diff --git a/src/web/pug/guild.pug b/src/web/pug/guild.pug
index 5899b98..d66c4f4 100644
--- a/src/web/pug/guild.pug
+++ b/src/web/pug/guild.pug
@@ -69,8 +69,7 @@ block body
         .grid--row-start2
           button.s-btn.s-btn__filled#invite-button Invite
     div
-      .s-card.d-flex.ai-center.jc-center(style="min-width: 130px; min-height: 130px;")
-        button.s-btn.s-btn__filled(hx-get=`/qr?guild_id=${guild_id}` hx-indicator="closest button" hx-swap="outerHTML" hx-disabled-elt="this") Show QR
+      != svg
 
   if space_id
     h2.mt48.fs-headline1 Matrix setup
@@ -134,19 +133,19 @@ block body
             | How people can join on Matrix
             span#privacy-level-loading
         .s-toggle-switch.s-toggle-switch__multiple.s-toggle-switch__incremental.d-grid.gx16.ai-center(style="grid-template-columns: auto 1fr")
-          input(type="radio" name="privacy_level" value="directory" id="privacy-level-directory" checked=(privacy_level === 2))
+          input(type="radio" name="level" value="directory" id="privacy-level-directory" checked=(privacy_level === 2))
           label.d-flex.gx8.jc-center.grid--row-start3(for="privacy-level-directory")
             != icons.Icons.IconPlusSm
             != icons.Icons.IconInternationalSm
             .fl-grow1 Directory
 
-          input(type="radio" name="privacy_level" value="link" id="privacy-level-link" checked=(privacy_level === 1))
+          input(type="radio" name="level" value="link" id="privacy-level-link" checked=(privacy_level === 1))
           label.d-flex.gx8.jc-center.grid--row-start2(for="privacy-level-link")
             != icons.Icons.IconPlusSm
             != icons.Icons.IconLinkSm
             .fl-grow1 Link
 
-          input(type="radio" name="privacy_level" value="invite" id="privacy-level-invite" checked=(privacy_level === 0))
+          input(type="radio" name="level" value="invite" id="privacy-level-invite" checked=(privacy_level === 0))
           label.d-flex.gx8.jc-center.grid--row-start1(for="privacy-level-invite")
             svg.svg-icon(width="14" height="14" viewBox="0 0 14 14")
             != icons.Icons.IconLockSm
diff --git a/src/web/routes/guild-settings.js b/src/web/routes/guild-settings.js
index b640d36..cdb9a63 100644
--- a/src/web/routes/guild-settings.js
+++ b/src/web/routes/guild-settings.js
@@ -20,75 +20,77 @@ function getCreateSpace(event) {
 	return event.context.createSpace || sync.require("../../d2m/actions/create-space")
 }
 
-/**
- * @typedef Options
- * @prop {(value: string?) => number} transform
- * @prop {(event: H3Event, guildID: string) => any} [after]
- * @prop {keyof import("../../db/orm-defs").Models} table
- */
-
-/**
- * @template {string} T
- * @param {T} key
- * @param {Partial<Options>} [inputOptions]
- */
-function defineToggle(key, inputOptions) {
-	/** @type {Options} */
-	const options = {
-		transform: x => +!!x, // convert toggle to 0 or 1
-		table: "guild_space"
-	}
-	Object.assign(options, inputOptions)
-	return defineEventHandler(async event => {
-		const bodySchema = z.object({
-			guild_id: z.string(),
-			[key]: z.string().optional()
-		})
-		/** @type {Record<T, string?> & Record<"guild_id", string> & Record<string, unknown>} */ // @ts-ignore
-		const parsedBody = await readValidatedBody(event, bodySchema.parse)
-		const managed = await auth.getManagedGuilds(event)
-		if (!managed.has(parsedBody.guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't change settings for a guild you don't have Manage Server permissions in"})
-
-		const value = options.transform(parsedBody[key])
-		assert(typeof value === "number")
-		db.prepare(`UPDATE ${options.table} SET ${key} = ? WHERE guild_id = ?`).run(value, parsedBody.guild_id)
-
-		return (options.after && await options.after(event, parsedBody.guild_id)) || null
+/** @type {["invite", "link", "directory"]} */
+const levels = ["invite", "link", "directory"]
+const schema = {
+	autocreate: z.object({
+		guild_id: z.string(),
+		autocreate: z.string().optional()
+	}),
+	urlPreview: z.object({
+		guild_id: z.string(),
+		url_preview: z.string().optional()
+	}),
+	presence: z.object({
+		guild_id: z.string(),
+		presence: z.string().optional()
+	}),
+	privacyLevel: z.object({
+		guild_id: z.string(),
+		level: z.enum(levels)
 	})
 }
 
