diff --git a/ghost/admin/controllers/signup.js b/ghost/admin/controllers/signup.js
index 4baa5de43d..7f4e90e6a2 100644
--- a/ghost/admin/controllers/signup.js
+++ b/ghost/admin/controllers/signup.js
@@ -2,10 +2,6 @@ import ajax from 'ghost/utils/ajax';
 import ValidationEngine from 'ghost/mixins/validation-engine';
 
 var SignupController = Ember.ObjectController.extend(ValidationEngine, {
-    name: null,
-    email: null,
-    password: null,
-    token: null,
     submitting: false,
 
     // ValidationEngine settings
diff --git a/ghost/admin/routes/signup.js b/ghost/admin/routes/signup.js
index 8c008b10a0..91e654a8e8 100644
--- a/ghost/admin/routes/signup.js
+++ b/ghost/admin/routes/signup.js
@@ -1,4 +1,3 @@
-import ajax from 'ghost/utils/ajax';
 import styleBody from 'ghost/mixins/style-body';
 import loadingIndicator from 'ghost/mixins/loading-indicator';
 
@@ -10,24 +9,29 @@ var SignupRoute = Ember.Route.extend(styleBody, loadingIndicator, {
             this.transitionTo(SimpleAuth.Configuration.routeAfterAuthentication);
         }
     },
-    setupController: function (controller, params) {
+
+    model: function (params) {
         var self = this,
             tokenText,
             email,
+            model = {},
             re = /^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/;
-        if (re.test(params.token)) {
-            try {
-                tokenText = atob(params.token);
-                email = tokenText.split('|')[1];
-                controller.token = params.token;
-                controller.email = email;
-            } catch (e) {
-                this.transitionTo('signin');
-                this.notifications.showError('Invalid token.', {delayed: true});
+
+        return new Ember.RSVP.Promise(function (resolve) {
+            if (!re.test(params.token)) {
+                self.notifications.showError('Invalid token.', { delayed: true });
+
+                return resolve(self.transitionTo('signin'));
             }
 
-            ajax({
-                url: this.get('ghostPaths.url').api('authentication', 'invitation'),
+            tokenText = atob(params.token);
+            email = tokenText.split('|')[1];
+
+            model.email = email;
+            model.token = params.token;
+
+            return ic.ajax.request({
+                url: self.get('ghostPaths.url').api('authentication', 'invitation'),
                 type: 'GET',
                 dataType: 'json',
                 data: {
@@ -35,17 +39,23 @@ var SignupRoute = Ember.Route.extend(styleBody, loadingIndicator, {
                 }
             }).then(function (response) {
                 if (response && response.invitation && response.invitation[0].valid === false) {
-                    self.transitionTo('signin');
-                    self.notifications.showError('The invitation does not exist or is no longer valid.', {delayed: true});
-                }
-            }).catch(function (error) {
-                self.notifications.showAPIError(error);
-            });
+                    self.notifications.showError('The invitation does not exist or is no longer valid.', { delayed: true });
 
-        } else {
-            this.transitionTo('signin');
-            this.notifications.showError('Invalid token.', {delayed: true});
-        }
+                    return resolve(self.transitionTo('signin'));
+                }
+
+                resolve(model);
+            }).catch(function () {
+                resolve(model);
+            });
+        });
+    },
+
+    deactivate: function () {
+        this._super();
+
+        // clear the properties that hold the sensitive data from the controller
+        this.controllerFor('signup').setProperties({ email: '', password: '', token: '' });
     }
 });