diff --git a/supabase/migrations/20251012140656_6afd3694-2db5-4fb2-be7c-bb4967f62133.sql b/supabase/migrations/20251012140656_6afd3694-2db5-4fb2-be7c-bb4967f62133.sql
new file mode 100644
index 00000000..dafa0942
--- /dev/null
+++ b/supabase/migrations/20251012140656_6afd3694-2db5-4fb2-be7c-bb4967f62133.sql
@@ -0,0 +1,5 @@
+-- Set filtered_profiles view to use security_invoker
+-- This makes the view execute with the permissions of the invoking user, not the creator
+ALTER VIEW public.filtered_profiles SET (security_invoker = true);
+
+COMMENT ON VIEW public.filtered_profiles IS 'Profile view with field-level privacy controls using security_invoker. Uses security definer functions for granular permission checks but view respects querying user context.';
\ No newline at end of file