diff --git a/src/index.ts b/src/index.ts
index 67e727a..edb07ca 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -243,7 +243,7 @@ app.get("/submit", auth0Middleware, async (c) => {
 	const prisma = new PrismaClient({ adapter });
 	const auth0Payload: Auth0JwtPayload = c.var.auth0('payload');
 
-	if (auth0Payload.permissions.includes('submit')) {
+	if (auth0Payload.permissions && auth0Payload.permissions.includes('submit')) {
 		try {
 			const submissionIds = await prisma.submissions.findMany({
 				where: {
@@ -285,7 +285,7 @@ app.post("/submit", auth0Middleware, async (c) => {
 	c.header("Access-Control-Allow-Origin", getOrigin(c.req.header("Origin")));
 	c.header("Access-Control-Allow-Methods", "POST,GET,OPTIONS");
 
-	if (auth0Payload.permissions.includes('submit')) {
+	if (auth0Payload.permissions && auth0Payload.permissions.includes('submit')) {
 		let originRequest = new Request(c.req.raw);
 		const resp = await fetch(c.env.secureSubmitEndpoint, originRequest);
 		if (resp.status == 200) {