diff --git a/db/migrations/20180308192638-create-user.js b/db/migrations/20180308192638-create-user.js
deleted file mode 100644
index c8cb43f1a..000000000
--- a/db/migrations/20180308192638-create-user.js
+++ /dev/null
@@ -1,30 +0,0 @@
-'use strict';
-module.exports = {
-  up: (queryInterface, Sequelize) => {
-    return queryInterface.createTable('Users', {
-      id: {
-        allowNull: false,
-        autoIncrement: true,
-        primaryKey: true,
-        type: Sequelize.INTEGER
-      },
-      email: {
-        type: Sequelize.STRING
-      },
-      sha1: {
-        type: Sequelize.STRING
-      },
-      createdAt: {
-        allowNull: false,
-        type: Sequelize.DATE
-      },
-      updatedAt: {
-        allowNull: false,
-        type: Sequelize.DATE
-      }
-    });
-  },
-  down: (queryInterface, Sequelize) => {
-    return queryInterface.dropTable('Users');
-  }
-};
\ No newline at end of file
diff --git a/db/migrations/201803121600-update-user-add-verification-token.js b/db/migrations/201803121600-update-user-add-verification-token.js
deleted file mode 100644
index 2d1e5c48d..000000000
--- a/db/migrations/201803121600-update-user-add-verification-token.js
+++ /dev/null
@@ -1,12 +0,0 @@
-'use strict';
-
-module.exports = {
-  up: (queryInterface, Sequelize) => {
-    return queryInterface.addColumn('Users', 'verificationToken', {
-      type: Sequelize.STRING,
-    });
-  },
-  down: (queryInterface, Sequelize) => {
-    return queryInterface.removeColumn('Users', 'verificationToken');
-  }
-};
diff --git a/db/migrations/20180327165814-create-email-hash.js b/db/migrations/20180327165814-create-email-hash.js
index cc43e9abf..dbb34953a 100644
--- a/db/migrations/20180327165814-create-email-hash.js
+++ b/db/migrations/20180327165814-create-email-hash.js
@@ -8,6 +8,9 @@ module.exports = {
         primaryKey: true,
         type: Sequelize.INTEGER
       },
+      SubscriberId: {
+        type: Sequelize.INTEGER,
+      },
       sha1: {
         type: Sequelize.STRING
       },
@@ -24,4 +27,4 @@ module.exports = {
   down: (queryInterface, Sequelize) => {
     return queryInterface.dropTable('EmailHashes');
   }
-};
\ No newline at end of file
+};
diff --git a/routes/home.js b/routes/home.js
index aa43ba81b..3fe6ca18a 100644
--- a/routes/home.js
+++ b/routes/home.js
@@ -2,24 +2,32 @@
 
 const crypto = require("crypto");
 const express = require("express");
-const router = express.Router();
+const bodyParser = require("body-parser");
 
 const models = require("../db/models");
 
-router.get("/", (req, res) => {
+const router = express.Router();
+const urlEncodedParser = bodyParser.urlencoded({ extended: false });
+
+router.get("/", urlEncodedParser, (req, res) => {
   res.render("home", {
     title: "Firefox Breach Alerts",
   });
 });
 
-router.post("/scan", async (req, res) => {
+router.post("/scan", urlEncodedParser, async (req, res) => {
   const email = req.body.email;
-  const emailHash = await models.EmailHash.findOne({ where: { sha1: getSha1(email) }});
-  const foundBreaches = (await emailHash.getBreaches()).map(aBreach => aBreach.dataValues.name);
+  let foundBreaches;
+  if (email) {
+    const emailHash = await models.EmailHash.findOne({ where: { sha1: getSha1(email) }});
+    if (emailHash) {
+      foundBreaches = (await emailHash.getBreaches()).map(aBreach => aBreach.dataValues);
+    }
+  }
   res.render("scan", {
     title: "Firefox Breach Alerts: Scan Results",
     email: email,
-    breaches: foundBreaches,
+    foundBreaches: foundBreaches,
   });
 });
 
diff --git a/routes/oauth.js b/routes/oauth.js
index 600c5d4f7..e9aa3513f 100644
--- a/routes/oauth.js
+++ b/routes/oauth.js
@@ -5,8 +5,8 @@ const AppConstants = require("../app-constants");
 const ClientOAuth2 = require("client-oauth2");
 const crypto = require("crypto");
 const express = require("express");
+const bodyParser = require("body-parser");
 const popsicle = require("popsicle");
-const router = express.Router();
 
 const models = require("../db/models");
 
