diff --git a/api/classes/datahandler.php b/api/classes/datahandler.php
index 4858832..dcc0678 100644
--- a/api/classes/datahandler.php
+++ b/api/classes/datahandler.php
@@ -84,8 +84,8 @@ class Datahandler {
 
         // check expiration date
         if (
-            !empty($poll_data->poll->expirationDate) &&
-            self::isExpired($poll_data->poll->expirationDate)
+            !empty($poll_data->poll->serverExpirationDate) &&
+            self::isExpired($poll_data->poll->serverExpirationDate)
         ) {
             $this->deletePoll($poll_id);
             return false;
@@ -122,6 +122,13 @@ class Datahandler {
                 }
             }
         }
+
+        // do not include properties prefixed by server in response
+        foreach ($poll_data->poll as $key => $value) {
+          if(strpos($key, "server") === 0) {
+            unset($poll_data->poll->$key);
+          }
+        }
         
         return json_encode($poll_data);
     }
diff --git a/api/cron.php b/api/cron.php
index 640da27..f080b01 100644
--- a/api/cron.php
+++ b/api/cron.php
@@ -44,7 +44,7 @@ while(false !== ($poll_dir = readdir($data_folder_handler))) {
 
   $polls_processed ++;
   
-  if(datahandler::isExpired($poll_data->poll->expirationDate)) {
+  if(datahandler::isExpired($poll_data->poll->serverExpirationDate)) {
     $datahandler = new datahandler();
     $datahandler->deletePoll($poll_dir);
 
diff --git a/api/tests/api/GetPollCept.php b/api/tests/api/GetPollCept.php
index b6bf2d1..5152934 100644
--- a/api/tests/api/GetPollCept.php
+++ b/api/tests/api/GetPollCept.php
@@ -13,7 +13,8 @@ $pollData = [
     "encryptedAnonymousUser" => "{\"iv\":\"Rv75z29GDIbZ/RGRs+uq0Q==\",\"v\":1,\"iter\":1000,\"ks\":128,\"ts\":64,\"mode\":\"ccm\",\"adata\":\"\",\"cipher\":\"aes\",\"salt\":\"3GQYS4Ils60=\",\"ct\":\"/7sj+sLWPYOWJgvslg==\"}",
     "encryptedIsDateTime" => "{\"iv\":\"noz0JF1Uzv74e27gMu55Kw==\",\"v\":1,\"iter\":1000,\"ks\":128,\"ts\":64,\"mode\":\"ccm\",\"adata\":\"\",\"cipher\":\"aes\",\"salt\":\"3GQYS4Ils60=\",\"ct\":\"Igefluift7+Wedo1Cw==\"}",
     "encryptedTimezone" => "{\"iv\":\"/sBs7oP15FsJ7qSUSHvewA==\",\"v\":1,\"iter\":1000,\"ks\":128,\"ts\":64,\"mode\":\"ccm\",\"adata\":\"\",\"cipher\":\"aes\",\"salt\":\"3GQYS4Ils60=\",\"ct\":\"TqJBGIjSGIcVsQ==\"}",
-    "expirationDate" => "2015-11-01T17:57:03.713Z",
+    "encryptedExpirationDate" => "{\"iv\":\"Jmclqi7ZDjKZ1O9t6HgkyQ==\",\"v\":1,\"iter\":1000,\"ks\":128,\"ts\":64,\"mode\":\"ccm\",\"adata\":\"\",\"cipher\":\"aes\",\"salt\":\"CnrCEy2AX1c=\",\"ct\":\"jg0bpNknoJcB4CAumtSEjyRNy845vzbfM6QQeNx0M60ZAw==\"}",
+    "serverExpirationDate" => "2015-11-01T17:57:03.713Z",
     "version" => "v0.3.0+d26cd827"
   ]
 ];
@@ -25,5 +26,10 @@ $I->wantTo('get an existing poll');
 $I->sendGET('/polls/' . $pollId);
 $I->seeResponseCodeIs(200);
 $I->seeResponseIsJson();
+
+unset($pollData["poll"]["serverExpirationDate"]);
 $I->seeResponseContainsJson($pollData);
+
 $I->seeResponseContainsJson(["poll" => ["id" => $pollId]]);
+
+$I->dontSeeResponseJsonMatchesJsonPath('poll.serverExpirationDate');
diff --git a/app/controllers/create.js b/app/controllers/create.js
index 831a108..148eed0 100644
--- a/app/controllers/create.js
+++ b/app/controllers/create.js
@@ -144,6 +144,10 @@ export default Ember.Controller.extend({
       this.set('model.timezone', '');
     }
   }.observes('model.isDateTime', 'model.isFindADate'),
+
+  syncExpirationDate: function() {
+    this.set('model.serverExpirationDate', this.get('model.expirationDate'));
+  }.observes('model.expirationDate'),
   
   /*
    * validate if a given time string is in valid format
diff --git a/app/models/poll.js b/app/models/poll.js
index b3b0fae..f43b3ae 100644
--- a/app/models/poll.js
+++ b/app/models/poll.js
@@ -39,7 +39,11 @@ export default DS.Model.extend({
   encryptedTimezone : DS.attr('string'),
   timezone : Ember.computed.encrypted('encryptedTimezone', 'string'),
 
-  expirationDate : DS.attr('string'),
+  encryptedExpirationDate : DS.attr('string'),
+  expirationDate : Ember.computed.encrypted('encryptedExpirationDate', 'string'),
+
+  // store expiration date unencrypted on create
+  serverExpirationDate : DS.attr('string'),
 
   version : DS.attr('string'),
   
diff --git a/package.json b/package.json
index 3e2bc5f..b0d8915 100644
--- a/package.json
+++ b/package.json
@@ -39,6 +39,7 @@
     "ember-cli-moment-shim": "0.6.0",
     "ember-cli-pretender": "0.3.2",
     "ember-cli-qunit": "0.3.13",
+    "ember-cli-sri": "1.0.3",
     "ember-cli-uglify": "^1.0.1",
     "ember-data": "1.0.0-beta.18",
     "ember-disable-proxy-controllers": "^1.0.0",