diff --git a/app/controllers/nonprofits/supporter_notes_controller.rb b/app/controllers/nonprofits/supporter_notes_controller.rb
index 9e086409..b17f0ea6 100644
--- a/app/controllers/nonprofits/supporter_notes_controller.rb
+++ b/app/controllers/nonprofits/supporter_notes_controller.rb
@@ -10,19 +10,26 @@ module Nonprofits
     # post /nonprofits/:nonprofit_id/supporters/:supporter_id/supporter_notes
     def create
       params[:supporter_note][:user_id] ||= current_user&.id
-      render_json { InsertSupporterNotes.create([params[:supporter_note]]) }
+      render_json { InsertSupporterNotes.create([supporter_params[:supporter_note]]) }
     end
 
     # put /nonprofits/:nonprofit_id/supporters/:supporter_id/supporter_notes/:id
     def update
       params[:supporter_note][:user_id] ||= current_user&.id
       params[:supporter_note][:id] = params[:id]
-      render_json { UpdateSupporterNotes.update(params[:supporter_note]) }
+      render_json { UpdateSupporterNotes.update(supporter_params[:supporter_note]) }
     end
 
     # delete /nonprofits/:nonprofit_id/supporters/:supporter_id/supporter_notes/:id
     def destroy
       render_json { UpdateSupporterNotes.delete(params[:id]) }
     end
+
+    private
+    
+    def supporter_params
+      params.require(:supporter_note)
+
+    end
     end
 end