diff --git a/supabase/migrations/20251009003421_0fb9fa16-d2c0-49ea-8fb9-0a948abc05db.sql b/supabase/migrations/20251009003421_0fb9fa16-d2c0-49ea-8fb9-0a948abc05db.sql
new file mode 100644
index 00000000..ef795c18
--- /dev/null
+++ b/supabase/migrations/20251009003421_0fb9fa16-d2c0-49ea-8fb9-0a948abc05db.sql
@@ -0,0 +1,16 @@
+
+-- Enable RLS on the filtered_profiles view
+ALTER VIEW public.filtered_profiles SET (security_invoker = on);
+
+-- Grant explicit access to the filtered_profiles view
+GRANT SELECT ON public.filtered_profiles TO authenticated, anon;
+
+-- Add comment explaining the security model
+COMMENT ON VIEW public.filtered_profiles IS 
+'Privacy-safe profile view that uses can_view_profile_field() to enforce field-level access control. 
+Sensitive fields (date_of_birth, personal_location, etc.) are conditionally shown based on:
+1. User privacy settings in user_preferences table
+2. Profile privacy_level (public vs private)
+3. Viewer permissions (owner, moderator)
+The view filters out banned users unless viewer is owner or moderator.
+RLS is enforced at the row level in the WHERE clause.';