-as.router.post("/api/autocreate", defineToggle("autocreate", {
-	table: "guild_active",
-	after(event, guild_id) {
-		// If showing a partial page due to incomplete setup, need to refresh the whole page to show the alternate version
-		const spaceID = select("guild_space", "space_id", {guild_id}).pluck().get()
-		if (!spaceID) {
-			if (getRequestHeader(event, "HX-Request")) {
-				setResponseHeader(event, "HX-Refresh", "true")
-			} else {
-				return sendRedirect(event, "", 302)
-			}
+as.router.post("/api/autocreate", defineEventHandler(async event => {
+	const parsedBody = await readValidatedBody(event, schema.autocreate.parse)
+	const managed = await auth.getManagedGuilds(event)
+	if (!managed.has(parsedBody.guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't change settings for a guild you don't have Manage Server permissions in"})
+
+	db.prepare("UPDATE guild_active SET autocreate = ? WHERE guild_id = ?").run(+!!parsedBody.autocreate, parsedBody.guild_id)
+
+	// If showing a partial page due to incomplete setup, need to refresh the whole page to show the alternate version
+	const spaceID = select("guild_space", "space_id", {guild_id: parsedBody.guild_id}).pluck().get()
+	if (!spaceID) {
+		if (getRequestHeader(event, "HX-Request")) {
+			setResponseHeader(event, "HX-Refresh", "true")
+		} else {
+			return sendRedirect(event, "", 302)
 		}
 	}
+
+	return null // 204
 }))
 
-as.router.post("/api/url-preview", defineToggle("url_preview"))
+as.router.post("/api/url-preview", defineEventHandler(async event => {
+	const parsedBody = await readValidatedBody(event, schema.urlPreview.parse)
+	const managed = await auth.getManagedGuilds(event)
+	if (!managed.has(parsedBody.guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't change settings for a guild you don't have Manage Server permissions in"})
 
-as.router.post("/api/presence", defineToggle("presence", {
-	after() {
-		setPresence.guildPresenceSetting.update()
-	}
+	db.prepare("UPDATE guild_space SET url_preview = ? WHERE guild_id = ?").run(+!!parsedBody.url_preview, parsedBody.guild_id)
+
+	return null // 204
 }))
 
