diff --git a/supabase/migrations/20260124100000_allow_profile_lookup_for_sharing.sql b/supabase/migrations/20260124100000_allow_profile_lookup_for_sharing.sql
new file mode 100644
index 0000000..ca85885
--- /dev/null
+++ b/supabase/migrations/20260124100000_allow_profile_lookup_for_sharing.sql
@@ -0,0 +1,10 @@
+-- Migration: Allow authenticated users to look up profiles for sharing
+-- Problem: The profiles RLS policies only allow users to see their own profile
+-- (or admins to see all). This prevents the sharing feature from finding
+-- users by email since the query is blocked by RLS.
+-- Solution: Add a SELECT policy allowing any authenticated user to view profiles.
+
+CREATE POLICY "Authenticated users can view profiles"
+  ON profiles
+  FOR SELECT
+  USING (auth.uid() IS NOT NULL);