diff --git a/Iceshrimp.Backend/Controllers/Web/NoteController.cs b/Iceshrimp.Backend/Controllers/Web/NoteController.cs
index 7c7c37da..a1ffdb07 100644
--- a/Iceshrimp.Backend/Controllers/Web/NoteController.cs
+++ b/Iceshrimp.Backend/Controllers/Web/NoteController.cs
@@ -162,7 +162,11 @@ public class NoteController(
 		if (user.Id == id)
 			throw GracefulException.BadRequest("You cannot bite your own note");
 
-		var target = await db.Notes.Where(p => p.Id == id).IncludeCommonProperties().FirstOrDefaultAsync() ??
+		var target = await db.Notes
+		                     .Where(p => p.Id == id)
+		                     .IncludeCommonProperties()
+		                     .EnsureVisibleFor(user)
+		                     .FirstOrDefaultAsync() ??
 		             throw GracefulException.NotFound("Note not found");
 
 		await biteSvc.BiteAsync(user, target);