAvatar', '(backgroundImage IS NOT NULL) AS hasBackgroundImage' ].join(',');
 
 const DEFAULT_GHOST_LIFETIME = 6 * 60 * 60 * 1000; // 6 hours
 
@@ -191,7 +192,7 @@ function validatePassword(password) {
 function removePrivateFields(user) {
     const result = _.pick(user, [
         'id', 'username', 'email', 'fallbackEmail', 'displayName', 'groupIds', 'active', 'source', 'role', 'createdAt',
-        'twoFactorAuthenticationEnabled', 'notificationConfig']);
+        'twoFactorAuthenticationEnabled', 'notificationConfig', 'hasAvatar', 'hasBackgroundImage' ]);
 
     // invite status indicator
     result.inviteAccepted = !user.inviteToken;