@@ -28,7 +28,10 @@ const FxAOAuth = new ClientOAuth2({
   scopes: ["profile:email"],
 });
 
-router.get("/init", (req, res) => {
+const router = express.Router();
+const jsonParser = bodyParser.json();
+
+router.get("/init", jsonParser, (req, res) => {
   // Set a random state string in a cookie so that we can verify
   // the user when they're redirected back to us after auth.
   const state = crypto.randomBytes(40).toString("hex");
@@ -37,7 +40,7 @@ router.get("/init", (req, res) => {
   res.redirect(uri);
 });
 
-router.get("/redirect", async (req, res) => {
+router.get("/redirect", jsonParser, async (req, res) => {
   if (!req.session.state) {
     // TODO: Needs better error message
     res.send("Who are you?");
diff --git a/routes/user.js b/routes/user.js
index 99c0cf0c7..5a0a2e698 100644
--- a/routes/user.js
+++ b/routes/user.js
@@ -3,7 +3,7 @@
 const AppConstants = require("../app-constants");
 
 const express = require("express");
-const router = express.Router();
+const bodyParser = require("body-parser");
 
 const models = require("../db/models");
 const EmailUtils = require("../email-utils");
@@ -15,7 +15,10 @@ const ResponseCodes = Object.freeze({
   TokenMismatch: 102,
 });
 
-router.post("/add", async (req, res) => {
+const router = express.Router();
+const jsonParser = bodyParser.json();
+
+router.post("/add", jsonParser, async (req, res) => {
   const user = await models.Subscriber.create({ email: req.body.email });
   const url = `${AppConstants.SERVER_URL}/user/verify?state=${encodeURIComponent(user.verificationToken)}&email=${encodeURIComponent(user.email)}`;
 
@@ -38,7 +41,7 @@ router.post("/add", async (req, res) => {
   }
 });
 
-router.get("/verify", async (req, res) => {
+router.get("/verify", jsonParser, async (req, res) => {
   const user = await models.Subscriber.findOne({ where: { email: req.query.email, verificationToken: req.query.state } });
   if (user === null) {
     res.status(400).json({
@@ -55,7 +58,7 @@ router.get("/verify", async (req, res) => {
   });
 });
 
-router.post("/remove", async (req, res) => {
+router.post("/remove", jsonParser, async (req, res) => {
   models.Subscriber.destroy({ where: { email: req.query.email } });
   res.status(200).json({
     info: "Deleted user.",
diff --git a/server.js b/server.js
index 59aadd55d..6e4d06d8e 100644
--- a/server.js
+++ b/server.js
@@ -2,7 +2,6 @@
 
 const AppConstants = require("./app-constants");
 
-const bodyParser = require("body-parser");
 const express = require("express");
 const hbs = require("express-hbs");
 const sessions = require("client-sessions");
@@ -13,7 +12,6 @@ const OAuthRoutes = require("./routes/oauth");
 const UserRoutes = require("./routes/user");
 
 const app = express();
-app.use(bodyParser.json());
 app.use(express.static("public"));
 
 app.engine("hbs", hbs.express4({
diff --git a/views/scan.hbs b/views/scan.hbs
index 68529fd3f..7b4884207 100644
--- a/views/scan.hbs
+++ b/views/scan.hbs
@@ -16,11 +16,16 @@
     <div class="grid-x grid-margin-x grid-padding-x grid-margin-y grid-padding-y">
 
       <div class="cell small-8">
-        <h2>Uh oh! Here are your results</h2>
+        {{#if foundBreaches }}
+          <h2>Uh oh! Here are your results</h2>
+        {{ else }}
+          <h2>No breaches found.</h2>
+        {{/if}}
+
         <h3>{{ email }} <a href="">Subscribe</a></h3>
-        <div class="callout alert"><img src="http://via.placeholder.com/100x100">Really bad breach</div>
-        <div class="callout warning"><img src="http://via.placeholder.com/100x100">Bad breach</div>
-        <div class="callout secondary"><img src="http://via.placeholder.com/100x100">Regular breach</div>
+        {{#each foundBreaches }}
+          <div class="callout alert"><img src="http://via.placeholder.com/100x100">{{ name }}</div>
+        {{/each}}
       </div>
 
       <div class="cell small-4">