diff --git a/src/controllers/user.js b/src/controllers/user.js
index 5174d6f955..063aa5cceb 100644
--- a/src/controllers/user.js
+++ b/src/controllers/user.js
@@ -166,6 +166,9 @@ acceptablePUTPaths = _.reduce(require('./../models/user').schema.paths, function
   if (found) m[leaf]=true;
   return m;
 }, {})
+_.each('stats.gp'.split(' '), function(removePath){
+  delete acceptablePUTPaths[removePath];
+})
 
 /**
  * Update user
@@ -257,6 +260,8 @@ api.addTenGems = function(req, res) {
   })
 }
 
+// TODO delete plan
+
 /*
  Setup Stripe response when posting payment
  */
@@ -264,20 +269,39 @@ api.buyGems = function(req, res) {
   var api_key = nconf.get('STRIPE_API_KEY');
   var stripe = require("stripe")(api_key);
   var token = req.body.id;
-  // console.dir {token:token, req:req}, 'stripe'
+  var user = res.locals.user;
 
   async.waterfall([
     function(cb){
-      stripe.charges.create({
-        amount: "500", // $5
-        currency: "usd",
-        card: token
-      }, cb);
+      if (req.query.plan) {
+        stripe.customers.create({
+          email: req.body.email,
+          metadata: {uuid: res.locals.user._id},
+          card: token,
+          plan: req.query.plan,
+        }, cb);
+      } else {
+        stripe.charges.create({
+          amount: "500", // $5
+          currency: "usd",
+          card: token
+        }, cb);
+      }
     },
     function(response, cb) {
-      res.locals.user.balance += 5;
-      res.locals.user.purchased.ads = true;
-      res.locals.user.save(cb);
+      //user.purchased.ads = true;
+      if (req.query.plan) {
+        user.purchased.plan = {
+          planId:'basic_earned',
+          customerId: response.id,
+          dateCreated: new Date,
+          dateUpdated: new Date,
+          gemsBought: 0
+        };
+      } else {
+        user.balance += 5;
+      }
+      user.save(cb);
     }
   ], function(err, saved){
     if (err) return res.send(500, err.toString()); // don't json this, let toString() handle errors
@@ -285,6 +309,29 @@ api.buyGems = function(req, res) {
   });
 };
 
+api.cancelSubscription = function(req, res) {
+  var api_key = nconf.get('STRIPE_API_KEY');
+  var stripe = require("stripe")(api_key);
+  var user = res.locals.user;
+  if (!user.purchased.plan.customerId)
+    return res.json(401, {err: "User does not have a plan subscription"});
+
+  async.waterfall([
+    function(cb) {
+      stripe.customers.del(user.purchased.plan.customerId, cb);
+    },
+    function(response, cb) {
+      user.purchased.plan = {};
+      user.markModified('purchased.plan');
+      user.save(cb);
+    }
+  ], function(err, saved){
+    if (err) return res.send(500, err.toString()); // don't json this, let toString() handle errors
+    res.send(200, saved);
+  });
+
+}
+
 api.buyGemsPaypalIPN = function(req, res, next) {
   res.send(200);
   ipn.verify(req.body, function callback(err, msg) {
@@ -298,7 +345,7 @@ api.buyGemsPaypalIPN = function(req, res, next) {
         if (_.isEmpty(user)) err = "user not found with uuid " + uuid + " when completing paypal transaction";
         if (err) return nex(err);
         user.balance += 5;
-        user.purchased.ads = true;
+        //user.purchased.ads = true;
         user.save();
         console.log('PayPal transaction completed and user updated');
       });
diff --git a/src/models/user.js b/src/models/user.js
index ef8a8b3e18..391810fb54 100644
--- a/src/models/user.js
+++ b/src/models/user.js
@@ -78,6 +78,13 @@ var UserSchema = new Schema({
     skin: {type: Schema.Types.Mixed, 'default': {}}, // eg, {skeleton: true, pumpkin: true, eb052b: true}
     hair: {type: Schema.Types.Mixed, 'default': {}},
     shirt: {type: Schema.Types.Mixed, 'default': {}},
+    plan: {
+      planId: String,
+      customerId: String,
+      dateCreated: Date,
+      dateUpdated: Date,
+      gemsBought: {type: Number, 'default': 0}
+    }
   },
 
   flags: {
diff --git a/src/routes/apiv2.coffee b/src/routes/apiv2.coffee
index 2d8bc073ab..513fb7e312 100644
--- a/src/routes/apiv2.coffee
+++ b/src/routes/apiv2.coffee
@@ -304,6 +304,11 @@ module.exports = (swagger, v2) ->
       middleware: auth.auth
       action:user.buyGems
 
+    "/user/cancel-subscription":
+      spec: method: 'POST', description: "Do not use this route"
+      middleware: auth.auth
+      action:user.cancelSubscription
+
     "/user/buy-gems/paypal-ipn":
       spec:
         method: 'POST'
diff --git a/views/shared/modals/new-stuff.jade b/views/shared/modals/new-stuff.jade
index 096590cbce..9eb471415b 100644
--- a/views/shared/modals/new-stuff.jade
+++ b/views/shared/modals/new-stuff.jade
@@ -42,7 +42,7 @@ div(modal='modals.newStuff')
                 tr
                   td
                     h5 <a href='/#/options/groups/challenges/95533e05-1ff9-4e46-970b-d77219f199e9' target='_blank'>Spread The Word Challenge</a> Update
-                    p We have 2k+ submissions, holy cow! Great job everyone! Now, we need to go through these manually, so it will take a few days to a couple weeks to process. The challenge will stay open until we're done choosing our winners, but be sure to edit the To-Do with your submission URL before 1/31, as that's the cut-off date for processing. We'll send a Tweet out when the winner has been selected, so follow <a href='https://twitter.com/habitrpg' target='_blank'>@habitrpg</a> and stay tuned.
+                    p We have 1k+ submissions, holy cow! Great job everyone! Now, we need to go through these manually, so it will take a few days to a couple weeks to process. The challenge will stay open until we're done choosing our winners, but be sure to edit the To-Do with your submission URL before 1/31, as that's the cut-off date for processing. We'll send a Tweet out when the winner has been selected, so follow <a href='https://twitter.com/habitrpg' target='_blank'>@habitrpg</a> and stay tuned.