diff --git a/server/api/note.get.ts b/server/api/note.get.ts
index 47c0666..5da9ef4 100644
--- a/server/api/note.get.ts
+++ b/server/api/note.get.ts
@@ -13,7 +13,14 @@ export default defineEventHandler(async (event) => {
 	const { data: note, error } = await supabase
 		.from('notes')
 		.select('*')
-		.eq('id', query.id);
+		.eq('id', query.id)
+		.eq('user_id', user.id)
+		.limit(1)
+		.single();
 
-	return { note: note ? note[0] : null, error: error };
+	if (!note) {
+		throw createError({ statusCode: 500, message: 'No note found' });
+	}
+
+	return { note: note, error: error };
 });
diff --git a/server/api/note/new.ts b/server/api/note/new.ts
index 74138a6..debf202 100644
--- a/server/api/note/new.ts
+++ b/server/api/note/new.ts
@@ -16,6 +16,7 @@ export default defineEventHandler(async (event) => {
 	const { data: note, error: fetchError } = await supabase
 		.from('notes')
 		.select('id')
+		.eq('user_id', user.id)
 		.order('created_at', { ascending: false })
 		.limit(1)
 		.single();