diff --git a/backend/routes/auth.js b/backend/routes/auth.js
index 975e2c7..576f4c7 100644
--- a/backend/routes/auth.js
+++ b/backend/routes/auth.js
@@ -414,6 +414,14 @@ router.post(
         }
       }
 
+      // Check if user is banned
+      if (user.isBanned) {
+        return res.status(403).json({
+          error: "Your account has been suspended. Please contact support for more information.",
+          code: "USER_BANNED",
+        });
+      }
+
       // Generate JWT tokens
       const token = jwt.sign(
         { id: user.id, jwtVersion: user.jwtVersion },
@@ -722,6 +730,14 @@ router.post("/refresh", async (req, res) => {
       });
     }
 
+    // Check if user is banned (defense-in-depth, jwtVersion should already catch this)
+    if (user.isBanned) {
+      return res.status(403).json({
+        error: "Your account has been suspended. Please contact support for more information.",
+        code: "USER_BANNED",
+      });
+    }
+
     // Generate new access token
     const newAccessToken = jwt.sign(
       { id: user.id, jwtVersion: user.jwtVersion },