-as.router.post("/api/privacy-level", defineToggle("privacy_level", {
-	transform(value) {
-		assert(value)
-		const i = ["invite", "link", "directory"].indexOf(value)
-		assert.notEqual(i, -1)
-		return i
-	},
-	async after(event, guildID) {
-		const createSpace = getCreateSpace(event)
-		await createSpace.syncSpaceFully(guildID) // this is inefficient but OK to call infrequently on user request
-	}
+as.router.post("/api/presence", defineEventHandler(async event => {
+	const parsedBody = await readValidatedBody(event, schema.presence.parse)
+	const managed = await auth.getManagedGuilds(event)
+	if (!managed.has(parsedBody.guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't change settings for a guild you don't have Manage Server permissions in"})
+
+	db.prepare("UPDATE guild_space SET presence = ? WHERE guild_id = ?").run(+!!parsedBody.presence, parsedBody.guild_id)
+	setPresence.guildPresenceSetting.update()
+
+	return null // 204
+}))
+
+as.router.post("/api/privacy-level", defineEventHandler(async event => {
+	const parsedBody = await readValidatedBody(event, schema.privacyLevel.parse)
+	const managed = await auth.getManagedGuilds(event)
+	if (!managed.has(parsedBody.guild_id)) throw createError({status: 403, message: "Forbidden", data: "Can't change settings for a guild you don't have Manage Server permissions in"})
+
+	const createSpace = getCreateSpace(event)
+	const i = levels.indexOf(parsedBody.level)
+	assert.notEqual(i, -1)
+	db.prepare("UPDATE guild_space SET privacy_level = ? WHERE guild_id = ?").run(i, parsedBody.guild_id)
+	await createSpace.syncSpaceFully(parsedBody.guild_id) // this is inefficient but OK to call infrequently on user request
+	return null // 204
 }))
diff --git a/src/web/routes/guild-settings.test.js b/src/web/routes/guild-settings.test.js
index fccc266..19c36af 100644
--- a/src/web/routes/guild-settings.test.js
+++ b/src/web/routes/guild-settings.test.js
@@ -54,7 +54,7 @@ test("web privacy level: checks permissions", async t => {
 	const [error] = await tryToCatch(() => router.test("post", "/api/privacy-level", {
 		body: {
 			guild_id: "112760669178241024",
-			privacy_level: "directory"
+			level: "directory"
 		}
 	}))
 	t.equal(error.data, "Can't change settings for a guild you don't have Manage Server permissions in")
@@ -68,7 +68,7 @@ test("web privacy level: updates privacy level", async t => {
 		},
 		body: {
 			guild_id: "112760669178241024",
-			privacy_level: "directory"
+			level: "directory"
 		},
 		createSpace: {
 			async syncSpaceFully(guildID) {
@@ -81,16 +81,3 @@ test("web privacy level: updates privacy level", async t => {
 	t.equal(called, 1)
 	t.equal(select("guild_space", "privacy_level", {guild_id: "112760669178241024"}).pluck().get(), 2) // directory = 2
 })
-
-test("web presence: updates presence", async t => {
-	await router.test("post", "/api/presence", {
-		sessionData: {
-			managedGuilds: ["112760669178241024"]
-		},
-		body: {
-			guild_id: "112760669178241024"
-			// presence is on by default - turn it off
-		}
-	})
-	t.equal(select("guild_space", "presence", {guild_id: "112760669178241024"}).pluck().get(), 0)
-})
diff --git a/src/web/routes/guild.js b/src/web/routes/guild.js
index f39d603..64e79ed 100644
--- a/src/web/routes/guild.js
+++ b/src/web/routes/guild.js
@@ -21,9 +21,6 @@ const schema = {
 	guild: z.object({
 		guild_id: z.string().optional()
 	}),
-	qr: z.object({
-		guild_id: z.string().optional()
-	}),
 	invite: z.object({
 		mxid: z.string().regex(/@([^:]+):([a-z0-9:-]+\.[a-z0-9.:-]+)/),
 		permissions: z.enum(["default", "moderator", "admin"]),
@@ -130,33 +127,6 @@ as.router.get("/guild", defineEventHandler(async event => {
 		return pugSync.render(event, "guild_not_linked.pug", {guild, guild_id, spaces})
 	}
 
-	// Easy mode guild that hasn't been linked yet - need to remove elements that would require an existing space
-	if (!row.space_id) {
-		const links = getChannelRoomsLinks(guild_id, [])
-		return pugSync.render(event, "guild.pug", {guild, guild_id, ...links, ...row})
-	}
-
-	// Linked guild
-	const api = getAPI(event)
-	const mods = await api.getStateEvent(row.space_id, "m.room.power_levels", "")
-	const banned = await api.getMembers(row.space_id, "ban")
-	const rooms = await api.getFullHierarchy(row.space_id)
-	const links = getChannelRoomsLinks(guild_id, rooms)
-	return pugSync.render(event, "guild.pug", {guild, guild_id, mods, banned, ...links, ...row})
-}))
-
-as.router.get("/qr", defineEventHandler(async event => {
-	const {guild_id} = await getValidatedQuery(event, schema.qr.parse)
-	const managed = await auth.getManagedGuilds(event)
-	const row = from("guild_active").join("guild_space", "guild_id", "left").select("space_id", "privacy_level", "autocreate").where({guild_id}).get()
-	// @ts-ignore
-	const guild = discord.guilds.get(guild_id)
-
-	// Permission problems
-	if (!guild_id || !guild || !managed.has(guild_id) || !row) {
-		return pugSync.render(event, "guild_access_denied.pug", {guild_id, row})
-	}
-
 	const nonce = randomUUID()
 	validNonce.set(nonce, guild_id)
 
@@ -167,7 +137,19 @@ as.router.get("/qr", defineEventHandler(async event => {
 	const svg = generatedSvg.replace(/viewBox="0 0 ([0-9]+) ([0-9]+)"/, `data-nonce="${nonce}" width="$1" height="$2" $&`)
 	assert.notEqual(svg, generatedSvg)
 
-	return svg
+	// Easy mode guild that hasn't been linked yet - need to remove elements that would require an existing space
+	if (!row.space_id) {
+		const links = getChannelRoomsLinks(guild_id, [])
+		return pugSync.render(event, "guild.pug", {guild, guild_id, svg, ...links, ...row})
+	}
+
+	// Linked guild
+	const api = getAPI(event)
+	const mods = await api.getStateEvent(row.space_id, "m.room.power_levels", "")
+	const banned = await api.getMembers(row.space_id, "ban")
+	const rooms = await api.getFullHierarchy(row.space_id)
+	const links = getChannelRoomsLinks(guild_id, rooms)
+	return pugSync.render(event, "guild.pug", {guild, guild_id, svg, mods, banned, ...links, ...row})
 }))
 
 as.router.get("/invite", defineEventHandler(async event => {
diff --git a/src/web/routes/guild.test.js b/src/web/routes/guild.test.js
index ea59173..02c6767 100644
--- a/src/web/routes/guild.test.js
+++ b/src/web/routes/guild.test.js
@@ -34,16 +34,6 @@ test("web guild: access denied when guild id messed up", async t => {
 	t.has(html, "the selected server doesn't exist")
 })
 
-test("web qr: access denied when guild id messed up", async t => {
-	const html = await router.test("get", "/qr?guild_id=1", {
-		sessionData: {
-			userID: "1",
-			managedGuilds: []
-		},
-	})
-	t.has(html, "the selected server doesn't exist")
-})
-
 test("web invite: access denied with invalid nonce", async t => {
 	const html = await router.test("get", "/invite?nonce=1")
 	t.match(html, /This QR code has expired./)
@@ -95,7 +85,7 @@ test("web guild: unbridged self-service guild shows available spaces", async t =
 })
 
 
-test("web guild: can view bridged guild when logged in with discord", async t => {
+test("web guild: can view bridged guild", async t => {
 	const html = await router.test("get", "/guild?guild_id=112760669178241024", {
 		sessionData: {
 			managedGuilds: ["112760669178241024"]
@@ -113,34 +103,6 @@ test("web guild: can view bridged guild when logged in with discord", async t =>
 		}
 	})
 	t.has(html, `<h1 class="s-page-title--header">Psychonauts 3</h1>`)
-})
-
-test("web guild: can view bridged guild when logged in with matrix", async t => {
-	const html = await router.test("get", "/guild?guild_id=112760669178241024", {
-		sessionData: {
-			mxid: "@cadence:cadence.moe"
-		},
-		api: {
-			async getStateEvent(roomID, type, key) {
-				return {}
-			},
-			async getMembers(roomID, membership) {
-				return {chunk: []}
-			},
-			async getFullHierarchy(roomID) {
-				return []
-			}
-		}
-	})
-	t.has(html, `<h1 class="s-page-title--header">Psychonauts 3</h1>`)
-})
-
-test("web qr: generates nonce", async t => {
-	const html = await router.test("get", "/qr?guild_id=112760669178241024", {
-		sessionData: {
-			managedGuilds: ["112760669178241024"]
-		}
-	})
 	nonce = html.match(/data-nonce="([a-f0-9-]+)"/)?.[1]
 	t.ok(nonce)
 })
diff --git a/src/web/routes/link.js b/src/web/routes/link.js
index 080ffc5..3226278 100644
--- a/src/web/routes/link.js
+++ b/src/web/routes/link.js
@@ -79,7 +79,10 @@ as.router.post("/api/link-space", defineEventHandler(async event => {
 	try {
 		await api.joinRoom(parsedBody.space_id)
 	} catch (e) {
-		throw createError({status: 403, message: e.errcode, data: `${e.errcode} - ${e.message}`})
+		if (e instanceof mreq.MatrixServerError) {
+			throw createError({status: 403, message: e.errcode, data: `${e.errcode} - ${e.message}`})
+		}
+		throw e
 	}
 
