diff --git a/plugins/emailstore.js b/plugins/emailstore.js
index 54b1bc3..7598325 100644
--- a/plugins/emailstore.js
+++ b/plugins/emailstore.js
@@ -149,6 +149,7 @@
    */
   emailPlugin.sendVerificationEmail = function(email, secret) {
     var confirmUrl = emailPlugin.makeConfirmUrl(email, secret);
+
     async.series([
 
       function(callback) {
@@ -381,9 +382,9 @@
           secret: secret,
           expires: moment().add(DAYS_TO_EXPIRATION, 'days').unix(),
         };
-        emailPlugin.db.put(pendingKey(email), value, function(err) {
+        emailPlugin.db.put(pendingKey(email), JSON.stringify(value), function(err) {
           if (err) {
-            logger.error('error saving pending data:', email, secret);
+            logger.error('error saving pending data:', email, value);
             return callback(emailPlugin.errors.INTERNAL_ERROR);
           }
           return callback(null, secret);
@@ -761,11 +762,16 @@
         }, response);
       }
 
-      if (_.isObject(value)) {
-        if (moment().unix() > value.expires) {
+      var parsed = null;
+      try {
+        parsed = JSON.parse(value);
+      } catch (e) {}
+
+      if (parsed && _.isObject(parsed)) {
+        if (moment().unix() > parsed.expires) {
           return emailPlugin.returnError(emailPlugin.errors.REGISTRATION_EXPIRED, response);
         } else {
-          value = value.secret;
+          value = parsed.secret;
         }
       }
 
diff --git a/test/test.EmailStore.js b/test/test.EmailStore.js
index d46993c..13da8c6 100644
--- a/test/test.EmailStore.js
+++ b/test/test.EmailStore.js
@@ -228,7 +228,7 @@ describe('emailstore test', function() {
         setupLevelDb();
         var clock = sinon.useFakeTimers();
         plugin.createVerificationSecretAndSendEmail(fakeEmail, function(err) {
-          var arg = leveldb_stub.put.firstCall.args[1];
+          var arg = JSON.parse(leveldb_stub.put.firstCall.args[1]);
           arg.secret.should.equal(fakeRandom);
           arg.expires.should.equal(moment().add(7, 'days').unix());
           clock.restore();
@@ -378,10 +378,10 @@ describe('emailstore test', function() {
     });
 
     it('should validate correctly an email if the secret matches (using expiration date)', function() {
-      leveldb_stub.get.onFirstCall().callsArgWith(1, null, {
+      leveldb_stub.get.onFirstCall().callsArgWith(1, null, JSON.stringify({
         secret: secret,
         expires: moment().add(7, 'days').unix(),
-      });
+      }));
       leveldb_stub.del = sinon.stub().yields(null);
       response.redirect = sinon.stub();
 
@@ -406,10 +406,10 @@ describe('emailstore test', function() {
     });
 
     it('should fail to validate an email if the secret has expired', function() {
-      leveldb_stub.get.onFirstCall().callsArgWith(1, null, {
+      leveldb_stub.get.onFirstCall().callsArgWith(1, null, JSON.stringify({
         secret: secret,
         expires: moment().subtract(2, 'days').unix(),
-      });
+      }));
       response.status.returnsThis();
       response.json.returnsThis();