Make sure you have added the form show event in the design view.
For something like this I always raise an exception in server calls if there is no logged-in user so that they can’t access data.
def ensure_user():
user = anvil.users.get_user()
if user is None:
raise anvil.users.AuthenticationFailed('No logged in user')
return user
@anvil.server.callable
def get_data():
user = ensure_user()
return data
Remember if you have anything on the client side then someone could access it if they really wanted to…