diff --git a/src/auth/strategies/rt.strategy.ts b/src/auth/strategies/rt.strategy.ts
index f5d4311..7df897a 100644
--- a/src/auth/strategies/rt.strategy.ts
+++ b/src/auth/strategies/rt.strategy.ts
@@ -22,6 +22,11 @@ export class RtStrategy extends PassportStrategy(Strategy, 'jwt-refresh') {
       .trim();
 
     if (!refreshToken) throw new ForbiddenException('Refresh token malformed');
+    
+    if (!user.hashedRt) {
+      // if a logout has deleted the rt we should not be allowed to refresh it
+      return false;
+    }
 
     return {
       ...payload,