diff --git a/gregui/api/views/userinfo.py b/gregui/api/views/userinfo.py
index a16fe70caca461454a5b6df79e505d326e6f28a1..e876ec09182148f71729ee8b9d856e8d80193f0a 100644
--- a/gregui/api/views/userinfo.py
+++ b/gregui/api/views/userinfo.py
@@ -39,7 +39,10 @@ class UserInfoView(APIView):
 
         # Authenticated user, allow access
         if user.is_authenticated:
-            user_profile = GregUserProfile.objects.get(user=user)
+            try:
+                user_profile = GregUserProfile.objects.get(user=user)
+            except GregUserProfile.DoesNotExist:
+                return Response(status=HTTP_403_FORBIDDEN)
             sponsor_id = None
             person_id = None
             if user_profile.sponsor: