diff --git a/backend/btrixcloud/models.py b/backend/btrixcloud/models.py
index 4225783e17..94743e90e5 100644
--- a/backend/btrixcloud/models.py
+++ b/backend/btrixcloud/models.py
@@ -2062,6 +2062,35 @@ class UserOut(UserOutNoId):
 
 # ============================================================================
 # ORGS
+# ============================================================================
+
+# Org field filters by access type
+ORG_ADMIN_EXCLUDE_FIELDS = ["storage"]
+
+ORG_CRAWLER_EXCLUDE_FIELDS = [
+    *ORG_ADMIN_EXCLUDE_FIELDS,
+    "users",
+    "quotaUpdates",
+    "webhookUrls",
+    "readOnlyReason",
+    "subscription",
+]
+
+ORG_VIEWER_EXCLUDE_FIELDS = [
+    *ORG_CRAWLER_EXCLUDE_FIELDS,
+    "usage",
+    "crawlExecSeconds",
+    "qaUsage",
+    "qaCrawlExecSeconds",
+    "monthlyExecSeconds",
+    "extraExecSeconds",
+    "giftedExecSeconds",
+    "quotas",
+    "allowSharedProxies",
+    "crawlingDefaults",
+]
+
+
 # ============================================================================
 class OrgReadOnlyOnCancel(BaseModel):
     """Make org readOnly on subscription cancellation instead of deleting"""
@@ -2267,14 +2296,13 @@ def _is_auth(self, user, value):
     async def serialize_for_user(self, user: User, user_manager) -> OrgOut:
         """Serialize result based on current user access"""
 
-        exclude = {"storage"}
+        exclude = ORG_ADMIN_EXCLUDE_FIELDS
 
         if not self.is_owner(user):
-            exclude.add("users")
+            exclude = ORG_CRAWLER_EXCLUDE_FIELDS
 
         if not self.is_crawler(user):
-            exclude.add("usage")
-            exclude.add("crawlExecSeconds")
+            exclude = ORG_VIEWER_EXCLUDE_FIELDS
 
         result = self.to_dict(
             exclude_unset=True,