diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php
index 6dc4abef085f..5a17568d5efb 100644
--- a/lib/Controller/SettingsController.php
+++ b/lib/Controller/SettingsController.php
@@ -47,7 +47,7 @@ public function __construct(
 	 * 400: Updating user setting is not possible
 	 */
 	#[NoAdminRequired]
-	public function setUserSetting(string $key, $value): DataResponse {
+	public function setUserSetting(string $key, string|int|null $value): DataResponse {
 		if (!$this->preferenceListener->validatePreference($this->userId, $key, $value)) {
 			return new DataResponse([], Http::STATUS_BAD_REQUEST);
 		}
diff --git a/lib/Settings/BeforePreferenceSetEventListener.php b/lib/Settings/BeforePreferenceSetEventListener.php
index 31196b10014f..3adab0cd840f 100644
--- a/lib/Settings/BeforePreferenceSetEventListener.php
+++ b/lib/Settings/BeforePreferenceSetEventListener.php
@@ -53,7 +53,7 @@ public function handle(Event $event): void {
 	/**
 	 * @internal Make private/protected once SettingsController route was removed
 	 */
-	public function validatePreference(string $userId, string $key, string $value): bool {
+	public function validatePreference(string $userId, string $key, string|int|null $value): bool {
 		if ($key === 'attachment_folder') {
 			return $this->validateAttachmentFolder($userId, $value);
 		}
@@ -67,7 +67,7 @@ public function validatePreference(string $userId, string $key, string $value):
 		// "privacy" 0/1
 		if ($key === UserPreference::TYPING_PRIVACY
 			|| $key === UserPreference::READ_STATUS_PRIVACY) {
-			$valid = $value === (string)Participant::PRIVACY_PRIVATE || $value === (string)Participant::PRIVACY_PUBLIC;
+			$valid = (int)$value === Participant::PRIVACY_PRIVATE || (int)$value === Participant::PRIVACY_PUBLIC;
 
 			if ($valid && $key === 'read_status_privacy') {
 				$this->participantService->updateReadPrivacyForActor(Attendee::ACTOR_USERS, $userId, (int)$value);