diff --git a/packages/backend/src/resolvers.ts b/packages/backend/src/resolvers.ts
index 3fe9a9be..e20b7e0c 100644
--- a/packages/backend/src/resolvers.ts
+++ b/packages/backend/src/resolvers.ts
@@ -22,8 +22,8 @@ export const createResolvers = async (service: Service): Promise<any> => {
         return service.getOrganizationsByUserId(context.user);
       },
 
-      project: async (_: any, { projectId }: { projectId: string }) => {
-        return service.getProjectById(projectId);
+      project: async (_: any, { projectId }: { projectId: string }, context: any) => {
+        return service.getProjectById(context.user, projectId);
       },
 
       projectsInOrganization: async (
diff --git a/packages/backend/src/service.ts b/packages/backend/src/service.ts
index b142ad67..5da16954 100644
--- a/packages/backend/src/service.ts
+++ b/packages/backend/src/service.ts
@@ -407,8 +407,13 @@ export class Service {
     return dbOrganizations;
   }
 
-  async getProjectById(projectId: string): Promise<Project | null> {
+  async getProjectById(user: User, projectId: string): Promise<Project | null> {
     const dbProject = await this.db.getProjectById(projectId);
+
+    if (dbProject && dbProject.owner.id !== user.id) {
+      return null;
+    }
+
     return dbProject;
   }