 	// Check bridge has PL 100
@@ -145,7 +148,10 @@ as.router.post("/api/link", defineEventHandler(async event => {
 	try {
 		await api.joinRoom(parsedBody.matrix)
 	} catch (e) {
-		throw createError({status: 403, message: e.errcode, data: `${e.errcode} - ${e.message}`})
+		if (e instanceof mreq.MatrixServerError) {
+			throw createError({status: 403, message: e.errcode, data: `${e.errcode} - ${e.message}`})
+		}
+		throw e
 	}
 
 	// Check bridge has PL 100
diff --git a/src/web/routes/link.test.js b/src/web/routes/link.test.js
index 3c503cf..664acaa 100644
--- a/src/web/routes/link.test.js
+++ b/src/web/routes/link.test.js
@@ -518,18 +518,6 @@ test("web link room: successfully calls createRoom", async t => {
 					t.equal(roomID, "!zTMspHVUBhFLLSdmnS:cadence.moe")
 					t.equal(key, "!NDbIqNpJyPvfKRnNcr:cadence.moe")
 					return {via: ["cadence.moe"]}
-				} else if (type === "m.room.name") {
-					called++
-					t.equal(roomID, "!NDbIqNpJyPvfKRnNcr:cadence.moe")
-					return {}
-				} else if (type === "m.room.avatar") {
-					called++
-					t.equal(roomID, "!NDbIqNpJyPvfKRnNcr:cadence.moe")
-					return {}
-				} else if (type === "m.room.topic") {
-					called++
-					t.equal(roomID, "!NDbIqNpJyPvfKRnNcr:cadence.moe")
-					return {}
 				}
 			},
 			async sendEvent(roomID, type, content) {
@@ -548,7 +536,7 @@ test("web link room: successfully calls createRoom", async t => {
 			}
 		}
 	})
-	t.equal(called, 8)
+	t.equal(called, 5)
 })
 
 // *****
diff --git a/test/ooye-test-data.sql b/test/ooye-test-data.sql
index e3f0478..d4dac3f 100644
--- a/test/ooye-test-data.sql
+++ b/test/ooye-test-data.sql
@@ -144,7 +144,6 @@ INSERT INTO emoji (emoji_id, name, animated, mxc_url) VALUES
 ('288858540888686602', 'upstinky', 0, 'mxc://cadence.moe/mwZaCtRGAQQyOItagDeCocEO');
 
 INSERT INTO member_cache (room_id, mxid, displayname, avatar_url, power_level) VALUES
-('!jjmvBegULiLucuWEHU:cadence.moe', '@cadence:cadence.moe', 'cadence [they]', NULL, 50),
 ('!kLRqKKUQXcibIMtOpl:cadence.moe', '@cadence:cadence.moe', 'cadence [they]', NULL, 0),
 ('!kLRqKKUQXcibIMtOpl:cadence.moe', '@test_auto_invite:example.org', NULL, NULL, 0),
 ('!fGgIymcYWOqjbSRUdV:cadence.moe', '@cadence:cadence.moe', 'cadence [they]', 'mxc://cadence.moe/azCAhThKTojXSZJRoWwZmhvU', 0),