diff --git a/src/sentry/api/serializers/models/project.py b/src/sentry/api/serializers/models/project.py
index 9574a289bfb6c1..21ab512856b5dc 100644
--- a/src/sentry/api/serializers/models/project.py
+++ b/src/sentry/api/serializers/models/project.py
@@ -770,14 +770,16 @@ def serialize(
         )
         if not self._collapse(LATEST_DEPLOYS_KEY):
             context[LATEST_DEPLOYS_KEY] = attrs["deploys"]
-        if "stats" in attrs:
-            context.update(stats=attrs["stats"])
-        if "transactionStats" in attrs:
-            context.update(transactionStats=attrs["transactionStats"])
-        if "sessionStats" in attrs:
-            context.update(sessionStats=attrs["sessionStats"])
-        if "options" in attrs:
-            context.update(options=attrs["options"])
+
+        if attrs["has_access"]:
+            if "stats" in attrs:
+                context.update(stats=attrs["stats"])
+            if "transactionStats" in attrs:
+                context.update(transactionStats=attrs["transactionStats"])
+            if "sessionStats" in attrs:
+                context.update(sessionStats=attrs["sessionStats"])
+            if "options" in attrs:
+                context.update(options=attrs["options"])
 
         return context
 
diff --git a/tests/sentry/api/endpoints/test_organization_projects.py b/tests/sentry/api/endpoints/test_organization_projects.py
index 7f4cd3bb5ded58..132ef4f118d294 100644
--- a/tests/sentry/api/endpoints/test_organization_projects.py
+++ b/tests/sentry/api/endpoints/test_organization_projects.py
@@ -85,6 +85,29 @@ def test_with_stats(self):
             self.organization.slug, qs_params={"statsPeriod": "48h"}, status_code=400
         )
 
+    def test_no_stats_if_no_project_access(self):
+        projects = [self.create_project(teams=[self.team])]
+
+        # disable Open Membership
+        self.organization.flags.allow_joinleave = False
+        self.organization.save()
+
+        # user has no access to the first project
+        user_no_team = self.create_user(is_superuser=False)
+        self.create_member(
+            user=user_no_team, organization=self.organization, role="member", teams=[]
+        )
+        self.login_as(user_no_team)
+
+        response = self.get_success_response(
+            self.organization.slug, qs_params={"statsPeriod": "24h"}
+        )
+        self.check_valid_response(response, projects)
+
+        assert "stats" not in response.data[0]
+        assert "transactionStats" not in response.data[0]
+        assert "sessionStats" not in response.data[0]
+
     def test_search(self):
         project = self.create_project(teams=[self.team], name="bar", slug="bar")