diff --git a/src/settings.py b/src/settings.py
index f6540db53..f305355dc 100644
--- a/src/settings.py
+++ b/src/settings.py
@@ -283,7 +283,7 @@ def load_features() -> dict:
         if not isinstance(saved, dict):
             raise ValueError("features must be an object")
         merged = {**DEFAULT_FEATURES, **saved}
-    except (FileNotFoundError, json.JSONDecodeError, ValueError):
+    except (FileNotFoundError, PermissionError, json.JSONDecodeError, ValueError):
         merged = dict(DEFAULT_FEATURES)
     _features_cache = (now, merged)
     return merged
diff --git a/tests/test_load_features_permission_error.py b/tests/test_load_features_permission_error.py
new file mode 100644
index 000000000..309bcbcca
--- /dev/null
+++ b/tests/test_load_features_permission_error.py
@@ -0,0 +1,26 @@
+"""load_features() must degrade to defaults if features.json is unreadable.
+
+load_settings() already catches PermissionError, but load_features() did not, so
+an unreadable data/features.json (e.g. root-owned after a deploy) raised instead
+of falling back to DEFAULT_FEATURES, taking down GET /api/auth/features.
+"""
+import builtins
+
+import src.settings as settings
+
+
+def test_load_features_degrades_on_permission_error(monkeypatch):
+    # Ensure the cache does not short-circuit the read.
+    monkeypatch.setattr(settings, "_features_cache", None, raising=False)
+
+    real_open = builtins.open
+
+    def deny(path, *args, **kwargs):
+        if str(path) == str(settings.FEATURES_FILE):
+            raise PermissionError("denied")
+        return real_open(path, *args, **kwargs)
+
+    monkeypatch.setattr(builtins, "open", deny)
+
+    result = settings.load_features()
+    assert result == dict(settings.DEFAULT_FEATURES)