diff --git a/internal/admin/apiservices.go b/internal/admin/apiservices.go
index fd0bf9e..882d611 100644
--- a/internal/admin/apiservices.go
+++ b/internal/admin/apiservices.go
@@ -11,14 +11,13 @@ import (
 	"gitea.local/admin/hspguard/internal/web"
 	"github.com/go-chi/chi/v5"
 	"github.com/google/uuid"
-	"github.com/jackc/pgx/v5/pgtype"
 )
 
 type ApiServiceDTO struct {
 	ID           uuid.UUID `json:"id"`
 	ClientID     string    `json:"client_id"`
 	Name         string    `json:"name"`
-	Description  string    `json:"description"`
+	Description  *string   `json:"description"`
 	RedirectUris []string  `json:"redirect_uris"`
 	Scopes       []string  `json:"scopes"`
 	GrantTypes   []string  `json:"grant_types"`
@@ -32,7 +31,7 @@ func NewApiServiceDTO(service repository.ApiService) ApiServiceDTO {
 		ID:           service.ID,
 		ClientID:     service.ClientID,
 		Name:         service.Name,
-		Description:  service.Description.String,
+		Description:  service.Description,
 		RedirectUris: service.RedirectUris,
 		Scopes:       service.Scopes,
 		GrantTypes:   service.GrantTypes,
@@ -129,10 +128,7 @@ func (h *AdminHandler) AddApiService(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if req.Description != "" {
-		params.Description = pgtype.Text{
-			String: req.Description,
-			Valid:  true,
-		}
+		params.Description = &req.Description
 	}
 
 	service, err := h.repo.CreateApiService(r.Context(), params)
@@ -262,12 +258,9 @@ func (h *AdminHandler) UpdateApiService(w http.ResponseWriter, r *http.Request)
 	}
 
 	updated, err := h.repo.UpdateApiService(r.Context(), repository.UpdateApiServiceParams{
-		ClientID: service.ClientID,
-		Name:     req.Name,
-		Description: pgtype.Text{
-			String: req.Description,
-			Valid:  true,
-		},
+		ClientID:     service.ClientID,
+		Name:         req.Name,
+		Description:  &req.Description,
 		RedirectUris: req.RedirectUris,
 		Scopes:       req.Scopes,
 		GrantTypes:   req.GrantTypes,
diff --git a/internal/auth/routes.go b/internal/auth/routes.go
index 3ecdffc..9d1628b 100644
--- a/internal/auth/routes.go
+++ b/internal/auth/routes.go
@@ -167,7 +167,7 @@ func (h *AuthHandler) getProfile(w http.ResponseWriter, r *http.Request) {
 		"phone_number":    user.PhoneNumber,
 		"isAdmin":         user.IsAdmin,
 		"last_login":      user.LastLogin,
-		"profile_picture": user.ProfilePicture.String,
+		"profile_picture": user.ProfilePicture,
 		"updated_at":      user.UpdatedAt,
 		"created_at":      user.CreatedAt,
 	}); err != nil {
@@ -219,10 +219,10 @@ func (h *AuthHandler) login(w http.ResponseWriter, r *http.Request) {
 		AccessToken  string `json:"access"`
 		RefreshToken string `json:"refresh"`
 		// fields required for UI in account selector, e.g. email, full name and avatar
-		FullName       string `json:"full_name"`
-		Email          string `json:"email"`
-		Id             string `json:"id"`
-		ProfilePicture string `json:"profile_picture"`
+		FullName       string  `json:"full_name"`
+		Email          string  `json:"email"`
+		Id             string  `json:"id"`
+		ProfilePicture *string `json:"profile_picture"`
 		// Avatar
 	}
 
@@ -234,7 +234,7 @@ func (h *AuthHandler) login(w http.ResponseWriter, r *http.Request) {
 		FullName:       user.FullName,
 		Email:          user.Email,
 		Id:             user.ID.String(),
-		ProfilePicture: user.ProfilePicture.String,
+		ProfilePicture: user.ProfilePicture,
 		// Avatar
 	}); err != nil {
 		web.Error(w, "failed to encode response", http.StatusInternalServerError)
diff --git a/internal/oauth/token.go b/internal/oauth/token.go
index feef0bb..4da8fee 100644
--- a/internal/oauth/token.go
+++ b/internal/oauth/token.go
@@ -81,7 +81,7 @@ func (h *OAuthHandler) tokenEndpoint(w http.ResponseWriter, r *http.Request) {
 			// TODO:
 			EmailVerified: true,
 			Name:          user.FullName,
-			Picture:       user.ProfilePicture.String,
+			Picture:       user.ProfilePicture,
 			Nonce:         nonce,
 			Roles:         []string{"user", "admin"},
 			RegisteredClaims: jwt.RegisteredClaims{
diff --git a/internal/types/claims.go b/internal/types/claims.go
index 7fea3c8..65f6bec 100644
--- a/internal/types/claims.go
+++ b/internal/types/claims.go
@@ -12,7 +12,7 @@ type ApiClaims struct {
 	Email         string   `json:"email"`
 	EmailVerified bool     `json:"email_verified"`
 	Name          string   `json:"name"`
-	Picture       string   `json:"picture"`
+	Picture       *string  `json:"picture"`
 	Nonce         string   `json:"nonce"`
 	Roles         []string `json:"roles"`
 	// TODO: add given_name, family_name, locale...
diff --git a/internal/user/routes.go b/internal/user/routes.go
index e4685d3..864b702 100644
--- a/internal/user/routes.go
+++ b/internal/user/routes.go
@@ -19,7 +19,6 @@ import (
 	"gitea.local/admin/hspguard/internal/web"
 	"github.com/go-chi/chi/v5"
 	"github.com/google/uuid"
-	"github.com/jackc/pgx/v5/pgtype"
 	"github.com/minio/minio-go/v7"
 )
 
@@ -170,11 +169,8 @@ func (h *UserHandler) uploadAvatar(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if err := h.repo.UpdateProfilePicture(r.Context(), repository.UpdateProfilePictureParams{
-		ProfilePicture: pgtype.Text{
-			String: uploadInfo.Key,
-			Valid:  true,
-		},
-		ID: user.ID,
+		ProfilePicture: &uploadInfo.Key,
+		ID:             user.ID,
 	}); err != nil {
 		web.Error(w, "failed to update profile picture", http.StatusInternalServerError)
 		return