diff --git a/server/api/shares.js b/server/api/shares.js
index 78cdacf1..751932cb 100644
--- a/server/api/shares.js
+++ b/server/api/shares.js
@@ -171,9 +171,12 @@ router.post("shares.revoke", auth(), async (ctx) => {
   const share = await Share.findByPk(id);
   authorize(user, "revoke", share);
 
-  await share.revoke(user.id);
-
   const document = await Document.findByPk(share.documentId);
+  if (!document) {
+    throw new NotFoundError();
+  }
+
+  await share.revoke(user.id);
 
   await Event.create({
     name: "shares.revoke",
diff --git a/server/api/shares.test.js b/server/api/shares.test.js
index a48da59e..b5ec4559 100644
--- a/server/api/shares.test.js
+++ b/server/api/shares.test.js
@@ -70,6 +70,25 @@ describe("#shares.list", () => {
     expect(body.data.length).toEqual(0);
   });
 
+  it("should not return shares to deleted documents", async () => {
+    const { user, document } = await seed();
+    await buildShare({
+      documentId: document.id,
+      teamId: user.teamId,
+      userId: user.id,
+    });
+
+    await document.delete(user.id);
+
+    const res = await server.post("/api/shares.list", {
+      body: { token: user.getJwtToken() },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(200);
+    expect(body.data.length).toEqual(0);
+  });
+
   it("admins should return shares created by all users", async () => {
     const { user, admin, document } = await seed();
     const share = await buildShare({
@@ -268,6 +287,20 @@ describe("#shares.info", () => {
     expect(res.status).toEqual(404);
   });
 
+  it("should not find revoked share", async () => {
+    const { user, admin, document } = await seed();
+    const share = await buildShare({
+      documentId: document.id,
+      teamId: admin.teamId,
+      userId: admin.id,
+    });
+    await share.revoke();
+    const res = await server.post("/api/shares.info", {
+      body: { token: user.getJwtToken(), documentId: document.id },
+    });
+    expect(res.status).toEqual(404);
+  });
+
   it("should require authentication", async () => {
     const { user, document } = await seed();
     const share = await buildShare({
@@ -382,6 +415,22 @@ describe("#shares.revoke", () => {
     expect(res.status).toEqual(200);
   });
 
+  it("should 404 if shares document is deleted", async () => {
+    const { user, document } = await seed();
+    const share = await buildShare({
+      documentId: document.id,
+      teamId: user.teamId,
+      userId: user.id,
+    });
+
+    await document.delete(user.id);
+
+    const res = await server.post("/api/shares.revoke", {
+      body: { token: user.getJwtToken(), id: share.id },
+    });
+    expect(res.status).toEqual(404);
+  });
+
   it("should allow admin to revoke a share", async () => {
     const { user, admin, document } = await seed();
     const share = await buildShare({